gerawolf's malware and van helsing issues

G

gerawolf

Active member
Joined
Mar 6, 2014
Posts
38
checkup:
Results of screen317's Security Check version 0.99.80
Windows 7 Service Pack 1 x64 (UAC is disabled!)
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Java 7 Update 51
Adobe Flash Player 12.0.0.70 Flash Player out of Date!
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 10%
````````````````````End of Log``````````````````````



DDS:
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: BrowserJavaVersion: 10.51.2
Run by Ryoushi at 15:03:58 on 2014-03-06
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8103.6022 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
C:\Program Files (x86)\ASUS\AI Suite II\Remote GO!\AssistTools\WiFi GO! Server.exe
C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\ASUS\AsusFanControlService\1.02.00\AsusFanControlService.exe
C:\Program Files (x86)\Comodo\IceDragon\icedragon_updater.exe
C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe
C:\Windows\system32\locator.exe
C:\Windows\system32\wbengine.exe
C:\Users\Ryoushi\AppData\Roaming\7+ Taskbar Tweaker\7+ Taskbar Tweaker.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\ASUS\AI Suite II\Remote GO!\AssistTools\WiFile\WiFileTransfer.exe
C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\PROGRA~2\Raptr\raptr.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\PROGRA~2\Raptr\raptr_im.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\ASUS\AI Suite II\USB 3.0 Boost\U3BoostSvr64.exe
C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe
C:\Program Files (x86)\Raptr\raptr_ep64.exe
C:\Program Files (x86)\RivaTuner Statistics Server\RTSS.exe
C:\Program Files (x86)\RivaTuner Statistics Server\EncoderServer.exe
C:\Program Files (x86)\RivaTuner Statistics Server\RTSSHooksLoader64.exe
C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe
C:\Program Files (x86)\Glary Utilities 4\Integrator.exe
C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\NetSvcHelp\NetSvcHelp.exe
C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\NetSvcHelp\NetiCtrlTray.exe
C:\Windows\sysWOW64\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\ASUS\AI Suite II\Remote GO!\AsDLNAServerReal.exe
C:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Program Files (x86)\Comodo\IceDragon\icedragon.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files (x86)\Comodo\IceDragon\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe
C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://websearch.searchisbestmy.info/?pid=924&r=2013/11/14&hid=12735527779112368438&lg=EN&cc=US&unqvl=41
mStart Page = hxxp://websearch.searchisbestmy.info/?pid=924&r=2013/11/14&hid=12735527779112368438&lg=EN&cc=US&unqvl=41
mWinlogon: Userinit = userinit.exe
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [SteelSeries Engine] C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe
uRun: [7 Taskbar Tweaker] "C:\Users\Ryoushi\AppData\Roaming\7+ Taskbar Tweaker\7+ Taskbar Tweaker.exe" -hidewnd
uRun: [Raptr] C:\PROGRA~2\Raptr\raptrstub.exe --startup
mRun: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
mRun: [ASUS WiFi GO! FileTransfer Execute] C:\Program Files (x86)\ASUS\AI Suite II\Remote GO!\AssistTools\WiFile\WiFileTransfer.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
StartupFolder: C:\Users\Ryoushi\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SAMSUN~1.LNK - C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
TCP: NameServer = 8.8.8.8 216.252.23.242 209.55.27.13
TCP: Interfaces\{CBAA21AA-164D-44A1-A236-2093325A7EE3} : DHCPNameServer = 8.8.8.8 216.252.23.242 209.55.27.13
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-Run: [ShadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2013-10-13 82560]
R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2013-10-13 42624]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-9-27 248240]
R1 ndisrd;WinpkFilter LightWeight Filter;C:\Windows\System32\drivers\ndisrd.sys [2014-1-6 32840]
R2 asComSvc;ASUS Com Service;C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [2013-10-13 920736]
R2 asHmComSvc;ASUS HM Com Service;C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [2013-10-13 951936]
R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [2013-10-13 149120]
R2 AsusFanControlService;AsusFanControlService;C:\Program Files (x86)\ASUS\AsusFanControlService\1.02.00\AsusFanControlService.exe [2014-1-6 1632256]
R2 IceDragonUpdater;COMODO IceDragon Update Service;C:\Program Files (x86)\Comodo\IceDragon\icedragon_updater.exe [2013-12-19 1821384]
R2 McciCMService64;McciCMService64;C:\Program Files\Common Files\Motive\McciCMService.exe [2013-10-12 517632]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-6-18 134944]
R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-3-2 1593632]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2014-3-2 16939296]
R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2013-10-13 140032]
R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2013-6-24 420608]
R3 busenum;SteelBusSvc;C:\Windows\System32\drivers\SteelBus64.sys [2013-6-25 134656]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-10-23 348376]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2014-3-2 39200]
R3 RTCore64;RTCore64;C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [2014-1-2 13480]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2013-10-12 726160]
R3 SAlphamHid;SteelHIDSvc;C:\Windows\System32\drivers\SAlpham64.sys [2013-6-25 38016]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2013-10-13 58536]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-9-5 171680]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-10-14 19456]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-2-16 56832]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-10-12 1255736]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
.
=============== Created Last 30 ================
.
2014-03-06 15:54:30 -------- d-----w- C:\Program Files (x86)\Steam
2014-03-06 14:53:42 -------- d-----w- C:\Program Files (x86)\RivaTuner Statistics Server
2014-03-06 14:51:36 -------- d-----w- C:\Program Files (x86)\MSI Afterburner
2014-03-06 14:46:10 10536864 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{7B9C396F-2F8E-4963-8A9F-CEB6603DB7BE}\mpengine.dll
2014-03-06 11:05:54 -------- d-----w- C:\Users\Ryoushi\AppData\Local\OCCT_-_Ocbase_-_Adrien_Me
2014-03-06 07:51:29 10536864 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-03-06 06:37:44 -------- d-----w- C:\Program Files (x86)\MSI Kombustor 2.5
2014-03-06 06:07:08 -------- d-----w- C:\Program Files\MSI Kombustor 3.0
2014-03-06 00:32:53 1031560 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B69C4930-205C-49D2-845F-D42CEC16543B}\gapaengine.dll
2014-03-05 19:05:45 -------- d-----w- C:\Users\Ryoushi\AppData\Roaming\Arrowhead
2014-03-05 19:05:40 -------- d-----w- C:\Windows\9530AE42DAE146199594B23487285D17.TMP
2014-03-02 06:12:16 -------- d-----w- C:\Users\Ryoushi\AppData\Local\NVIDIA Corporation
2014-03-02 06:11:34 1179576 ----a-w- C:\Windows\System32\nvspcap64.dll
2014-03-02 06:11:34 1048152 ----a-w- C:\Windows\SysWow64\nvspcap.dll
2014-03-02 06:11:33 -------- d-----w- C:\Users\Ryoushi\AppData\Local\NVIDIA
2014-03-02 06:11:25 39200 ----a-w- C:\Windows\System32\drivers\nvvad64v.sys
2014-03-02 06:11:24 35104 ----a-w- C:\Windows\System32\nvaudcap64v.dll
2014-03-02 06:11:24 33056 ----a-w- C:\Windows\SysWow64\nvaudcap32v.dll
2014-03-02 06:03:20 922912 ----a-w- C:\Windows\System32\nvvsvc.exe
2014-03-02 06:03:20 6671648 ----a-w- C:\Windows\System32\nvcpl.dll
2014-03-02 06:03:20 63776 ----a-w- C:\Windows\System32\nvshext.dll
2014-03-02 06:03:20 386336 ----a-w- C:\Windows\System32\nvmctray.dll
2014-03-02 06:03:20 3490080 ----a-w- C:\Windows\System32\nvsvc64.dll
2014-03-02 06:03:13 61216 ----a-w- C:\Windows\System32\OpenCL.dll
2014-03-02 06:03:13 53024 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2014-03-02 06:03:11 -------- d-----w- C:\ProgramData\NVIDIA Corporation
2014-03-02 06:02:54 18310112 ----a-w- C:\Windows\System32\nvwgf2umx.dll
2014-03-02 06:02:54 18222008 ----a-w- C:\Windows\System32\nvd3dumx.dll
2014-03-02 06:02:54 1807136 ----a-w- C:\Windows\System32\nvdispco6431422.dll
2014-03-02 06:02:54 15877216 ----a-w- C:\Windows\SysWow64\nvwgf2um.dll
2014-03-02 06:02:54 15230352 ----a-w- C:\Windows\SysWow64\nvd3dum.dll
2014-03-02 06:02:54 1510176 ----a-w- C:\Windows\System32\nvdispgenco6431422.dll
2014-03-02 06:02:54 1436528 ----a-w- C:\Windows\System32\nvumdshimx.dll
2014-03-02 06:02:53 3071656 ----a-w- C:\Windows\System32\nvapi64.dll
2014-03-02 06:02:53 2698272 ----a-w- C:\Windows\SysWow64\nvapi.dll
2014-03-01 06:30:01 -------- d-----w- C:\Program Files (x86)\NVIDIA Corporation
2014-03-01 06:29:28 -------- d-----w- C:\Program Files\NVIDIA Corporation
2014-03-01 06:23:43 -------- d-----w- C:\Users\Ryoushi\AppData\Local\WindowsApplication1
2014-03-01 05:05:44 -------- d-sh--w- C:\ProgramData\SecuROM
2014-03-01 01:44:18 -------- d-----w- C:\Users\Ryoushi\AppData\Roaming\com.shirogames.evoland
2014-02-27 21:21:09 -------- d-----w- C:\Users\Ryoushi\AppData\Roaming\StunlockStudios
2014-02-27 18:47:32 -------- d-----w- C:\Users\Ryoushi\AppData\Roaming\library_dir
2014-02-27 18:47:23 -------- d-----w- C:\Users\Ryoushi\AppData\Roaming\Raptr
2014-02-27 18:47:23 -------- d-----w- C:\Program Files (x86)\Raptr
2014-02-26 02:50:45 6574592 ----a-w- C:\Windows\System32\mstscax.dll
2014-02-26 02:50:45 5694464 ----a-w- C:\Windows\SysWow64\mstscax.dll
2014-02-25 14:30:26 -------- d-----w- C:\Users\Ryoushi\AppData\Local\Apple
2014-02-25 14:27:01 -------- d-----w- C:\Users\Ryoushi\AppData\Roaming\Empty Clip Studios
2014-02-23 09:14:13 -------- d-----w- C:\Users\Ryoushi\AppData\Local\zachtronics industries
2014-02-22 23:35:07 -------- d-----w- C:\perflogs
2014-02-16 07:37:40 792576 ----a-w- C:\Windows\SysWow64\TSWorkspace.dll
2014-02-16 07:37:39 1030144 ----a-w- C:\Windows\System32\TSWorkspace.dll
2014-02-15 05:36:01 -------- d-----w- C:\Users\Ryoushi\AppData\Local\The Witcher
2014-02-14 21:28:29 -------- d-----w- C:\Users\Ryoushi\AppData\Local\The Witcher 2
2014-02-12 13:02:03 -------- d-----w- C:\ProgramData\Package Cache
2014-02-06 04:36:39 -------- d-----w- C:\Users\Ryoushi\AppData\Roaming\7+ Taskbar Tweaker
.
==================== Find3M ====================
.
2014-02-26 05:39:42 117024 ----a-w- C:\Windows\System32\BootDefrag.exe
2014-02-21 00:16:08 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-02-21 00:16:07 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-01-24 20:23:02 36734 ----a-w- C:\Windows\SysWow64\OggDSuninst.exe
2014-01-19 17:48:59 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-01-19 07:33:29 270496 ------w- C:\Windows\System32\MpSigStub.exe
2014-01-17 21:24:12 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2014-01-17 21:24:12 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2014-01-07 06:30:43 5314528 ----a-w- C:\Windows\PE_Rom.dll
2014-01-07 06:22:01 5380064 ----a-w- C:\Windows\PE_File.dll
2013-12-24 23:09:41 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2013-12-24 22:48:32 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
2013-12-19 05:01:48 3539040 ----a-w- C:\Windows\System32\nvcoproc.bin
2013-12-18 06:11:52 354656 ----a-w- C:\Windows\SysWow64\DivXControlPanelApplet.cpl
2013-12-10 02:28:33 610304 ----a-w- C:\Windows\System32\vbscript.dll
2013-12-10 02:02:22 428032 ----a-w- C:\Windows\SysWow64\vbscript.dll
.
============= FINISH: 15:04:07.79 ===============


Attach:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 10/11/2013 11:11:37 PM
System Uptime: 3/6/2014 2:59:37 PM (1 hours ago)
.
Motherboard: ASUSTeK COMPUTER INC. | | M5A97 R2.0
Processor: AMD Phenom(tm) II X4 965 Processor | Socket 942 | 3400/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 100 GiB total, 54.187 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 683 GiB total, 117.064 GiB free.
F: is FIXED (NTFS) - 15 GiB total, 15.169 GiB free.
G: is FIXED (NTFS) - 149 GiB total, 78.591 GiB free.
H: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {36fc9e60-c465-11cf-8056-444553540000}
Description: NEC PCI to USB Open Host Controller
Device ID: PCI\VEN_1033&DEV_0035&SUBSYS_00351033&REV_43\4&2B4059EA&0&31A4
Manufacturer: NEC
Name: NEC PCI to USB Open Host Controller
PNP Device ID: PCI\VEN_1033&DEV_0035&SUBSYS_00351033&REV_43\4&2B4059EA&0&31A4
Service: usbohci
.
Class GUID: {36fc9e60-c465-11cf-8056-444553540000}
Description: Standard Enhanced PCI to USB Host Controller
Device ID: PCI\VEN_1033&DEV_00E0&SUBSYS_00E01033&REV_04\4&2B4059EA&0&32A4
Manufacturer: (Standard USB Host Controller)
Name: Standard Enhanced PCI to USB Host Controller
PNP Device ID: PCI\VEN_1033&DEV_00E0&SUBSYS_00E01033&REV_04\4&2B4059EA&0&32A4
Service: usbehci
.
==== System Restore Points ===================
.
RP216: 3/5/2014 12:27:31 AM - Installed DirectX
RP217: 3/5/2014 12:40:30 AM - Installed DirectX
RP218: 3/5/2014 1:57:46 PM - Installed DirectX
RP219: 3/5/2014 7:32:34 PM - Windows Update
RP220: 3/6/2014 5:19:33 AM - Installed DirectX
RP221: 3/6/2014 5:36:03 AM - Removed NVIDIA PhysX
RP222: 3/6/2014 7:42:54 AM - 362014 742am
RP224: 3/6/2014 9:46:04 AM - Windows Update
RP225: 3/6/2014 10:20:20 AM - before driver verifier
RP226: 3/6/2014 10:52:08 AM - Removed Steam
RP227: 3/6/2014 1:37:59 PM - Windows Backup
RP228: 3/6/2014 1:39:28 PM - backup before malware scan
RP229: 3/6/2014 2:05:14 PM - Windows Backup
RP230: 3/6/2014 2:06:13 PM - 2pm restore point for backup and maleware scan
.
==== Installed Programs ======================
.
7+ Taskbar Tweaker v4.4.6
Adobe Flash Player 12 Plugin
Afterfall InSanity Extended Edition
Agarest: Generations of War
AI Suite II
Air Conflicts: Pacific Carriers
Alan Wake's American Nightmare
Alien Hallway
AlternativA
AMD APP SDK Runtime
AMD Catalyst Install Manager
Analogue: A Hate Story
Anomaly Warzone Earth
Apple Application Support
Apple Software Update
Asmedia ASM104x USB 3.0 Host Controller Driver
Avencast
Beat Hazard
Borderlands 2
Cargo Commander
Chantelise
Combined Community Codec Pack 2014-01-17
Comodo IceDragon
Contagion
D3DX10
Dead Island: Epidemic
Direct Show Ogg Vorbis Filter (remove only)
DivX Setup
Dual-Core Optimizer
GeForce Experience NvStream Client Components
Glary Utilities 4.7
Guild Wars 2
Guise Of The Wolf
How to Survive
IrfanView (remove only)
Java 7 Update 51
Java Auto Updater
Legends of Solitaire 2 - Curse of the Dragons
Microsoft .NET Framework 4.5.1
Microsoft Application Error Reporting
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610
Microsoft XNA Framework Redistributable 3.1
Microsoft XNA Framework Redistributable 4.0 Refresh
MSI Afterburner 3.0.0 Beta 18
MSI Kombustor 2.5.6
MSI Kombustor 3.3.0
MSVCRT
Mumble 1.2.4
NVIDIA Control Panel 332.21
NVIDIA GeForce Experience 1.8.2
NVIDIA Graphics Driver 332.21
NVIDIA Install Application
NVIDIA LED Visualizer 1.0
NVIDIA Network Service
NVIDIA ShadowPlay 11.10.11
NVIDIA Update 11.10.11
NVIDIA Update Core
NVIDIA Virtual Audio 1.2.20
OpenAL
Pinball FX2
QuickTime 7
Raptr
Realtek High Definition Audio Driver
Redshirt
RivaTuner Statistics Server 6.0.0
Samsung Magician
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
SHIELD Streaming
Skype™ 6.11
State of Decay
Steam
SteelSeries Engine
TeamSpeak 3 Client
The Book of Unwritten Tales: The Critter Chronicles
The Incredible Adventures of Van Helsing
The Walking Dead: Season Two
The Wolf Among Us
VC80CRTRedist - 8.0.50727.6195
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Messenger
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
WinRAR 4.20 (64-bit)
Zombie Driver HD
.
==== Event Viewer Messages From Past Week ========
.
3/6/2014 8:01:44 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000c4 (0x0000000000000040, 0x0000000000000000, 0xfffff9800a5d4c60, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 030614-9516-01.
3/6/2014 8:01:43 AM, Error: Service Control Manager [7001] - The Microsoft Network Inspection System service depends on the Microsoft Malware Protection Driver service which failed to start because of the following error: A device attached to the system is not functioning.
3/6/2014 7:59:57 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000c4 (0x0000000000000040, 0x0000000000000000, 0xfffff9800a276c70, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 030614-11154-01.
3/6/2014 10:33:16 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
3/6/2014 10:31:48 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
3/6/2014 10:31:35 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
3/6/2014 10:31:35 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
3/6/2014 10:31:34 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
3/6/2014 10:31:34 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
3/6/2014 10:31:29 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
3/6/2014 10:31:28 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000c4 (0x0000000000000040, 0x0000000000000000, 0xfffff9800a3d8c60, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 030614-9562-01.
3/6/2014 10:31:27 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AsIO AsUpIO discache MpFilter spldr Wanarpv6
3/5/2014 12:19:43 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
3/5/2014 12:19:43 AM, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
3/2/2014 12:53:26 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000009f (0x0000000000000003, 0xfffffa8006ae9060, 0xfffff80004007518, 0xfffffa8009c98220). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 030214-8236-01.
3/2/2014 12:21:34 AM, Error: nvlddmkm [14] -
.
==== End Of File ===========================
 
Hi, gerawolf.

In referring to your thread at https://www.sysnative.com/forums/bs...gging/9075-testing-for-neocore.html#post68225, from what I am seeing in your logs:

1. C:\Windows\System32\drivers\ndisrd.sys is valid. It appears the driver was updated in January. See SystemLookup - ndisrd

2. Your log is not showing a 1 mb partition:

==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 100 GiB total, 54.187 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 683 GiB total, 117.064 GiB free.
F: is FIXED (NTFS) - 15 GiB total, 15.169 GiB free.
G: is FIXED (NTFS) - 149 GiB total, 78.591 GiB free.
H: is Removable



That said, Websearch.searchisbestmy.info is PUP (Potentially Unwanted Program) that hijacks your browser. It likely came bundled with the installer for a freeware software (video recording/streaming, download-managers or PDF creators) that you installed. So, let's take care of it and any extras that may have come along for the ride.

1. Please download Junkware Removal Tool to your desktop.

Note: A few seconds after landing on the above link, depending on the browser you are using, you will see the following:
  • If you're using Firefox, click Save file:
  • If you're using IE, click Save:
  • Disable your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

2. Please download AdwCleaner by Xplode onto your Desktop.

Note: A few seconds after landing on the above link, depending on the browser you are using, you will see the following:
  • If you're using Firefox, click Save File:
  • If you're using IE, click Save:
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
    Note: Windows Vista, Windows 7/8 users right-click and select Run As Administrator.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).

3. Please download Malwarebytes' Anti-Malware to your desktop from here.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • In the last Setup window, UNcheck "Enable free trial of Malwarebytes Anti-Malware PRO" but be sure a checkmark is placed next to
    -- Update Malwarebytes' Anti-Malware and
    -- Launch Malwarebytes' Anti-Malware
  • Click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, check the following settings:
    -- On the Scanner tab, check Perform quick scan.
    -- On the Settings tab, Scanner Settings, leave the default boxes checked but change the drop-down boxes to Show in results list and check for removal.
    -- Also on the Settings tab, under “Action for potentially unwanted programs (PUP)”, change the option to Show in results list and check for removal.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, EXCEPT items in System Restore as shown in this sample:
    MBAM_SR_zps573fd52e.jpg
  • Click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See the Note below)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Please post contents of that file in your next reply.

** Note **

If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
 
jrt done..adwcleaner done..doing mbam right now,,did full scann instead of quick scan..have 4 "partitions" on 3 drives..so scanning all of them
 
c: is core 128g ssd... e: is steam/media drive,,730ish gig partition on a 750gig drive... f:is a 15 gig drive(other part of the 750g hdd).. where everything gets downloaded and checked for virus,malware,spyware etc(my idea with recent events,,good idea or bad idea?).. g: is 160g drive i use for backup and system image as well as extra copies of my documents music and picture..my video media is too big to fit on that drive so i dont have back up for that lol
 
Please post the logs when you're finished. However, doing a full scan with MBAM will likely take HOURS with all the data you have.

Well, downloading everything to f: didn't prevent Websearch.searchisbestmy.info from being installed. ;) Although, it is wise to scan downloads before installing, it is also important to watch each screen during the install process for pre-checked add-ons. In addition, it is best to stick to the developer's home site for software rather than download sites.

Having a backup is good, however, an external backup of important files and data is also a wise move in the event of hard drive failure.
 
the drive solely for downloads was created today... so it wouldnt have done much yet,,lol.
 
i dont have the jrt or the other file..and mbam isnt done..i ran jrt twice and it overwrite the text instead of creating a new one..my paranoid delusions at its finest
 
Hi, gerawolf.

It is important that you follow provided instructions exactly as provided. Running JRT a second time didn't remove anything more but has made it impossible for me to see what has been done. The AdwCleaner log is located at C:\AdwCleaner[Sn].txt (n is a number). Please post it so I can see if it found anything that JRT didn't remove. Thanks!
 
# AdwCleaner v3.020 - Report created 06/03/2014 at 18:59:55
# Updated 27/02/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Ryoushi - RYOUSHI-PC
# Running from : F:\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Users\Ryoushi\AppData\Local\genienext
Folder Deleted : C:\Users\Ryoushi\AppData\Roaming\newnext.me

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Mobogenie_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Mobogenie_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : [x64] HKLM\SOFTWARE\DivX\Install\Setup\WizardLayout\ConduitToolbar

***** [ Browsers ] *****

-\\ Internet Explorer v0.0.0.0


*************************

AdwCleaner[R0].txt - [1238 octets] - [06/03/2014 18:59:05]
AdwCleaner[S0].txt - [1060 octets] - [06/03/2014 18:59:55]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1120 octets] ##########
 
Malwarebytes Anti-Malware 1.75.0.1300
Malwarebytes : Free Anti-Malware

Database version: v2014.03.06.10

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Ryoushi :: RYOUSHI-PC [administrator]

3/6/2014 7:05:56 PM
MBAM-log-2014-03-06 (20-15-25).txt

Scan type: Full scan (C:\|E:\|F:\|G:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 375039
Time elapsed: 1 hour(s), 8 minute(s), 24 second(s) [aborted]

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\AdwCleaner\Quarantine\C\Users\Ryoushi\AppData\Local\genienext\nengine.dll.vir (PUP.Optional.NextLive.A) -> No action taken.
C:\AdwCleaner\Quarantine\C\Users\Ryoushi\AppData\Roaming\newnext.me\nengine.dll.vir (PUP.Optional.NextLive.A) -> No action taken.

(end)
 
sorry i messed up the jrt file.maybe it would show if i ran it on the back up drive..after all its a mirror of original?
 
No, don't bother. I can tell from the AdwCleaner log that there was more than the one BHO. However, please make sure that your browser start page is back to normal.

1. We can take care of MBAM's complaint about the AdwCleaner quarantine by uninstalling AdwCleaner:

Double-click on AdwCleaner.exe to run the tool again.
  • Click on the Uninstall button.
  • Click Yes when asked are you sure you want to uninstall.
  • Both AdwCleaner.exe, its folder and all logs will be removed.

2. You may have noted an indication in the Security Check log that Adobe Flash Player is out of date. However, you do have the latest update installed. The developer apparently hasn't had a chance to update the tool. Since Adobe had an out-of-band update, there may not be another Flash Player update tomorrow. We'll see.

3. Please delete both SecurityCheck and JRT from your desktop.

4. Before sending you back to your original thread, let's clean up temp files. I've provided extra information about TRC since it is a handy tool that you may want to keep around.

Download TFC by Old Timer from here (direct download): http://www.itxassociates.com/OT-Tools/TFC.exe
  • First, save any files you have open as TFC will close ALL open programs including your browser!
  • Double-click on TFC.exe to run it. If you are using Vista/Windows 7 right-click on the file and choose Run As Administrator.
  • Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
  • Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.
More info:
TFC (Temp File Cleaner) will clear out all temp folders for all user accounts (temp, IE temp, java, FF, Opera, Chrome, Safari), including Administrator, All Users, LocalService, NetworkService, and any other accounts in the user folder. It also cleans out the %systemroot%\temp folder and checks for .tmp files in the %systemdrive% root folder, %systemroot%, and the system32 folder (both 32bit and 64bit on 64bit OSs). It shows the amount removed for each location found (in bytes) and the total removed (in MB).

Before running, it will stop Explorer and all other running applications. When finished, if a reboot is required the user must reboot to finish clearing any in-use temp files.
-- TFC only cleans temp folders.
-- TFC will not clean URL history, prefetch, or cookies. Depending on how often someone cleans their temp folders, their system hardware, and how many accounts are present, it can take anywhere from a few seconds to a minute or more. TFC will completely clear all temp files where other temp file cleaners may fail.

TFC requires a reboot immediately after running. Be sure to save any unsaved work before running TFC.

5. Please refer to the Safe Computing Practices and other recommendations in this updated copy of "So how did I get infected in the first place?".

6. Satrow is hoping for burrito leftovers. We'll see if he wants you to re-run driver verifier or try something else. Please wait for his instructions.
 
done now heading to so how did i get infected in the first place link before looking to see what kind of trouble i am in on the other page
 
Excellent! You'll see that you already have instructions.
 
picked up and installed privacyfirewall...spyware blaster..and winpatrol..seting myself from admin to standard user
 
Well, now, very good, gerawolf! Remember with SpywareBlaster that you need to check periodically (~2 - 4 weeks) for updates as it doesn't have an automatic update mechanism.

I expect to have great "March Madness" news about WinPatrol tomorrow.
 
only bad thing about spyware blaster is that it doesnt work with comodo icedragon
 
The March Madness announcement came out a bit late for me to share yesterday. Bill is offering a great special: A one system lifetime upgrade license to WinPatrol PLUS available for $2.00. The full family pack lifetime license normally $49.95 can also be purchased for $10.00. Sale ends Monday night [10 March] at midnight. WinPatrol 2014 v30.1.2014.0
 
You must log in or register to reply here.
Back
Top