1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Inactive Malware and Virus Removal got all the files

Discussion in 'Malware and Virus Removal Archive' started by Crossed, 2011/04/14.

Thread Status:
Not open for further replies.
  1. 2011/04/14
    Crossed

    Crossed Inactive Thread Starter

    Joined:
    2011/04/14
    Messages:
    1
    Likes Received:
    0
    [Inactive] Malware and Virus Removal got all the files

    I have been hacked for a runescape account with cash on it for more then 300 dollars, but the main problem is this guy controls my computer:


    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Databaseversie: 6360

    Windows 6.1.7600
    Internet Explorer 8.0.7600.16385

    14-4-2011 10:27:59
    mbam-log-2011-04-14 (10-27-56).txt

    Scantype: Snelle scan
    Objecten gescand: 176086
    Verstreken tijd: 6 minuut/minuten, 20 seconde(n)

    Geheugenprocessen geïnfecteerd: 0
    Geheugenmodulen geïnfecteerd: 0
    Registersleutels geïnfecteerd: 0
    Registerwaarden geïnfecteerd: 1
    Registerdata geïnfecteerd: 0
    Mappen geïnfecteerd: 0
    Bestanden geïnfecteerd: 2

    Geheugenprocessen geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Geheugenmodulen geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Registersleutels geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Registerwaarden geïnfecteerd:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msconfig (Trojan.Agent) -> Value: msconfig -> No action taken.

    Registerdata geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Mappen geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Bestanden geïnfecteerd:
    c:\Users\Ben H\AppData\Roaming\microsoft\System\Services\msconfig.exe (Trojan.Agent) -> No action taken.
    c:\Users\Ben H\AppData\Roaming\install\svchost.exe (Backdoor.SpyNet) -> No action taken.

    GMR: Showed nothing.

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows 7 Home Premium Edition
    Windows Information: (build 7600), 64-bit
    Base Board Manufacturer: ASUSTeK Computer INC.
    BIOS Manufacturer: American Megatrends Inc.
    System Manufacturer: System manufacturer
    System Product Name: System Product Name
    Logical Drives Mask: 0x0000000d

    Kernel Drivers (total 207):
    0x03003000 \SystemRoot\system32\ntoskrnl.exe
    0x035E0000 \SystemRoot\system32\hal.dll
    0x00BAC000 \SystemRoot\system32\kdcom.dll
    0x00C06000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll
    0x00C13000 \SystemRoot\system32\PSHED.dll
    0x00C27000 \SystemRoot\system32\CLFS.SYS
    0x00C85000 \SystemRoot\system32\CI.dll
    0x00D45000 \SystemRoot\system32\drivers\Wdf01000.sys
    0x00DE9000 \SystemRoot\system32\drivers\WDFLDR.SYS
    0x00E02000 \SystemRoot\system32\DRIVERS\ACPI.sys
    0x00E59000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
    0x00E62000 \SystemRoot\system32\DRIVERS\msisadrv.sys
    0x00E6C000 \SystemRoot\system32\DRIVERS\pci.sys
    0x00E9F000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
    0x00EAC000 \SystemRoot\System32\drivers\partmgr.sys
    0x00EC1000 \SystemRoot\system32\DRIVERS\volmgr.sys
    0x00ED6000 \SystemRoot\System32\drivers\volmgrx.sys
    0x00F32000 \SystemRoot\system32\DRIVERS\pciide.sys
    0x00F39000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
    0x00F49000 \SystemRoot\System32\drivers\mountmgr.sys
    0x00F63000 \SystemRoot\system32\DRIVERS\atapi.sys
    0x00F6C000 \SystemRoot\system32\DRIVERS\ataport.SYS
    0x00F96000 \SystemRoot\system32\DRIVERS\amdxata.sys
    0x00FA1000 \SystemRoot\system32\drivers\fltmgr.sys
    0x010E1000 \SystemRoot\system32\drivers\fileinfo.sys
    0x01225000 \SystemRoot\System32\Drivers\Ntfs.sys
    0x010F5000 \SystemRoot\System32\Drivers\msrpc.sys
    0x013C8000 \SystemRoot\System32\Drivers\ksecdd.sys
    0x01153000 \SystemRoot\System32\Drivers\cng.sys
    0x013E2000 \SystemRoot\System32\drivers\pcw.sys
    0x013F3000 \SystemRoot\System32\Drivers\Fs_Rec.sys
    0x0140E000 \SystemRoot\system32\drivers\ndis.sys
    0x01500000 \SystemRoot\system32\drivers\NETIO.SYS
    0x01560000 \SystemRoot\System32\Drivers\ksecpkg.sys
    0x01603000 \SystemRoot\System32\drivers\tcpip.sys
    0x0158B000

    .
    DDS (Ver_11-03-05.01) - NTFS_AMD64
    Run by Ben H at 10:53:06,88 on do 14-04-2011
    Internet Explorer: 8.0.7600.16385
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.31.1043.18.4095.2316 [GMT 2:00]
    .
    AV: AVG Anti-Virus Free *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Anti-Virus Free *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Program Files (x86)\AVG\AVG9\avgchsva.exe
    C:\Program Files (x86)\AVG\AVG9\avgrsa.exe
    C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k NetworkService
    C:\Program Files (x86)\AMD\AMD Fusion Utility for Desktops\FusionSVC.exe
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\atieclxx.exe
    C:\Windows\Explorer.EXE
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\DAODx.exe
    C:\Program Files (x86)\ASUS\EPU\EPU.exe
    C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
    C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
    C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    C:\ASUS.SYS\config\DVMExportService.exe
    C:\Program Files\Microsoft LifeCam\MSCamS64.exe
    C:\Windows\SysWOW64\PnkBstrA.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files (x86)\Reviversoft\Registry Reviver\RegistryReviver.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files (x86)\TeamViewer\Version5\TeamViewer.exe
    C:\Program Files (x86)\AVG\AVG9\avgemc.exe
    C:\Program Files (x86)\AVG\AVG9\avgnsa.exe
    C:\Program Files (x86)\AVG\AVG9\avgcsrvx.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe
    C:\Windows\system32\taskhost.exe
    C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
    C:\Program Files\Logitech\GamePanel Software\LCD Manager\lcdmon.exe
    C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files (x86)\Skype\Phone\Skype.exe
    C:\Program Files\ASUS\TurboV\TurboV.exe
    C:\Program Files (x86)\AVG\AVG9\avgtray.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Users\Ben H\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe
    C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Program Files (x86)\ROCCAT\Kone Mouse\KoneHID.EXE
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files (x86)\ROCCAT\Kone Mouse\osd.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe
    C:\Users\Ben H\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Ben H\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Ben H\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Ben H\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Ben H\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Ben H\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Ben H\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\SysWOW64\rundll32.exe
    C:\Users\Ben H\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Users\Ben H\Downloads\chwis180.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Program Files\Windows Media Player\WMPSideShowGadget.exe
    C:\Program Files (x86)\Windows Media Player\wmplayer.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Users\Ben H\Downloads\dds (1).scr
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2102399
    uSearch Bar = Preserve
    mStart Page = hxxp://www.bigseekpro.com/hypercam/{1F8697E9-8A27-4710-8FCF-3C222C3F4225}
    uInternet Settings,ProxyOverride = *.local
    uURLSearchHooks: silentc0re Toolbar: {9a9d7930-001b-4e0c-a8ca-f16080dbfc85} - C:\Program Files (x86)\silentc0re\tbsile.dll
    uURLSearchHooks: XfireXO Toolbar: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files (x86)\XfireXO\tbXfir.dll
    uURLSearchHooks: RuneScape Toolbar: {a8864317-e18b-4292-99d9-e6e65ab905d3} - C:\Program Files (x86)\RuneScape\prxtbRune.dll
    uURLSearchHooks: PHPNukeDU Toolbar: {46735dee-f862-49d1-876d-6382794dc625} - C:\Program Files (x86)\PHPNukeDU\prxtbPHP0.dll
    mURLSearchHooks: silentc0re Toolbar: {9a9d7930-001b-4e0c-a8ca-f16080dbfc85} - C:\Program Files (x86)\silentc0re\tbsile.dll
    mURLSearchHooks: XfireXO Toolbar: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files (x86)\XfireXO\tbXfir.dll
    mURLSearchHooks: RuneScape Toolbar: {a8864317-e18b-4292-99d9-e6e65ab905d3} - C:\Program Files (x86)\RuneScape\prxtbRune.dll
    mURLSearchHooks: PHPNukeDU Toolbar: {46735dee-f862-49d1-876d-6382794dc625} - C:\Program Files (x86)\PHPNukeDU\prxtbPHP0.dll
    mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll
    mWinlogon: Userinit=userinit.exe,
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    BHO: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll
    BHO: PHPNukeDU Toolbar: {46735dee-f862-49d1-876d-6382794dc625} - C:\Program Files (x86)\PHPNukeDU\prxtbPHP0.dll
    BHO: XfireXO Toolbar: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files (x86)\XfireXO\tbXfir.dll
    BHO: Aanmeldhulp voor Windows Live ID: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: silentc0re Toolbar: {9a9d7930-001b-4e0c-a8ca-f16080dbfc85} - C:\Program Files (x86)\silentc0re\tbsile.dll
    BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll
    BHO: RuneScape Toolbar: {a8864317-e18b-4292-99d9-e6e65ab905d3} - C:\Program Files (x86)\RuneScape\prxtbRune.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO: SMTTB2009 Class: {fcbccb87-9224-4b8d-b117-f56d924beb18} - C:\Program Files (x86)\HyperCam Toolbar\tbcore3.dll
    TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll
    TB: HyperCam Toolbar: {338b4dfe-2e2c-4338-9e41-e176d497299e} - C:\Program Files (x86)\HyperCam Toolbar\tbcore3.dll
    TB: silentc0re Toolbar: {9a9d7930-001b-4e0c-a8ca-f16080dbfc85} - C:\Program Files (x86)\silentc0re\tbsile.dll
    TB: XfireXO Toolbar: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files (x86)\XfireXO\tbXfir.dll
    TB: RuneScape Toolbar: {a8864317-e18b-4292-99d9-e6e65ab905d3} - C:\Program Files (x86)\RuneScape\prxtbRune.dll
    TB: PHPNukeDU Toolbar: {46735dee-f862-49d1-876d-6382794dc625} - C:\Program Files (x86)\PHPNukeDU\prxtbPHP0.dll
    TB: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe "
    uRun: [Google Update] "C:\Users\Ben H\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
    mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun: [TurboV] "C:\Program Files\ASUS\TurboV\TurboV.exe "
    mRun: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe
    mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
    mRun: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe "
    mRun: [TkBellExe] "C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot
    mRun: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe "
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe "
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe "
    mRun: [Kone] "C:\Program Files (x86)\ROCCAT\Kone Mouse\KoneHID.EXE "
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe "
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe "
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xporteren naar Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000
    IE: Free YouTube to Mp3 Converter - C:\Users\Ben H\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
    {9030D464-4C02-4ABF-8ECC-5164760863C6}
    {AA58ED58-01DD-4d91-8333-CF10577473F7}
    {AF69DE43-7D58-4638-B6FA-CE66B5AD205D}
    {2318C2B1-4965-11d4-9B18-009027A5CD4F}
    TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
    TB-X64: {338B4DFE-2E2C-4338-9E41-E176D497299E} - No File
    TB-X64: {9A9D7930-001B-4E0C-A8CA-F16080DBFC85} - No File
    TB-X64: {5E5AB302-7F65-44CD-8211-C1D4CAACCEA3} - No File
    TB-X64: {A8864317-E18B-4292-99D9-E6E65AB905D3} - No File
    TB-X64: {46735DEE-F862-49D1-876D-6382794DC625} - No File
    mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    mRun-x64: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe
    mRun-x64: [Launch LgDeviceAgent] "C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe "
    mRun-x64: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe "
    mRun-x64: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE
    AppInit_DLLs-X64: avgrssta.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 AvgLdx64;AVG Free AVI Loader Driver x64;C:\Windows\System32\drivers\avgldx64.sys [2010-2-3 269904]
    R1 AvgMfx64;AVG Free On-access Scanner Minifilter Driver x64;C:\Windows\System32\drivers\avgmfx64.sys [2010-2-3 35536]
    R1 AvgTdiA;AVG Free Network Redirector x64;C:\Windows\System32\drivers\avgtdia.sys [2010-2-3 317520]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-14 59904]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-11-26 203776]
    R2 AMDFusionSVC;AMD Fusion Utility Service;C:\Program Files (x86)\AMD\AMD Fusion Utility for Desktops\FusionSVC.exe [2009-9-8 383544]
    R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2010-2-3 90112]
    R2 avg9emc;AVG Free E-mail Scanner;C:\Program Files (x86)\AVG\AVG9\avgemc.exe [2010-7-19 921952]
    R2 avg9wd;AVG Free WatchDog;C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe [2010-7-19 308136]
    R2 cpuz132;cpuz132;C:\Windows\System32\drivers\cpuz132_x64.sys [2010-2-3 19432]
    R2 DvmMDES;DeviceVM Meta Data Export Service;C:\ASUS.SYS\config\DVMExportService.exe [2008-11-26 323584]
    R2 TeamViewer5;TeamViewer 5;C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe [2010-7-6 173352]
    R3 amdkmdag;amdkmdag;C:\Windows\System32\drivers\atikmdag.sys [2010-11-26 8120320]
    R3 amdkmdap;amdkmdap;C:\Windows\System32\drivers\atikmpag.sys [2010-11-26 289792]
    R3 AmdLLD64;AMD Low Level Device Driver;C:\Windows\System32\drivers\AmdLLD64.sys [2010-2-3 47672]
    R3 AmdTools64;AMD Special Tools Driver;C:\Windows\System32\drivers\AmdTools64.sys [2010-6-27 47160]
    R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2010-11-17 115216]
    R3 KoneFltr;ROCCAT Kone;C:\Windows\System32\drivers\Kone.sys [2010-8-9 15488]
    R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\System32\drivers\LGBusEnum.sys [2009-11-23 22408]
    R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\System32\drivers\LGVirHid.sys [2009-11-23 16008]
    R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;C:\Windows\System32\drivers\nx6000.sys [2010-3-12 36720]
    R3 netr28ux;Linksys USB Wireless LAN Card Driver for Vista;C:\Windows\System32\drivers\netr28ux.sys [2011-1-6 987648]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 gupdate;Google Updateservice (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-2-3 135664]
    S3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2011-1-6 46136]
    S3 AVG Security Toolbar Service;AVG Security Toolbar Service;C:\Program Files (x86)\AVG\AVG9\Toolbar\ToolbarBroker.exe [2010-10-26 517448]
    S3 RivaTuner64;RivaTuner64;C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys [2009-8-22 12288]
    S3 RTCore64;RTCore64;C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [2010-8-31 14648]
    S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-12-19 314400]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2010-9-28 51712]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\System32\drivers\vwifimp.sys [2009-7-14 17920]
    S3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-3-3 1255736]
    S4 AODService;AODService;C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe [2009-10-22 136544]
    .
    =============== Created Last 30 ================
    .
    2011-04-14 08:20:50 -------- d-----w- C:\Users\BENH~1\AppData\Roaming\Malwarebytes
    2011-04-14 08:20:47 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
    2011-04-14 08:20:47 -------- d-----w- C:\PROGRA~3\Malwarebytes
    2011-04-14 08:20:44 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2011-04-14 08:20:44 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2011-04-14 08:11:07 -------- d-----w- C:\Users\BENH~1\AppData\Roaming\Reviversoft
    2011-04-14 08:10:53 18240 ----a-w- C:\Windows\System32\roboot64.exe
    2011-04-14 08:10:53 -------- d-----w- C:\Program Files (x86)\Reviversoft
    2011-04-13 20:18:14 -------- d-----w- C:\Users\BENH~1\AppData\Local\{D2F3E9BE-293F-424C-8049-D253D7FD9F03}
    2011-04-13 13:16:48 -------- d-sh--r- C:\Users\BENH~1\AppData\Roaming\install
    2011-04-12 16:59:44 -------- d-----w- C:\Users\BENH~1\AppData\Local\{0298EDCC-B914-427F-AA89-628AE6542096}
    2011-04-11 11:46:40 -------- d-----w- C:\Users\BENH~1\AppData\Local\{850F921A-68E8-44E6-9A0F-F97172D43327}
    2011-04-10 23:36:28 -------- d-----w- C:\Users\BENH~1\AppData\Local\{797B7B83-16F7-436A-BE2B-672B96673668}
    2011-04-08 20:26:49 -------- d-----w- C:\Users\BENH~1\AppData\Local\{19F72CA3-A4A7-4489-AF42-51A22AB2C368}
    2011-04-07 17:01:39 -------- d-----w- C:\Users\BENH~1\AppData\Local\{7C6BAF91-97DD-4002-B65E-C84C860179DE}
    2011-04-06 12:48:01 -------- d-----w- C:\Users\BENH~1\AppData\Local\{F70A6489-086B-42A8-9E7F-8FA06C984E25}
    2011-04-05 18:05:57 -------- d-----w- C:\Users\BENH~1\AppData\Local\{E327D759-76E8-4F6C-AC26-3EACBFC86765}
    2011-04-03 18:11:51 -------- d-----w- C:\Users\BENH~1\AppData\Local\{79DDC163-BE6C-4625-979C-4D9294EFB8A3}
    2011-04-02 10:59:13 -------- d-----w- C:\Users\BENH~1\AppData\Local\{767E1914-6A77-4BC4-A7FC-CFE94B9F87BA}
    2011-04-01 22:58:57 -------- d-----w- C:\Users\BENH~1\AppData\Local\{EB6B938E-1EBA-4B5D-8D7C-124DA2411347}
    2011-03-27 13:02:38 -------- d-----w- C:\Users\Ben H\.file_store_32
    2011-03-27 12:57:52 -------- d-----w- C:\.file_store_32
    .
    ==================== Find3M ====================
    .
    2011-02-19 06:37:44 1135104 ----a-w- C:\Windows\System32\FntCache.dll
    2011-02-19 06:37:10 1540608 ----a-w- C:\Windows\System32\DWrite.dll
    2011-02-19 06:36:49 902656 ----a-w- C:\Windows\System32\d2d1.dll
    2011-02-19 05:32:48 1074176 ----a-w- C:\Windows\SysWow64\DWrite.dll
    2011-02-19 05:32:35 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
    2011-02-02 20:40:23 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    2011-01-26 06:53:10 982912 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
    2011-01-26 06:53:10 265088 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
    2011-01-26 06:31:20 144384 ----a-w- C:\Windows\System32\cdd.dll
    .
    ============= FINISH: 10:53:34,68 ===============


    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_11-03-05.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 3-2-2010 17:09:24
    System Uptime: 14-4-2011 10:31:08 (0 hours ago)
    .
    Motherboard: ASUSTeK Computer INC. | | M4A79T Deluxe
    Processor: AMD Phenom(tm) II X4 965 Processor | AM3 | 3411/200mhz
    .
    ==== Disk Partitions =========================
    .
    A: is Removable
    C: is FIXED (NTFS) - 699 GiB total, 411,188 GiB free.
    D: is CDROM (CDFS)
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Realtek PCIe GBE Family Controller
    Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_83851043&REV_01\4&A8A6DA8&0&0030
    Manufacturer: Realtek
    Name: Realtek PCIe GBE Family Controller
    PNP Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_83851043&REV_01\4&A8A6DA8&0&0030
    Service: RTL8167
    .
    Class GUID:
    Description: Xtreme N GIGABIT Router
    Device ID: UUID:91CD2861-18A9-3484-AE0F-7084C40F9610\UMB\3&3AB8B3BE&0&UUID:91CD2861-18A9-3484-AE0F-7084C40F9610
    Manufacturer:
    Name: Xtreme N GIGABIT Router
    PNP Device ID: UUID:91CD2861-18A9-3484-AE0F-7084C40F9610\UMB\3&3AB8B3BE&0&UUID:91CD2861-18A9-3484-AE0F-7084C40F9610
    Service:
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft Virtual WiFi Miniport-adapter
    Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\6&204CFD2A&2&04
    Manufacturer: Microsoft
    Name: Microsoft Virtual WiFi Miniport Adapter #5
    PNP Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\6&204CFD2A&2&04
    Service: vwifimp
    .
    ==== System Restore Points ===================
    .
    RP172: 23-3-2011 15:26:19 - Gepland controlepunt
    RP173: 23-3-2011 23:05:07 - Windows Update
    RP174: 27-3-2011 1:42:54 - Installed Java(TM) 6 Update 24
    RP175: 30-3-2011 21:03:37 - Windows Update
    RP176: 7-4-2011 21:27:14 - Gepland controlepunt
    .
    ==== Installed Programs ======================
    .
    3DMark Vantage
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 9.3.4 - Nederlands
    Aliens vs Predator
    AMD Fusion Utility for Desktops
    AMD GPU Clock Tool
    AMD OverDrive
    Apple Application Support
    Apple Software Update
    Assassin's Creed II
    ATI Catalyst Registration
    Audacity 1.2.6
    AVG Free 9.0
    Battlefield: Bad Companyâ„¢ 2
    BulletStorm
    Call of Duty(R) - World at War(TM)
    Call of Duty: Black Ops
    Call of Duty: Black Ops - Multiplayer
    Call of Duty: Modern Warfare 2 - Multiplayer
    Call of Juarez - Bound in Blood
    Catalyst Control Center - Branding
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center Graphics Previews Vista
    Catalyst Control Center InstallProxy
    ccc-core-static
    CCC Help Czech
    CCC Help Danish
    CCC Help English
    Conduit Engine
    Crysis WARHEAD(R)
    Crysis(R)
    D3DX10
    EA Download Manager
    EA Download Manager UI
    EPU
    EVEREST Corporate Edition v5.30
    Express Gate
    F.E.A.R. 2: Project Origin
    Far Crysis Demo
    Fraps
    Free Audio CD Burner version 1.4
    Free YouTube to MP3 Converter version 3.9
    Frontlines: Fuel of War
    Futuremark SystemInfo
    Google Chrome
    Google Toolbar for Internet Explorer
    Google Update Helper
    HOMEFRONT
    HydraVision
    HyperCam 2
    HyperCam Toolbar
    Java Auto Updater
    Java(TM) 6 Update 24
    Just Cause 2
    LCDSirReal - a multipurpose plugin for the Logitech G13/G15
    Left 4 Dead 2
    LG Internet Kit
    LG USB Modem Drivers
    liteCAM Evaluation
    Mafia II
    Magic DVD Ripper V5.5.0
    Malwarebytes' Anti-Malware
    Medal of Honor (TM)
    Microsoft .NET Framework 1.1
    Microsoft Corporation
    Microsoft Games for Windows - LIVE
    Microsoft Games for Windows - LIVE Redistributable
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Excel MUI (Dutch) 2007
    Microsoft Office Home and Student 2007
    Microsoft Office OneNote MUI (Dutch) 2007
    Microsoft Office PowerPoint MUI (Dutch) 2007
    Microsoft Office Proof (Dutch) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (German) 2007
    Microsoft Office Proofing (Dutch) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Shared MUI (Dutch) 2007
    Microsoft Office Word MUI (Dutch) 2007
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    MSI Afterburner 2.0.0
    MSVCRT
    Natural Mod
    Need for Speedâ„¢ SHIFT
    Nexon Game Manager
    NVIDIA PhysX
    OF Dragon Rising
    Pando Media Booster
    PHPNukeDU Toolbar
    PunkBuster Services
    QuickTime
    RealPlayer
    Realtek 8136 8168 8169 Ethernet Driver
    Realtek High Definition Audio Driver
    RealUpgrade 1.0
    Red Faction Guerrilla
    Registry Reviver
    RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition
    ROCCAT Kone Mouse Driver
    RS2Bot
    RuneScape Toolbar
    S.T.A.L.K.E.R. - Call of Pripyat [v1.6.02]
    Safari
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2288931)
    Security Update for 2007 Microsoft Office System (KB2289158)
    Security Update for 2007 Microsoft Office System (KB2344875)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Security Update for Microsoft Office Excel 2007 (KB2345035)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office PowerPoint 2007 (KB982158)
    Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2344993)
    silentc0re Toolbar
    Skype Toolbars
    Skypeâ„¢ 4.2
    SpeedFan (remove only)
    Steam
    SwiftKit
    Tansee iPhone Copy
    TeamSpeak 3 Client
    TeamViewer 5
    The Lord of the Rings FREE Trial
    TurboV
    TuxGuitar
    Ubisoft Game Launcher
    Uninstall 1.0.0.1
    Update for 2007 Microsoft Office System (KB2284654)
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
    Update for Microsoft Office OneNote 2007 (KB980729)
    Update voor Microsoft Office Excel 2007 Help (KB963678)
    Update voor Microsoft Office Powerpoint 2007 Help (KB963669)
    Update voor Microsoft Office Word 2007 Help (KB963665)
    Vindictus
    Visual C++ 8.0 Runtime Setup Package (x64)
    VLC media player 1.1.4
    VoiceOver Kit
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Installer
    Windows Live Messenger
    Windows Live Movie Maker
    Windows Live OneCare safety scanner
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live Sync
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Media Player Firefox Plugin
    WinZip 14.5
    World of Warcraft
    Xfire (remove only)
    XfireXO Toolbar
    .
    ==== End Of File ===========================
     
    Crossed,
    #1
  2. 2011/04/14
    Admin.

    Admin. Administrator Administrator Staff

    Joined:
    2001/12/30
    Messages:
    6,687
    Likes Received:
    107
    Admin.,
    #2


  3. to hide this advert.

  4. 2011/04/14
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Welcome aboard :)

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    =====================================================

    Your MBAM log says "No action taken" after each line.
    Re-run MBAM, fix all issues and post fresh log.

    MBRCheck log is incomplete.
    Please, repost.

    Uninstall Registry Reviver.
    Registry cleaners/optimizers are not recommended for several reasons:

    • Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable.

      The Windows registry is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The registry is a crucial component because it is where Windows "remembers" all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively small changes done incorrectly can render the system inoperable. For a more detailed explanation, read Understanding The Registry.
    • Not all registry cleaners are created equal. There are a number of them available but they do not all work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad entry ". One cleaner may find entries on your system that will not cause problems when removed, another may not find the same entries, and still another may want to remove entries required for a program to work.
    • Not all registry cleaners create a backup of the registry before making changes. If the changes prevent the system from booting up, then there is no backup available to restore it in order to regain functionality. A backup of the registry is essential BEFORE making any changes to the registry.
    • Improperly removing registry entries can hamper malware disinfection and make the removal process more difficult if your computer becomes infected. For example, removing malware related registry entries before the infection is properly identified can contribute to system instability and even make the malware undetectable to removal tools.
    • The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in "unpredictable results ".
    Unless you have a particular problem that requires a registry edit to correct it, I would suggest you leave the registry alone. Using registry cleaning tools unnecessarily or incorrectly could lead to disastrous effects on your operating system such as preventing it from ever starting again. For routine use, the benefits to your computer are negligible while the potential risks are great.

     
    broni,
    #3
Thread Status:
Not open for further replies.

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...