Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Search Search
Search for:
Tech Support Guy > > >

Solved: Trojan.agent svchost.exe


(!)

huynh619's Avatar
huynh619 huynh619 is offline
Member with 11 posts.
THREAD STARTER
 
Join Date: Nov 2012
19-Nov-2012, 07:40 AM #1
Trojan.agent svchost.exe
Hello,

I have a custom built computer and lately it would lag a couple of time a day, I had Norton anti virus(full) and would do a full scan and find a few viruses and it would automatically delete it but it wouldn't fix the lag problem I been having. So I tried to use system restore using an system image I had but when I did that at least 80% of the window files was deleted and the pc was basically unusable, so I had to re-install window 7 to get it back to normal and instead of downloading norton again i instead download Malwarebytes anti-malware (trial) and Microsoft Security Essentials. The Malwarebytes anti-malware program found a virus called Trojan.agent svchost.exe and the program would delete it but everytime i restart my computer it would reappear. I have looked online to figure out a way to completely remove it but so far I haven't found a solution.

Any advice would be greatly appreciated.


I'm not sure if this will help but heres a save log from the last virus scan with Malwarebytes

Malwarebytes Anti-Malware (Trial) 1.65.1.1000
www.malwarebytes.org

Database version: v2012.11.19.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Jim Huynh :: JIMHUYNH-PC [administrator]

Protection: Enabled

11/18/2012 4:30:35 AM
mbam-log-2012-11-18 (04-30-35).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 325472
Time elapsed: 5 minute(s), 15 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.

(end)
kevinf80's Avatar
kevinf80   (Kevin) kevinf80 is offline kevinf80 is authorized to help remove malware. kevinf80 has a Profile Picture
Computer Specs
Malware Removal Specialist with 9,708 posts.
 
Join Date: Mar 2006
Location: Sunderland UK
Experience: Intermediate
19-Nov-2012, 08:42 AM #2
Run the following:

1. Download Malwarebytes Anti-Rootkit from this link http://www.malwarebytes.org/products/mbar/
2. Unzip the File to a convenient location. (Recommend the Desktop)
3. Open the folder where the contents were unzipped to run mbar.exe



4. Double-click on the mbar.exe file, you may receive a User Account Control prompt asking if you are sure you wish to allow the program to run. Please allow the program to run and MBAR will now start to install any necessary drivers that are required for the program to operate correctly. If a rootkit is interfering with the installation of the drivers you will see a message that states that the DDA driver was not installed and that you should reboot your computer to install it. You will see this image:



5. If you receive this message, please click on the Yes button and Malwarebytes Anti-Rootkit will now restart your computer. Once the computer is rebooted and you login, MBAR will automatically start and you will now be at the start screen. (If no Rootkit warning you will go from step 4 to 6.)

6. The following image opens, select Next.



7. The following image opens, select Update



8. When the Update completes, select Next



9. In the following window ensure "Targets" are ticked. Then select "Scan"



10. If an infection/s is found the "Cleanup Button" to remove threats will be available. A list of infected files will be listed like the following example:



11. Do not select the "Clean up Button" select the "Exit" button, there will be a warning as follows:



12. Select "Yes" to close down the program. If NO infections were found you will see the following image:



13. Select "Exit" to close down.
14. Copy and paste the two following logs from the mbar folder:

System - log
Mbar - log Date and time of scan will also be shown



Post those two logs in your reply.

Kevin
huynh619's Avatar
huynh619 huynh619 is offline
Member with 11 posts.
THREAD STARTER
 
Join Date: Nov 2012
19-Nov-2012, 01:16 PM #3
Thank you for your help.

mbar-log

Malwarebytes Anti-Rootkit 1.1.0.1009
www.malwarebytes.org

Database version: v2012.11.19.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Jim Huynh :: JIMHUYNH-PC [administrator]

11/18/2012 10:13:22 AM
mbar-log-2012-11-18 (10-13-22).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: PUP | PUM | P2P
Objects scanned: 25056
Time elapsed: 2 minute(s), 1 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 4
C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Bootstrap_0_0_57_infected.mbam (Unknown Rootkit VBR Infection) -> Delete on reboot. []
C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\MBR_0_infected.mbam (Unknown Rootkit VBR Infection) -> Delete on reboot. [a6a337c50906b24e95c37b08a6129273]
C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Sector_0_250069423_user.mbam (Forged physical sector) -> Delete on reboot. [8240dd042845ebed5e91aabb51877474]
C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot. [ac45eec9075647efc142a3dd966ca060]

(end)


System-log

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1009

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 8.0.7601.17514

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED
CPU speed: 3.430000 GHz
Memory total: 8549941248, free: 6154276864

------------ Kernel report ------------
11/18/2012 10:09:43
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\system32\DRIVERS\iusb3hcs.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\DRIVERS\iaStor.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\DRIVERS\mvs91xx.sys
\SystemRoot\system32\DRIVERS\storport.sys
\SystemRoot\system32\DRIVERS\mvxxmm.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\DRIVERS\MpFilter.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\AppleCharger.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\iusb3xhc.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\HECIx64.sys
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\xhcdrv.sys
\SystemRoot\system32\drivers\cmudaxp.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\L1C62x64.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\nvhda64v.sys
\SystemRoot\system32\DRIVERS\iusb3hub.sys
\SystemRoot\system32\DRIVERS\ViaHub3.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\drivers\usbaudio.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\??\C:\Windows\system32\drivers\mbam.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\NisDrvWFP.sys
\??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{7D4E2BC1-DA11-4CEC-90FE-6402611EEEAF}\MpKsldbecfe27.sys
\??\C:\Windows\gdrv.sys
\??\C:\Windows\GVTDrv64.sys
\SystemRoot\system32\drivers\spsys.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa8007794060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-2\
Lower Device Object: 0xfffffa800750c050
Lower Device Driver Name: \Driver\iaStor\
Extracting driver name by original object failed
Driver name found: iaStor
DriverEntry returned 0x0
Function returned 0x0
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8007793060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-1\
Lower Device Object: 0xfffffa8007508050
Lower Device Driver Name: \00000136\
Driver name found: iaStor
Downloaded database version: v2012.11.19.07
Downloaded database version: v2012.11.15.02
Initializing...
Done!
Scanning directory: C:\Windows\system32\drivers...
<<<2>>>
Device number: 0, partition: 2
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8007793060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8007793b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8007793060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8007175ba0, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa8007508050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \00000136\
------------ End ----------
Upper DeviceData: 0xfffff8a00d42b5c0, 0xfffffa8007793060, 0xfffffa800f763210
Lower DeviceData: 0xfffff8a012391430, 0xfffffa8007508050, 0xfffffa800f6fa510
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
MBR is forged!
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: D57C8D07

Partition information:

Partition 0 type is Empty (0x0)
Partition is ACTIVE.
Partition starts at LBA: 57 Numsec = 0
Partition is not bootable
Infected: VBR on Empty active partition --> [Unknown Rootkit VBR Infection]
Changing partition to empty and not active. New active partition is 0 on drive 0 ...

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 204800
Partition file system is NTFS
Partition is bootable

Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 206848 Numsec = 249860096

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

MBR infection found on drive 0
Disk Size: 128035676160 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-56-250049680-250069680)...
Sector 250069423 --> [Forged physical sector]
Sector 250069424 --> [Forged physical sector]
Sector 250069425 --> [Forged physical sector]
Sector 250069426 --> [Forged physical sector]
Sector 250069427 --> [Forged physical sector]
Sector 250069428 --> [Forged physical sector]
Sector 250069429 --> [Forged physical sector]
Sector 250069430 --> [Forged physical sector]
Sector 250069431 --> [Forged physical sector]
Sector 250069432 --> [Forged physical sector]
Sector 250069433 --> [Forged physical sector]
Sector 250069434 --> [Forged physical sector]
Sector 250069435 --> [Forged physical sector]
Sector 250069436 --> [Forged physical sector]
Sector 250069437 --> [Forged physical sector]
Sector 250069438 --> [Forged physical sector]
Sector 250069439 --> [Forged physical sector]
Sector 250069440 --> [Forged physical sector]
Sector 250069441 --> [Forged physical sector]
Sector 250069442 --> [Forged physical sector]
Sector 250069443 --> [Forged physical sector]
Sector 250069444 --> [Forged physical sector]
Sector 250069445 --> [Forged physical sector]
Sector 250069446 --> [Forged physical sector]
Sector 250069447 --> [Forged physical sector]
Sector 250069448 --> [Forged physical sector]
Sector 250069449 --> [Forged physical sector]
Sector 250069450 --> [Forged physical sector]
Sector 250069451 --> [Forged physical sector]
Sector 250069452 --> [Forged physical sector]
Sector 250069453 --> [Forged physical sector]
Sector 250069454 --> [Forged physical sector]
Sector 250069455 --> [Forged physical sector]
Sector 250069456 --> [Forged physical sector]
Sector 250069457 --> [Forged physical sector]
Sector 250069458 --> [Forged physical sector]
Sector 250069459 --> [Forged physical sector]
Sector 250069460 --> [Forged physical sector]
Sector 250069461 --> [Forged physical sector]
Sector 250069462 --> [Forged physical sector]
Sector 250069463 --> [Forged physical sector]
Sector 250069464 --> [Forged physical sector]
Sector 250069465 --> [Forged physical sector]
Sector 250069466 --> [Forged physical sector]
Sector 250069467 --> [Forged physical sector]
Sector 250069468 --> [Forged physical sector]
Sector 250069469 --> [Forged physical sector]
Sector 250069470 --> [Forged physical sector]
Sector 250069471 --> [Forged physical sector]
Sector 250069472 --> [Forged physical sector]
Sector 250069473 --> [Forged physical sector]
Sector 250069474 --> [Forged physical sector]
Sector 250069475 --> [Forged physical sector]
Sector 250069476 --> [Forged physical sector]
Sector 250069477 --> [Forged physical sector]
Sector 250069478 --> [Forged physical sector]
Sector 250069479 --> [Forged physical sector]
Sector 250069480 --> [Forged physical sector]
Sector 250069481 --> [Forged physical sector]
Sector 250069482 --> [Forged physical sector]
Sector 250069483 --> [Forged physical sector]
Sector 250069484 --> [Forged physical sector]
Sector 250069485 --> [Forged physical sector]
Sector 250069486 --> [Forged physical sector]
Sector 250069487 --> [Forged physical sector]
Sector 250069488 --> [Forged physical sector]
Sector 250069489 --> [Forged physical sector]
Sector 250069490 --> [Forged physical sector]
Sector 250069491 --> [Forged physical sector]
Sector 250069492 --> [Forged physical sector]
Sector 250069493 --> [Forged physical sector]
Sector 250069494 --> [Forged physical sector]
Sector 250069495 --> [Forged physical sector]
Sector 250069496 --> [Forged physical sector]
Sector 250069497 --> [Forged physical sector]
Sector 250069498 --> [Forged physical sector]
Sector 250069499 --> [Forged physical sector]
Sector 250069500 --> [Forged physical sector]
Sector 250069501 --> [Forged physical sector]
Sector 250069502 --> [Forged physical sector]
Sector 250069503 --> [Forged physical sector]
Sector 250069504 --> [Forged physical sector]
Sector 250069505 --> [Forged physical sector]
Sector 250069506 --> [Forged physical sector]
Sector 250069507 --> [Forged physical sector]
Sector 250069508 --> [Forged physical sector]
Sector 250069509 --> [Forged physical sector]
Sector 250069510 --> [Forged physical sector]
Sector 250069511 --> [Forged physical sector]
Sector 250069512 --> [Forged physical sector]
Sector 250069513 --> [Forged physical sector]
Sector 250069514 --> [Forged physical sector]
Sector 250069515 --> [Forged physical sector]
Sector 250069516 --> [Forged physical sector]
Sector 250069517 --> [Forged physical sector]
Sector 250069518 --> [Forged physical sector]
Sector 250069519 --> [Forged physical sector]
Sector 250069520 --> [Forged physical sector]
Sector 250069521 --> [Forged physical sector]
Sector 250069522 --> [Forged physical sector]
Sector 250069523 --> [Forged physical sector]
Sector 250069524 --> [Forged physical sector]
Sector 250069525 --> [Forged physical sector]
Sector 250069526 --> [Forged physical sector]
Sector 250069527 --> [Forged physical sector]
Sector 250069528 --> [Forged physical sector]
Sector 250069529 --> [Forged physical sector]
Sector 250069530 --> [Forged physical sector]
Sector 250069531 --> [Forged physical sector]
Sector 250069532 --> [Forged physical sector]
Sector 250069533 --> [Forged physical sector]
Sector 250069534 --> [Forged physical sector]
Sector 250069535 --> [Forged physical sector]
Sector 250069536 --> [Forged physical sector]
Sector 250069537 --> [Forged physical sector]
Sector 250069538 --> [Forged physical sector]
Sector 250069539 --> [Forged physical sector]
Sector 250069540 --> [Forged physical sector]
Sector 250069541 --> [Forged physical sector]
Sector 250069542 --> [Forged physical sector]
Sector 250069543 --> [Forged physical sector]
Sector 250069544 --> [Forged physical sector]
Sector 250069545 --> [Forged physical sector]
Sector 250069546 --> [Forged physical sector]
Sector 250069547 --> [Forged physical sector]
Sector 250069548 --> [Forged physical sector]
Sector 250069549 --> [Forged physical sector]
Sector 250069550 --> [Forged physical sector]
Sector 250069551 --> [Forged physical sector]
Sector 250069552 --> [Forged physical sector]
Sector 250069553 --> [Forged physical sector]
Sector 250069554 --> [Forged physical sector]
Sector 250069555 --> [Forged physical sector]
Sector 250069556 --> [Forged physical sector]
Sector 250069557 --> [Forged physical sector]
Sector 250069558 --> [Forged physical sector]
Sector 250069559 --> [Forged physical sector]
Sector 250069560 --> [Forged physical sector]
Sector 250069561 --> [Forged physical sector]
Sector 250069562 --> [Forged physical sector]
Sector 250069563 --> [Forged physical sector]
Sector 250069564 --> [Forged physical sector]
Sector 250069565 --> [Forged physical sector]
Sector 250069566 --> [Forged physical sector]
Sector 250069567 --> [Forged physical sector]
Sector 250069568 --> [Forged physical sector]
Sector 250069569 --> [Forged physical sector]
Sector 250069570 --> [Forged physical sector]
Sector 250069571 --> [Forged physical sector]
Sector 250069572 --> [Forged physical sector]
Sector 250069573 --> [Forged physical sector]
Sector 250069574 --> [Forged physical sector]
Sector 250069575 --> [Forged physical sector]
Sector 250069576 --> [Forged physical sector]
Sector 250069577 --> [Forged physical sector]
Sector 250069578 --> [Forged physical sector]
Sector 250069579 --> [Forged physical sector]
Sector 250069580 --> [Forged physical sector]
Sector 250069581 --> [Forged physical sector]
Sector 250069582 --> [Forged physical sector]
Sector 250069583 --> [Forged physical sector]
Sector 250069584 --> [Forged physical sector]
Sector 250069585 --> [Forged physical sector]
Sector 250069586 --> [Forged physical sector]
Sector 250069587 --> [Forged physical sector]
Sector 250069588 --> [Forged physical sector]
Sector 250069589 --> [Forged physical sector]
Sector 250069590 --> [Forged physical sector]
Sector 250069591 --> [Forged physical sector]
Sector 250069592 --> [Forged physical sector]
Sector 250069593 --> [Forged physical sector]
Sector 250069594 --> [Forged physical sector]
Sector 250069595 --> [Forged physical sector]
Sector 250069596 --> [Forged physical sector]
Sector 250069597 --> [Forged physical sector]
Sector 250069598 --> [Forged physical sector]
Sector 250069599 --> [Forged physical sector]
Sector 250069600 --> [Forged physical sector]
Sector 250069601 --> [Forged physical sector]
Sector 250069602 --> [Forged physical sector]
Sector 250069603 --> [Forged physical sector]
Sector 250069604 --> [Forged physical sector]
Sector 250069605 --> [Forged physical sector]
Sector 250069606 --> [Forged physical sector]
Sector 250069607 --> [Forged physical sector]
Sector 250069608 --> [Forged physical sector]
Sector 250069609 --> [Forged physical sector]
Sector 250069610 --> [Forged physical sector]
Sector 250069611 --> [Forged physical sector]
Sector 250069612 --> [Forged physical sector]
Sector 250069613 --> [Forged physical sector]
Sector 250069614 --> [Forged physical sector]
Sector 250069615 --> [Forged physical sector]
Sector 250069616 --> [Forged physical sector]
Sector 250069617 --> [Forged physical sector]
Sector 250069618 --> [Forged physical sector]
Sector 250069619 --> [Forged physical sector]
Sector 250069620 --> [Forged physical sector]
Sector 250069621 --> [Forged physical sector]
Sector 250069622 --> [Forged physical sector]
Sector 250069623 --> [Forged physical sector]
Sector 250069624 --> [Forged physical sector]
Sector 250069625 --> [Forged physical sector]
Sector 250069626 --> [Forged physical sector]
Sector 250069627 --> [Forged physical sector]
Sector 250069628 --> [Forged physical sector]
Sector 250069629 --> [Forged physical sector]
Sector 250069630 --> [Forged physical sector]
Sector 250069631 --> [Forged physical sector]
Sector 250069632 --> [Forged physical sector]
Sector 250069633 --> [Forged physical sector]
Sector 250069634 --> [Forged physical sector]
Sector 250069635 --> [Forged physical sector]
Sector 250069636 --> [Forged physical sector]
Sector 250069637 --> [Forged physical sector]
Sector 250069638 --> [Forged physical sector]
Sector 250069639 --> [Forged physical sector]
Sector 250069640 --> [Forged physical sector]
Sector 250069641 --> [Forged physical sector]
Sector 250069642 --> [Forged physical sector]
Sector 250069643 --> [Forged physical sector]
Sector 250069644 --> [Forged physical sector]
Sector 250069645 --> [Forged physical sector]
Sector 250069646 --> [Forged physical sector]
Sector 250069647 --> [Forged physical sector]
Sector 250069648 --> [Forged physical sector]
Sector 250069649 --> [Forged physical sector]
Sector 250069650 --> [Forged physical sector]
Sector 250069651 --> [Forged physical sector]
Sector 250069652 --> [Forged physical sector]
Sector 250069653 --> [Forged physical sector]
Sector 250069654 --> [Forged physical sector]
Sector 250069655 --> [Forged physical sector]
Sector 250069656 --> [Forged physical sector]
Sector 250069657 --> [Forged physical sector]
Sector 250069658 --> [Forged physical sector]
Sector 250069659 --> [Forged physical sector]
Sector 250069660 --> [Forged physical sector]
Sector 250069661 --> [Forged physical sector]
Sector 250069662 --> [Forged physical sector]
Sector 250069663 --> [Forged physical sector]
Sector 250069664 --> [Forged physical sector]
Sector 250069665 --> [Forged physical sector]
Sector 250069666 --> [Forged physical sector]
Sector 250069667 --> [Forged physical sector]
Sector 250069668 --> [Forged physical sector]
Sector 250069669 --> [Forged physical sector]
Sector 250069670 --> [Forged physical sector]
Sector 250069671 --> [Forged physical sector]
Sector 250069672 --> [Forged physical sector]
Sector 250069673 --> [Forged physical sector]
Sector 250069674 --> [Forged physical sector]
Sector 250069675 --> [Forged physical sector]
Sector 250069676 --> [Forged physical sector]
Sector 250069677 --> [Forged physical sector]
Sector 250069678 --> [Forged physical sector]
Sector 250069679 --> [Forged physical sector]
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xfffffa8007794060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8007794b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8007794060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8007503d90, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa800750c050, DeviceName: \Device\Ide\IAAStorageDevice-2\, DriverName: \Driver\iaStor\
------------ End ----------
Upper DeviceData: 0xfffff8a00ecd3620, 0xfffffa8007794060, 0xfffffa800f958570
Lower DeviceData: 0xfffff8a012490500, 0xfffffa800750c050, 0xfffffa800f9e8520
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 4552B264

Partition information:

Partition 0 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 2048 Numsec = 1953519616

Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 1000204886016 bytes
Sector size: 512 bytes

Done!
Performing system, memory and registry scan...
Infected: C:\Windows\svchost.exe --> [Trojan.Agent]
Done!
Scan finished
=======================================
kevinf80's Avatar
kevinf80   (Kevin) kevinf80 is offline kevinf80 is authorized to help remove malware. kevinf80 has a Profile Picture
Computer Specs
Malware Removal Specialist with 9,708 posts.
 
Join Date: Mar 2006
Location: Sunderland UK
Experience: Intermediate
19-Nov-2012, 02:01 PM #4
1. Open the mbar folder once more, run mbar.exe



2. Double-click on the mbar.exe file, you may receive a User Account Control prompt asking if you are sure you wish to allow the program to run. Please allow the program to run and MBAR will now start to install any necessary drivers that are required for the program to operate correctly. If a rootkit is interfering with the installation of the drivers you will see a message that states that the DDA driver was not installed and that you should reboot your computer to install it. You will see this image:



3. If you receive this message, please click on the Yes button and Malwarebytes Anti-Rootkit will now restart your computer. Once the computer is rebooted and you login, MBAR will automatically start and you will now be at the start screen. (If no Rootkit warning you will go from step 4 to 6.)

4. The following image opens, select Next.



5. The following image opens, select Update



6. When the update completes select Next.



7. In the following window ensure "Targets" are ticked. Then select "Scan"



8. If an infection/s are found ensure "Create Restore Point" is checked, then select the "Cleanup Button" to remove threats. Or if you are sure any entries should not be kept, just untick them.



9. The Clean up procedure will be Scheduled for process.



10. When scheduling is complete the following image will appear,



11. Select the Yes tab, the system should re-boot to complete the cleaning process.

12. Let me know how your system now responds. Copy and paste the two following logs from the mbar folder:

System - log
Mbar - log Date and time of scan will also be shown, (copy/paste the most recent by date/time)



Thanks,

Kevin...
huynh619's Avatar
huynh619 huynh619 is offline
Member with 11 posts.
THREAD STARTER
 
Join Date: Nov 2012
19-Nov-2012, 02:14 PM #5
mbar-log

Malwarebytes Anti-Rootkit 1.1.0.1009
www.malwarebytes.org

Database version: v2012.11.19.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Jim Huynh :: JIMHUYNH-PC [administrator]

11/18/2012 11:09:49 AM
mbar-log-2012-11-18 (11-09-49).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: PUP | PUM | P2P
Objects scanned: 25111
Time elapsed: 1 minute(s), 52 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 4
C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Bootstrap_0_0_57_infected.mbam (Rootkit.Pihar.c.MBR) -> Delete on reboot. []
C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\MBR_0_infected.mbam (Rootkit.Pihar.c.MBR) -> Delete on reboot. [a6a337c50906b24e95c37b08a6129273]
C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Sector_0_250069423_user.mbam (Forged physical sector) -> Delete on reboot. [8240dd042845ebed5e91aabb51877474]
C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot. [28c9942306570b2be649c1bfa65ce11f]

(end)


system-log

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1009

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 8.0.7601.17514

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED
CPU speed: 3.430000 GHz
Memory total: 8549941248, free: 6154276864

------------ Kernel report ------------
11/18/2012 10:09:43
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\system32\DRIVERS\iusb3hcs.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\DRIVERS\iaStor.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\DRIVERS\mvs91xx.sys
\SystemRoot\system32\DRIVERS\storport.sys
\SystemRoot\system32\DRIVERS\mvxxmm.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\DRIVERS\MpFilter.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\AppleCharger.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\iusb3xhc.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\HECIx64.sys
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\xhcdrv.sys
\SystemRoot\system32\drivers\cmudaxp.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\L1C62x64.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\nvhda64v.sys
\SystemRoot\system32\DRIVERS\iusb3hub.sys
\SystemRoot\system32\DRIVERS\ViaHub3.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\drivers\usbaudio.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\??\C:\Windows\system32\drivers\mbam.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\NisDrvWFP.sys
\??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{7D4E2BC1-DA11-4CEC-90FE-6402611EEEAF}\MpKsldbecfe27.sys
\??\C:\Windows\gdrv.sys
\??\C:\Windows\GVTDrv64.sys
\SystemRoot\system32\drivers\spsys.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa8007794060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-2\
Lower Device Object: 0xfffffa800750c050
Lower Device Driver Name: \Driver\iaStor\
Extracting driver name by original object failed
Driver name found: iaStor
DriverEntry returned 0x0
Function returned 0x0
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8007793060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-1\
Lower Device Object: 0xfffffa8007508050
Lower Device Driver Name: \00000136\
Driver name found: iaStor
Downloaded database version: v2012.11.19.07
Downloaded database version: v2012.11.15.02
Initializing...
Done!
Scanning directory: C:\Windows\system32\drivers...
<<<2>>>
Device number: 0, partition: 2
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8007793060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8007793b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8007793060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8007175ba0, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa8007508050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \00000136\
------------ End ----------
Upper DeviceData: 0xfffff8a00d42b5c0, 0xfffffa8007793060, 0xfffffa800f763210
Lower DeviceData: 0xfffff8a012391430, 0xfffffa8007508050, 0xfffffa800f6fa510
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
MBR is forged!
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: D57C8D07

Partition information:

Partition 0 type is Empty (0x0)
Partition is ACTIVE.
Partition starts at LBA: 57 Numsec = 0
Partition is not bootable
Infected: VBR on Empty active partition --> [Unknown Rootkit VBR Infection]
Changing partition to empty and not active. New active partition is 0 on drive 0 ...

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 204800
Partition file system is NTFS
Partition is bootable

Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 206848 Numsec = 249860096

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

MBR infection found on drive 0
Disk Size: 128035676160 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-56-250049680-250069680)...
Sector 250069423 --> [Forged physical sector]
Sector 250069424 --> [Forged physical sector]
Sector 250069425 --> [Forged physical sector]
Sector 250069426 --> [Forged physical sector]
Sector 250069427 --> [Forged physical sector]
Sector 250069428 --> [Forged physical sector]
Sector 250069429 --> [Forged physical sector]
Sector 250069430 --> [Forged physical sector]
Sector 250069431 --> [Forged physical sector]
Sector 250069432 --> [Forged physical sector]
Sector 250069433 --> [Forged physical sector]
Sector 250069434 --> [Forged physical sector]
Sector 250069435 --> [Forged physical sector]
Sector 250069436 --> [Forged physical sector]
Sector 250069437 --> [Forged physical sector]
Sector 250069438 --> [Forged physical sector]
Sector 250069439 --> [Forged physical sector]
Sector 250069440 --> [Forged physical sector]
Sector 250069441 --> [Forged physical sector]
Sector 250069442 --> [Forged physical sector]
Sector 250069443 --> [Forged physical sector]
Sector 250069444 --> [Forged physical sector]
Sector 250069445 --> [Forged physical sector]
Sector 250069446 --> [Forged physical sector]
Sector 250069447 --> [Forged physical sector]
Sector 250069448 --> [Forged physical sector]
Sector 250069449 --> [Forged physical sector]
Sector 250069450 --> [Forged physical sector]
Sector 250069451 --> [Forged physical sector]
Sector 250069452 --> [Forged physical sector]
Sector 250069453 --> [Forged physical sector]
Sector 250069454 --> [Forged physical sector]
Sector 250069455 --> [Forged physical sector]
Sector 250069456 --> [Forged physical sector]
Sector 250069457 --> [Forged physical sector]
Sector 250069458 --> [Forged physical sector]
Sector 250069459 --> [Forged physical sector]
Sector 250069460 --> [Forged physical sector]
Sector 250069461 --> [Forged physical sector]
Sector 250069462 --> [Forged physical sector]
Sector 250069463 --> [Forged physical sector]
Sector 250069464 --> [Forged physical sector]
Sector 250069465 --> [Forged physical sector]
Sector 250069466 --> [Forged physical sector]
Sector 250069467 --> [Forged physical sector]
Sector 250069468 --> [Forged physical sector]
Sector 250069469 --> [Forged physical sector]
Sector 250069470 --> [Forged physical sector]
Sector 250069471 --> [Forged physical sector]
Sector 250069472 --> [Forged physical sector]
Sector 250069473 --> [Forged physical sector]
Sector 250069474 --> [Forged physical sector]
Sector 250069475 --> [Forged physical sector]
Sector 250069476 --> [Forged physical sector]
Sector 250069477 --> [Forged physical sector]
Sector 250069478 --> [Forged physical sector]
Sector 250069479 --> [Forged physical sector]
Sector 250069480 --> [Forged physical sector]
Sector 250069481 --> [Forged physical sector]
Sector 250069482 --> [Forged physical sector]
Sector 250069483 --> [Forged physical sector]
Sector 250069484 --> [Forged physical sector]
Sector 250069485 --> [Forged physical sector]
Sector 250069486 --> [Forged physical sector]
Sector 250069487 --> [Forged physical sector]
Sector 250069488 --> [Forged physical sector]
Sector 250069489 --> [Forged physical sector]
Sector 250069490 --> [Forged physical sector]
Sector 250069491 --> [Forged physical sector]
Sector 250069492 --> [Forged physical sector]
Sector 250069493 --> [Forged physical sector]
Sector 250069494 --> [Forged physical sector]
Sector 250069495 --> [Forged physical sector]
Sector 250069496 --> [Forged physical sector]
Sector 250069497 --> [Forged physical sector]
Sector 250069498 --> [Forged physical sector]
Sector 250069499 --> [Forged physical sector]
Sector 250069500 --> [Forged physical sector]
Sector 250069501 --> [Forged physical sector]
Sector 250069502 --> [Forged physical sector]
Sector 250069503 --> [Forged physical sector]
Sector 250069504 --> [Forged physical sector]
Sector 250069505 --> [Forged physical sector]
Sector 250069506 --> [Forged physical sector]
Sector 250069507 --> [Forged physical sector]
Sector 250069508 --> [Forged physical sector]
Sector 250069509 --> [Forged physical sector]
Sector 250069510 --> [Forged physical sector]
Sector 250069511 --> [Forged physical sector]
Sector 250069512 --> [Forged physical sector]
Sector 250069513 --> [Forged physical sector]
Sector 250069514 --> [Forged physical sector]
Sector 250069515 --> [Forged physical sector]
Sector 250069516 --> [Forged physical sector]
Sector 250069517 --> [Forged physical sector]
Sector 250069518 --> [Forged physical sector]
Sector 250069519 --> [Forged physical sector]
Sector 250069520 --> [Forged physical sector]
Sector 250069521 --> [Forged physical sector]
Sector 250069522 --> [Forged physical sector]
Sector 250069523 --> [Forged physical sector]
Sector 250069524 --> [Forged physical sector]
Sector 250069525 --> [Forged physical sector]
Sector 250069526 --> [Forged physical sector]
Sector 250069527 --> [Forged physical sector]
Sector 250069528 --> [Forged physical sector]
Sector 250069529 --> [Forged physical sector]
Sector 250069530 --> [Forged physical sector]
Sector 250069531 --> [Forged physical sector]
Sector 250069532 --> [Forged physical sector]
Sector 250069533 --> [Forged physical sector]
Sector 250069534 --> [Forged physical sector]
Sector 250069535 --> [Forged physical sector]
Sector 250069536 --> [Forged physical sector]
Sector 250069537 --> [Forged physical sector]
Sector 250069538 --> [Forged physical sector]
Sector 250069539 --> [Forged physical sector]
Sector 250069540 --> [Forged physical sector]
Sector 250069541 --> [Forged physical sector]
Sector 250069542 --> [Forged physical sector]
Sector 250069543 --> [Forged physical sector]
Sector 250069544 --> [Forged physical sector]
Sector 250069545 --> [Forged physical sector]
Sector 250069546 --> [Forged physical sector]
Sector 250069547 --> [Forged physical sector]
Sector 250069548 --> [Forged physical sector]
Sector 250069549 --> [Forged physical sector]
Sector 250069550 --> [Forged physical sector]
Sector 250069551 --> [Forged physical sector]
Sector 250069552 --> [Forged physical sector]
Sector 250069553 --> [Forged physical sector]
Sector 250069554 --> [Forged physical sector]
Sector 250069555 --> [Forged physical sector]
Sector 250069556 --> [Forged physical sector]
Sector 250069557 --> [Forged physical sector]
Sector 250069558 --> [Forged physical sector]
Sector 250069559 --> [Forged physical sector]
Sector 250069560 --> [Forged physical sector]
Sector 250069561 --> [Forged physical sector]
Sector 250069562 --> [Forged physical sector]
Sector 250069563 --> [Forged physical sector]
Sector 250069564 --> [Forged physical sector]
Sector 250069565 --> [Forged physical sector]
Sector 250069566 --> [Forged physical sector]
Sector 250069567 --> [Forged physical sector]
Sector 250069568 --> [Forged physical sector]
Sector 250069569 --> [Forged physical sector]
Sector 250069570 --> [Forged physical sector]
Sector 250069571 --> [Forged physical sector]
Sector 250069572 --> [Forged physical sector]
Sector 250069573 --> [Forged physical sector]
Sector 250069574 --> [Forged physical sector]
Sector 250069575 --> [Forged physical sector]
Sector 250069576 --> [Forged physical sector]
Sector 250069577 --> [Forged physical sector]
Sector 250069578 --> [Forged physical sector]
Sector 250069579 --> [Forged physical sector]
Sector 250069580 --> [Forged physical sector]
Sector 250069581 --> [Forged physical sector]
Sector 250069582 --> [Forged physical sector]
Sector 250069583 --> [Forged physical sector]
Sector 250069584 --> [Forged physical sector]
Sector 250069585 --> [Forged physical sector]
Sector 250069586 --> [Forged physical sector]
Sector 250069587 --> [Forged physical sector]
Sector 250069588 --> [Forged physical sector]
Sector 250069589 --> [Forged physical sector]
Sector 250069590 --> [Forged physical sector]
Sector 250069591 --> [Forged physical sector]
Sector 250069592 --> [Forged physical sector]
Sector 250069593 --> [Forged physical sector]
Sector 250069594 --> [Forged physical sector]
Sector 250069595 --> [Forged physical sector]
Sector 250069596 --> [Forged physical sector]
Sector 250069597 --> [Forged physical sector]
Sector 250069598 --> [Forged physical sector]
Sector 250069599 --> [Forged physical sector]
Sector 250069600 --> [Forged physical sector]
Sector 250069601 --> [Forged physical sector]
Sector 250069602 --> [Forged physical sector]
Sector 250069603 --> [Forged physical sector]
Sector 250069604 --> [Forged physical sector]
Sector 250069605 --> [Forged physical sector]
Sector 250069606 --> [Forged physical sector]
Sector 250069607 --> [Forged physical sector]
Sector 250069608 --> [Forged physical sector]
Sector 250069609 --> [Forged physical sector]
Sector 250069610 --> [Forged physical sector]
Sector 250069611 --> [Forged physical sector]
Sector 250069612 --> [Forged physical sector]
Sector 250069613 --> [Forged physical sector]
Sector 250069614 --> [Forged physical sector]
Sector 250069615 --> [Forged physical sector]
Sector 250069616 --> [Forged physical sector]
Sector 250069617 --> [Forged physical sector]
Sector 250069618 --> [Forged physical sector]
Sector 250069619 --> [Forged physical sector]
Sector 250069620 --> [Forged physical sector]
Sector 250069621 --> [Forged physical sector]
Sector 250069622 --> [Forged physical sector]
Sector 250069623 --> [Forged physical sector]
Sector 250069624 --> [Forged physical sector]
Sector 250069625 --> [Forged physical sector]
Sector 250069626 --> [Forged physical sector]
Sector 250069627 --> [Forged physical sector]
Sector 250069628 --> [Forged physical sector]
Sector 250069629 --> [Forged physical sector]
Sector 250069630 --> [Forged physical sector]
Sector 250069631 --> [Forged physical sector]
Sector 250069632 --> [Forged physical sector]
Sector 250069633 --> [Forged physical sector]
Sector 250069634 --> [Forged physical sector]
Sector 250069635 --> [Forged physical sector]
Sector 250069636 --> [Forged physical sector]
Sector 250069637 --> [Forged physical sector]
Sector 250069638 --> [Forged physical sector]
Sector 250069639 --> [Forged physical sector]
Sector 250069640 --> [Forged physical sector]
Sector 250069641 --> [Forged physical sector]
Sector 250069642 --> [Forged physical sector]
Sector 250069643 --> [Forged physical sector]
Sector 250069644 --> [Forged physical sector]
Sector 250069645 --> [Forged physical sector]
Sector 250069646 --> [Forged physical sector]
Sector 250069647 --> [Forged physical sector]
Sector 250069648 --> [Forged physical sector]
Sector 250069649 --> [Forged physical sector]
Sector 250069650 --> [Forged physical sector]
Sector 250069651 --> [Forged physical sector]
Sector 250069652 --> [Forged physical sector]
Sector 250069653 --> [Forged physical sector]
Sector 250069654 --> [Forged physical sector]
Sector 250069655 --> [Forged physical sector]
Sector 250069656 --> [Forged physical sector]
Sector 250069657 --> [Forged physical sector]
Sector 250069658 --> [Forged physical sector]
Sector 250069659 --> [Forged physical sector]
Sector 250069660 --> [Forged physical sector]
Sector 250069661 --> [Forged physical sector]
Sector 250069662 --> [Forged physical sector]
Sector 250069663 --> [Forged physical sector]
Sector 250069664 --> [Forged physical sector]
Sector 250069665 --> [Forged physical sector]
Sector 250069666 --> [Forged physical sector]
Sector 250069667 --> [Forged physical sector]
Sector 250069668 --> [Forged physical sector]
Sector 250069669 --> [Forged physical sector]
Sector 250069670 --> [Forged physical sector]
Sector 250069671 --> [Forged physical sector]
Sector 250069672 --> [Forged physical sector]
Sector 250069673 --> [Forged physical sector]
Sector 250069674 --> [Forged physical sector]
Sector 250069675 --> [Forged physical sector]
Sector 250069676 --> [Forged physical sector]
Sector 250069677 --> [Forged physical sector]
Sector 250069678 --> [Forged physical sector]
Sector 250069679 --> [Forged physical sector]
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xfffffa8007794060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8007794b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8007794060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8007503d90, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa800750c050, DeviceName: \Device\Ide\IAAStorageDevice-2\, DriverName: \Driver\iaStor\
------------ End ----------
Upper DeviceData: 0xfffff8a00ecd3620, 0xfffffa8007794060, 0xfffffa800f958570
Lower DeviceData: 0xfffff8a012490500, 0xfffffa800750c050, 0xfffffa800f9e8520
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 4552B264

Partition information:

Partition 0 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 2048 Numsec = 1953519616

Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 1000204886016 bytes
Sector size: 512 bytes

Done!
Performing system, memory and registry scan...
Infected: C:\Windows\svchost.exe --> [Trojan.Agent]
Done!
Scan finished
=======================================


---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1009

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 8.0.7601.17514

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED
CPU speed: 3.430000 GHz
Memory total: 8549941248, free: 6132396032

------------ Kernel report ------------
11/18/2012 11:07:04
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\system32\DRIVERS\iusb3hcs.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\DRIVERS\iaStor.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\DRIVERS\mvs91xx.sys
\SystemRoot\system32\DRIVERS\storport.sys
\SystemRoot\system32\DRIVERS\mvxxmm.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\DRIVERS\MpFilter.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\AppleCharger.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\iusb3xhc.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\HECIx64.sys
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\xhcdrv.sys
\SystemRoot\system32\drivers\cmudaxp.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\L1C62x64.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\nvhda64v.sys
\SystemRoot\system32\DRIVERS\iusb3hub.sys
\SystemRoot\system32\DRIVERS\ViaHub3.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\drivers\usbaudio.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\??\C:\Windows\system32\drivers\mbam.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\NisDrvWFP.sys
\??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{7D4E2BC1-DA11-4CEC-90FE-6402611EEEAF}\MpKsldbecfe27.sys
\??\C:\Windows\gdrv.sys
\??\C:\Windows\GVTDrv64.sys
\SystemRoot\system32\drivers\spsys.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa8007794060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-2\
Lower Device Object: 0xfffffa800750c050
Lower Device Driver Name: \Driver\iaStor\
Device already Exists: 0xfffffa800f9e8520
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8007793060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-1\
Lower Device Object: 0xfffffa8007508050
Lower Device Driver Name: \00000136\
Device already Exists: 0xfffffa800f6fa510
Downloaded database version: v2012.11.19.08
Initializing...
Done!
Scanning directory: C:\Windows\system32\drivers...
<<<2>>>
Device number: 0, partition: 2
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8007793060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8007793b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8007793060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8007175ba0, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa8007508050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \00000136\
------------ End ----------
Upper DeviceData: 0xfffff8a0181b7840, 0xfffffa8007793060, 0xfffffa800f763210
Lower DeviceData: 0xfffff8a015f74e70, 0xfffffa8007508050, 0xfffffa800f6fa510
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
MBR is forged!
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: D57C8D07

Partition information:

Partition 0 type is Empty (0x0)
Partition is ACTIVE.
Partition starts at LBA: 57 Numsec = 0
Partition is not bootable
Infected: VBR on Empty active partition --> [Rootkit.Pihar.c.MBR]
Changing partition to empty and not active. New active partition is 0 on drive 0 ...

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 204800
Partition file system is NTFS
Partition is bootable

Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 206848 Numsec = 249860096

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

MBR infection found on drive 0
Disk Size: 128035676160 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-56-250049680-250069680)...
Sector 250069423 --> [Forged physical sector]
Sector 250069424 --> [Forged physical sector]
Sector 250069425 --> [Forged physical sector]
Sector 250069426 --> [Forged physical sector]
Sector 250069427 --> [Forged physical sector]
Sector 250069428 --> [Forged physical sector]
Sector 250069429 --> [Forged physical sector]
Sector 250069430 --> [Forged physical sector]
Sector 250069431 --> [Forged physical sector]
Sector 250069432 --> [Forged physical sector]
Sector 250069433 --> [Forged physical sector]
Sector 250069434 --> [Forged physical sector]
Sector 250069435 --> [Forged physical sector]
Sector 250069436 --> [Forged physical sector]
Sector 250069437 --> [Forged physical sector]
Sector 250069438 --> [Forged physical sector]
Sector 250069439 --> [Forged physical sector]
Sector 250069440 --> [Forged physical sector]
Sector 250069441 --> [Forged physical sector]
Sector 250069442 --> [Forged physical sector]
Sector 250069443 --> [Forged physical sector]
Sector 250069444 --> [Forged physical sector]
Sector 250069445 --> [Forged physical sector]
Sector 250069446 --> [Forged physical sector]
Sector 250069447 --> [Forged physical sector]
Sector 250069448 --> [Forged physical sector]
Sector 250069449 --> [Forged physical sector]
Sector 250069450 --> [Forged physical sector]
Sector 250069451 --> [Forged physical sector]
Sector 250069452 --> [Forged physical sector]
Sector 250069453 --> [Forged physical sector]
Sector 250069454 --> [Forged physical sector]
Sector 250069455 --> [Forged physical sector]
Sector 250069456 --> [Forged physical sector]
Sector 250069457 --> [Forged physical sector]
Sector 250069458 --> [Forged physical sector]
Sector 250069459 --> [Forged physical sector]
Sector 250069460 --> [Forged physical sector]
Sector 250069461 --> [Forged physical sector]
Sector 250069462 --> [Forged physical sector]
Sector 250069463 --> [Forged physical sector]
Sector 250069464 --> [Forged physical sector]
Sector 250069465 --> [Forged physical sector]
Sector 250069466 --> [Forged physical sector]
Sector 250069467 --> [Forged physical sector]
Sector 250069468 --> [Forged physical sector]
Sector 250069469 --> [Forged physical sector]
Sector 250069470 --> [Forged physical sector]
Sector 250069471 --> [Forged physical sector]
Sector 250069472 --> [Forged physical sector]
Sector 250069473 --> [Forged physical sector]
Sector 250069474 --> [Forged physical sector]
Sector 250069475 --> [Forged physical sector]
Sector 250069476 --> [Forged physical sector]
Sector 250069477 --> [Forged physical sector]
Sector 250069478 --> [Forged physical sector]
Sector 250069479 --> [Forged physical sector]
Sector 250069480 --> [Forged physical sector]
Sector 250069481 --> [Forged physical sector]
Sector 250069482 --> [Forged physical sector]
Sector 250069483 --> [Forged physical sector]
Sector 250069484 --> [Forged physical sector]
Sector 250069485 --> [Forged physical sector]
Sector 250069486 --> [Forged physical sector]
Sector 250069487 --> [Forged physical sector]
Sector 250069488 --> [Forged physical sector]
Sector 250069489 --> [Forged physical sector]
Sector 250069490 --> [Forged physical sector]
Sector 250069491 --> [Forged physical sector]
Sector 250069492 --> [Forged physical sector]
Sector 250069493 --> [Forged physical sector]
Sector 250069494 --> [Forged physical sector]
Sector 250069495 --> [Forged physical sector]
Sector 250069496 --> [Forged physical sector]
Sector 250069497 --> [Forged physical sector]
Sector 250069498 --> [Forged physical sector]
Sector 250069499 --> [Forged physical sector]
Sector 250069500 --> [Forged physical sector]
Sector 250069501 --> [Forged physical sector]
Sector 250069502 --> [Forged physical sector]
Sector 250069503 --> [Forged physical sector]
Sector 250069504 --> [Forged physical sector]
Sector 250069505 --> [Forged physical sector]
Sector 250069506 --> [Forged physical sector]
Sector 250069507 --> [Forged physical sector]
Sector 250069508 --> [Forged physical sector]
Sector 250069509 --> [Forged physical sector]
Sector 250069510 --> [Forged physical sector]
Sector 250069511 --> [Forged physical sector]
Sector 250069512 --> [Forged physical sector]
Sector 250069513 --> [Forged physical sector]
Sector 250069514 --> [Forged physical sector]
Sector 250069515 --> [Forged physical sector]
Sector 250069516 --> [Forged physical sector]
Sector 250069517 --> [Forged physical sector]
Sector 250069518 --> [Forged physical sector]
Sector 250069519 --> [Forged physical sector]
Sector 250069520 --> [Forged physical sector]
Sector 250069521 --> [Forged physical sector]
Sector 250069522 --> [Forged physical sector]
Sector 250069523 --> [Forged physical sector]
Sector 250069524 --> [Forged physical sector]
Sector 250069525 --> [Forged physical sector]
Sector 250069526 --> [Forged physical sector]
Sector 250069527 --> [Forged physical sector]
Sector 250069528 --> [Forged physical sector]
Sector 250069529 --> [Forged physical sector]
Sector 250069530 --> [Forged physical sector]
Sector 250069531 --> [Forged physical sector]
Sector 250069532 --> [Forged physical sector]
Sector 250069533 --> [Forged physical sector]
Sector 250069534 --> [Forged physical sector]
Sector 250069535 --> [Forged physical sector]
Sector 250069536 --> [Forged physical sector]
Sector 250069537 --> [Forged physical sector]
Sector 250069538 --> [Forged physical sector]
Sector 250069539 --> [Forged physical sector]
Sector 250069540 --> [Forged physical sector]
Sector 250069541 --> [Forged physical sector]
Sector 250069542 --> [Forged physical sector]
Sector 250069543 --> [Forged physical sector]
Sector 250069544 --> [Forged physical sector]
Sector 250069545 --> [Forged physical sector]
Sector 250069546 --> [Forged physical sector]
Sector 250069547 --> [Forged physical sector]
Sector 250069548 --> [Forged physical sector]
Sector 250069549 --> [Forged physical sector]
Sector 250069550 --> [Forged physical sector]
Sector 250069551 --> [Forged physical sector]
Sector 250069552 --> [Forged physical sector]
Sector 250069553 --> [Forged physical sector]
Sector 250069554 --> [Forged physical sector]
Sector 250069555 --> [Forged physical sector]
Sector 250069556 --> [Forged physical sector]
Sector 250069557 --> [Forged physical sector]
Sector 250069558 --> [Forged physical sector]
Sector 250069559 --> [Forged physical sector]
Sector 250069560 --> [Forged physical sector]
Sector 250069561 --> [Forged physical sector]
Sector 250069562 --> [Forged physical sector]
Sector 250069563 --> [Forged physical sector]
Sector 250069564 --> [Forged physical sector]
Sector 250069565 --> [Forged physical sector]
Sector 250069566 --> [Forged physical sector]
Sector 250069567 --> [Forged physical sector]
Sector 250069568 --> [Forged physical sector]
Sector 250069569 --> [Forged physical sector]
Sector 250069570 --> [Forged physical sector]
Sector 250069571 --> [Forged physical sector]
Sector 250069572 --> [Forged physical sector]
Sector 250069573 --> [Forged physical sector]
Sector 250069574 --> [Forged physical sector]
Sector 250069575 --> [Forged physical sector]
Sector 250069576 --> [Forged physical sector]
Sector 250069577 --> [Forged physical sector]
Sector 250069578 --> [Forged physical sector]
Sector 250069579 --> [Forged physical sector]
Sector 250069580 --> [Forged physical sector]
Sector 250069581 --> [Forged physical sector]
Sector 250069582 --> [Forged physical sector]
Sector 250069583 --> [Forged physical sector]
Sector 250069584 --> [Forged physical sector]
Sector 250069585 --> [Forged physical sector]
Sector 250069586 --> [Forged physical sector]
Sector 250069587 --> [Forged physical sector]
Sector 250069588 --> [Forged physical sector]
Sector 250069589 --> [Forged physical sector]
Sector 250069590 --> [Forged physical sector]
Sector 250069591 --> [Forged physical sector]
Sector 250069592 --> [Forged physical sector]
Sector 250069593 --> [Forged physical sector]
Sector 250069594 --> [Forged physical sector]
Sector 250069595 --> [Forged physical sector]
Sector 250069596 --> [Forged physical sector]
Sector 250069597 --> [Forged physical sector]
Sector 250069598 --> [Forged physical sector]
Sector 250069599 --> [Forged physical sector]
Sector 250069600 --> [Forged physical sector]
Sector 250069601 --> [Forged physical sector]
Sector 250069602 --> [Forged physical sector]
Sector 250069603 --> [Forged physical sector]
Sector 250069604 --> [Forged physical sector]
Sector 250069605 --> [Forged physical sector]
Sector 250069606 --> [Forged physical sector]
Sector 250069607 --> [Forged physical sector]
Sector 250069608 --> [Forged physical sector]
Sector 250069609 --> [Forged physical sector]
Sector 250069610 --> [Forged physical sector]
Sector 250069611 --> [Forged physical sector]
Sector 250069612 --> [Forged physical sector]
Sector 250069613 --> [Forged physical sector]
Sector 250069614 --> [Forged physical sector]
Sector 250069615 --> [Forged physical sector]
Sector 250069616 --> [Forged physical sector]
Sector 250069617 --> [Forged physical sector]
Sector 250069618 --> [Forged physical sector]
Sector 250069619 --> [Forged physical sector]
Sector 250069620 --> [Forged physical sector]
Sector 250069621 --> [Forged physical sector]
Sector 250069622 --> [Forged physical sector]
Sector 250069623 --> [Forged physical sector]
Sector 250069624 --> [Forged physical sector]
Sector 250069625 --> [Forged physical sector]
Sector 250069626 --> [Forged physical sector]
Sector 250069627 --> [Forged physical sector]
Sector 250069628 --> [Forged physical sector]
Sector 250069629 --> [Forged physical sector]
Sector 250069630 --> [Forged physical sector]
Sector 250069631 --> [Forged physical sector]
Sector 250069632 --> [Forged physical sector]
Sector 250069633 --> [Forged physical sector]
Sector 250069634 --> [Forged physical sector]
Sector 250069635 --> [Forged physical sector]
Sector 250069636 --> [Forged physical sector]
Sector 250069637 --> [Forged physical sector]
Sector 250069638 --> [Forged physical sector]
Sector 250069639 --> [Forged physical sector]
Sector 250069640 --> [Forged physical sector]
Sector 250069641 --> [Forged physical sector]
Sector 250069642 --> [Forged physical sector]
Sector 250069643 --> [Forged physical sector]
Sector 250069644 --> [Forged physical sector]
Sector 250069645 --> [Forged physical sector]
Sector 250069646 --> [Forged physical sector]
Sector 250069647 --> [Forged physical sector]
Sector 250069648 --> [Forged physical sector]
Sector 250069649 --> [Forged physical sector]
Sector 250069650 --> [Forged physical sector]
Sector 250069651 --> [Forged physical sector]
Sector 250069652 --> [Forged physical sector]
Sector 250069653 --> [Forged physical sector]
Sector 250069654 --> [Forged physical sector]
Sector 250069655 --> [Forged physical sector]
Sector 250069656 --> [Forged physical sector]
Sector 250069657 --> [Forged physical sector]
Sector 250069658 --> [Forged physical sector]
Sector 250069659 --> [Forged physical sector]
Sector 250069660 --> [Forged physical sector]
Sector 250069661 --> [Forged physical sector]
Sector 250069662 --> [Forged physical sector]
Sector 250069663 --> [Forged physical sector]
Sector 250069664 --> [Forged physical sector]
Sector 250069665 --> [Forged physical sector]
Sector 250069666 --> [Forged physical sector]
Sector 250069667 --> [Forged physical sector]
Sector 250069668 --> [Forged physical sector]
Sector 250069669 --> [Forged physical sector]
Sector 250069670 --> [Forged physical sector]
Sector 250069671 --> [Forged physical sector]
Sector 250069672 --> [Forged physical sector]
Sector 250069673 --> [Forged physical sector]
Sector 250069674 --> [Forged physical sector]
Sector 250069675 --> [Forged physical sector]
Sector 250069676 --> [Forged physical sector]
Sector 250069677 --> [Forged physical sector]
Sector 250069678 --> [Forged physical sector]
Sector 250069679 --> [Forged physical sector]
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xfffffa8007794060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8007794b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8007794060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8007503d90, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa800750c050, DeviceName: \Device\Ide\IAAStorageDevice-2\, DriverName: \Driver\iaStor\
------------ End ----------
Upper DeviceData: 0xfffff8a00f4f8530, 0xfffffa8007794060, 0xfffffa800f958570
Lower DeviceData: 0xfffff8a00d2585c0, 0xfffffa800750c050, 0xfffffa800f9e8520
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 4552B264

Partition information:

Partition 0 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 2048 Numsec = 1953519616

Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 1000204886016 bytes
Sector size: 512 bytes

Done!
Performing system, memory and registry scan...
Infected: C:\Windows\svchost.exe --> [Trojan.Agent]
Done!
Scan finished
Creating System Restore point...
Scheduling clean up...
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Removal scheduling successful. System shutdown needed.
System shutdown occured
=======================================


---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1009

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 8.0.7601.17514

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED
CPU speed: 3.430000 GHz
Memory total: 8549941248, free: 6951264256
kevinf80's Avatar
kevinf80   (Kevin) kevinf80 is offline kevinf80 is authorized to help remove malware. kevinf80 has a Profile Picture
Computer Specs
Malware Removal Specialist with 9,708 posts.
 
Join Date: Mar 2006
Location: Sunderland UK
Experience: Intermediate
19-Nov-2012, 02:35 PM #6
Do the following and post the log.....

Download RogueKiller from here http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe and save direct to your Desktop.
  • Quit all programs
  • Start RogueKiller.exe
  • Wait until Prescan has finished ...
  • You will see the following EULA, select Accept to continue:
  • Ensure all boxes are ticked under "Report" tab.
  • Click on Scan.
  • Click on Report when complete.Copy/paste the content of the report and paste to next reply....



Kevin
huynh619's Avatar
huynh619 huynh619 is offline
Member with 11 posts.
THREAD STARTER
 
Join Date: Nov 2012
19-Nov-2012, 02:38 PM #7
RK Report

RogueKiller V8.3.0 [Nov 18 2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files...3-roguekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Jim Huynh [Admin rights]
Mode : Scan -- Date : 11/18/2012 11:38:08

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 3 ¤¤¤
[RUN][BLACKLISTDLL] HKLM\[...]\Run : Cmaudio8788 (C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cmicnfgp.dll,CMICtrlWnd) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts



¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: OCZ-VERTEX4 +++++
--- User ---
[MBR] a6a337c50906b24e95c37b08a6129273
[BSP] 95a22f125aa5760640cd85aa9c27b0e2 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 122002 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: ST1000DM003-9YN162 +++++
--- User ---
[MBR] 535cb9e8b38fbe8f869c968b37a99b05
[BSP] 3ce3634e1b1e669e65f4e62d15311d8b : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 953867 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1]_S_11182012_02d1138.txt >>
RKreport[1]_S_11182012_02d1138.txt
kevinf80's Avatar
kevinf80   (Kevin) kevinf80 is offline kevinf80 is authorized to help remove malware. kevinf80 has a Profile Picture
Computer Specs
Malware Removal Specialist with 9,708 posts.
 
Join Date: Mar 2006
Location: Sunderland UK
Experience: Intermediate
19-Nov-2012, 02:45 PM #8
I see you have Malwarebytes installed, can you check for updates then run a quick scan. Deal with anything it finds and post the log...

Post log from Malwarebytes, let me know how your system is responding...

Kevin...
huynh619's Avatar
huynh619 huynh619 is offline
Member with 11 posts.
THREAD STARTER
 
Join Date: Nov 2012
19-Nov-2012, 02:49 PM #9
Malwarebytes quick scan

Malwarebytes Anti-Malware (Trial) 1.65.1.1000
www.malwarebytes.org

Database version: v2012.11.19.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Jim Huynh :: JIMHUYNH-PC [administrator]

Protection: Enabled

11/18/2012 11:47:23 AM
mbam-log-2012-11-18 (11-47-23).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 224973
Time elapsed: 35 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
kevinf80's Avatar
kevinf80   (Kevin) kevinf80 is offline kevinf80 is authorized to help remove malware. kevinf80 has a Profile Picture
Computer Specs
Malware Removal Specialist with 9,708 posts.
 
Join Date: Mar 2006
Location: Sunderland UK
Experience: Intermediate
19-Nov-2012, 02:59 PM #10
Double-click RogueKiller.exe to run again. (Vista/7 right-click and select Run as Administrator)
When it opens, press the Scan button
Now click the Registry tab and locate these detections:

[RUN][BLACKLIST DLL] HKLM\[...]\Run : Cmaudio8788 (C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cmicnfgp.dll,CMICtrlWnd) -> FOUND

Place a checkmark against that item
Now press the Delete button.
When it is finished, there will be a log on your desktop called: RKreport[2].txt

Post that log,

Next,

Download and save DDS to your Desktop from either of the following links:

Link 1
Link 2

Double click DDS to run the scan, Vista or Windows 7 user accept UAC alert.
There will be an alert that two logs will be saved to the Desktop, DDS.txt and Attach.txt
Copy and paste those two logs to your reply when the scan is complete....

Post those three logs, tell me if your system has improved...

Kevin....
huynh619's Avatar
huynh619 huynh619 is offline
Member with 11 posts.
THREAD STARTER
 
Join Date: Nov 2012
19-Nov-2012, 03:07 PM #11
RK Report

RogueKiller V8.3.0 [Nov 18 2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files...3-roguekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Jim Huynh [Admin rights]
Mode : Remove -- Date : 11/18/2012 11:46:54

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 3 ¤¤¤
[RUN][BLACKLISTDLL] HKLM\[...]\Run : Cmaudio8788 (C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cmicnfgp.dll,CMICtrlWnd) -> DELETED
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts



¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: OCZ-VERTEX4 +++++
--- User ---
[MBR] a6a337c50906b24e95c37b08a6129273
[BSP] 95a22f125aa5760640cd85aa9c27b0e2 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 122002 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: ST1000DM003-9YN162 +++++
--- User ---
[MBR] 535cb9e8b38fbe8f869c968b37a99b05
[BSP] 3ce3634e1b1e669e65f4e62d15311d8b : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 953867 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2]_D_11182012_02d1146.txt >>
RKreport[1]_S_11182012_02d1138.txt ; RKreport[2]_D_11182012_02d1146.txt


Attach

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-07.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 11/18/2012 1:17:34 AM
System Uptime: 11/18/2012 11:23:45 AM (1 hours ago)
.
Motherboard: Gigabyte Technology Co., Ltd. | | Z77X-UD3H
Processor: Intel(R) Core(TM) i5-3570K CPU @ 3.40GHz | Intel(R) Core(TM) i5-3570K CPU @ 3.40GHz | 2090/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 119 GiB total, 58.774 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 932 GiB total, 742.512 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: USB Camera-B4.09.24.1
Device ID: USB\VID_1415&PID_2000&MI_00\6&13EF8805&0&0000
Manufacturer:
Name: USB Camera-B4.09.24.1
PNP Device ID: USB\VID_1415&PID_2000&MI_00\6&13EF8805&0&0000
Service:
.
==== System Restore Points ===================
.
RP17: 11/18/2012 4:42:55 AM - Windows Update
RP18: 11/18/2012 11:09:57 AM - Malwarebytes Anti-Rootkit Restore Point
RP19: 11/18/2012 11:18:29 AM - Windows Update
RP20: 11/18/2012 11:21:09 AM - Installed Razer Synapse 2.0.
RP21: 11/18/2012 11:21:42 AM - Installed Razer Nostromo.
.
==== Installed Programs ======================
.
@BIOS
Actual Window Manager 7.2
Akamai NetSession Interface
ASUS Xonar DG Audio Driver
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
AutoGreen B12.0206.1
Borderlands 2
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Easy Tune 6 B12.0309.1
EVGA Precision X 3.0.2
Google Chrome
Google Update Helper
Intel(R) Control Center
Intel(R) Management Engine Components
Intel(R) Rapid Storage Technology
Intel(R) USB 3.0 eXtensible Host Controller Driver
Intel® Trusted Connect Service Client
Malwarebytes Anti-Malware version 1.65.1.1000
marvell 91xx driver
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Security Client
Microsoft Security Essentials
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
NVIDIA 3D Vision Controller Driver 301.42
NVIDIA 3D Vision Driver 306.97
NVIDIA Control Panel 306.97
NVIDIA Graphics Driver 306.97
NVIDIA HD Audio Driver 1.3.16.0
NVIDIA Install Application
NVIDIA PhysX
NVIDIA PhysX System Software 9.12.0213
NVIDIA Stereoscopic 3D Driver
NVIDIA Update 1.10.8
NVIDIA Update Components
ON_OFF Charge B11.1102.1
OpenAL
Platform
Razer Nostromo
Razer Synapse 2.0
Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2553322) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2553431) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio Viewer 2010 (KB2597981) 32-Bit Edition
Skype™ 6.0
Steam
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
VIA Platform Device Manager
WinRAR 4.20 (32-bit)
.
==== Event Viewer Messages From Past Week ========
.
11/18/2012 5:01:09 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Visual C++ 2008 Service Pack 1 Redistributable Package (KB2538243).
11/18/2012 4:04:07 AM, Error: Service Control Manager [7001] - The User Profile Service service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error: The dependency service or group failed to start.
11/18/2012 4:04:07 AM, Error: Service Control Manager [7001] - The Remote Procedure Call (RPC) service depends on the RPC Endpoint Mapper service which failed to start because of the following error: The service has not been started.
11/18/2012 4:04:05 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the RPC Endpoint Mapper service, but this action failed with the following error: An instance of the service is already running.
11/18/2012 4:03:15 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Event Log service to connect.
11/18/2012 4:03:15 AM, Error: Service Control Manager [7000] - The Windows Event Log service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/18/2012 4:03:01 AM, Error: Service Control Manager [7001] - The Cryptographic Services service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error: The dependency service or group failed to start.
11/18/2012 4:02:58 AM, Error: Service Control Manager [7001] - The Windows Update service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error: The dependency service or group failed to start.
11/18/2012 4:02:58 AM, Error: Service Control Manager [7001] - The Windows Search service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error: The dependency service or group failed to start.
11/18/2012 4:02:58 AM, Error: Service Control Manager [7001] - The Software Protection service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error: The dependency service or group failed to start.
11/18/2012 4:02:58 AM, Error: Service Control Manager [7001] - The Security Center service depends on the Windows Management Instrumentation service which failed to start because of the following error: The dependency service or group failed to start.
11/18/2012 4:02:58 AM, Error: Service Control Manager [7001] - The Remote Procedure Call (RPC) service depends on the RPC Endpoint Mapper service which failed to start because of the following error: The service has returned a service-specific error code.
11/18/2012 4:02:58 AM, Error: Service Control Manager [7001] - The Intel(R) Rapid Storage Technology service depends on the Windows Management Instrumentation service which failed to start because of the following error: The dependency service or group failed to start.
11/18/2012 4:02:58 AM, Error: Service Control Manager [7001] - The Google Update Service (gupdate) service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error: The dependency service or group failed to start.
11/18/2012 4:02:58 AM, Error: Service Control Manager [7001] - The COM+ Event System service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error: The dependency service or group failed to start.
11/18/2012 4:02:58 AM, Error: Service Control Manager [7001] - The Background Intelligent Transfer Service service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error: The dependency service or group failed to start.
11/18/2012 4:02:15 AM, Error: Service Control Manager [7031] - The Windows Event Log service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/18/2012 4:00:58 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AppleCharger DfsC discache MpFilter NetBIOS NetBT nsiproxy Psched rdbss spldr tdx Wanarpv6 WfpLwf
11/18/2012 4:00:57 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
11/18/2012 4:00:57 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
11/18/2012 4:00:57 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
11/18/2012 4:00:57 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
11/18/2012 4:00:57 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
11/18/2012 4:00:57 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
11/18/2012 4:00:57 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
11/18/2012 4:00:57 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
11/18/2012 4:00:57 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
11/18/2012 4:00:57 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
11/18/2012 2:08:12 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
11/18/2012 2:08:12 AM, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/18/2012 10:08:27 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800705b4: Update Rollup for ActiveX Killbits for Windows 7 for x64-based Systems (KB2736233).
11/18/2012 10:08:27 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800705b4: Update for Windows 7 for x64-based Systems (KB971033).
11/18/2012 10:08:27 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800705b4: Update for Windows 7 for x64-based Systems (KB2761217).
11/18/2012 10:08:27 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800705b4: Update for Windows 7 for x64-based Systems (KB2756822).
11/18/2012 10:08:27 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800705b4: Update for Windows 7 for x64-based Systems (KB2750841).
11/18/2012 10:08:27 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800705b4: Update for Windows 7 for x64-based Systems (KB2749655).
11/18/2012 10:08:27 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800705b4: Update for Windows 7 for x64-based Systems (KB2741355).
11/18/2012 10:08:27 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800705b4: Update for Windows 7 for x64-based Systems (KB2735855).
11/18/2012 10:08:27 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800705b4: Update for Windows 7 for x64-based Systems (KB2732500).
11/18/2012 10:08:27 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800705b4: Update for Windows 7 for x64-based Systems (KB2732059).
11/18/2012 10:08:27 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800705b4: Update for Windows 7 for x64-based Systems (KB2731771).
11/18/2012 10:08:27 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800705b4: Update for Windows 7 for x64-based Systems (KB2729094).
11/18/2012 10:08:27 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800705b4: Update for Windows 7 for x64-based Systems (KB2719857).
11/18/2012 10:08:27 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800705b4: Update for Windows 7 for x64-based Systems (KB2709630).
11/18/2012 10:08:27 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800705b4: Update for Windows 7 for x64-based Systems (KB2699779).
11/18/2012 10:08:27 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800705b4: Update for Windows 7 for x64-based Systems (KB2661254).
11/18/2012 10:08:27 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800705b4: Update for Windows 7 for x64-based Systems (KB2660075).
11/18/2012 10:08:27 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800705b4: Update for Windows 7 for x64-based Systems (KB2647753).
11/18/2012 10:08:27 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800705b4: Update for Windows 7 for x64-based Systems (KB2603229).
11/18/2012 10:08:27 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800705b4: Update for Windows 7 for x64-based Systems (KB2545698).
11/18/2012 10:08:27 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800705b4: Update for Windows 7 for x64-based Systems (KB2541014).
11/18/2012 10:08:27 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800705b4: Update for Windows 7 for x64-based Systems (KB2522422).
11/18/2012 10:08:27 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800705b4: Update for Windows 7 for x64-based Systems (KB2511250).
11/18/2012 10:08:27 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800705b4: Update for Windows 7 for x64-based Systems (KB2506928).
11/18/2012 10:08:27 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800705b4: Update for Windows 7 for x64-based Systems (KB2506014).
11/18/2012 10:08:27 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800705b4: Update for Windows 7 for x64-based Systems (KB2492386).
11/18/2012 10:08:27 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800705b4: Update for Windows 7 for x64-based Systems (KB2488113).
11/18/2012 10:08:27 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800705b4: Update for Windows 7 for x64-based Systems (KB2484033).
11/18/2012 10:08:27 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800705b4: Update for User-Mode Driver Framework version 1.11 for Windows 7 for x64-based Systems (KB2685813).
11/18/2012 10:08:27 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800705b4: Update for Kernel-Mode Driver Framework version 1.11 for Windows 7 for x64-based Systems (KB2685811).
11/18/2012 10:08:27 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800705b4: Update for Internet Explorer 8 Compatibility View List for Windows 7 for x64-based Systems (KB2598845).
11/18/2012 10:08:27 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800705b4: Security Update for Windows 7 for x64-based Systems (KB2743555).
11/18/2012 10:08:27 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800705b4: Security Update for Windows 7 for x64-based Systems (KB2727528).
11/18/2012 10:08:27 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800705b4: Security Update for Windows 7 for x64-based Systems (KB2724197).
11/18/2012 10:08:27 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800705b4: Security Update for Windows 7 for x64-based Systems (KB2719985).
11/18/2012 10:08:27 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800705b4: Security Update for Windows 7 for x64-based Systems (KB2712808).
11/18/2012 10:08:27 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800705b4: Security Update for Windows 7 for x64-based Systems (KB2706045).
11/18/2012 10:08:27 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800705b4: Security Update for Windows 7 for x64-based Systems (KB2705219).
11/18/2012 10:08:27 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800705b4: Security Update for Windows 7 for x64-based Systems (KB2698365).
11/18/2012 10:08:27 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800705b4: Security Update for Windows 7 for x64-based Systems (KB2691442).
11/18/2012 10:08:27 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800705b4: Security Update for Windows 7 for x64-based Systems (KB2690533).
11/18/2012 10:08:27 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800705b4: Security Update for Windows 7 for x64-based Systems (KB2688338).
11/18/2012 10:08:27 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800705b4: Security Update for Windows 7 for x64-based Systems (KB2685939).
11/18/2012 10:08:27 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800705b4: Security Update for Windows 7 for x64-based Systems (KB2676562).
11/18/2012 10:08:27 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800705b4: Security Update for Windows 7 for x64-based Systems (KB2667402).
11/18/2012 10:08:27 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800705b4: Security Update for Windows 7 for x64-based Systems (KB2660649).
11/18/2012 10:08:27 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800705b4: Security Update for Windows 7 for x64-based Systems (KB2659262).
11/18/2012 10:08:27 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800705b4: Security Update for Windows 7 for x64-based Systems (KB2655992).
11/18/2012 10:08:27 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800705b4: Security Update for Windows 7 for x64-based Systems (KB2654428).
11/18/2012 10:08:27 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800705b4: Security Update for Windows 7 for x64-based Systems (KB2653956).
11/18/2012 10:08:27 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800705b4: Security Update for Windows 7 for x64-based Systems (KB2645640).
11/18/2012 10:08:27 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800705b4: Security Update for Windows 7 for x64-based Systems (KB2644615).
11/18/2012 10:08:27 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800705b4: Security Update for Windows 7 for x64-based Systems (KB2620712).
11/18/2012 10:08:27 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800705b4: Security Update for Windows 7 for x64-based Systems (KB2619339).
11/18/2012 10:08:27 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800705b4: Security Update for Windows 7 for x64-based Systems (KB2579686).
11/18/2012 10:08:27 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800705b4: Security Update for Windows 7 for x64-based Systems (KB2570947).
11/18/2012 10:08:27 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800705b4: Security Update for Windows 7 for x64-based Systems (KB2567680).
11/18/2012 10:08:27 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800705b4: Security Update for Windows 7 for x64-based Systems (KB2564958).
11/18/2012 10:08:27 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800705b4: Security Update for Windows 7 for x64-based Systems (KB2544893).
11/18/2012 10:08:27 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800705b4: Security Update for Windows 7 for x64-based Systems (KB2536275).
11/18/2012 10:08:27 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800705b4: Security Update for Windows 7 for x64-based Systems (KB2532531).
11/18/2012 10:08:27 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800705b4: Security Update for Windows 7 for x64-based Systems (KB2511455).
11/18/2012 10:08:27 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800705b4: Security Update for Windows 7 for x64-based Systems (KB2509553).
11/18/2012 10:08:27 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800705b4: Security Update for Windows 7 for x64-based Systems (KB2507618).
11/18/2012 10:08:27 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800705b4: Security Update for Windows 7 for x64-based Systems (KB2506212).
11/18/2012 10:08:27 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800705b4: Security Update for Windows 7 for x64-based Systems (KB2491683).
11/18/2012 10:08:27 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800705b4: Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 SP1 for x64-based Systems (KB2729452).
11/18/2012 10:08:27 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800705b4: Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 SP1 for x64-based Systems (KB2686831).
11/18/2012 10:08:27 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800705b4: Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 SP1 for x64-based Systems (KB2656411).
11/18/2012 10:08:27 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800705b4: Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 SP1 for x64-based Systems (KB2656373).
11/18/2012 10:08:27 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800705b4: Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 SP1 for x64-based Systems (KB2604115).
11/18/2012 10:08:27 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800705b4: Cumulative Security Update for Internet Explorer 8 for Windows 7 for x64-based Systems (KB2744842).
11/18/2012 10:08:26 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800705b4: Update for Windows 7 for x64-based Systems (KB2763523).
11/18/2012 10:08:26 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800705b4: Update for Windows 7 for x64-based Systems (KB2739159).
11/18/2012 10:08:26 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800705b4: Update for Windows 7 for x64-based Systems (KB2718704).
11/18/2012 10:08:26 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800705b4: Update for Windows 7 for x64-based Systems (KB2640148).
11/18/2012 10:08:26 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800705b4: Update for Windows 7 for x64-based Systems (KB2563227).
11/18/2012 10:08:26 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800705b4: Update for Windows 7 for x64-based Systems (KB2552343).
11/18/2012 10:08:26 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800705b4: Update for Windows 7 for x64-based Systems (KB2547666).
11/18/2012 10:08:26 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800705b4: Update for Windows 7 for x64-based Systems (KB2515325).
11/18/2012 10:08:26 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800705b4: Security Update for Windows 7 for x64-based Systems (KB2761226).
11/18/2012 10:08:26 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800705b4: Security Update for Windows 7 for x64-based Systems (KB2658846).
11/18/2012 10:08:26 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800705b4: Security Update for Windows 7 for x64-based Systems (KB2631813).
11/18/2012 10:08:26 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800705b4: Security Update for Windows 7 for x64-based Systems (KB2620704).
11/18/2012 10:08:26 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800705b4: Security Update for Windows 7 for x64-based Systems (KB2585542).
11/18/2012 10:08:26 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800705b4: Security Update for Windows 7 for x64-based Systems (KB2560656).
11/18/2012 10:08:26 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800705b4: Security Update for Windows 7 for x64-based Systems (KB2536276).
11/18/2012 10:08:26 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800705b4: Security Update for Windows 7 for x64-based Systems (KB2479943).
11/18/2012 10:08:26 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800705b4: Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 SP1 for x64-based Systems (KB2656356).
11/18/2012 10:08:26 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800705b4: Security Update for Internet Explorer 8 for Windows 7 for x64-based Systems (KB2544521).
11/18/2012 10:08:26 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800705b4: Cumulative Security Update for ActiveX Killbits for Windows 7 for x64-based Systems (KB2618451).
11/18/2012 10:05:24 AM, Error: Service Control Manager [7023] -
11/18/2012 1:41:00 AM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
11/18/2012 1:40:59 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1005] - Unable to produce a minidump file from the full dump file.
11/18/2012 1:40:59 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffffa800aefabb0, 0x0000000000000000, 0x000000007efa8000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: .
.
==== End Of File ===========================


DDS

DDS (Ver_2012-11-07.01) - NTFS_AMD64
Internet Explorer: 8.0.7601.17514
Run by Jim Huynh at 12:02:17 on 2012-11-18
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8154.5207 [GMT -8:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe
C:\VIA_XHCI\usb3Monitor.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\SysWOW64\HsMgr.exe
C:\Windows\system\HsMgr64.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Users\Jim Huynh\AppData\Local\Akamai\netsession_win.exe
C:\Users\Jim Huynh\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Actual Window Manager\ActualWindowManagerCenter.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files\ASUS Xonar DG Audio\Customapp\ASUSAUDIOCENTER.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\Razer\Nostromo\RazerNostromoSysTray.exe
C:\Program Files (x86)\Actual Window Manager\ActualWindowManagerCenter64.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\NOTEPAD.EXE
c:\Program Files\Microsoft Security Client\MpCmdRun.exe
C:\Windows\system32\taskhost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uProxyOverride = <local>
mWinlogon: Userinit = userinit.exe,
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
uRun: [Akamai NetSession Interface] "C:\Users\Jim Huynh\AppData\Local\Akamai\netsession_win.exe"
uRun: [Actual Window Manager] "C:\Program Files (x86)\Actual Window Manager\ActualWindowManagerCenter.exe"
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [Razer Synapse] "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"
mRun: [Razer Nostromo Driver] C:\Program Files (x86)\Razer\Nostromo\RazerNostromoSysTray.exe
mRunOnce: [EasyTuneVI] C:\Program Files (x86)\GIGABYTE\ET6\ETCall.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{FF0ACA91-4189-4FEB-88E1-B695D0BB786F} : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [VIAxHCUtl] C:\VIA_XHCI\usb3Monitor.exe
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [Cmaudio8788GX] C:\Windows\syswow64\HsMgr.exe Envoke
x64-Run: [Cmaudio8788GX64] C:\Windows\system\HsMgr64.exe Envoke
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2012-11-18 16152]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2012-8-30 228768]
R1 AppleCharger;AppleCharger;C:\Windows\System32\drivers\AppleCharger.sys [2012-11-18 21616]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-11-18 13592]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2011-12-8 607456]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2012-11-18 161560]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-11-18 399432]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-11-18 676936]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-8-30 128456]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-2 382824]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-11-18 363800]
R3 cmudaxp;ASUS Xonar DG Audio Interface;C:\Windows\System32\drivers\cmudaxp.sys [2012-11-18 2725376]
R3 GVTDrv64;GVTDrv64;C:\Windows\GVTDrv64.sys [2012-11-18 30528]
R3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [2012-11-18 160256]
R3 iusb3hub;Intel(R) USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2012-11-18 356120]
R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2012-11-18 787736]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2012-11-18 104560]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-11-18 25928]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-9-12 368896]
R3 rzjoystk;Razer VJoystick;C:\Windows\System32\drivers\rzjoystk.sys [2011-3-24 19968]
R3 RzSynapse;Razer Driver;C:\Windows\System32\drivers\RzSynapse.sys [2011-7-14 157184]
R3 rzudd;Razer Mouse Driver;C:\Windows\System32\drivers\rzudd.sys [2012-10-24 113664]
R3 VUSB3HUB;VIA USB 3 Root Hub Service;C:\Windows\System32\drivers\ViaHub3.sys [2012-11-18 205312]
R3 xhcdrv;VIA USB eXtensible Host Controller Service;C:\Windows\System32\drivers\xhcdrv.sys [2012-11-18 254464]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-11-9 160944]
S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]
S3 etdrv;etdrv;C:\Windows\etdrv.sys [2012-11-18 25640]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
.
=============== Created Last 30 ================
.
2012-11-19 07:04:28 -------- d-----w- C:\Windows\Panther
2012-11-18 19:23:55 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{7D4E2BC1-DA11-4CEC-90FE-6402611EEEAF}\offreg.dll
2012-11-18 19:21:47 136568 ----a-r- C:\Users\Jim Huynh\AppData\Roaming\Microsoft\Installer\{0214578F-4888-43FB-9E34-C14FCFDEDDEB}\NewShortcut3_2C696D43D6644714AD781AD457567CD0.exe
2012-11-18 19:21:47 136568 ----a-r- C:\Users\Jim Huynh\AppData\Roaming\Microsoft\Installer\{0214578F-4888-43FB-9E34-C14FCFDEDDEB}\NewShortcut2_5A6CA1408F67453E8E3B1475178CDA34.exe
2012-11-18 19:21:47 136568 ----a-r- C:\Users\Jim Huynh\AppData\Roaming\Microsoft\Installer\{0214578F-4888-43FB-9E34-C14FCFDEDDEB}\NewShortcut1_5ECE830ECC9344579D9F354648398E28.exe
2012-11-18 19:21:47 136568 ----a-r- C:\Users\Jim Huynh\AppData\Roaming\Microsoft\Installer\{0214578F-4888-43FB-9E34-C14FCFDEDDEB}\ARPPRODUCTICON.exe
2012-11-18 19:21:24 -------- d-----w- C:\Users\Jim Huynh\AppData\Local\Razer
2012-11-18 18:53:32 -------- d-----r- C:\Program Files (x86)\Skype
2012-11-18 18:49:38 -------- d-----w- C:\Users\Jim Huynh\AppData\Roaming\Actual Tools
2012-11-18 18:49:18 -------- d-----w- C:\Program Files (x86)\Actual Window Manager
2012-11-18 11:22:20 142336 ----a-w- C:\Windows\System32\poqexec.exe
2012-11-18 11:22:20 123904 ----a-w- C:\Windows\SysWow64\poqexec.exe
2012-11-18 11:20:47 77312 ----a-w- C:\Windows\System32\packager.dll
2012-11-18 11:20:47 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2012-11-18 10:26:34 524768 ----a-w- C:\Windows\difxapi.dll
2012-11-18 10:26:34 359424 ------w- C:\Windows\System32\CmiInstallResAll64.dll
2012-11-18 10:26:32 32768 ----a-w- C:\Windows\System32\cmudaxp.dll
2012-11-18 10:26:32 315392 ----a-w- C:\Windows\SysWow64\CmiFltr.dll
2012-11-18 10:26:32 315392 ----a-w- C:\Windows\system\CmiFltr.dll
2012-11-18 10:26:32 2725376 ----a-w- C:\Windows\System32\drivers\cmudaxp.sys
2012-11-18 10:23:34 -------- d-----w- C:\Users\Jim Huynh\AppData\Local\Akamai
2012-11-18 10:15:27 -------- d-----w- C:\Users\Jim Huynh\AppData\Local\ElevatedDiagnostics
2012-11-18 10:07:27 -------- d-----w- C:\Program Files (x86)\Common Files\Steam
2012-11-18 10:07:26 -------- d-----w- C:\Program Files (x86)\Steam
2012-11-18 10:04:36 -------- d-----w- C:\Program Files (x86)\Microsoft Synchronization Services
2012-11-18 10:04:25 -------- d-----w- C:\Windows\PCHEALTH
2012-11-18 10:04:25 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2012-11-18 10:02:28 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 8
2012-11-18 10:02:11 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services
2012-11-18 10:01:57 -------- d-----w- C:\Users\Jim Huynh\AppData\Local\Microsoft Help
2012-11-18 09:50:42 9291768 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{7D4E2BC1-DA11-4CEC-90FE-6402611EEEAF}\mpengine.dll
2012-11-18 09:50:41 972192 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D1E7CFFD-2B8A-4072-8200-A177D2464575}\gapaengine.dll
2012-11-18 09:50:40 25640 ----a-w- C:\Windows\etdrv.sys
2012-11-18 09:50:39 9291768 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-11-18 09:48:51 -------- d-----w- C:\Program Files\Microsoft Security Client
2012-11-18 09:48:51 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2012-11-18 09:39:57 -------- d-----w- C:\Users\Jim Huynh\AppData\Local\Google
2012-11-18 09:39:53 -------- d-----w- C:\Users\Jim Huynh\AppData\Local\Deployment
2012-11-18 09:39:53 -------- d-----w- C:\Users\Jim Huynh\AppData\Local\Apps
2012-11-18 09:36:35 -------- d-----w- C:\Program Files (x86)\Common Files\Intel Corporation
2012-11-18 09:33:13 30528 ----a-w- C:\Windows\GVTDrv64.sys
2012-11-18 09:33:05 -------- d-----w- C:\Users\Jim Huynh\AppData\Roaming\Intel Corporation
2012-11-18 09:33:01 25640 ----a-w- C:\Windows\gdrv.sys
2012-11-18 09:32:11 -------- d-----w- C:\Users\Jim Huynh\AppData\Roaming\Malwarebytes
2012-11-18 09:32:10 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-11-18 09:32:10 -------- d-----w- C:\ProgramData\Malwarebytes
2012-11-18 09:32:10 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-11-18 09:29:36 -------- d-----w- C:\Program Files (x86)\AMD
2012-11-18 09:29:09 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-11-18 09:29:09 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-11-18 09:29:09 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-11-18 09:29:09 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-11-18 09:26:50 53248 ----a-r- C:\Windows\SysWow64\CSVer.dll
2012-11-18 09:26:46 -------- d-----w- C:\Program Files (x86)\Common Files\postureAgent
2012-11-18 09:26:42 60184 ----a-w- C:\Windows\System32\drivers\HECIx64.sys
2012-11-18 09:26:32 -------- d--h--w- C:\ProgramData\{8533ADFA-85F0-4dc1-946A-2A0BA58E78E3}
2012-11-18 09:26:18 -------- d-----w- C:\Users\Jim Huynh\AppData\Roaming\Splashtop
2012-11-18 09:24:38 -------- d--h--w- C:\Windows\msdownld.tmp
2012-11-18 09:24:38 -------- d-----w- C:\Windows\SysWow64\directx
2012-11-18 09:24:33 -------- d-----w- C:\Program Files (x86)\EVGA Precision X
2012-11-18 09:21:34 -------- d-sh--w- C:\Windows\Installer
2012-11-18 09:21:07 891240 ----a-w- C:\Windows\System32\nvvsvc.exe
2012-11-18 09:21:07 63336 ----a-w- C:\Windows\System32\nvshext.dll
2012-11-18 09:21:07 6200680 ----a-w- C:\Windows\System32\nvcpl.dll
2012-11-18 09:21:07 3536817 ----a-w- C:\Windows\System32\nvcoproc.bin
2012-11-18 09:21:07 3293544 ----a-w- C:\Windows\System32\nvsvc64.dll
2012-11-18 09:21:07 2557800 ----a-w- C:\Windows\System32\nvsvcr.dll
2012-11-18 09:21:07 118120 ----a-w- C:\Windows\System32\nvmctray.dll
2012-11-18 09:21:02 68928 ----a-w- C:\Windows\System32\OpenCL.dll
2012-11-18 09:21:02 61248 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2012-11-18 09:21:01 -------- d-----w- C:\ProgramData\NVIDIA Corporation
2012-11-18 09:20:59 -------- d-----w- C:\Program Files (x86)\NVIDIA Corporation
2012-11-18 09:20:55 31040 ----a-w- C:\Windows\System32\nvhdap64.dll
2012-11-18 09:20:55 188736 ----a-w- C:\Windows\System32\drivers\nvhda64v.sys
2012-11-18 09:20:55 1451840 ----a-w- C:\Windows\System32\nvhdagenco6420103.dll
2012-11-18 09:20:54 973672 ----a-w- C:\Windows\System32\nvumdshimx.dll
2012-11-18 09:20:54 364352 ----a-w- C:\Windows\System32\nvdecodemft.dll
2012-11-18 09:20:54 301376 ----a-w- C:\Windows\SysWow64\nvdecodemft.dll
2012-11-18 09:20:54 2731880 ----a-w- C:\Windows\System32\nvapi64.dll
2012-11-18 09:20:54 1760104 ----a-w- C:\Windows\System32\nvdispco64.dll
2012-11-18 09:20:54 1468224 ----a-w- C:\Windows\System32\nvgenco64.dll
2012-11-18 09:20:45 -------- d-----w- C:\Program Files\NVIDIA Corporation
2012-10-29 02:19:02 148480 ----a-w- C:\Windows\SysWow64\rztouchdll.dll
2012-10-29 02:18:58 617472 ----a-w- C:\Windows\SysWow64\rzdevicedll.dll
2012-10-29 02:18:56 165888 ----a-w- C:\Windows\SysWow64\rzaudiodll.dll
2012-10-25 02:18:26 113664 ----a-w- C:\Windows\System32\drivers\rzudd.sys
.
==================== Find3M ====================
.
2012-11-18 11:10:45 419840 ----a-w- C:\Windows\System32\wrap_oal.dll
2012-11-18 11:10:45 413696 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
2012-11-18 11:10:45 111616 ----a-w- C:\Windows\System32\OpenAL32.dll
2012-11-18 11:10:45 102400 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
2012-10-11 05:22:54 2428776 ----a-w- C:\Windows\SysWow64\nvapi.dll
2012-10-11 05:22:52 26331496 ----a-w- C:\Windows\System32\nvoglv64.dll
2012-10-11 05:22:32 15309160 ----a-w- C:\Windows\SysWow64\nvd3dum.dll
2012-10-11 05:22:26 2747240 ----a-w- C:\Windows\System32\nvcuvid.dll
2012-10-11 05:22:24 364904 ----a-w- C:\Windows\System32\nvEncodeAPI64.dll
2012-10-11 05:22:24 19906920 ----a-w- C:\Windows\SysWow64\nvoglv32.dll
2012-10-11 05:22:18 13443944 ----a-w- C:\Windows\System32\drivers\nvlddmkm.sys
2012-10-11 05:22:14 17559912 ----a-w- C:\Windows\SysWow64\nvcompiler.dll
2012-10-02 21:15:52 430952 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2012-08-31 06:03:48 228768 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
2012-08-31 06:03:48 128456 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
.
============= FINISH: 12:02:23.79 ===============


Hi, thank you for all the help, it seems to be running faster. my websites are loading quicker and the pc isn't seem to be lagging as much anymore.

Again, thank you!
kevinf80's Avatar
kevinf80   (Kevin) kevinf80 is offline kevinf80 is authorized to help remove malware. kevinf80 has a Profile Picture
Computer Specs
Malware Removal Specialist with 9,708 posts.
 
Join Date: Mar 2006
Location: Sunderland UK
Experience: Intermediate
19-Nov-2012, 03:11 PM #12
Quick question whilst I check over DDS logs, Are you still having issues with Windows Updates?

Kevin....
huynh619's Avatar
huynh619 huynh619 is offline
Member with 11 posts.
THREAD STARTER
 
Join Date: Nov 2012
19-Nov-2012, 03:12 PM #13
Yes, I am i restarted about 3 times already but windows still haven't been fully updated for some strange reason.
kevinf80's Avatar
kevinf80   (Kevin) kevinf80 is offline kevinf80 is authorized to help remove malware. kevinf80 has a Profile Picture
Computer Specs
Malware Removal Specialist with 9,708 posts.
 
Join Date: Mar 2006
Location: Sunderland UK
Experience: Intermediate
19-Nov-2012, 03:24 PM #14
OK, yes sometimes an issue with the infections that you had. DDS logs appear to be OK, If the system is now running normally, except for ANY of the following MBAR has another fix available.
  • Internet access
  • Windows Update
  • Windows Firewall

If there are additional problems with your system, such as any of those listed above or other system issues, then run the 'fixdamage' tool included within Malwarebytes Anti-Rootkit folder.



The following Window will open, Select "Y" from your Keyboard, tap Enter.



The fix will be applied, select any key to Exit.



Does that make any difference to the Windows Update issue?
huynh619's Avatar
huynh619 huynh619 is offline
Member with 11 posts.
THREAD STARTER
 
Join Date: Nov 2012
19-Nov-2012, 05:03 PM #15
No window seems to not be updating. I ran the ''fixdamage'' and everything came up clean but window still not updating. other then that my pc is running very smoothly now.
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑

Content Relevant URLs by vBSEO 3.3.2