Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Have a Trojan I can't remove.


  • Please log in to reply
10 replies to this topic

#1 CFO Charles

CFO Charles

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:17 AM

Posted 10 July 2013 - 09:53 PM

Hi there, my real name is Cory and I've been having trouble removing a Trojan. I've done a bit of research into the matter and from what I've gathered it seems like ZeroAccess rootkit. However, I'm not highly literate with computers (probably just as much as your average forum-dwelling teenager these days) so everything I'm going off of is speculation based on what I've read online. Basically what happens is randomly, and when I right click a file, AVG brings up a detection alert asking me to remove a threat that it cannot. It doesn't appear to be doing any damage to my computer but regardless I sunk a fair amount of money into it and would like to keep it clean. Here's a screenshot of the error message (Brownie points to anybody who can guess that character in the background). 

 

ahmc.jpg

 

I've followed the tutorial for requesting help and created the DDS and attach files asked for.

 

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.16611
Run by Cory at 22:10:09 on 2013-07-10
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.2.1033.18.8191.6166 [GMT -4:00]
.
AV: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: AVG Internet Security 2013 *Disabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2013\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Music Toolbar\Datamngr\DatamngrCoordinator.exe
C:\Program Files (x86)\D-Link\DWA-125 revA\ANIWConnService.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\loggingserver.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
C:\Program Files (x86)\D-Link\DWA-125 revA\AirGCFG.exe
C:\Program Files (x86)\D-Link\DWA-125 revA\WZCSLDR2.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Users\Cory\AppData\Local\Google\Update\1.3.21.149\GoogleCrashHandler.exe
C:\Users\Cory\AppData\Local\Google\Update\1.3.21.149\GoogleCrashHandler64.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Music Toolbar\Datamngr\DatamngrUI.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Windows\system32\taskeng.exe
C:\Users\Cory\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Cory\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Cory\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.search.ask.com/?o=APN10652A&gct=hp&d=459-144&t=4
mWinlogon: Userinit = userinit.exe
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Music Toolbar (Dist. by Koyote-Lab, Inc.): {30d489af-4a88-45dd-aacf-986cdbc7823a} - C:\Program Files (x86)\Music Toolbar\Datamngr\SRTOOL~1\IE\searchresultsDx.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - 
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\15.3.0.11\AVG Secure Search_toolbar.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\15.3.0.11\AVG Secure Search_toolbar.dll
TB: @C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Music Toolbar (Dist. by Koyote-Lab, Inc.): {30d489af-4a88-45dd-aacf-986cdbc7823a} - C:\Program Files (x86)\Music Toolbar\Datamngr\SRTOOL~1\IE\searchresultsDx.dll
uRun: [Google Update] "C:\Users\Cory\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
mRun: [D-Link D-Link DWA-125] C:\Program Files (x86)\D-Link\DWA-125 revA\AirGCFG.exe
mRun: [WZCSLDR2] C:\Program Files (x86)\D-Link\DWA-125 revA\WZCSLDR2.exe
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=QUFTWUwtR1o5VzItTlFIWEMtUVRJUlctWVlKQlktUQ"&"inst=NzYtOTU5NTM3ODA0LVNUMTJPSSsxLUREVCswLUVVTEErMS1TVDEyQVBQKzE"&"prod=92"&"ver=2012.0.1834"&"mid=886e79e837b447d1868250b3841ae11e-9fbce7b82a4da9ad6b6275eeeff3cb38cd9284cc
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {070DC617-E3B7-468B-A29C-D4E84FAE938C} - hxxp://utilities.pcpitstop.com/pctuneup2/controls/pctuneup.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{31367DE5-580B-4F32-B54E-56B0822FEC3B} : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{31367DE5-580B-4F32-B54E-56B0822FEC3B}\54967686472616C6C623 : DHCPNameServer = 64.71.255.198
TCP: Interfaces\{31367DE5-580B-4F32-B54E-56B0822FEC3B}\7416E676374716E45647 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{31367DE5-580B-4F32-B54E-56B0822FEC3B}\E496E6562616C6C6 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{5B01C073-3D24-4304-9479-9C56A9655023} : DHCPNameServer = 192.168.42.129
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - 
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.3.0\ViProtocol.dll
AppInit_DLLs= C:\PROGRA~3\Wincert\WIN32C~1.DLL C:\PROGRA~2\MUSICT~1\Datamngr\mgrldr.dll 
SSODL: WebCheck - <orphaned>
x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - 
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\casc.exe"
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - 
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2013-2-8 71480]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2013-2-8 311096]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2013-2-8 116536]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2013-2-8 45880]
R1 anodlwf;ANOD Network Security Filter driver;C:\Windows\System32\drivers\anodlwfx.sys [2011-10-28 15872]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2013-3-29 246072]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2013-2-8 206136]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2013-3-21 240952]
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2012-9-5 45856]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2013-5-14 4937264]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2013-4-18 283136]
R2 D_Link_DWA-125_WPS;D_Link_DWA-125_WPS Service;C:\Program Files (x86)\D-Link\DWA-125 revA\ANIWConnService.exe [2011-10-28 40960]
R2 DatamngrCoordinator;Datamngr Coordinator;C:\Program Files (x86)\Music Toolbar\Datamngr\DatamngrCoordinator.exe [2013-6-25 3179568]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-5-14 3289208]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-1-18 383264]
R2 vToolbarUpdater15.3.0;vToolbarUpdater15.3.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe [2013-6-27 1598128]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 D_Link_DWA-125;D_Link_DWA-125 Service;C:\Program Files (x86)\D-Link\DWA-125 revA\ANIWZCSdS.exe [2011-10-28 126976]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-6-3 162408]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [2013-2-5 235216]
S3 PCPitstop Scheduling;PCPitstop Scheduling;C:\Program Files (x86)\CA\PCPitstopScheduleService.exe [2011-10-28 90864]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-10-29 1255736]
.
=============== Created Last 30 ================
.
2013-06-26 01:58:28 -------- d-----w- C:\ProgramData\Browser Manager
2013-06-25 23:40:54 -------- d-----w- C:\Users\Cory\AppData\Local\Fuze Zip
2013-06-25 23:39:37 -------- d-----w- C:\ProgramData\Wincert
2013-06-25 23:39:20 -------- d-----w- C:\ProgramData\Datamngr
2013-06-25 23:39:20 -------- d-----w- C:\Program Files (x86)\Music Toolbar
2013-06-15 18:05:21 -------- d-----w- C:\Program Files\iPod
2013-06-15 18:05:20 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-06-15 18:05:20 -------- d-----w- C:\Program Files\iTunes
2013-06-15 18:05:20 -------- d-----w- C:\Program Files (x86)\iTunes
2013-06-15 18:02:22 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin5.dll
2013-06-15 18:02:22 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin4.dll
2013-06-15 18:02:22 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin3.dll
2013-06-15 18:02:22 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin2.dll
2013-06-15 18:02:22 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin.dll
2013-06-15 05:49:05 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-06-15 05:49:05 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-06-15 05:49:03 279040 ----a-w- C:\Program Files\Internet Explorer\sqmapi.dll
2013-06-15 05:49:03 218112 ----a-w- C:\Program Files (x86)\Internet Explorer\sqmapi.dll
2013-06-12 21:39:36 30720 ----a-w- C:\Windows\System32\cryptdlg.dll
2013-06-12 21:38:17 1887232 ----a-w- C:\Windows\System32\d3d11.dll
2013-06-12 21:38:16 1505280 ----a-w- C:\Windows\SysWow64\d3d11.dll
2013-06-12 21:38:11 1910632 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-06-12 21:34:15 751104 ----a-w- C:\Windows\System32\win32spl.dll
2013-06-12 21:34:14 492544 ----a-w- C:\Windows\SysWow64\win32spl.dll
.
==================== Find3M  ====================
.
2013-06-27 22:49:40 45856 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys
2013-06-11 22:36:42 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-11 22:36:42 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-05-17 01:25:57 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-05-17 01:25:27 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-05-17 01:25:26 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-05-17 01:25:26 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-05-17 00:59:03 2241024 ----a-w- C:\Windows\System32\wininet.dll
2013-05-17 00:58:10 3958784 ----a-w- C:\Windows\System32\jscript9.dll
2013-05-17 00:58:08 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-05-17 00:58:08 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-05-14 12:23:25 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-05-14 08:40:13 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-05-13 05:51:01 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2013-05-13 05:51:00 1464320 ----a-w- C:\Windows\System32\crypt32.dll
2013-05-13 05:51:00 139776 ----a-w- C:\Windows\System32\cryptnet.dll
2013-05-13 05:50:40 52224 ----a-w- C:\Windows\System32\certenc.dll
2013-05-13 04:45:55 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2013-05-13 04:45:55 1160192 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-05-13 04:45:55 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2013-05-13 03:43:55 1192448 ----a-w- C:\Windows\System32\certutil.exe
2013-05-13 03:08:10 903168 ----a-w- C:\Windows\SysWow64\certutil.exe
2013-05-13 03:08:06 43008 ----a-w- C:\Windows\SysWow64\certenc.dll
2013-05-10 03:20:54 24576 ----a-w- C:\Windows\SysWow64\cryptdlg.dll
2013-05-01 07:59:12 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2013-05-01 07:59:12 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2013-04-17 07:02:06 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2013-04-17 06:24:46 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2013-04-13 05:49:23 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49:19 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49:19 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49:19 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45:16 474624 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
2013-04-13 04:45:15 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll
2013-04-12 14:45:08 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys
.
============= FINISH: 22:10:20.10 ===============
 

Any replies and help will be much appreciated. Until then, I may browse around and see what I can learn from these boards.

 

Thanks in advance, 

 

 

Cory / Charles / "Chuck"

 

(Whichever you prefer)

Attached Files



BC AdBot (Login to Remove)

 


#2 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 4,914 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:17 AM

Posted 11 July 2013 - 12:19 AM

Hi there,
my name is Marius and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 

 

 

 

Scan with Malwarebytes Anti-Rootkit

Please download Malwarebytes Anti-Rootkit from here Malwarebytes : Malwarebytes Anti-Rootkit and save it to your desktop.

Be sure to print out and follow the instructions provided on that same page.

Caution: This is a beta version so please be sure to read the disclaimer and back up any important data before using.

  • Double click the mbar.zip file to open it, then 'Extract all files'.
  • Double click the mbar folder to open it, then double click mbar.exe to start the tool.

Check for Updates, then Scan your system for malware

If malware is found, do NOT press the Cleanup button yet. Click EXIT.

I'd like to see the log first so I can see what it sees. You'll find the log in that mbar folder as MBAR-log-***.txt . Please attach that to your next reply.


I´m not available ´til 04/08/2014.

CU @ Pacha! ^^

 

My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

 


#3 CFO Charles

CFO Charles
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:17 AM

Posted 13 July 2013 - 12:25 PM

Thank you for your help Psychotic. I just did a scan and mal-ware is present on my PC. However once the mal-ware was detected the scan appeared to stop. Also, I received a message indicating my computer my have rootkit activity which could interfere with the scan, I ignored it for the time being so I could ask your opinion on the matter. Here's a screenshot of the message. qe6r.png

 

I clicked no and continued with the scan, here's the log from my first attempt:

 

 
Malwarebytes Anti-Rootkit BETA 1.06.0.1004
www.malwarebytes.org
 
Database version: v2013.07.13.05
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16635
Cory :: GUTTTT [administrator]
 
13/07/2013 1:06:13 PM
-log-2013-07-13 (13-06-13).txt
 
Scan type: Quick scan
Scan options enabled: PUM | P2P
Scan options disabled: Anti-Rootkit | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP
Objects scanned: 0
Time elapsed: 
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 1
c:\Users\Cory\AppData\Roaming\skype.dat (Trojan.FakeCodec) -> No action taken.
 
(end)
 
 
Second Attempt: 
 
Malwarebytes Anti-Rootkit BETA 1.06.0.1004
www.malwarebytes.org
 
Database version: v2013.07.13.05
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16635
Cory :: GUTTTT [administrator]
 
13/07/2013 1:14:37 PM
-log-2013-07-13 (13-14-37).txt
 
Scan type: Quick scan
Scan options enabled: PUM | P2P
Scan options disabled: Anti-Rootkit | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP
Objects scanned: 0
Time elapsed: 
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 1
c:\Users\Cory\AppData\Roaming\skype.dat (Trojan.FakeCodec) -> No action taken.
 
(end)
 

after both scans I ended up hitting the cancel button because once the mal-ware was detected all activity in the scan appeared to stop.

 

EDIT: I did not click "yes" before either of the scans.


Edited by CFO Charles, 13 July 2013 - 12:26 PM.


#4 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 4,914 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:17 AM

Posted 14 July 2013 - 08:40 AM

Combofix


Combofix should only be run when adviced by a team member!


Link


Important - Save the file to your desktop!


  • Deactivate any and all of your antivirus programs /spyware scanners - they can prevent CF from doing its work.
  • Run Combofix.exe


When finished, Combofix creates a log file named C:\Combofix.txt. Please post its content in your next reply.


I´m not available ´til 04/08/2014.

CU @ Pacha! ^^

 

My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

 


#5 CFO Charles

CFO Charles
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:17 AM

Posted 15 July 2013 - 04:58 PM

Alright, I deactivated my AVG and ran the program. However I had to system restore after it completed (not sure if it was required but it scared me). Anyway, it seems to be ok now.
 
I should also add that I'll be going out of town for a few days on Wednesday and I'm unsure if I'll be able to keep in touch. I understand the thread will be closed if no reply is received after three days but I really hope that I can continue to receive your help if I cannot respond within that time. 
 
 
 
 
ComboFix 13-07-15.01 - Cory 15/07/2013  17:27:53.1.6 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.2.1033.18.8191.6318 [GMT -4:00]
Running from: c:\users\Cory\Downloads\ComboFix.exe
AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
FW: AVG Internet Security 2013 *Disabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
SP: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Wincert\WIN32C~1.DLL
c:\users\Cory\AppData\Roaming\skype.dat
.
.
(((((((((((((((((((((((((   Files Created from 2013-06-15 to 2013-07-15  )))))))))))))))))))))))))))))))
.
.
2013-07-15 21:34 . 2013-07-15 21:34 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-07-15 21:34 . 2013-07-15 21:34 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-07-13 17:06 . 2013-07-13 17:20 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-07-11 17:50 . 2013-06-04 06:00 624128 ----a-w- c:\windows\system32\qedit.dll
2013-07-11 17:50 . 2013-06-04 04:53 509440 ----a-w- c:\windows\SysWow64\qedit.dll
2013-07-11 17:50 . 2013-05-06 06:03 1887744 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-07-11 17:50 . 2013-05-06 04:56 1620480 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
2013-07-11 17:50 . 2013-06-05 03:34 3153920 ----a-w- c:\windows\system32\win32k.sys
2013-07-11 17:50 . 2013-04-10 05:48 1732608 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2013-07-11 17:50 . 2013-04-10 05:46 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2013-07-11 17:50 . 2013-04-10 05:46 1393152 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2013-07-11 17:50 . 2013-04-10 05:46 1367040 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2013-07-11 17:50 . 2013-04-10 05:03 936448 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2013-07-11 17:49 . 2013-04-09 23:34 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll
2013-07-11 17:49 . 2013-04-02 22:51 1643520 ----a-w- c:\windows\system32\DWrite.dll
2013-06-26 01:58 . 2013-06-26 01:58 -------- d-----w- c:\programdata\Browser Manager
2013-06-25 23:40 . 2013-06-25 23:40 -------- d-----w- c:\users\Cory\AppData\Local\Fuze Zip
2013-06-25 23:39 . 2013-07-15 21:33 -------- d-----w- c:\programdata\Wincert
2013-06-25 23:39 . 2013-07-15 21:35 -------- d-----w- c:\programdata\Datamngr
2013-06-25 23:39 . 2013-06-25 23:39 -------- d-----w- c:\program files (x86)\Music Toolbar
2013-06-25 23:20 . 2013-06-25 23:20 -------- d-----w- c:\program files\7-Zip
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-12 06:10 . 2011-12-28 01:01 78185248 ----a-w- c:\windows\system32\MRT.exe
2013-06-27 22:49 . 2012-09-05 21:46 45856 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2013-06-11 22:36 . 2012-10-12 21:51 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-06-11 22:36 . 2011-11-06 08:46 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-05 03:53 . 2013-06-05 03:53 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-06-05 03:53 . 2013-06-05 03:53 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-06-05 03:53 . 2013-06-05 03:53 226304 ----a-w- c:\windows\system32\elshyph.dll
2013-06-05 03:53 . 2013-06-05 03:53 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-06-05 03:53 . 2013-06-05 03:53 158720 ----a-w- c:\windows\SysWow64\msls31.dll
2013-06-05 03:53 . 2013-06-05 03:53 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-06-05 03:53 . 2013-06-05 03:53 138752 ----a-w- c:\windows\SysWow64\wextract.exe
2013-06-05 03:53 . 2013-06-05 03:53 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-06-05 03:53 . 2013-06-05 03:53 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-06-05 03:53 . 2013-06-05 03:53 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-06-05 03:53 . 2013-06-05 03:53 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-06-05 03:53 . 2013-06-05 03:53 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-06-05 03:53 . 2013-06-05 03:53 361984 ----a-w- c:\windows\SysWow64\html.iec
2013-06-05 03:53 . 2013-06-05 03:53 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-06-05 03:53 . 2013-06-05 03:53 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-06-05 03:53 . 2013-06-05 03:53 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-06-05 03:53 . 2013-06-05 03:53 12800 ----a-w- c:\windows\SysWow64\mshta.exe
2013-06-05 03:53 . 2013-06-05 03:53 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-06-05 03:53 . 2013-06-05 03:53 81408 ----a-w- c:\windows\system32\icardie.dll
2013-06-05 03:53 . 2013-06-05 03:53 762368 ----a-w- c:\windows\system32\ieapfltr.dll
2013-06-05 03:53 . 2013-06-05 03:53 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2013-06-05 03:53 . 2013-06-05 03:53 441856 ----a-w- c:\windows\system32\html.iec
2013-06-05 03:53 . 2013-06-05 03:53 281600 ----a-w- c:\windows\system32\dxtrans.dll
2013-06-05 03:53 . 2013-06-05 03:53 216064 ----a-w- c:\windows\system32\msls31.dll
2013-06-05 03:53 . 2013-06-05 03:53 197120 ----a-w- c:\windows\system32\msrating.dll
2013-06-05 03:53 . 2013-06-05 03:53 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-06-05 03:53 . 2013-06-05 03:53 97280 ----a-w- c:\windows\system32\mshtmled.dll
2013-06-05 03:53 . 2013-06-05 03:53 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-06-05 03:53 . 2013-06-05 03:53 599552 ----a-w- c:\windows\system32\vbscript.dll
2013-06-05 03:53 . 2013-06-05 03:53 27648 ----a-w- c:\windows\system32\licmgr10.dll
2013-06-05 03:53 . 2013-06-05 03:53 270848 ----a-w- c:\windows\system32\iedkcs32.dll
2013-06-05 03:53 . 2013-06-05 03:53 247296 ----a-w- c:\windows\system32\webcheck.dll
2013-06-05 03:53 . 2013-06-05 03:53 235008 ----a-w- c:\windows\system32\url.dll
2013-06-05 03:53 . 2013-06-05 03:53 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-06-05 03:53 . 2013-06-05 03:53 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
2013-06-05 03:53 . 2013-06-05 03:53 144896 ----a-w- c:\windows\system32\wextract.exe
2013-06-05 03:53 . 2013-06-05 03:53 102912 ----a-w- c:\windows\system32\inseng.dll
2013-06-05 03:53 . 2013-06-05 03:53 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-06-05 03:53 . 2013-06-05 03:53 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-06-05 03:53 . 2013-06-05 03:53 62976 ----a-w- c:\windows\system32\pngfilt.dll
2013-06-05 03:53 . 2013-06-05 03:53 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-06-05 03:53 . 2013-06-05 03:53 51200 ----a-w- c:\windows\system32\imgutil.dll
2013-06-05 03:53 . 2013-06-05 03:53 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-06-05 03:53 . 2013-06-05 03:53 173568 ----a-w- c:\windows\system32\ieUnatt.exe
2013-06-05 03:53 . 2013-06-05 03:53 149504 ----a-w- c:\windows\system32\occache.dll
2013-06-05 03:53 . 2013-06-05 03:53 13824 ----a-w- c:\windows\system32\mshta.exe
2013-06-05 03:53 . 2013-06-05 03:53 136192 ----a-w- c:\windows\system32\iepeers.dll
2013-06-05 03:53 . 2013-06-05 03:53 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-06-05 03:53 . 2013-06-05 03:53 12800 ----a-w- c:\windows\system32\msfeedssync.exe
2013-05-13 05:51 . 2013-06-12 21:39 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2013-05-13 05:51 . 2013-06-12 21:39 1464320 ----a-w- c:\windows\system32\crypt32.dll
2013-05-13 05:51 . 2013-06-12 21:39 139776 ----a-w- c:\windows\system32\cryptnet.dll
2013-05-13 05:50 . 2013-06-12 21:39 52224 ----a-w- c:\windows\system32\certenc.dll
2013-05-13 04:45 . 2013-06-12 21:39 1160192 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-05-13 04:45 . 2013-06-12 21:39 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2013-05-13 04:45 . 2013-06-12 21:39 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2013-05-13 03:43 . 2013-06-12 21:39 1192448 ----a-w- c:\windows\system32\certutil.exe
2013-05-13 03:08 . 2013-06-12 21:39 903168 ----a-w- c:\windows\SysWow64\certutil.exe
2013-05-13 03:08 . 2013-06-12 21:39 43008 ----a-w- c:\windows\SysWow64\certenc.dll
2013-05-10 05:49 . 2013-06-12 21:39 30720 ----a-w- c:\windows\system32\cryptdlg.dll
2013-05-10 03:20 . 2013-06-12 21:39 24576 ----a-w- c:\windows\SysWow64\cryptdlg.dll
2013-05-08 06:39 . 2013-06-12 21:38 1910632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-05-01 07:59 . 2013-05-01 07:59 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2013-05-01 07:59 . 2013-05-01 07:59 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2013-04-26 05:51 . 2013-06-12 21:34 751104 ----a-w- c:\windows\system32\win32spl.dll
2013-04-26 04:55 . 2013-06-12 21:34 492544 ----a-w- c:\windows\SysWow64\win32spl.dll
2013-04-25 23:30 . 2013-06-12 21:38 1505280 ----a-w- c:\windows\SysWow64\d3d11.dll
2013-04-17 07:02 . 2013-06-12 21:39 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2013-04-17 06:24 . 2013-06-12 21:39 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{30d489af-4a88-45dd-aacf-986cdbc7823a}]
2013-06-12 16:45 92592 ----a-w- c:\progra~2\MUSICT~1\Datamngr\SRTOOL~1\IE\searchresultsDx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2013-06-27 22:49 3055280 ----a-w- c:\program files (x86)\AVG Secure Search\15.3.0.11\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\15.3.0.11\AVG Secure Search_toolbar.dll" [2013-06-27 3055280]
"{30d489af-4a88-45dd-aacf-986cdbc7823a}"= "c:\progra~2\MUSICT~1\Datamngr\SRTOOL~1\IE\searchresultsDx.dll" [2013-06-12 92592]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CLASSES_ROOT\clsid\{30d489af-4a88-45dd-aacf-986cdbc7823a}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2013-07-10 1672616]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-11-05 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"D-Link D-Link DWA-125"="c:\program files (x86)\D-Link\DWA-125 revA\AirGCFG.exe" [2009-10-19 995328]
"WZCSLDR2"="c:\program files (x86)\D-Link\DWA-125 revA\WZCSLDR2.exe" [2009-10-19 122880]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2013-06-27 2236080]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2013-04-29 4408368]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-05-31 152392]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer4"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 D_Link_DWA-125_WPS;D_Link_DWA-125_WPS Service;c:\program files (x86)\D-Link\DWA-125 revA\ANIWConnService.exe;c:\program files (x86)\D-Link\DWA-125 revA\ANIWConnService.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files (x86)\CA\PCPitstopScheduleService.exe;c:\program files (x86)\CA\PCPitstopScheduleService.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 X6va005;X6va005;c:\users\Cory\AppData\Local\Temp\00556D9.tmp;c:\users\Cory\AppData\Local\Temp\00556D9.tmp [x]
R3 X6va011;X6va011;c:\windows\SysWOW64\Drivers\X6va011;c:\windows\SysWOW64\Drivers\X6va011 [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S1 anodlwf;ANOD Network Security Filter driver;c:\windows\system32\DRIVERS\anodlwfx.sys;c:\windows\SYSNATIVE\DRIVERS\anodlwfx.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [x]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [x]
S2 D_Link_DWA-125;D_Link_DWA-125 Service;c:\program files (x86)\D-Link\DWA-125 revA\ANIWZCSdS.exe;c:\program files (x86)\D-Link\DWA-125 revA\ANIWZCSdS.exe [x]
S2 DatamngrCoordinator;Datamngr Coordinator;c:\program files (x86)\Music Toolbar\Datamngr\DatamngrCoordinator.exe;c:\program files (x86)\Music Toolbar\Datamngr\DatamngrCoordinator.exe [x]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 vToolbarUpdater15.3.0;vToolbarUpdater15.3.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2013-07-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-12 22:36]
.
2013-07-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-05 20:26]
.
2013-07-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-05 20:26]
.
2013-07-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-469179641-1713076461-10344972-1000Core.job
- c:\users\Cory\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-28 04:58]
.
2013-07-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-469179641-1713076461-10344972-1000UA.job
- c:\users\Cory\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-28 04:58]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cctray"="c:\program files\CA\CA Internet Security Suite\casc.exe" [2010-09-28 2949968]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.search.ask.com/?o=APN10652A&gct=hp&d=459-144&t=4
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.2.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.3.0\ViProtocol.dll
DPF: {070DC617-E3B7-468B-A29C-D4E84FAE938C} - hxxp://utilities.pcpitstop.com/pctuneup2/controls/pctuneup.cab
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
Wow6432Node-HKCU-Run-MobileDocuments - c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Toolbar-10 - (no file)
AddRemove-Nitto 1320 Legends_is1 - c:\program files (x86)\Nitto 1320 Legends\unins000.exe
AddRemove-OGPlanet Game Launcher US - c:\program files (x86)\OGPlanet\USLauncher\uninst.exe
AddRemove-SD Gundam Capsule Fighter - c:\program files (x86)\OGPlanet\SD Gundam Capsule Fighter\uninst.exe
AddRemove-FuzeZip - c:\program files (x86)\FuzeZip\uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va005]
"ImagePath"="\??\c:\users\Cory\AppData\Local\Temp\00556D9.tmp"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va011]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va011"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\loggingserver.exe
.
**************************************************************************
.
Completion time: 2013-07-15  17:40:45 - machine was rebooted
ComboFix-quarantined-files.txt  2013-07-15 21:40
.
Pre-Run: 339,453,894,656 bytes free
Post-Run: 339,600,879,616 bytes free
.
- - End Of File - - C1C5F353B570A44A1F5BA53531CCEE8F
A36C5E4F47E84449FF07ED3517B43A31


#6 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 4,914 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:17 AM

Posted 16 July 2013 - 01:15 AM

I won´t close a topic if the user tells me he is off for a while.

Did you do a system restore after running combofix, did I take that right?

If you did, please rerun combofix and post the log - don´t do anything without being instructed.

 

You´ve restored the trojan, too...


I´m not available ´til 04/08/2014.

CU @ Pacha! ^^

 

My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

 


#7 CFO Charles

CFO Charles
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:17 AM

Posted 21 July 2013 - 09:19 PM

Thank you. Yes, I performed a system restore after I ran Combofix. After I rebooted my computer the first time I was unable to access any of my programs (Chrome, Internet Explorer, Games, and anything else I installed) so I restored my system. I'm unsure if I've improperly run Combofix. I'd like your advice before I proceed.


Edited by CFO Charles, 21 July 2013 - 09:19 PM.


#8 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 4,914 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:17 AM

Posted 21 July 2013 - 11:50 PM

If you had asked me, I would have told you that this may happen after running combofix and can be fixed by simply rebooting the machine...

 

Please run Combofix again - if it wants to update, allow this.


I´m not available ´til 04/08/2014.

CU @ Pacha! ^^

 

My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

 


#9 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 4,914 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:17 AM

Posted 25 July 2013 - 03:12 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

I´m not available ´til 04/08/2014.

CU @ Pacha! ^^

 

My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

 


#10 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 4,914 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:17 AM

Posted 29 July 2013 - 01:35 AM

This topic has been re-opened at the request of the person who originally posted.

I´m not available ´til 04/08/2014.

CU @ Pacha! ^^

 

My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

 


#11 CFO Charles

CFO Charles
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:17 AM

Posted 29 July 2013 - 06:03 PM

Thank you. Now where we left off.

 

If you had asked me, I would have told you that this may happen after running combofix and can be fixed by simply rebooting the machine...

 

Please run Combofix again - if it wants to update, allow this.

I would have loved to ask you, but like I said, I couldn't access my programs, therefore; couldn't get online to ask you  :P

 

Anyway, ran it again, no problems this time. 

 

ComboFix 13-07-27.01 - Cory 27/07/2013  20:36:30.2.6 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.2.1033.18.8191.6887 [GMT -4:00]
Running from: c:\users\Cory\Downloads\ComboFix.exe
AV: AVG AntiVirus Free Edition 2013 *Disabled/Outdated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
FW: AVG Internet Security 2013 *Disabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
SP: AVG AntiVirus Free Edition 2013 *Disabled/Outdated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((   Files Created from 2013-06-28 to 2013-07-28  )))))))))))))))))))))))))))))))
.
.
2013-07-28 00:44 . 2013-07-28 00:44 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-07-28 00:44 . 2013-07-28 00:44 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-07-16 00:23 . 2013-07-16 00:23 -------- d-----w- c:\program files (x86)\Common Files\Java
2013-07-16 00:22 . 2013-07-16 00:22 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-07-15 21:54 . 2013-05-27 05:50 1011712 ----a-w- c:\program files\Windows Defender\MpSvc.dll
2013-07-15 21:54 . 2013-05-27 05:50 571904 ----a-w- c:\program files\Windows Defender\MpClient.dll
2013-07-15 21:54 . 2013-05-27 05:50 314880 ----a-w- c:\program files\Windows Defender\MpCommu.dll
2013-07-15 21:54 . 2013-05-27 04:57 4608 ----a-w- c:\program files (x86)\Windows Defender\MsMpLics.dll
2013-07-15 21:54 . 2013-05-27 04:57 54784 ----a-w- c:\program files (x86)\Windows Defender\MpOAV.dll
2013-07-15 21:54 . 2013-05-27 04:57 392704 ----a-w- c:\program files (x86)\Windows Defender\MpClient.dll
2013-07-15 21:54 . 2013-05-27 03:15 9216 ----a-w- c:\program files (x86)\Windows Defender\MpAsDesc.dll
2013-07-13 17:06 . 2013-07-13 17:20 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-07-11 17:50 . 2013-06-04 06:00 624128 ----a-w- c:\windows\system32\qedit.dll
2013-07-11 17:50 . 2013-06-04 04:53 509440 ----a-w- c:\windows\SysWow64\qedit.dll
2013-07-11 17:50 . 2013-05-06 06:03 1887744 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-07-11 17:50 . 2013-05-06 04:56 1620480 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
2013-07-11 17:50 . 2013-06-05 03:34 3153920 ----a-w- c:\windows\system32\win32k.sys
2013-07-11 17:50 . 2013-04-10 05:48 1732608 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2013-07-11 17:50 . 2013-04-10 05:46 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2013-07-11 17:50 . 2013-04-10 05:46 1393152 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2013-07-11 17:50 . 2013-04-10 05:46 1367040 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2013-07-11 17:50 . 2013-04-10 05:03 936448 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2013-07-11 17:49 . 2013-04-09 23:34 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll
2013-07-11 17:49 . 2013-04-02 22:51 1643520 ----a-w- c:\windows\system32\DWrite.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-16 00:22 . 2013-02-11 20:39 867240 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2013-07-16 00:22 . 2011-10-28 06:41 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-07-12 06:10 . 2011-12-28 01:01 78185248 ----a-w- c:\windows\system32\MRT.exe
2013-06-27 22:49 . 2012-09-05 21:46 45856 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2013-06-11 22:36 . 2012-10-12 21:51 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-06-11 22:36 . 2011-11-06 08:46 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-05 03:53 . 2013-06-05 03:53 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-06-05 03:53 . 2013-06-05 03:53 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-06-05 03:53 . 2013-06-05 03:53 226304 ----a-w- c:\windows\system32\elshyph.dll
2013-06-05 03:53 . 2013-06-05 03:53 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-06-05 03:53 . 2013-06-05 03:53 158720 ----a-w- c:\windows\SysWow64\msls31.dll
2013-06-05 03:53 . 2013-06-05 03:53 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-06-05 03:53 . 2013-06-05 03:53 138752 ----a-w- c:\windows\SysWow64\wextract.exe
2013-06-05 03:53 . 2013-06-05 03:53 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-06-05 03:53 . 2013-06-05 03:53 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-06-05 03:53 . 2013-06-05 03:53 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-06-05 03:53 . 2013-06-05 03:53 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-06-05 03:53 . 2013-06-05 03:53 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-06-05 03:53 . 2013-06-05 03:53 361984 ----a-w- c:\windows\SysWow64\html.iec
2013-06-05 03:53 . 2013-06-05 03:53 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-06-05 03:53 . 2013-06-05 03:53 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-06-05 03:53 . 2013-06-05 03:53 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-06-05 03:53 . 2013-06-05 03:53 12800 ----a-w- c:\windows\SysWow64\mshta.exe
2013-06-05 03:53 . 2013-06-05 03:53 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-06-05 03:53 . 2013-06-05 03:53 81408 ----a-w- c:\windows\system32\icardie.dll
2013-06-05 03:53 . 2013-06-05 03:53 762368 ----a-w- c:\windows\system32\ieapfltr.dll
2013-06-05 03:53 . 2013-06-05 03:53 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2013-06-05 03:53 . 2013-06-05 03:53 441856 ----a-w- c:\windows\system32\html.iec
2013-06-05 03:53 . 2013-06-05 03:53 281600 ----a-w- c:\windows\system32\dxtrans.dll
2013-06-05 03:53 . 2013-06-05 03:53 216064 ----a-w- c:\windows\system32\msls31.dll
2013-06-05 03:53 . 2013-06-05 03:53 197120 ----a-w- c:\windows\system32\msrating.dll
2013-06-05 03:53 . 2013-06-05 03:53 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-06-05 03:53 . 2013-06-05 03:53 97280 ----a-w- c:\windows\system32\mshtmled.dll
2013-06-05 03:53 . 2013-06-05 03:53 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-06-05 03:53 . 2013-06-05 03:53 599552 ----a-w- c:\windows\system32\vbscript.dll
2013-06-05 03:53 . 2013-06-05 03:53 27648 ----a-w- c:\windows\system32\licmgr10.dll
2013-06-05 03:53 . 2013-06-05 03:53 270848 ----a-w- c:\windows\system32\iedkcs32.dll
2013-06-05 03:53 . 2013-06-05 03:53 247296 ----a-w- c:\windows\system32\webcheck.dll
2013-06-05 03:53 . 2013-06-05 03:53 235008 ----a-w- c:\windows\system32\url.dll
2013-06-05 03:53 . 2013-06-05 03:53 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-06-05 03:53 . 2013-06-05 03:53 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
2013-06-05 03:53 . 2013-06-05 03:53 144896 ----a-w- c:\windows\system32\wextract.exe
2013-06-05 03:53 . 2013-06-05 03:53 102912 ----a-w- c:\windows\system32\inseng.dll
2013-06-05 03:53 . 2013-06-05 03:53 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-06-05 03:53 . 2013-06-05 03:53 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-06-05 03:53 . 2013-06-05 03:53 62976 ----a-w- c:\windows\system32\pngfilt.dll
2013-06-05 03:53 . 2013-06-05 03:53 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-06-05 03:53 . 2013-06-05 03:53 51200 ----a-w- c:\windows\system32\imgutil.dll
2013-06-05 03:53 . 2013-06-05 03:53 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-06-05 03:53 . 2013-06-05 03:53 173568 ----a-w- c:\windows\system32\ieUnatt.exe
2013-06-05 03:53 . 2013-06-05 03:53 149504 ----a-w- c:\windows\system32\occache.dll
2013-06-05 03:53 . 2013-06-05 03:53 13824 ----a-w- c:\windows\system32\mshta.exe
2013-06-05 03:53 . 2013-06-05 03:53 136192 ----a-w- c:\windows\system32\iepeers.dll
2013-06-05 03:53 . 2013-06-05 03:53 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-06-05 03:53 . 2013-06-05 03:53 12800 ----a-w- c:\windows\system32\msfeedssync.exe
2013-05-13 05:51 . 2013-06-12 21:39 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2013-05-13 05:51 . 2013-06-12 21:39 1464320 ----a-w- c:\windows\system32\crypt32.dll
2013-05-13 05:51 . 2013-06-12 21:39 139776 ----a-w- c:\windows\system32\cryptnet.dll
2013-05-13 05:50 . 2013-06-12 21:39 52224 ----a-w- c:\windows\system32\certenc.dll
2013-05-13 04:45 . 2013-06-12 21:39 1160192 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-05-13 04:45 . 2013-06-12 21:39 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2013-05-13 04:45 . 2013-06-12 21:39 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2013-05-13 03:43 . 2013-06-12 21:39 1192448 ----a-w- c:\windows\system32\certutil.exe
2013-05-13 03:08 . 2013-06-12 21:39 903168 ----a-w- c:\windows\SysWow64\certutil.exe
2013-05-13 03:08 . 2013-06-12 21:39 43008 ----a-w- c:\windows\SysWow64\certenc.dll
2013-05-10 05:49 . 2013-06-12 21:39 30720 ----a-w- c:\windows\system32\cryptdlg.dll
2013-05-10 03:20 . 2013-06-12 21:39 24576 ----a-w- c:\windows\SysWow64\cryptdlg.dll
2013-05-08 06:39 . 2013-06-12 21:38 1910632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-05-01 07:59 . 2013-05-01 07:59 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2013-05-01 07:59 . 2013-05-01 07:59 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{30d489af-4a88-45dd-aacf-986cdbc7823a}]
2013-06-12 16:45 92592 ----a-w- c:\progra~2\MUSICT~1\Datamngr\SRTOOL~1\IE\searchresultsDx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2013-06-27 22:49 3055280 ----a-w- c:\program files (x86)\AVG Secure Search\15.3.0.11\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\15.3.0.11\AVG Secure Search_toolbar.dll" [2013-06-27 3055280]
"{30d489af-4a88-45dd-aacf-986cdbc7823a}"= "c:\progra~2\MUSICT~1\Datamngr\SRTOOL~1\IE\searchresultsDx.dll" [2013-06-12 92592]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CLASSES_ROOT\clsid\{30d489af-4a88-45dd-aacf-986cdbc7823a}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2013-07-10 1672616]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-11-05 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"D-Link D-Link DWA-125"="c:\program files (x86)\D-Link\DWA-125 revA\AirGCFG.exe" [2009-10-19 995328]
"WZCSLDR2"="c:\program files (x86)\D-Link\DWA-125 revA\WZCSLDR2.exe" [2009-10-19 122880]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2013-06-27 2236080]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2013-04-29 4408368]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-05-31 152392]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer4"=wdmaud.drv
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 D_Link_DWA-125;D_Link_DWA-125 Service;c:\program files (x86)\D-Link\DWA-125 revA\ANIWZCSdS.exe;c:\program files (x86)\D-Link\DWA-125 revA\ANIWZCSdS.exe [x]
R2 D_Link_DWA-125_WPS;D_Link_DWA-125_WPS Service;c:\program files (x86)\D-Link\DWA-125 revA\ANIWConnService.exe;c:\program files (x86)\D-Link\DWA-125 revA\ANIWConnService.exe [x]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files (x86)\CA\PCPitstopScheduleService.exe;c:\program files (x86)\CA\PCPitstopScheduleService.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 X6va005;X6va005;c:\users\Cory\AppData\Local\Temp\00556D9.tmp;c:\users\Cory\AppData\Local\Temp\00556D9.tmp [x]
R3 X6va011;X6va011;c:\windows\SysWOW64\Drivers\X6va011;c:\windows\SysWOW64\Drivers\X6va011 [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S1 anodlwf;ANOD Network Security Filter driver;c:\windows\system32\DRIVERS\anodlwfx.sys;c:\windows\SYSNATIVE\DRIVERS\anodlwfx.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [x]
S2 DatamngrCoordinator;Datamngr Coordinator;c:\program files (x86)\Music Toolbar\Datamngr\DatamngrCoordinator.exe;c:\program files (x86)\Music Toolbar\Datamngr\DatamngrCoordinator.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 vToolbarUpdater15.3.0;vToolbarUpdater15.3.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-07-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-12 22:36]
.
2013-07-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-05 20:26]
.
2013-07-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-05 20:26]
.
2013-07-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-469179641-1713076461-10344972-1000Core.job
- c:\users\Cory\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-28 04:58]
.
2013-07-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-469179641-1713076461-10344972-1000UA.job
- c:\users\Cory\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-28 04:58]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cctray"="c:\program files\CA\CA Internet Security Suite\casc.exe" [2010-09-28 2949968]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://isearch.avg.com/?cid={F7881422-E51D-4306-9149-0437E11B1DCC}&mid=886e79e837b447d1868250b3841ae11e-9fbce7b82a4da9ad6b6275eeeff3cb38cd9284cc&lang=en&ds=AVG&pr=fr&d=2012-09-27%2017:32&v=15.3.0.11&pid=avg&sg=0&sap=hp
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.2.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.3.0\ViProtocol.dll
DPF: {070DC617-E3B7-468B-A29C-D4E84FAE938C} - hxxp://utilities.pcpitstop.com/pctuneup2/controls/pctuneup.cab
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
AddRemove-Nitto 1320 Legends_is1 - c:\program files (x86)\Nitto 1320 Legends\unins000.exe
AddRemove-OGPlanet Game Launcher US - c:\program files (x86)\OGPlanet\USLauncher\uninst.exe
AddRemove-SD Gundam Capsule Fighter - c:\program files (x86)\OGPlanet\SD Gundam Capsule Fighter\uninst.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va005]
"ImagePath"="\??\c:\users\Cory\AppData\Local\Temp\00556D9.tmp"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va011]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va011"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-07-27  20:45:10
ComboFix-quarantined-files.txt  2013-07-28 00:45
ComboFix2.txt  2013-07-15 21:40
.
Pre-Run: 340,390,203,392 bytes free
Post-Run: 340,206,338,048 bytes free
.
- - End Of File - - 5A4EF77F2F4FAD99BE76073E9CC92A01
A36C5E4F47E84449FF07ED3517B43A31





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users