Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

backdoor trojan / malware removal help


  • This topic is locked This topic is locked
7 replies to this topic

#1 ryanc4252

ryanc4252

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:14 PM

Posted 14 March 2013 - 03:01 PM

avg keeps popping up with trojan horse generic 31 saying it has to be manually removed but cant find it in the registary editor or anywhere i have done a log here it is any help much apreciated Attached File  dds.txt   30.74KB   1 downloads

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 NETWORK
Internet Explorer: 9.0.8112.16464
Run by Ryan at 19:47:35 on 2013-03-14
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.44.1033.18.3950.3263 [GMT 0:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Program Files (x86)\Safari\Safari.exe
C:\Program Files (x86)\Safari\Apple Application Support\WebKit2WebProcess.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.searchnu.com/406
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SVEE&bmod=SVEE
uProxyOverride = <local>
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: Search-Results Toolbar: {377e5d4d-77e5-476a-8716-7e70a9272da0} - C:\Program Files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\searchresultsDx.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\20.3.0.36\IPS\IPSBHO.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: {95B7759C-8C7F-4BF1-B163-73684A933233} - <orphaned>
BHO: Data Manager: {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Program Files (x86)\Search Results Toolbar\Datamngr\BrowserConnection.dll
BHO: Norton Identity Protection: {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} - C:\Program Files (x86)\Norton Identity Safe\Engine\2013.3.0.26\CoIEPlg.dll
BHO: delta Helper Object: {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files (x86)\Delta\delta\1.8.10.0\bh\delta.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Delta Toolbar: {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files (x86)\Delta\delta\1.8.10.0\deltaTlbr.dll
TB: Search-Results Toolbar: {377e5d4d-77e5-476a-8716-7e70a9272da0} - C:\Program Files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\searchresultsDx.dll
TB: Norton Identity Safe Toolbar: {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2013.3.0.26\CoIEPlg.dll
uRun: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe
uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
uRun: [msmediapro] C:\Users\Ryan\Applications\Microsoft\msmedia.exe
uRun: [SearchProtect] C:\Users\Ryan\AppData\Roaming\SearchProtect\bin\cltmng.exe
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [AllShareAgent] C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun: [SearchProtectAll] C:\Program Files (x86)\SearchProtect\bin\cltmng.exe
mRun: [DATAMNGR] C:\PROGRA~2\SEARCH~2\Datamngr\DATAMN~2.EXE
StartupFolder: C:\Users\Ryan\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\FROSTW~1.LNK - C:\Program Files (x86)\FrostWire 5\FrostWire.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Download all with Open Download Manager - C:\Program Files (x86)\OpenDownloaderManager\dlall.htm
IE: Download selected with Open Download Manager - C:\Program Files (x86)\OpenDownloaderManager\dlselected.htm
IE: Download video with Open Download Manager - C:\Program Files (x86)\OpenDownloaderManager\dlfvideo.htm
IE: Download with Open Download Manager - C:\Program Files (x86)\OpenDownloaderManager\dllink.htm
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - {BC0E0A5D-AB5A-4fa4-A5FA-280E1D58EEEE} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
TCP: NameServer = 192.168.1.254 192.168.1.254
TCP: Interfaces\{BC863AAA-54E2-4F05-A57B-5B003D0368DB} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{C3FA99C0-6D20-46D3-A571-87208C430CB4} : DHCPNameServer = 192.168.1.254 192.168.1.254
TCP: Interfaces\{C3FA99C0-6D20-46D3-A571-87208C430CB4}\35B4959353431353 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{C3FA99C0-6D20-46D3-A571-87208C430CB4}\86F6573756 : DHCPNameServer = 192.168.0.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\14.2.0\ViProtocol.dll
AppInit_DLLs= C:\PROGRA~3\Wincert\WIN32C~1.DLL C:\PROGRA~2\SEARCH~2\Datamngr\mgrldr.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.97\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Data Manager: {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Program Files (x86)\Search Results Toolbar\Datamngr\x64\BrowserConnection.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\wy6ohxg5.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - WhiteSmoke New Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT3289847&octid=CT3289847&SearchSource=61&CUI=UN11019909766811134&UM=2&UP=SP9246339C-840B-4E8D-8C2C-2D32E8DDF41F
FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&gct=ds&appid=120&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&apn_uid=5503247421374758&o=APN10645&q=
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\npsitesafety.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Web Components\npWebVideoPlugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll
FF - ExtSQL: 2013-02-15 20:09; {23fcfd51-4958-4f00-80a3-ae97e717ed8b}; C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF - ExtSQL: 2013-03-10 20:25; avg@toolbar; C:\ProgramData\AVG Secure Search\FireFoxExt\14.2.0.1
FF - ExtSQL: 2013-03-13 13:27; {739df940-c5ee-4bab-9d7e-270894ae687a}; C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\wy6ohxg5.default\extensions\{739df940-c5ee-4bab-9d7e-270894ae687a}
FF - ExtSQL: 2013-03-13 13:51; [email protected]; C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\wy6ohxg5.default\extensions\[email protected]
FF - ExtSQL: 2013-03-13 13:52; [email protected]; C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\wy6ohxg5.default\extensions\[email protected]
FF - ExtSQL: 2013-03-13 17:30; {377e5d4d-77e5-476a-8716-7e70a9272da0}; C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\wy6ohxg5.default\extensions\{377e5d4d-77e5-476a-8716-7e70a9272da0}
FF - ExtSQL: 2013-03-14 16:38; {F04D2D30-776C-4d02-8627-8E4385ECA58D}; C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2013.3.0.26\coFFPlgn
FF - ExtSQL: 2013-03-14 16:38; {BBDA0591-3099-440a-AA10-41764D9DB4DB}; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.3.0.36\IPSFFPlgn
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: security.csp.enable - false
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6PQQqEmt8l&loc=IB_TB&i=26&search=
FF - user.js: extensions.incredibar_i.id - 0e9d740d0000000000004c0f6edeee3f
FF - user.js: extensions.incredibar_i.instlDay - 15665
FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1420:53:36
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef -
FF - user.js: extensions.incredibar_i.dfltLng -
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id -
FF - user.js: extensions.incredibar_i.upn2 - 6PQQqEmt8l
FF - user.js: extensions.incredibar_i.upn2n - 92543966650046473
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10678
FF - user.js: extensions.incredibar_i.ppd - 111
.
FF - user.js: extensions.delta.tlbrSrchUrl -
FF - user.js: extensions.delta.id - 0e9d740d0000000000004c0f6edeee3f
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15777
FF - user.js: extensions.delta.vrsn - 1.8.10.0
FF - user.js: extensions.delta.vrsni - 1.8.10.0
FF - user.js: extensions.delta.vrsnTs - 1.8.10.013:51:48
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - en
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2012-10-15 63328]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2012-9-21 225120]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2012-11-15 111968]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2012-9-14 40800]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-7-29 55024]
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NAVx64\1403000.024\SymDS64.sys [2013-3-14 493656]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NAVx64\1403000.024\SymEFA64.sys [2013-3-14 1139800]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2012-9-21 200032]
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2013-3-10 39768]
R2 rimspci;rimspci;C:\Windows\System32\drivers\rimssne64.sys [2010-7-12 94208]
R2 risdsnpe;risdsnpe;C:\Windows\System32\drivers\risdsne64.sys [2010-7-12 78848]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-6-4 56344]
R3 SFEP;Sony Firmware Extension Parser;C:\Windows\System32\drivers\SFEP.sys [2010-6-2 12032]
S1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2012-10-22 154464]
S1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2012-10-2 185696]
S1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.3.0.36\Definitions\BASHDefs\20130107.001\BHDrvx64.sys [2013-3-14 1384608]
S1 ccSet_NAV;Norton AntiVirus Settings Manager;C:\Windows\System32\drivers\NAVx64\1403000.024\ccSetx64.sys [2013-3-14 168096]
S1 ccSet_NST;Norton Identity Safe Settings Manager;C:\Windows\System32\drivers\NSTx64\7DD03000.01A\ccSetx64.sys [2013-3-14 168096]
S1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.3.0.36\Definitions\IPSDefs\20130113.001\IDSviA64.sys [2013-3-14 513184]
S1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NAVx64\1403000.024\Ironx64.sys [2013-3-14 224416]
S1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\NAVx64\1403000.024\symnets.sys [2013-3-14 432800]
S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-7-12 202752]
S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-15 5814904]
S2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 CltMngSvc;Search Protect by Conduit Updater;C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe [2013-3-6 93984]
S2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-2-28 821664]
S2 DatamngrCoordinator;Datamngr Coordinator;C:\Program Files (x86)\Search Results Toolbar\Datamngr\DatamngrCoordinator.exe [2013-3-13 4557312]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-7-12 13336]
S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-3-13 398184]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-3-13 682344]
S2 NAV;Norton AntiVirus;C:\Program Files (x86)\Norton AntiVirus\Engine\20.3.0.36\ccSvcHst.exe [2013-3-14 144520]
S2 NCO;Norton Identity Safe;C:\Program Files (x86)\Norton Identity Safe\Engine\2013.3.0.26\ccSvcHst.exe [2013-3-14 144520]
S2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2013-2-8 4230016]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2010-6-1 367456]
S2 SampleCollector;VAIO Care Performance Service;C:\Program Files\Sony\VAIO Care\VCPerfService.exe [2010-7-29 252416]
S2 SamsungAllShareV2.0;Samsung AllShare PC;C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe [2012-3-2 25504]
S2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2009-12-2 483688]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S2 SpyHunter 4 Service;SpyHunter 4 Service;C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [2013-1-14 1024384]
S2 uCamMonitor;CamMonitor;C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2010-7-29 104960]
S2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-7-29 2320920]
S2 VAIO Power Management;VAIO Power Management;C:\Program Files\Sony\VAIO Power Management\SPMService.exe [2010-7-29 575856]
S2 VSNService;VSNService;C:\Program Files\Sony\VAIO Smart Network\VSNService.exe [2010-7-29 836608]
S2 vToolbarUpdater14.2.0;vToolbarUpdater14.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe [2013-3-10 968880]
S3 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-10-9 169312]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;C:\Windows\System32\drivers\ArcSoftKsUFilter.sys [2010-7-29 19968]
S3 btwampfl;Bluetooth AMP USB Filter;C:\Windows\System32\drivers\btwampfl.sys [2010-7-29 342056]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2010-7-29 39464]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-3-14 138912]
S3 EsgScanner;EsgScanner;C:\Windows\System32\drivers\EsgScanner.sys [2013-3-14 22704]
S3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-7-12 158976]
S3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-7-12 271872]
S3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-3-13 24176]
S3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2009-12-2 721768]
S3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2009-12-2 269672]
S3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2009-12-2 25960]
S3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2009-12-2 22376]
S3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2009-12-2 209768]
S3 SimpleSlideShowServer;SimpleSlideShowServer;C:\Program Files (x86)\Samsung\AllShare\AllShareSlideShowService.exe [2012-3-2 27584]
S3 SOHCImp;VAIO Media plus Content Importer;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2010-6-20 108400]
S3 SOHDms;VAIO Media plus Digital Media Server;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2010-6-18 423280]
S3 SOHDs;VAIO Media plus Device Searcher;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2010-6-20 67952]
S3 SpfService;VAIO Entertainment Common Service;C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2010-6-6 304496]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-9-28 53760]
S3 VCFw;VAIO Content Folder Watcher;C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2010-6-17 851824]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2010-6-9 537456]
S3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2010-6-9 384880]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2010-6-9 101232]
S3 VUAgent;VUAgent;C:\Program Files\Sony\VAIO Update 5\VUAgent.exe [2010-7-29 1250160]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-12-28 1255736]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2010-7-12 402720]
.
=============== Created Last 30 ================
.
2013-03-14 19:17:25    --------    d-----w-    C:\TDSSKiller_Quarantine
2013-03-14 18:49:14    22704    ----a-w-    C:\Windows\System32\drivers\EsgScanner.sys
2013-03-14 18:49:03    110080    ----a-r-    C:\Users\Ryan\AppData\Roaming\Microsoft\Installer\{6B6C4C46-1B7E-4A41-9E70-ACFBB22B1D81}\IconF7A21AF7.exe
2013-03-14 18:49:03    110080    ----a-r-    C:\Users\Ryan\AppData\Roaming\Microsoft\Installer\{6B6C4C46-1B7E-4A41-9E70-ACFBB22B1D81}\IconD7F16134.exe
2013-03-14 18:49:03    110080    ----a-r-    C:\Users\Ryan\AppData\Roaming\Microsoft\Installer\{6B6C4C46-1B7E-4A41-9E70-ACFBB22B1D81}\Icon1226A4C5.exe
2013-03-14 18:49:01    --------    d-----w-    C:\sh4ldr
2013-03-14 18:49:01    --------    d-----w-    C:\Program Files\Enigma Software Group
2013-03-14 18:47:16    --------    d-----w-    C:\Windows\6B6C4C461B7E4A419E70ACFBB22B1D81.TMP
2013-03-14 18:47:13    --------    d-----w-    C:\Program Files (x86)\Common Files\Wise Installation Wizard
2013-03-14 18:45:35    --------    d-----w-    C:\Users\Ryan\AppData\Roaming\SpeedyPC Software
2013-03-14 18:45:35    --------    d-----w-    C:\Users\Ryan\AppData\Roaming\DriverCure
2013-03-14 18:45:06    --------    d-----w-    C:\Program Files (x86)\Common Files\SpeedyPC Software
2013-03-14 18:45:03    --------    d-----w-    C:\ProgramData\SpeedyPC Software
2013-03-14 18:45:03    --------    d-----w-    C:\Program Files (x86)\SpeedyPC Software
2013-03-14 16:37:35    168096    ----a-r-    C:\Windows\System32\drivers\NSTx64\7DD03000.01A\ccSetx64.sys
2013-03-14 16:37:30    --------    d-----w-    C:\Windows\System32\drivers\NSTx64\7DD03000.01A
2013-03-14 16:37:30    --------    d-----w-    C:\Windows\System32\drivers\NSTx64
2013-03-14 16:37:29    --------    d-----w-    C:\Program Files (x86)\Norton Identity Safe
2013-03-14 16:37:21    177312    ----a-w-    C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2013-03-14 16:37:21    --------    d-----w-    C:\Program Files\Symantec
2013-03-14 16:37:21    --------    d-----w-    C:\Program Files\Common Files\Symantec Shared
2013-03-14 16:36:44    796248    ----a-r-    C:\Windows\System32\drivers\NAVx64\1403000.024\srtsp64.sys
2013-03-14 16:36:44    493656    ----a-r-    C:\Windows\System32\drivers\NAVx64\1403000.024\SymDS64.sys
2013-03-14 16:36:44    432800    ----a-r-    C:\Windows\System32\drivers\NAVx64\1403000.024\symnets.sys
2013-03-14 16:36:44    36952    ----a-r-    C:\Windows\System32\drivers\NAVx64\1403000.024\srtspx64.sys
2013-03-14 16:36:44    23448    ----a-r-    C:\Windows\System32\drivers\NAVx64\1403000.024\SymELAM.sys
2013-03-14 16:36:44    224416    ----a-r-    C:\Windows\System32\drivers\NAVx64\1403000.024\Ironx64.sys
2013-03-14 16:36:44    168096    ----a-r-    C:\Windows\System32\drivers\NAVx64\1403000.024\ccSetx64.sys
2013-03-14 16:36:44    1139800    ----a-r-    C:\Windows\System32\drivers\NAVx64\1403000.024\SymEFA64.sys
2013-03-14 16:36:22    --------    d-----w-    C:\Windows\System32\drivers\NAVx64\1403000.024
2013-03-14 16:36:22    --------    d-----w-    C:\Windows\System32\drivers\NAVx64
2013-03-14 16:36:20    --------    d-----w-    C:\Program Files (x86)\Norton AntiVirus
2013-03-13 20:54:05    --------    d-----w-    C:\Users\Ryan\AppData\Roaming\Malwarebytes
2013-03-13 20:53:56    --------    d-----w-    C:\ProgramData\Malwarebytes
2013-03-13 20:53:55    24176    ----a-w-    C:\Windows\System32\drivers\mbam.sys
2013-03-13 20:53:55    --------    d-----w-    C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-03-13 20:53:42    --------    d-----w-    C:\Users\Ryan\AppData\Local\Programs
2013-03-13 17:30:21    --------    d-----w-    C:\ProgramData\Wincert
2013-03-13 17:29:13    --------    d-----w-    C:\ProgramData\Datamngr
2013-03-13 17:29:13    --------    d-----w-    C:\Program Files (x86)\Search Results Toolbar
2013-03-13 17:28:47    --------    d-----w-    C:\Users\Ryan\AppData\Local\iLivid
2013-03-13 13:52:06    --------    d-----w-    C:\Users\Ryan\AppData\Roaming\Open Download Manager
2013-03-13 13:51:47    --------    d-----w-    C:\Program Files (x86)\Delta
2013-03-13 13:51:45    --------    d-----w-    C:\Users\Ryan\AppData\Roaming\Delta
2013-03-13 13:51:45    --------    d-----w-    C:\Users\Ryan\AppData\Roaming\BabSolution
2013-03-13 13:51:31    --------    d-----w-    C:\Users\Ryan\AppData\Roaming\Babylon
2013-03-13 13:51:31    --------    d-----w-    C:\ProgramData\Babylon
2013-03-13 13:51:28    --------    d-----w-    C:\Program Files (x86)\OpenDownloaderManager
2013-03-13 13:27:19    --------    d-----w-    C:\Program Files (x86)\Conduit
2013-03-13 13:27:15    --------    d-----w-    C:\Users\Ryan\AppData\Local\Conduit
2013-03-13 13:27:04    --------    d-----w-    C:\Users\Ryan\AppData\Local\CRE
2013-03-13 13:26:51    --------    d-----w-    C:\Program Files (x86)\SearchProtect
2013-03-13 13:26:43    --------    d-----w-    C:\Users\Ryan\AppData\Roaming\SearchProtect
2013-03-13 13:26:37    --------    d-----w-    C:\94790d3bc5fbc95e5eda4f4000
2013-03-13 13:26:29    --------    d-----w-    C:\Program Files (x86)\BrowseToSave
2013-03-13 13:26:26    --------    d-----w-    C:\ProgramData\BrowoSE2isavve
2013-03-13 13:25:31    --------    d-----w-    C:\ProgramData\InstallMate
2013-03-13 11:41:12    540688    ----a-w-    C:\Windows\System32\d3dx10_38.dll
2013-03-13 11:41:12    467984    ----a-w-    C:\Windows\SysWow64\d3dx10_38.dll
2013-03-13 11:41:12    1941528    ----a-w-    C:\Windows\System32\D3DCompiler_38.dll
2013-03-13 11:41:12    1491992    ----a-w-    C:\Windows\SysWow64\D3DCompiler_38.dll
2013-03-13 11:41:09    4991496    ----a-w-    C:\Windows\System32\D3DX9_38.dll
2013-03-13 11:41:09    3850760    ----a-w-    C:\Windows\SysWow64\D3DX9_38.dll
2013-03-13 11:41:07    508264    ----a-w-    C:\Windows\System32\d3dx10_35.dll
2013-03-13 11:41:07    444776    ----a-w-    C:\Windows\SysWow64\d3dx10_35.dll
2013-03-13 11:41:07    1985904    ----a-w-    C:\Windows\System32\D3DCompiler_35.dll
2013-03-13 11:41:07    1358192    ----a-w-    C:\Windows\SysWow64\D3DCompiler_35.dll
2013-03-13 11:41:03    5073256    ----a-w-    C:\Windows\System32\d3dx9_35.dll
2013-03-13 09:34:14    --------    d-----w-    C:\Users\Ryan\AppData\Local\Fuze Zip
2013-03-13 09:33:47    --------    d-----w-    C:\Program Files (x86)\Fuze Zip
2013-03-11 10:13:41    --------    d-----w-    C:\Users\Ryan\AppData\Local\Xenocode
2013-03-10 20:55:01    --------    d-----w-    C:\Users\Ryan\FrostWire
2013-03-10 20:54:53    --------    d-----w-    C:\Users\Ryan\.frostwire5
2013-03-10 20:52:50    --------    d-----w-    C:\Program Files (x86)\FrostWire 5
2013-03-10 20:26:54    --------    d-----w-    C:\Users\Ryan\AppData\Roaming\AVG2013
2013-03-10 20:26:02    --------    d-----w-    C:\Users\Ryan\AppData\Local\AVG Secure Search
2013-03-10 20:25:17    --------    d-----w-    C:\Users\Ryan\AppData\Roaming\TuneUp Software
2013-03-10 20:25:05    --------    d-----w-    C:\ProgramData\AVG Secure Search
2013-03-10 20:24:56    39768    ----a-w-    C:\Windows\System32\drivers\avgtpx64.sys
2013-03-10 20:24:50    --------    d-----w-    C:\Program Files (x86)\Common Files\AVG Secure Search
2013-03-10 20:24:48    --------    d-----w-    C:\Program Files (x86)\AVG Secure Search
2013-03-10 20:22:32    --------    d--h--w-    C:\$AVG
2013-03-10 20:22:31    --------    d-----w-    C:\ProgramData\AVG2013
2013-03-10 20:21:12    --------    d-----w-    C:\Program Files (x86)\AVG
2013-03-10 20:19:58    --------    d--h--w-    C:\ProgramData\Common Files
2013-03-10 20:19:58    --------    d-----w-    C:\Users\Ryan\AppData\Local\MFAData
2013-03-10 20:19:58    --------    d-----w-    C:\Users\Ryan\AppData\Local\Avg2013
2013-03-10 20:19:58    --------    d-----w-    C:\ProgramData\MFAData
2013-02-24 14:40:53    --------    d-----w-    C:\Program Files (x86)\Common Files\Symantec Shared
2013-02-23 11:47:26    982912    ----a-w-    C:\Windows\System32\drivers\dxgkrnl.sys
2013-02-23 11:47:26    265088    ----a-w-    C:\Windows\System32\drivers\dxgmms1.sys
2013-02-23 11:47:26    144384    ----a-w-    C:\Windows\System32\cdd.dll
2013-02-17 19:13:49    --------    d-----w-    C:\Users\Ryan\AppData\Roaming\HandBrake
2013-02-15 23:07:05    --------    d-----w-    C:\Windows\System32\drivers\NSSx64\0307060.005
2013-02-15 23:07:05    --------    d-----w-    C:\Windows\System32\drivers\NSSx64
2013-02-15 23:07:05    --------    d-----w-    C:\ProgramData\Norton
2013-02-15 23:07:05    --------    d-----w-    C:\Program Files (x86)\Norton Security Scan
2013-02-15 23:07:03    --------    d-----w-    C:\ProgramData\NortonInstaller
2013-02-15 23:07:03    --------    d-----w-    C:\Program Files (x86)\NortonInstaller
2013-02-15 20:10:17    --------    d-----w-    C:\Users\Ryan\AppData\Local\DDMSettings
2013-02-15 20:08:23    --------    d-----w-    C:\Program Files\DivX
2013-02-15 20:08:10    --------    d-----w-    C:\Program Files (x86)\Common Files\DivX Shared
2013-02-15 20:07:48    --------    d-----w-    C:\Program Files (x86)\DivX
2013-02-15 20:07:16    --------    d-----w-    C:\ProgramData\DivX
2013-02-13 17:24:14    499712    ----a-w-    C:\Windows\System32\MSVCP71.DLL
2013-02-13 17:24:14    348160    ----a-w-    C:\Windows\System32\MSVCR71.DLL
2013-02-13 17:24:14    1060864    ----a-w-    C:\Windows\SysWow64\MFC71.DLL
2013-02-13 17:24:14    1060864    ----a-w-    C:\Windows\System32\MFC71.DLL
2013-02-13 17:24:13    98304    ----a-w-    C:\Windows\SysWow64\L3CODECX.AX
2013-02-13 17:24:12    --------    d-----w-    C:\Program Files\Cucusoft
.
==================== Find3M  ====================
.
2013-03-14 19:21:27    328192    ----a-w-    C:\Windows\System32\services.exe
2013-03-13 13:17:12    73432    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-13 13:17:12    693976    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
.
============= FINISH: 19:49:10.06 ===============
 


Edited by Noviciate, 14 March 2013 - 03:03 PM.
Log added from attachment.


BC AdBot (Login to Remove)

 


#2 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:10:14 PM

Posted 14 March 2013 - 03:04 PM

Good evening. :)

When DDS was run it should have created a second log, Attach.txt - did you save a copy? Also, can you post the report that AVG creates?


So long, and thanks for all the fish.

 

 


#3 ryanc4252

ryanc4252
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:14 PM

Posted 14 March 2013 - 03:08 PM

thank you for the speedy reply Attached File  attach.txt   1.61KB   0 downloads



#4 ryanc4252

ryanc4252
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:14 PM

Posted 14 March 2013 - 03:18 PM

not sure how to post the avg report 



#5 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:10:14 PM

Posted 14 March 2013 - 05:01 PM

Which version of AVG do you have?


So long, and thanks for all the fish.

 

 


#6 ryanc4252

ryanc4252
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:14 PM

Posted 15 March 2013 - 09:50 AM

the 2013 free download 



#7 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:10:14 PM

Posted 16 March 2013 - 03:46 PM

Good evening. :)

Open the AVG interface and click the Options dropdown at the top, and then History and finally Scan results.


So long, and thanks for all the fish.

 

 


#8 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:10:14 PM

Posted 22 March 2013 - 03:50 PM

As there has been no response for five days this thread is now closed.


So long, and thanks for all the fish.

 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users