1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Inactive Win7 Freezing/Crashing Issues

Discussion in 'Malware and Virus Removal Archive' started by andrewsauce32, 2013/01/13.

  1. 2013/01/13
    andrewsauce32

    andrewsauce32 Inactive Thread Starter

    Joined:
    2009/06/23
    Messages:
    82
    Likes Received:
    0
    [Inactive] Win7 Freezing/Crashing Issues

    Lately my laptop has been progressively getting slower and slower for no determinable reason until last night when it actually crashed on me. There are no heat issues to speak of or anything of that nature, so the only possible explanation is that somehow there's malware or there's another hardware component that is the culprit. Either way, I feel that it would be best to double check to make sure it's not a virus before I start looking at hardware possibilities. Here are the logs:

    Malwarebytes Anti-Malware 1.70.0.1100
    www.malwarebytes.org

    Database version: v2013.01.13.01

    Windows 7 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Andrew :: ANDREW-PC [administrator]

    1/12/2013 11:09:32 PM
    mbam-log-2013-01-12 (23-09-32).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 212286
    Time elapsed: 4 minute(s), 17 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)


    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 1.6.0_29
    Run by Andrew at 23:52:31 on 2013-01-12
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4029.2359 [GMT -5:00]
    .
    AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
    SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    c:\Program Files\Microsoft Security Client\MsMpEng.exe
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\WLANExt.exe
    C:\Windows\system32\atieclxx.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
    C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Windows\SysWOW64\PnkBstrA.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\IDT\WDM\sttray64.exe
    C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
    C:\Windows\system32\wuauclt.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.dell.com
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    uRun: [Facebook Update] "C:\Users\Andrew\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
    uRun: [Google Update] "C:\Users\Andrew\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    uRun: [LightShot] C:\Users\Andrew\AppData\Local\Skillbrains\lightshot\LightShot.exe Flags: uninsdeletevalue
    mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe "
    mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe "
    mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
    mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    uPolicies-Explorer: NoDrives = dword:0
    mPolicies-Explorer: NoDrives = dword:0
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    mPolicies-System: PromptOnSecureDesktop = dword:0
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    TCP: NameServer = 192.168.1.254
    TCP: Interfaces\{B48799EB-773E-4161-8BB6-F9EEE62576FC} : DHCPNameServer = 192.168.1.254
    TCP: Interfaces\{B48799EB-773E-4161-8BB6-F9EEE62576FC}\3507C6966666E65647 : DHCPNameServer = 192.168.0.1
    TCP: Interfaces\{B48799EB-773E-4161-8BB6-F9EEE62576FC}\751697E6560254E6475627072796375637 : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{B48799EB-773E-4161-8BB6-F9EEE62576FC}\841627C65697 : DHCPNameServer = 24.247.15.53 66.189.0.100 24.178.162.3
    TCP: Interfaces\{B48799EB-773E-4161-8BB6-F9EEE62576FC}\84F4D454D283732323 : DHCPNameServer = 75.75.76.76 75.75.75.75
    TCP: Interfaces\{B48799EB-773E-4161-8BB6-F9EEE62576FC}\8616D6D65627 : DHCPNameServer = 75.75.76.76 75.75.75.75
    TCP: Interfaces\{BD2841D6-9BF9-428B-AAC6-FA1940731B16} : DHCPNameServer = 148.61.1.10 148.61.1.15
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
    SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
    x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
    x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
    x64-Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe
    x64-Run: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
    x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
    x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
    x64-DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    x64-DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
    x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
    x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
    x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\0e8aolfu.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://fastestwebsearch.com/search?q={searchTerms}
    FF - prefs.js: browser.search.selectedEngine - Fastest
    FF - prefs.js: keyword.URL - hxxp://fastestwebsearch.com/search?q=
    FF - plugin: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npRLCT4Player.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\nprpplugin.dll
    FF - plugin: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll
    FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
    FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
    FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
    FF - plugin: C:\Users\Andrew\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
    FF - plugin: C:\Users\Andrew\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
    FF - plugin: C:\Users\Andrew\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
    FF - plugin: C:\Users\Andrew\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2012-8-30 228768]
    R0 stdflt;Disk Filter Driver for Accelerometer;C:\Windows\System32\drivers\stdflt.sys [2011-4-29 18792]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-8-7 236544]
    R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-8-29 2369960]
    R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-4-29 13336]
    R2 InstallFilterService;FF Install Filter Service;C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe [2011-4-29 60928]
    R2 rimspci;rimspci;C:\Windows\System32\drivers\rimspe64.sys [2011-4-24 60416]
    R2 risdpcie;risdpcie;C:\Windows\System32\drivers\risdpe64.sys [2011-4-24 80896]
    R2 rixdpcie;rixdpcie;C:\Windows\System32\drivers\rixdpe64.sys [2011-4-24 55808]
    R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2009-11-2 13784]
    R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-4-29 2320920]
    R3 Acceler;Accelerometer Service;C:\Windows\System32\drivers\Acceler.sys [2011-4-24 23912]
    R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2011-9-28 172704]
    R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2011-4-24 56344]
    R3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers\NETw5s64.sys [2009-9-15 6952960]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-4-24 239616]
    R3 WinRing0_1_2_0;WinRing0_1_2_0;C:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [2012-11-13 14544]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
    S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2009-9-21 315664]
    S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2011-4-27 128456]
    S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-9-12 368896]
    S3 TurboBoost;TurboBoost;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2009-11-2 126352]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-5-1 1255736]
    .
    =============== Created Last 30 ================
    .
    2013-01-11 19:38:47 9125352 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C8979315-FCC2-41C4-A570-0A3DA0738C6A}\mpengine.dll
    2013-01-10 01:14:16 9125352 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2013-01-09 14:52:45 2001408 ----a-w- C:\Windows\System32\msxml6.dll
    2013-01-09 14:52:44 1880064 ----a-w- C:\Windows\System32\msxml3.dll
    2013-01-09 14:52:43 1388544 ----a-w- C:\Windows\SysWow64\msxml6.dll
    2013-01-09 14:52:42 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
    2013-01-09 14:52:38 751104 ----a-w- C:\Windows\System32\win32spl.dll
    2013-01-09 14:52:38 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll
    2013-01-09 14:51:55 307200 ----a-w- C:\Windows\System32\ncrypt.dll
    2013-01-09 14:51:55 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
    2013-01-09 02:58:01 3147264 ----a-w- C:\Windows\System32\win32k.sys
    2013-01-07 06:00:03 -------- d-----w- C:\Program Files\CCleaner
    2012-12-21 12:39:46 46080 ----a-w- C:\Windows\System32\atmlib.dll
    2012-12-21 12:39:46 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
    2012-12-21 12:39:45 367616 ----a-w- C:\Windows\System32\atmfd.dll
    2012-12-21 12:39:44 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
    2012-12-16 11:39:36 -------- d-----w- C:\Users\Andrew\AppData\Local\Razer
    .
    ==================== Find3M ====================
    .
    2012-12-14 21:49:28 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2012-11-14 06:11:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll
    2012-11-14 06:04:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
    2012-11-14 06:02:49 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
    2012-11-14 05:57:46 599040 ----a-w- C:\Windows\System32\vbscript.dll
    2012-11-14 05:57:35 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
    2012-11-14 05:52:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2012-11-14 02:09:22 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2012-11-14 01:58:15 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2012-11-14 01:57:37 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
    2012-11-14 01:49:25 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2012-11-14 01:48:27 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
    2012-11-14 01:44:42 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2012-11-09 05:34:27 2048 ----a-w- C:\Windows\System32\tzres.dll
    2012-11-09 04:49:37 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
    2012-11-02 05:27:51 478208 ----a-w- C:\Windows\System32\dpnet.dll
    2012-11-02 04:48:28 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll
    2011-09-28 02:15:27 213 ----a-w- C:\Program Files (x86)\0JO79HDO.bat
    .
    ============= FINISH: 23:53:06.63 ===============


    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 4/29/2011 3:26:45 PM
    System Uptime: 1/12/2013 10:43:57 PM (1 hours ago)
    .
    Motherboard: Dell Inc. | |
    Processor: Intel(R) Core(TM) i7 CPU Q 740 @ 1.73GHz | U2E1 | 919/133mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 456 GiB total, 293.898 GiB free.
    D: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Hamachi Network Interface
    Device ID: ROOT\NET\0000
    Manufacturer: LogMeIn, Inc.
    Name: Hamachi Network Interface
    PNP Device ID: ROOT\NET\0000
    Service: hamachi
    .
    ==== System Restore Points ===================
    .
    RP289: 1/8/2013 10:29:21 AM - Windows Update
    RP290: 1/9/2013 3:00:15 AM - Windows Update
    RP291: 1/9/2013 5:47:12 AM - Windows Update
    RP292: 1/10/2013 8:12:42 AM - Windows Update
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    7-Zip 9.20
    Accelerometer
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 11 Plugin
    Advanced Audio FX Engine
    AMD Catalyst Install Manager
    Amnesia: The Dark Descent
    ASIO4ALL
    ATI Catalyst Control Center
    Bastion
    Blacklight: Retribution
    BlueJ 3.0.5
    Borderlands
    Call of Duty: Modern Warfare 3
    Call of Duty: Modern Warfare 3 - Multiplayer
    Catalyst Control Center - Branding
    Catalyst Control Center Core Implementation
    Catalyst Control Center Graphics Full Existing
    Catalyst Control Center Graphics Full New
    Catalyst Control Center Graphics Light
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center Graphics Previews Vista
    Catalyst Control Center InstallProxy
    Catalyst Control Center Localization All
    ccc-core-static
    ccc-utility64
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCleaner
    Chivalry: Medieval Warfare
    Creation Kit
    Dead Island
    Dell Edoc Viewer
    Dell Touchpad
    Dell Webcam Central
    DFOLauncher
    Doom Builder 2.1
    ESET Online Scanner v3
    Facebook Video Calling 1.2.0.287
    FL Studio 10
    Foxit Reader 5.0
    Fraps (remove only)
    GIMP 2.6.11
    Google Chrome
    Google Talk Plugin
    IL Download Manager
    Intel PROSet Wireless
    Intel(R) Control Center
    Intel(R) Management Engine Components
    Intel(R) PROSet/Wireless WiFi Software
    Intel(R) Rapid Storage Technology
    Intel(R) Turbo Boost Technology Monitor
    Java Auto Updater
    Java(TM) 6 Update 24 (64-bit)
    Java(TM) 6 Update 29
    Java(TM) 7 (64-bit)
    Java(TM) SE Development Kit 7 (64-bit)
    Juniper Networks Setup Client
    Killing Floor
    League of Legends
    Left 4 Dead 2
    lightshot-3.2.0.0
    Live! Cam Avatar Creator
    LogMeIn Hamachi
    Magicka
    Malwarebytes Anti-Malware version 1.70.0.1100
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office Office 64-bit Components 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared 64-bit MUI (English) 2007
    Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Security Client
    Microsoft Security Essentials
    Microsoft Silverlight
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft XNA Framework Redistributable 3.1
    Microsoft XNA Framework Redistributable 4.0
    MinGW-Get version 0.5-beta-20120426-1
    Mozilla Firefox 14.0.1 (x86 en-US)
    Mozilla Maintenance Service
    Nation Red
    Notepad++
    NVIDIA PhysX
    Portal
    Portal 2
    PunkBuster Services
    Quickset64
    Razer Game Booster
    Realm of the Mad God
    RealNetworks - Microsoft Visual C++ 2008 Runtime
    RealPlayer
    RealUpgrade 1.1
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
    Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
    Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
    Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
    Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
    Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
    Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
    Skins
    Skulltag
    Skype Click to Call
    Skypeâ„¢ 5.10
    SlimDX Redistributable (March 2009)
    Source Filmmaker
    Steam
    Super Meat Boy
    System Requirements Lab CYRI
    System Requirements Lab Test
    tConfig version 0.24
    Terraria
    Terraria Game Launcher GUI version 1.3
    The Binding Of Isaac
    The Elder Scrolls V: Skyrim
    Torchlight II
    Torchlight II Demo
    Universe Sandbox
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
    Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
    Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
    Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2760586) 32-Bit Edition
    .
    ==== Event Viewer Messages From Past Week ========
    .
    1/7/2013 9:48:42 AM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
    1/7/2013 9:48:42 AM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.
    1/12/2013 4:17:24 AM, Error: Service Control Manager [7043] - The Windows Update service did not shut down properly after receiving a preshutdown control.
    1/12/2013 11:11:11 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.141.3725.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9002.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
    1/12/2013 11:11:11 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.141.3725.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9002.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
    .
    ==== End Of File ===========================
     
    andrewsauce32,
    #1
  2. 2013/01/13
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    =========================

    • Download RogueKiller on the desktop
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    ==========================

    Download Malwarebytes Anti-Rootkit (MBAR) from HERE
    • Unzip downloaded file.
    • Open the folder where the contents were unzipped and run mbar.exe
    • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
    • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
    • Wait while the system shuts down and the cleanup process is performed.
    • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
    • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt
     
    broni,
    #2


  3. to hide this advert.

  4. 2013/01/13
    andrewsauce32

    andrewsauce32 Inactive Thread Starter

    Joined:
    2009/06/23
    Messages:
    82
    Likes Received:
    0
    RogueKiller V8.4.3 [Jan 10 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website : http://tigzy.geekstogo.com/roguekiller.php
    Blog : http://tigzyrk.blogspot.com/

    Operating System : Windows 7 (6.1.7600 ) 64 bits version
    Started in : Normal mode
    User : Andrew [Admin rights]
    Mode : Scan -- Date : 01/13/2013 20:35:49

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 9 ¤¤¤
    [RUN][SUSP PATH] HKCU\[...]\Run : LightShot (C:\Users\Andrew\AppData\Local\Skillbrains\lightshot\LightShot.exe Flags: uninsdeletevalue) -> FOUND
    [RUN][SUSP PATH] HKUS\S-1-5-21-1987761003-789301958-314390376-1001[...]\Run : LightShot (C:\Users\Andrew\AppData\Local\Skillbrains\lightshot\LightShot.exe Flags: uninsdeletevalue) -> FOUND
    [Services][ROGUE ST] HKLM\[...]\ControlSet001\Services\X6va006 (C:\Users\Andrew\AppData\Local\Temp\0064230.tmp) -> FOUND
    [Services][ROGUE ST] HKLM\[...]\ControlSet002\Services\X6va006 (C:\Users\Andrew\AppData\Local\Temp\0064230.tmp) -> FOUND
    [TASK][SUSP PATH] {5A349245-C7E2-4B0C-859D-E6CA0426CA34} : C:\Users\Andrew\Desktop\VisualBoyAdvance-1.8.0-beta3\VisualBoyAdvance.exe -> FOUND
    [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
    [HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [NOT LOADED] ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts

    127.0.0.1 localhost


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: TOSHIBA MK5056GSY +++++
    --- User ---
    [MBR] 6d0cb1d8964ac57d8bf51589254cc461
    [BSP] 7f74d5ea8afb0c76626a81171dd67a8f : Windows 7/8 MBR Code
    Partition table:
    0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 125 Mo
    1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 262144 | Size: 10116 Mo
    2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 20979712 | Size: 466692 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[1]_S_01132013_02d2035.txt >>
    RKreport[1]_S_01132013_02d2035.txt



    RogueKiller V8.4.3 [Jan 10 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website : http://tigzy.geekstogo.com/roguekiller.php
    Blog : http://tigzyrk.blogspot.com/

    Operating System : Windows 7 (6.1.7600 ) 64 bits version
    Started in : Normal mode
    User : Andrew [Admin rights]
    Mode : Remove -- Date : 01/13/2013 20:36:38

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 7 ¤¤¤
    [RUN][SUSP PATH] HKCU\[...]\Run : LightShot (C:\Users\Andrew\AppData\Local\Skillbrains\lightshot\LightShot.exe Flags: uninsdeletevalue) -> DELETED
    [Services][ROGUE ST] HKLM\[...]\ControlSet001\Services\X6va006 (C:\Users\Andrew\AppData\Local\Temp\0064230.tmp) -> DELETED
    [Services][ROGUE ST] HKLM\[...]\ControlSet002\Services\X6va006 (C:\Users\Andrew\AppData\Local\Temp\0064230.tmp) -> DELETED
    [TASK][SUSP PATH] {5A349245-C7E2-4B0C-859D-E6CA0426CA34} : C:\Users\Andrew\Desktop\VisualBoyAdvance-1.8.0-beta3\VisualBoyAdvance.exe -> DELETED
    [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [NOT LOADED] ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts

    127.0.0.1 localhost


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: TOSHIBA MK5056GSY +++++
    --- User ---
    [MBR] 6d0cb1d8964ac57d8bf51589254cc461
    [BSP] 7f74d5ea8afb0c76626a81171dd67a8f : Windows 7/8 MBR Code
    Partition table:
    0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 125 Mo
    1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 262144 | Size: 10116 Mo
    2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 20979712 | Size: 466692 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[2]_D_01132013_02d2036.txt >>
    RKreport[1]_S_01132013_02d2035.txt ; RKreport[2]_D_01132013_02d2036.txt



    Malwarebytes Anti-Rootkit BETA 1.01.0.1016
    www.malwarebytes.org

    Database version: v2013.01.13.09

    Windows 7 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Andrew :: ANDREW-PC [administrator]

    1/13/2013 8:49:13 PM
    mbar-log-2013-01-13 (20-49-13).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
    Scan options disabled:
    Objects scanned: 27875
    Time elapsed: 10 minute(s), 11 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)


    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.01.0.1016

    (c) Malwarebytes Corporation 2011-2012

    OS version: 6.1.7600 Windows 7 x64

    Account is Administrative

    Internet Explorer version: 9.0.8112.16421

    Java version: 1.6.0_29

    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED
    CPU speed: 1.729000 GHz
    Memory total: 4224225280, free: 2603847680

    ------------ Kernel report ------------
    01/13/2013 20:38:34
    ------------ Loaded modules -----------
    \SystemRoot\system32\ntoskrnl.exe
    \SystemRoot\system32\hal.dll
    \SystemRoot\system32\kdcom.dll
    \SystemRoot\system32\mcupdate_GenuineIntel.dll
    \SystemRoot\system32\PSHED.dll
    \SystemRoot\system32\CLFS.SYS
    \SystemRoot\system32\CI.dll
    \SystemRoot\system32\drivers\Wdf01000.sys
    \SystemRoot\system32\drivers\WDFLDR.SYS
    \SystemRoot\system32\DRIVERS\ACPI.sys
    \SystemRoot\system32\DRIVERS\WMILIB.SYS
    \SystemRoot\system32\DRIVERS\msisadrv.sys
    \SystemRoot\system32\DRIVERS\pci.sys
    \SystemRoot\system32\DRIVERS\vdrvroot.sys
    \SystemRoot\System32\drivers\partmgr.sys
    \SystemRoot\system32\DRIVERS\compbatt.sys
    \SystemRoot\system32\DRIVERS\BATTC.SYS
    \SystemRoot\system32\DRIVERS\volmgr.sys
    \SystemRoot\System32\drivers\volmgrx.sys
    \SystemRoot\System32\drivers\mountmgr.sys
    \SystemRoot\system32\DRIVERS\iaStor.sys
    \SystemRoot\system32\DRIVERS\amdxata.sys
    \SystemRoot\system32\drivers\fltmgr.sys
    \SystemRoot\system32\drivers\fileinfo.sys
    \SystemRoot\system32\DRIVERS\MpFilter.sys
    \SystemRoot\System32\Drivers\Ntfs.sys
    \SystemRoot\System32\Drivers\msrpc.sys
    \SystemRoot\System32\Drivers\ksecdd.sys
    \SystemRoot\System32\Drivers\cng.sys
    \SystemRoot\System32\drivers\pcw.sys
    \SystemRoot\System32\Drivers\Fs_Rec.sys
    \SystemRoot\system32\drivers\ndis.sys
    \SystemRoot\system32\drivers\NETIO.SYS
    \SystemRoot\System32\Drivers\ksecpkg.sys
    \SystemRoot\System32\drivers\tcpip.sys
    \SystemRoot\System32\drivers\fwpkclnt.sys
    \SystemRoot\system32\drivers\volsnap.sys
    \SystemRoot\system32\DRIVERS\stdflt.sys
    \SystemRoot\System32\Drivers\spldr.sys
    \SystemRoot\System32\drivers\rdyboost.sys
    \SystemRoot\System32\Drivers\mup.sys
    \SystemRoot\System32\drivers\hwpolicy.sys
    \SystemRoot\System32\DRIVERS\fvevol.sys
    \SystemRoot\system32\DRIVERS\disk.sys
    \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
    \SystemRoot\system32\DRIVERS\cdrom.sys
    \SystemRoot\System32\Drivers\Null.SYS
    \SystemRoot\System32\Drivers\Beep.SYS
    \SystemRoot\System32\drivers\vga.sys
    \SystemRoot\System32\drivers\VIDEOPRT.SYS
    \SystemRoot\System32\drivers\watchdog.sys
    \SystemRoot\System32\DRIVERS\RDPCDD.sys
    \SystemRoot\system32\drivers\rdpencdd.sys
    \SystemRoot\system32\drivers\rdprefmp.sys
    \SystemRoot\System32\Drivers\Msfs.SYS
    \SystemRoot\System32\Drivers\Npfs.SYS
    \SystemRoot\system32\DRIVERS\tdx.sys
    \SystemRoot\system32\DRIVERS\TDI.SYS
    \SystemRoot\system32\drivers\afd.sys
    \SystemRoot\System32\DRIVERS\netbt.sys
    \SystemRoot\system32\drivers\ws2ifsl.sys
    \SystemRoot\system32\DRIVERS\wfplwf.sys
    \SystemRoot\system32\DRIVERS\pacer.sys
    \SystemRoot\system32\DRIVERS\vwififlt.sys
    \SystemRoot\system32\DRIVERS\netbios.sys
    \SystemRoot\system32\DRIVERS\wanarp.sys
    \SystemRoot\system32\DRIVERS\termdd.sys
    \SystemRoot\system32\DRIVERS\rdbss.sys
    \SystemRoot\system32\drivers\nsiproxy.sys
    \SystemRoot\system32\DRIVERS\mssmbios.sys
    \SystemRoot\System32\drivers\discache.sys
    \SystemRoot\System32\Drivers\dfsc.sys
    \SystemRoot\system32\DRIVERS\blbdrive.sys
    \SystemRoot\system32\DRIVERS\tunnel.sys
    \SystemRoot\system32\DRIVERS\atikmpag.sys
    \SystemRoot\system32\DRIVERS\atikmdag.sys
    \SystemRoot\System32\drivers\dxgkrnl.sys
    \SystemRoot\System32\drivers\dxgmms1.sys
    \SystemRoot\system32\DRIVERS\HDAudBus.sys
    \SystemRoot\system32\DRIVERS\HECIx64.sys
    \SystemRoot\system32\DRIVERS\usbehci.sys
    \SystemRoot\system32\DRIVERS\USBPORT.SYS
    \SystemRoot\system32\DRIVERS\NETw5s64.sys
    \SystemRoot\system32\DRIVERS\vwifibus.sys
    \SystemRoot\system32\DRIVERS\risdpe64.sys
    \SystemRoot\system32\DRIVERS\rimspe64.sys
    \SystemRoot\system32\DRIVERS\rixdpe64.sys
    \SystemRoot\system32\DRIVERS\1394ohci.sys
    \SystemRoot\system32\DRIVERS\Rt64win7.sys
    \SystemRoot\system32\DRIVERS\i8042prt.sys
    \SystemRoot\system32\DRIVERS\kbdclass.sys
    \SystemRoot\system32\DRIVERS\SynTP.sys
    \SystemRoot\system32\DRIVERS\USBD.SYS
    \SystemRoot\system32\DRIVERS\mouclass.sys
    \SystemRoot\system32\DRIVERS\Acceler.sys
    \SystemRoot\system32\DRIVERS\intelppm.sys
    \SystemRoot\system32\DRIVERS\wmiacpi.sys
    \SystemRoot\system32\DRIVERS\CmBatt.sys
    \SystemRoot\system32\DRIVERS\CompositeBus.sys
    \SystemRoot\system32\DRIVERS\AgileVpn.sys
    \SystemRoot\system32\DRIVERS\rasl2tp.sys
    \SystemRoot\system32\DRIVERS\ndistapi.sys
    \SystemRoot\system32\DRIVERS\ndiswan.sys
    \SystemRoot\system32\DRIVERS\raspppoe.sys
    \SystemRoot\system32\DRIVERS\raspptp.sys
    \SystemRoot\system32\DRIVERS\rassstp.sys
    \SystemRoot\system32\DRIVERS\swenum.sys
    \SystemRoot\system32\DRIVERS\ks.sys
    \SystemRoot\system32\DRIVERS\umbus.sys
    \SystemRoot\system32\DRIVERS\usbhub.sys
    \SystemRoot\System32\Drivers\NDProxy.SYS
    \SystemRoot\system32\drivers\AtiHdmi.sys
    \SystemRoot\system32\drivers\portcls.sys
    \SystemRoot\system32\drivers\drmk.sys
    \SystemRoot\system32\drivers\ksthunk.sys
    \SystemRoot\system32\DRIVERS\stwrt64.sys
    \SystemRoot\System32\win32k.sys
    \SystemRoot\System32\drivers\Dxapi.sys
    \SystemRoot\System32\Drivers\crashdmp.sys
    \SystemRoot\System32\Drivers\dump_iaStor.sys
    \SystemRoot\System32\Drivers\dump_dumpfve.sys
    \SystemRoot\system32\DRIVERS\usbccgp.sys
    \SystemRoot\System32\Drivers\usbvideo.sys
    \SystemRoot\system32\DRIVERS\CtClsFlt.sys
    \SystemRoot\system32\DRIVERS\hidusb.sys
    \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    \SystemRoot\system32\DRIVERS\mouhid.sys
    \SystemRoot\System32\TSDDD.dll
    \SystemRoot\System32\cdd.dll
    \SystemRoot\system32\drivers\luafv.sys
    \SystemRoot\system32\drivers\WudfPf.sys
    \SystemRoot\system32\DRIVERS\lltdio.sys
    \SystemRoot\system32\DRIVERS\nwifi.sys
    \SystemRoot\system32\DRIVERS\ndisuio.sys
    \SystemRoot\system32\DRIVERS\rspndr.sys
    \SystemRoot\system32\DRIVERS\TurboB.sys
    \SystemRoot\system32\drivers\HTTP.sys
    \SystemRoot\system32\DRIVERS\bowser.sys
    \SystemRoot\System32\drivers\mpsdrv.sys
    \SystemRoot\system32\DRIVERS\mrxsmb.sys
    \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    \SystemRoot\system32\drivers\peauth.sys
    \SystemRoot\System32\Drivers\secdrv.SYS
    \SystemRoot\System32\DRIVERS\srvnet.sys
    \SystemRoot\System32\drivers\tcpipreg.sys
    \SystemRoot\System32\DRIVERS\srv2.sys
    \SystemRoot\System32\DRIVERS\srv.sys
    \SystemRoot\system32\DRIVERS\vwifimp.sys
    \SystemRoot\System32\Drivers\fastfat.SYS
    \??\C:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys
    \??\C:\Users\Andrew\AppData\Local\Temp\aswMBR.sys
    \SystemRoot\system32\DRIVERS\monitor.sys
    \??\C:\Windows\system32\drivers\mbamchameleon.sys
    \??\C:\Windows\system32\drivers\mbamswissarmy.sys
    \Windows\System32\ntdll.dll
    \Windows\System32\smss.exe
    \Windows\System32\apisetschema.dll
    \Windows\System32\autochk.exe
    \Windows\System32\normaliz.dll
    \Windows\System32\rpcrt4.dll
    \Windows\System32\oleaut32.dll
    \Windows\System32\user32.dll
    \Windows\System32\urlmon.dll
    \Windows\System32\kernel32.dll
    \Windows\System32\shlwapi.dll
    \Windows\System32\imagehlp.dll
    \Windows\System32\wininet.dll
    \Windows\System32\msctf.dll
    \Windows\System32\nsi.dll
    \Windows\System32\msvcrt.dll
    \Windows\System32\clbcatq.dll
    \Windows\System32\ole32.dll
    \Windows\System32\sechost.dll
    \Windows\System32\lpk.dll
    \Windows\System32\comdlg32.dll
    \Windows\System32\iertutil.dll
    \Windows\System32\usp10.dll
    \Windows\System32\setupapi.dll
    \Windows\System32\ws2_32.dll
    \Windows\System32\psapi.dll
    \Windows\System32\imm32.dll
    \Windows\System32\Wldap32.dll
    \Windows\System32\gdi32.dll
    \Windows\System32\difxapi.dll
    \Windows\System32\shell32.dll
    \Windows\System32\advapi32.dll
    \Windows\System32\devobj.dll
    \Windows\System32\crypt32.dll
    \Windows\System32\wintrust.dll
    \Windows\System32\KernelBase.dll
    \Windows\System32\cfgmgr32.dll
    \Windows\System32\comctl32.dll
    \Windows\System32\msasn1.dll
    \Windows\SysWOW64\normaliz.dll
    ----------- End -----------
    <<<1>>>
    Upper Device Name: \Device\Harddisk0\DR0
    Upper Device Object: 0xfffffa8004ded060
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\Ide\IAAStorageDevice-1\
    Lower Device Object: 0xfffffa8004b0b050
    Lower Device Driver Name: \Driver\iaStor\
    Driver name found: iaStor
    Initialization returned 0x0
    Load Function returned 0x0
    Downloaded database version: v2013.01.13.09
    Initializing...
    Done!
    <<<2>>>
    Device number: 0, partition: 3
    Physical Sector Size: 512
    Drive: 0, DevicePointer: 0xfffffa8004ded060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xfffffa8004dedb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xfffffa8004ded060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    DevicePointer: 0xfffffa8004caaaf0, DeviceName: Unknown, DriverName: \Driver\stdflt\
    DevicePointer: 0xfffffa8004b0b050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
    ------------ End ----------
    Upper DeviceData: 0xfffff8a00dc1c4b0, 0xfffffa8004ded060, 0xfffffa800fcb9190
    Lower DeviceData: 0xfffff8a016fa5420, 0xfffffa8004b0b050, 0xfffffa8004bdfb00
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Scanning directory: C:\Windows\system32\drivers...
    Done!
    Drive 0
    Scanning MBR on drive 0...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: E0000000

    Partition information:

    Partition 0 type is Other (0xde)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 63 Numsec = 256977

    Partition 1 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 262144 Numsec = 20717568
    Partition file system is NTFS
    Partition is bootable

    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 20979712 Numsec = 955785216

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Disk Size: 500107862016 bytes
    Sector size: 512 bytes

    Scanning physical sectors of unpartitioned space on drive 0 (1-62-976753168-976773168)...
    Done!
    Performing system, memory and registry scan...
    Done!
    Scan finished
    =======================================
     
    andrewsauce32,
    #3
  5. 2013/01/13
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    I don't see anything malicious there.
    I suggest you start new topic in Windows forum.
     
    broni,
    #4
  6. 2013/01/13
    andrewsauce32

    andrewsauce32 Inactive Thread Starter

    Joined:
    2009/06/23
    Messages:
    82
    Likes Received:
    0
    All right, thank you for your time Broni. :)
     
    andrewsauce32,
    #5
  7. 2013/01/13
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    You're very welcome [​IMG]
     
    broni,
    #6

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...