Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Is my computer infected or comprimised?


  • This topic is locked This topic is locked
11 replies to this topic

#1 detroitpaint

detroitpaint

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:59 AM

Posted 03 March 2012 - 10:00 PM

EDIT:MOVED to Virus,Trojan and Malware Removal Logs ~~boopme


Hello,

I have had some abnormal things happening with my pc. I think I my PC may be infected or access has been gained by outside source. Please help and advise me of any problems.

Thank you,

Steve


ComboFix 12-03-03.02 - dad 03/03/2012 21:23:02.2.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.1917.819 [GMT -5:00]
Running from: c:\users\dad\Desktop\ComboFix.exe
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-02-04 to 2012-03-04 )))))))))))))))))))))))))))))))
.
.
2012-03-04 02:31 . 2012-03-04 02:31 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-03-04 02:31 . 2012-03-04 02:31 -------- d-----w- c:\users\Mcx1-DAD-PC\AppData\Local\temp
2012-03-04 02:31 . 2012-03-04 02:31 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-04 01:31 . 2010-01-10 23:40 118784 ----a-w- c:\windows\system32\MSSTDFMT.DLL
2012-03-04 01:31 . 2012-03-04 01:37 -------- d-----w- c:\program files\SpywareBlaster
2012-02-29 20:13 . 2012-02-08 03:03 6552120 -c--a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{871F854C-0BAC-4879-83BE-FDC9B34CDF68}\mpengine.dll
2012-02-23 21:38 . 2012-02-23 21:38 -------- dc----w- c:\users\dad\AppData\Roaming\QuickScan
2012-02-23 16:42 . 2012-02-08 03:03 6552120 -c--a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-02-23 07:06 . 2012-02-23 07:06 -------- d-----w- c:\users\dad\AppData\Local\ElevatedDiagnostics
2012-02-23 06:16 . 2012-02-23 06:16 713784 -c----w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4095C6C1-0276-409F-BA77-991716376E71}\gapaengine.dll
2012-02-23 06:15 . 2012-02-23 06:15 -------- d-----w- c:\program files\Microsoft Security Client
2012-02-22 04:16 . 2012-02-22 04:16 -------- d-----w- c:\users\dad\allison photobucket
2012-02-21 23:56 . 2012-02-21 23:56 135952 ----a-w- c:\windows\system32\drivers\tmrkb.sys
2012-02-21 15:52 . 2012-02-08 06:03 6552120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{278CA7E0-6737-49BA-AD7E-0E4A2B15B4A4}\mpengine.dll
2012-02-21 15:09 . 2012-02-21 15:09 388096 -c--a-r- c:\users\dad\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-02-21 15:09 . 2012-02-21 15:09 -------- d-----w- c:\program files\Trend Micro
2012-02-21 03:25 . 2012-02-20 22:54 16432 ----a-w- c:\windows\system32\lsdelete.exe
2012-02-20 22:52 . 2011-11-03 17:06 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2012-02-20 03:13 . 2012-02-20 03:13 -------- d-----w- c:\program files\AVAST Software
2012-02-20 02:05 . 2012-02-20 02:09 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-02-20 02:05 . 2012-02-20 02:05 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-02-19 18:04 . 2012-02-19 18:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-02-16 06:28 . 2012-02-16 08:04 478720 ----a-w- c:\windows\system32\timedate.cpl
2012-02-16 06:28 . 2012-02-16 08:03 442880 ----a-w- c:\windows\system32\ntshrui.dll
2012-02-16 06:28 . 2012-02-16 08:03 690688 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-16 06:28 . 2012-02-16 08:00 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-02-11 01:32 . 2012-02-11 01:32 -------- d-----w- c:\program files\AvaFind
2012-02-04 19:25 . 2009-07-08 10:51 452408 ----a-w- c:\windows\system32\hpzids01.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-29 10:10 . 2009-10-18 05:35 237072 -c----w- c:\windows\system32\MpSigStub.exe
2012-01-27 18:52 . 2012-01-27 18:52 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-01-27 18:52 . 2012-01-27 18:52 369352 ----a-w- c:\windows\system32\drivers\cng.sys
2012-01-27 18:52 . 2012-01-27 18:52 314880 ----a-w- c:\windows\system32\webio.dll
2012-01-27 18:52 . 2012-01-27 18:52 22528 ----a-w- c:\windows\system32\lsass.exe
2012-01-27 18:52 . 2012-01-27 18:52 224768 ----a-w- c:\windows\system32\schannel.dll
2012-01-27 18:52 . 2012-01-27 18:52 1038848 ----a-w- c:\windows\system32\lsasrv.dll
2012-01-27 18:52 . 2012-01-27 18:52 100352 ----a-w- c:\windows\system32\sspicli.dll
2012-01-27 18:52 . 2012-01-27 18:51 22016 ----a-w- c:\windows\system32\secur32.dll
2012-01-27 18:52 . 2012-01-27 18:51 15872 ----a-w- c:\windows\system32\sspisrv.dll
2012-01-27 18:52 . 2012-01-27 18:52 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-01-23 20:34 . 2012-01-23 20:22 1288472 ----a-w- c:\windows\system32\ntdll.dll
2012-01-23 20:30 . 2012-01-23 20:22 67072 ----a-w- c:\windows\system32\packager.dll
2012-01-23 20:30 . 2012-01-23 20:22 514560 ----a-w- c:\windows\system32\qdvd.dll
2012-01-23 20:30 . 2012-01-23 20:22 1328128 ----a-w- c:\windows\system32\quartz.dll
2012-01-04 00:42 . 2012-01-27 18:03 112056 ----a-w- c:\windows\system32\acaptuser32.dll
2011-12-30 22:02 . 2011-12-15 17:28 21848 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2011-12-15 17:36 . 2011-12-15 17:36 2048 ----a-w- c:\windows\system32\tzres.dll
2011-12-15 17:34 . 2011-12-15 17:34 3967856 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-12-15 17:34 . 2011-12-15 17:34 3912560 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-12-15 17:34 . 2011-12-15 17:34 38912 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-15 17:34 . 2011-12-15 17:34 534528 ----a-w- c:\windows\system32\EncDec.dll
2011-12-15 17:31 . 2011-12-15 17:31 75776 ----a-w- c:\windows\system32\psisrndr.ax
2011-12-15 17:31 . 2011-12-15 17:31 465408 ----a-w- c:\windows\system32\psisdecd.dll
2011-12-15 17:31 . 2011-12-15 17:31 571904 ----a-w- c:\windows\system32\oleaut32.dll
2011-12-15 17:31 . 2011-12-15 17:31 233472 ----a-w- c:\windows\system32\oleacc.dll
2011-12-10 20:24 . 2011-12-05 04:05 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-07 18:23 . 2011-12-07 18:23 544656 ----a-w- c:\windows\system32\deployJava1.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files\Yahoo!\Companion\Installs\cpn3\yt.dll" [2012-01-12 1517368]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 5"="c:\program files\IObit\Advanced SystemCare 5\ASCTray.exe" [2011-12-29 620376]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-10-28 1352272]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
"ConsentPromptBehaviorAdmin"= 5 (0x5)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2010-10-28 10:13 64592 -c--a-w- c:\program files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\acaptuser32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PowerResizer.lnk]
backup=c:\windows\pss\PowerResizer.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^dad^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dora Fairytale Adventures Registration.lnk]
backup=c:\windows\pss\Dora Fairytale Adventures Registration.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-01-03 13:10 35736 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AvaFind]
2004-01-06 10:57 660992 ----a-w- c:\program files\AvaFind\AvaFind.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
2010-03-13 19:54 91520 -c--a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2008-07-22 23:33 150528 ----a-w- c:\program files\Hp\Digital Imaging\bin\HpqSRmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Download Assistant]
2010-11-04 01:50 1246544 ----a-w- c:\windows\System32\LogiLDA.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2011-01-18 01:39 395640 ----a-w- c:\program files\uTorrent\uTorrent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive]
2011-03-07 13:33 89456 -c--a-w- c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"AmIcoSinglun"=c:\program files\AmIcoSingLun\AmIcoSinglun.exe
"AgentMonitor"=c:\program files\VTech\DownloadManager\System\AgentMonitor.exe
.
R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-10-17 697328]
R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\IObit\Advanced SystemCare 5\ASCService.exe [2011-12-30 497496]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2011-11-03 2152152]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2010-05-03 27136]
R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\androidusb.sys [2011-01-04 25728]
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [2011-04-13 45464]
R3 DNIMp50;DNIMp50 NDIS Protocol Driver;c:\windows\system32\Drivers\DNIMp50.sys [2006-11-16 21504]
R3 DNISp50;DNISp50 NDIS Protocol Driver;c:\windows\system32\Drivers\DNISp50.sys [2006-11-16 20480]
R3 DrvAgent32;DrvAgent32;c:\windows\system32\Drivers\DrvAgent32.sys [2011-07-25 23456]
R3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro35.sys [2010-11-25 16968]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [2009-06-19 19712]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [2009-01-29 8320]
R3 motport;Motorola USB Diagnostic Port;c:\windows\system32\DRIVERS\motport.sys [2009-10-27 23936]
R3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28u.sys [2007-08-16 552448]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-07-23 15872]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2011-07-23 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-12-15 1343400]
R4 CEEBC40A-FDED-4C59-B354-939132350B01;Roxio File Backup Service;c:\program files\Roxio\BackOnTrack\File Backup\FileBackupSVC.exe [2009-03-05 96752]
R4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-11-25 135664]
R4 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2009-11-25 135664]
R4 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2011-11-03 64512]
S1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;c:\windows\system32\DRIVERS\rtlprot.sys [2007-04-23 25896]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2011-06-30 101720]
S1 VWiFiFlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 20992]
S3 HSXHWBS3;HSXHWBS3;c:\windows\system32\DRIVERS\HSXHWBS3.sys [2009-02-13 206336]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\Drivers\LEqdUsb.Sys [2010-08-24 40912]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\Drivers\LHidEqd.Sys [2010-08-24 10448]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
S3 netr73;RT73 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr73.sys [2010-02-24 562464]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - AVGIDSDriver
*Deregistered* - AVGIDSEH
*Deregistered* - AVGIDSFilter
*Deregistered* - AVGIDSShim
*Deregistered* - Avgrkx86
*Deregistered* - Avgtdix
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HsfXAudioService REG_MULTI_SZ HsfXAudioService
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-25 05:31]
.
2012-02-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-25 05:31]
.
2010-03-09 c:\windows\Tasks\SDMsgUpdate (SD).job
- c:\progra~1\SMARTD~1\Messages\SDNotify.exe [2009-10-23 18:39]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://yahoo.com/
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 75.75.76.76 75.75.75.75
TCP: Interfaces\{CD7E221E-9A6D-4183-AC4C-AF31BB021F77}: DhcpNameServer = 192.168.1.1
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-03-03 21:34:31
ComboFix-quarantined-files.txt 2012-03-04 02:34
ComboFix2.txt 2012-03-04 02:11
.
Pre-Run: 579,647,614,976 bytes free
Post-Run: 579,601,747,968 bytes free
.
- - End Of File - - C5A36DDF70559E38D1234856B0C82AA3

Edited by boopme, 03 March 2012 - 10:40 PM.


BC AdBot (Login to Remove)

 


#2 1972vet

1972vet

  • Malware Response Team
  • 1,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midwest U.S.A.
  • Local time:10:59 AM

Posted 07 March 2012 - 08:46 AM

Greetings detroitpaint and Welcome to the Forums,

Yes, I see an active infection...and adult dialer that's locked up a few registry keys. We'll need to unlock them using combofix so we can remove it but before we get started, please navigate to the qoobox folder. Inside, please find the text file labeled "Add-Remove Programs". Open it, copy it, and paste the contents here on your next reply.

By the way, I should advise you that having more than one antivirus program running real time protection is never recommended. Fact is, it actually reduces your level of protection, making the system unstable and vulnerable to a system crash with loss of data a real possibility. You should decide which to keep...Microsoft Security Essentials, or Lavasoft's Adaware. Personally, I would choose Microsoft over Lavasoft. In addition to those, the log shows you've tried just about all the big ones:
AVG
AVAST
SuperAntiSpyware
MalwareBytes
TrendMicro RootkitBuster

...and still have some installed. With your setup, Windows 7 will work quite well with just it's native firewall (which is much better than it's predecessor, having configuration capability well suited for home users), yet it's just fine as it is leaving the default settings. And since you already have Microsoft Security Essentials installed, those two would be all you really need perhaps with the exception of MalwarBytes Anti-Malware. Leaving Windows 7 with just those three at the helm is absolutely all you need. Besides, consider that with everything you've installed, you still managed to infect that thing...so, there is also the need for a little training in the way of safe surfing. We'll take care of all those issues here at BC.

Disabled Veteran, U.S.C.G. 1972 - 1978
mvpsigpic.jpg
2009 - 2013

Member: U.N.I.T.E.
Performance and Maintenance for Windows XP, Windows Vista and Windows Seven


#3 1972vet

1972vet

  • Malware Response Team
  • 1,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midwest U.S.A.
  • Local time:10:59 AM

Posted 09 March 2012 - 05:15 PM

Still with us detroitpaint?

Disabled Veteran, U.S.C.G. 1972 - 1978
mvpsigpic.jpg
2009 - 2013

Member: U.N.I.T.E.
Performance and Maintenance for Windows XP, Windows Vista and Windows Seven


#4 detroitpaint

detroitpaint
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:59 AM

Posted 09 March 2012 - 09:13 PM

I'm Sorry I did not check for a response the last couple of days, I thought it had gone unanswered. I previously uninstalled combofix and all its related folders and files. I am currently uninstalling all secondary Anti-Virus programs as you have suggested. I will wait for your response before re-installing combofix or any other actions. I greatly appreciate your response to my request and look forward to your assistance in helping me clean and protect my PC. THANK YOU!!!

#5 1972vet

1972vet

  • Malware Response Team
  • 1,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midwest U.S.A.
  • Local time:10:59 AM

Posted 10 March 2012 - 05:33 AM

Alright then, please note...while this troubleshooting endeavor is underway, do nothing else with the affected computer except what is instructed here until we can give the green light.

Now, please do the following:
Please disable the active protection component of your antivirus and antispyware programs by following the directions that apply Here.
...of those, many people overlook the Windows Defender since, for most, there is no icon for it in the system tray. Scroll through those directives above and look for this application specifically, to make certain it is disabled.

Please download combofix from This Webpage...and read through the instructions there for running the tool.

***Important Note***
Please read through the guidance on that web page carefully and thoroughly...and install the Recovery Console. Using this tool without the Recovery Console installed is NOT RECOMMENDED.

If you have Windows Vista or Windows 7, you can skip the recovery console step...in Vista/7 it's in the System Recovery Options menu. The System Recovery Options menu is on the Windows Vista or Windows 7 installation disc. If Windows doesn't start correctly, you can use these tools to repair startup problems.


The Windows Recovery Console will allow you to boot into a special recovery (repair) mode that is not otherwise available. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It's a simple procedure that will only take a few moments.

Once installed, a blue screen prompt should appear that reads as follows:

The Recovery Console was successfully installed.

When you see that screen, please continue as follows:

  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a log file for you. Please post that log back here on your next reply. Thanks!

Note:
Do not mouseclick combofix's window while it's running....that may cause the scan to stall

Disabled Veteran, U.S.C.G. 1972 - 1978
mvpsigpic.jpg
2009 - 2013

Member: U.N.I.T.E.
Performance and Maintenance for Windows XP, Windows Vista and Windows Seven


#6 detroitpaint

detroitpaint
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:59 AM

Posted 12 March 2012 - 08:57 PM

Hello,

I have done as you have instructed, or at least I think I did. Here is a copy of the combofix log:

ComboFix 12-03-12.03 - dad 03/12/2012 21:35:02.3.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.1917.1219 [GMT -4:00]
Running from: c:\users\dad\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-02-13 to 2012-03-13 )))))))))))))))))))))))))))))))
.
.
2012-03-13 01:45 . 2012-03-13 01:45 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-03-13 01:45 . 2012-03-13 01:45 -------- d-----w- c:\users\Mcx1-DAD-PC\AppData\Local\temp
2012-03-13 01:45 . 2012-03-13 01:45 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-04 01:31 . 2010-01-10 23:40 118784 ----a-w- c:\windows\system32\MSSTDFMT.DLL
2012-02-23 21:38 . 2012-02-23 21:38 -------- dc----w- c:\users\dad\AppData\Roaming\QuickScan
2012-02-23 16:42 . 2012-02-08 03:03 6552120 -c--a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-02-23 07:06 . 2012-02-23 07:06 -------- d-----w- c:\users\dad\AppData\Local\ElevatedDiagnostics
2012-02-23 06:16 . 2012-02-23 06:16 713784 -c----w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4095C6C1-0276-409F-BA77-991716376E71}\gapaengine.dll
2012-02-23 06:15 . 2012-02-23 06:15 -------- d-----w- c:\program files\Microsoft Security Client
2012-02-22 04:16 . 2012-02-22 04:16 -------- d-----w- c:\users\dad\
2012-02-21 23:56 . 2012-02-21 23:56 135952 ----a-w- c:\windows\system32\drivers\tmrkb.sys
2012-02-21 15:09 . 2012-02-21 15:09 388096 -c--a-r- c:\users\dad\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-02-21 15:09 . 2012-02-21 15:09 -------- d-----w- c:\program files\Trend Micro
2012-02-20 03:13 . 2012-02-20 03:13 -------- d-----w- c:\program files\AVAST Software
2012-02-20 02:05 . 2012-02-20 02:05 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-02-19 18:04 . 2012-03-04 06:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-02-16 06:28 . 2012-02-16 08:04 478720 ----a-w- c:\windows\system32\timedate.cpl
2012-02-16 06:28 . 2012-02-16 08:03 442880 ----a-w- c:\windows\system32\ntshrui.dll
2012-02-16 06:28 . 2012-02-16 08:03 690688 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-16 06:28 . 2012-02-16 08:00 2343424 ----a-w- c:\windows\system32\win32k.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-04 06:59 . 2011-05-27 16:31 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-04 06:52 . 2011-12-07 18:23 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-01-29 10:10 . 2009-10-18 05:35 237072 -c----w- c:\windows\system32\MpSigStub.exe
2012-01-27 18:52 . 2012-01-27 18:52 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-01-27 18:52 . 2012-01-27 18:52 369352 ----a-w- c:\windows\system32\drivers\cng.sys
2012-01-27 18:52 . 2012-01-27 18:52 314880 ----a-w- c:\windows\system32\webio.dll
2012-01-27 18:52 . 2012-01-27 18:52 22528 ----a-w- c:\windows\system32\lsass.exe
2012-01-27 18:52 . 2012-01-27 18:52 224768 ----a-w- c:\windows\system32\schannel.dll
2012-01-27 18:52 . 2012-01-27 18:52 1038848 ----a-w- c:\windows\system32\lsasrv.dll
2012-01-27 18:52 . 2012-01-27 18:52 100352 ----a-w- c:\windows\system32\sspicli.dll
2012-01-27 18:52 . 2012-01-27 18:51 22016 ----a-w- c:\windows\system32\secur32.dll
2012-01-27 18:52 . 2012-01-27 18:51 15872 ----a-w- c:\windows\system32\sspisrv.dll
2012-01-27 18:52 . 2012-01-27 18:52 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-01-23 20:34 . 2012-01-23 20:22 1288472 ----a-w- c:\windows\system32\ntdll.dll
2012-01-23 20:30 . 2012-01-23 20:22 67072 ----a-w- c:\windows\system32\packager.dll
2012-01-23 20:30 . 2012-01-23 20:22 514560 ----a-w- c:\windows\system32\qdvd.dll
2012-01-23 20:30 . 2012-01-23 20:22 1328128 ----a-w- c:\windows\system32\quartz.dll
2012-01-04 00:42 . 2012-01-27 18:03 112056 ----a-w- c:\windows\system32\acaptuser32.dll
2011-12-30 22:02 . 2011-12-15 17:28 21848 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2011-12-15 17:36 . 2011-12-15 17:36 2048 ----a-w- c:\windows\system32\tzres.dll
2011-12-15 17:34 . 2011-12-15 17:34 3967856 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-12-15 17:34 . 2011-12-15 17:34 3912560 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-12-15 17:34 . 2011-12-15 17:34 38912 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-15 17:34 . 2011-12-15 17:34 534528 ----a-w- c:\windows\system32\EncDec.dll
2011-12-15 17:31 . 2011-12-15 17:31 75776 ----a-w- c:\windows\system32\psisrndr.ax
2011-12-15 17:31 . 2011-12-15 17:31 465408 ----a-w- c:\windows\system32\psisdecd.dll
2011-12-15 17:31 . 2011-12-15 17:31 571904 ----a-w- c:\windows\system32\oleaut32.dll
2011-12-15 17:31 . 2011-12-15 17:31 233472 ----a-w- c:\windows\system32\oleacc.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files\Yahoo!\Companion\Installs\cpn3\yt.dll" [2012-01-12 1517368]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-10-28 1352272]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
"ConsentPromptBehaviorAdmin"= 5 (0x5)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2010-10-28 10:13 64592 -c--a-w- c:\program files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\acaptuser32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PowerResizer.lnk]
backup=c:\windows\pss\PowerResizer.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^dad^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dora Fairytale Adventures Registration.lnk]
backup=c:\windows\pss\Dora Fairytale Adventures Registration.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-01-03 13:10 35736 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AvaFind]
2004-01-06 10:57 660992 ----a-w- c:\program files\AvaFind\AvaFind.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
2010-03-13 19:54 91520 -c--a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2008-07-22 23:33 150528 ----a-w- c:\program files\Hp\Digital Imaging\bin\HpqSRmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Download Assistant]
2010-11-04 01:50 1246544 ----a-w- c:\windows\System32\LogiLDA.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2012-03-04 05:21 740216 ----a-w- c:\program files\uTorrent\uTorrent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive]
2011-03-07 13:33 89456 -c--a-w- c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"AmIcoSinglun"=c:\program files\AmIcoSingLun\AmIcoSinglun.exe
"AgentMonitor"=c:\program files\VTech\DownloadManager\System\AgentMonitor.exe
.
R0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-10-17 697328]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2010-05-03 27136]
R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\androidusb.sys [2011-01-04 25728]
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [2011-04-13 45464]
R3 DNIMp50;DNIMp50 NDIS Protocol Driver;c:\windows\system32\Drivers\DNIMp50.sys [2006-11-16 21504]
R3 DNISp50;DNISp50 NDIS Protocol Driver;c:\windows\system32\Drivers\DNISp50.sys [2006-11-16 20480]
R3 DrvAgent32;DrvAgent32;c:\windows\system32\Drivers\DrvAgent32.sys [2011-07-25 23456]
R3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro35.sys [2010-11-25 16968]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [2009-06-19 19712]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [2009-01-29 8320]
R3 motport;Motorola USB Diagnostic Port;c:\windows\system32\DRIVERS\motport.sys [2009-10-27 23936]
R3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28u.sys [2007-08-16 552448]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-07-23 15872]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2011-07-23 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-12-15 1343400]
R4 CEEBC40A-FDED-4C59-B354-939132350B01;Roxio File Backup Service;c:\program files\Roxio\BackOnTrack\File Backup\FileBackupSVC.exe [2009-03-05 96752]
R4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-11-25 135664]
R4 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2009-11-25 135664]
R4 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]
S1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;c:\windows\system32\DRIVERS\rtlprot.sys [2007-04-23 25896]
S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2011-06-30 101720]
S1 VWiFiFlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 20992]
S3 HSXHWBS3;HSXHWBS3;c:\windows\system32\DRIVERS\HSXHWBS3.sys [2009-02-13 206336]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\Drivers\LEqdUsb.Sys [2010-08-24 40912]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\Drivers\LHidEqd.Sys [2010-08-24 10448]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
S3 netr73;RT73 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr73.sys [2010-02-24 562464]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - AVGIDSDriver
*Deregistered* - AVGIDSEH
*Deregistered* - AVGIDSFilter
*Deregistered* - AVGIDSShim
*Deregistered* - Avgrkx86
*Deregistered* - Avgtdix
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HsfXAudioService REG_MULTI_SZ HsfXAudioService
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-25 05:31]
.
2012-02-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-25 05:31]
.
2010-03-09 c:\windows\Tasks\SDMsgUpdate (SD).job
- c:\progra~1\SMARTD~1\Messages\SDNotify.exe [2009-10-23 18:39]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://yahoo.com/
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 75.75.76.76 75.75.75.75
TCP: Interfaces\{CD7E221E-9A6D-4183-AC4C-AF31BB021F77}: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)
Notify-!SASWinLogon - c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-03-12 21:49:04
ComboFix-quarantined-files.txt 2012-03-13 01:49
ComboFix2.txt 2012-03-04 02:34
.
Pre-Run: 557,712,723,968 bytes free
Post-Run: 557,772,775,424 bytes free
.
- - End Of File - - 6BF053D7B2DF58A9107E8DFE563FACFA

Again, I thank you for your assistance and knowledge. I will wait for your response before proceeding any further.

Thank you,

#7 1972vet

1972vet

  • Malware Response Team
  • 1,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midwest U.S.A.
  • Local time:10:59 AM

Posted 13 March 2012 - 04:12 AM

Great, thanks! Now please navigate to the qoobox folder and find the "Installed programs" text file. Open it, copy it, and paste it here on your next reply. Thanks!

Disabled Veteran, U.S.C.G. 1972 - 1978
mvpsigpic.jpg
2009 - 2013

Member: U.N.I.T.E.
Performance and Maintenance for Windows XP, Windows Vista and Windows Seven


#8 detroitpaint

detroitpaint
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:59 AM

Posted 13 March 2012 - 08:18 AM

Ok, here is the qoobox txt file.

µTorrent
32 Bit HP CIO Components Installer
ACER ICONIA 3G DRIVER INSTALL
Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
Adobe Acrobat 9.5.0 - CPSID_83708
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader X (10.1.2)
Adobe Shockwave Player 11.5
AIO_CDB_ProductContext
AIO_CDB_Software
AIO_Scan
Alcor Micro USB Card Reader
Apple Application Support
Apple Software Update
Ava Find
Belkin F5D8053 N Wireless USB Adapter
BufferChm
CA Yahoo! Anti-Spy (remove only)
CCleaner
ClearType Tuning Control Panel Applet
Content Transfer
ConvertXtoDVD 4.0.11.326
Cooking Dash 3 Thrills and Spills Collectors Edition 1.00
Copy
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Destinations
DeviceDiscovery
DJ_AIO_06_F2400_SW_Min
eReg
F2400
Fax
File Type Assistant
FileMenu Tools
Garmin City Navigator North America NT 2010.10 Update
Google Update Helper
GPBaseService2
HiJackThis
HP Driver Diagnostics
HP Imaging Device Functions 13.0
HP Photosmart Essential 3.5
HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B
HP Update
HPPhotoGadget
HPPhotoSmartDiscLabelContent1
HPPhotosmartEssential
HPProductAssistant
hpWLPGInstaller
Java Auto Updater
Java™ 6 Update 31
K-Lite Mega Codec Pack 5.4.4
Learning Lodge Navigator
LG SP USB Driver
LG USB Modem driver
LG USB WML Modem Driver
Logitech SetPoint 6.20
Malwarebytes Anti-Malware version 1.60.1.1000
MarketResearch
Microsoft .NET Framework 1.1
Microsoft .NET Framework 4 Client Profile
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office 2003 Web Components
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Speech Recognition Engine 4.0 (English)
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
Microsoft Text-to-Speech Engine 4.0 (English)
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft Visual J# .NET Redistributable Package 1.1
Microsoft Visual Studio 2005 Tools for Office Runtime
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
Network
NVIDIA 3D Vision Controller Driver
NVIDIA 3D Vision Controller Driver 285.62
NVIDIA Control Panel 285.62
NVIDIA Drivers
NVIDIA Graphics Driver 285.62
NVIDIA Install Application
NVIDIA Update 1.5.20
NVIDIA Update Components
NWZ-S540 WALKMAN Guide
OGA Notifier 2.0.0048.0
Olympus Digital Wave Player
PCIe Soft Data Fax Modem with SmartCP
PeerGuardian 2.0
QuickTime
Realtek High Definition Audio Driver
Registry Mechanic 8.0
Revo Uninstaller 1.92
Roxio BackOnTrack
Roxio File Backup
Roxio Update Manager
Scan
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio Viewer 2010 (KB2597170) 32-Bit Edition
SmartSound Quicktracks 5
SmartWebPrinting
SolutionCenter
Spybot - Search & Destroy
Status
Toolbox
TrayApp
UnloadSupport
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553323) 32-Bit Edition
Update for Microsoft Outlook Social Connector (KB2583935)
VirtualCloneDrive
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Visual C++ Runtime for Dragon NaturallySpeaking
Visual Studio 2005 Tools for Office Second Edition Runtime
VLC media player 1.1.11
VSO CopyToDVD 4
VTech Download Agent Library
WBFS Manager 2.5
WBFS Manager 3.0
WebReg
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)
WinRAR archiver
Yahoo! BrowserPlus 2.9.2
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Mail Advisor
Yahoo! Search Protection
Yahoo! Software Update
Yahoo! Toolbar

Thank you again for your time. I will wait for your response.

#9 1972vet

1972vet

  • Malware Response Team
  • 1,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midwest U.S.A.
  • Local time:10:59 AM

Posted 13 March 2012 - 12:00 PM

OK, thanks. Please uninstall uTorrent...next, please open a blank Notepad by clicking start-->run...Then, in the run box type Notepad.exe and click "OK".
Copy the below text in Bold and paste it into the blank Notepad. Save it as CFScript.txt...Change the "Save as type" to All Files and save it to your desktop. Now drag the text document over to your Combofix.exe

Combofix will run again automatically. Please post back the new log that will be generated. Thanks!
Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall



KILLALL::

file::
c:\windows\system32\drivers\tmrkb.sys
c:\windows\system32\DRIVERS\Lbd.sys
c:\windows\system32\drivers\SBREdrv.sys

Driver::
tmrkb
Lbd
SBREdrv

Folder::
c:\program files\AVAST Software

Reglock::
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

Disabled Veteran, U.S.C.G. 1972 - 1978
mvpsigpic.jpg
2009 - 2013

Member: U.N.I.T.E.
Performance and Maintenance for Windows XP, Windows Vista and Windows Seven


#10 detroitpaint

detroitpaint
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:59 AM

Posted 13 March 2012 - 05:00 PM

Here it is:

ComboFix 12-03-12.03 - dad 03/13/2012 14:12:58.4.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.1917.960 [GMT -4:00]
Running from: c:\users\dad\Documents\1111 DESKTOP FILES MARCH 2012\ComboFix.exe
Command switches used :: c:\users\dad\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\system32\DRIVERS\Lbd.sys"
"c:\windows\system32\drivers\SBREdrv.sys"
"c:\windows\system32\drivers\tmrkb.sys"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\AVAST Software
c:\program files\AVAST Software\Avast\ashShell.dll
c:\program files\AVAST Software\Avast\aswCmnBS.dll
c:\program files\AVAST Software\Avast\aswCmnIS.dll
c:\program files\AVAST Software\Avast\aswCmnOS.dll
c:\program files\AVAST Software\Avast\aswRunDll.exe
c:\program files\AVAST Software\Avast\Setup\reboot.txt
c:\program files\AVAST Software\Avast\Setup\setiface.dll
c:\program files\AVAST Software\Avast\Setup\setup.ini
c:\program files\AVAST Software\Avast\snxhk.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_LBD
-------\Legacy_TMRKB
-------\Service_Lbd
.
.
((((((((((((((((((((((((( Files Created from 2012-02-13 to 2012-03-13 )))))))))))))))))))))))))))))))
.
.
2012-03-13 19:05 . 2012-03-13 19:05 56200 -c--a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B4290605-19E5-43BC-A038-FE8C529FF5B2}\offreg.dll
2012-03-13 18:22 . 2012-03-13 20:23 -------- d-----w- c:\users\dad\AppData\Local\temp
2012-03-13 18:22 . 2012-03-13 18:22 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-03-13 18:22 . 2012-03-13 18:22 -------- d-----w- c:\users\Mcx1-DAD-PC\AppData\Local\temp
2012-03-13 18:22 . 2012-03-13 18:22 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-13 18:08 . 2012-03-13 18:08 29904 -c--a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B4290605-19E5-43BC-A038-FE8C529FF5B2}\MpKsl983db176.sys
2012-03-13 03:01 . 2012-02-08 03:03 6552120 -c--a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B4290605-19E5-43BC-A038-FE8C529FF5B2}\mpengine.dll
2012-03-04 07:18 . 2012-02-08 06:03 6552120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A4ACB779-1652-4B81-BB86-B31B431C19B7}\mpengine.dll
2012-03-04 06:53 . 2012-03-04 06:53 -------- dc----w- c:\program files\Common Files\Java
2012-03-04 06:52 . 2012-03-04 06:52 -------- d-----w- c:\program files\Java
2012-03-04 06:47 . 2012-03-04 06:47 -------- d-----w- c:\users\dad\AppData\Local\Secunia PSI
2012-03-04 06:46 . 2012-03-10 02:23 -------- d-----w- c:\program files\Secunia
2012-03-04 01:31 . 2010-01-10 23:40 118784 ----a-w- c:\windows\system32\MSSTDFMT.DLL
2012-02-23 21:38 . 2012-02-23 21:38 -------- dc----w- c:\users\dad\AppData\Roaming\QuickScan
2012-02-23 16:42 . 2012-02-08 03:03 6552120 -c--a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-02-23 07:06 . 2012-02-23 07:06 -------- d-----w- c:\users\dad\AppData\Local\ElevatedDiagnostics
2012-02-23 06:16 . 2012-02-23 06:16 713784 -c----w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4095C6C1-0276-409F-BA77-991716376E71}\gapaengine.dll
2012-02-23 06:15 . 2012-02-23 06:15 -------- d-----w- c:\program files\Microsoft Security Client
2012-02-22 04:16 . 2012-02-22 04:16 -------- d-----w- c:\users\dad\allison photobucket
2012-02-21 23:56 . 2012-02-21 23:56 135952 ----a-w- c:\windows\system32\drivers\tmrkb.sys
2012-02-21 15:09 . 2012-02-21 15:09 388096 -c--a-r- c:\users\dad\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-02-21 15:09 . 2012-02-21 15:09 -------- d-----w- c:\program files\Trend Micro
2012-02-20 02:05 . 2012-02-20 02:05 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-02-19 18:04 . 2012-03-04 06:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-02-16 06:28 . 2012-02-16 08:04 478720 ----a-w- c:\windows\system32\timedate.cpl
2012-02-16 06:28 . 2012-02-16 08:03 442880 ----a-w- c:\windows\system32\ntshrui.dll
2012-02-16 06:28 . 2012-02-16 08:03 690688 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-16 06:28 . 2012-02-16 08:00 2343424 ----a-w- c:\windows\system32\win32k.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-04 06:59 . 2011-05-27 16:31 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-04 06:52 . 2011-12-07 18:23 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-01-29 10:10 . 2009-10-18 05:35 237072 -c----w- c:\windows\system32\MpSigStub.exe
2012-01-27 18:52 . 2012-01-27 18:52 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-01-27 18:52 . 2012-01-27 18:52 369352 ----a-w- c:\windows\system32\drivers\cng.sys
2012-01-27 18:52 . 2012-01-27 18:52 314880 ----a-w- c:\windows\system32\webio.dll
2012-01-27 18:52 . 2012-01-27 18:52 22528 ----a-w- c:\windows\system32\lsass.exe
2012-01-27 18:52 . 2012-01-27 18:52 224768 ----a-w- c:\windows\system32\schannel.dll
2012-01-27 18:52 . 2012-01-27 18:52 1038848 ----a-w- c:\windows\system32\lsasrv.dll
2012-01-27 18:52 . 2012-01-27 18:52 100352 ----a-w- c:\windows\system32\sspicli.dll
2012-01-27 18:52 . 2012-01-27 18:51 22016 ----a-w- c:\windows\system32\secur32.dll
2012-01-27 18:52 . 2012-01-27 18:51 15872 ----a-w- c:\windows\system32\sspisrv.dll
2012-01-27 18:52 . 2012-01-27 18:52 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-01-23 20:34 . 2012-01-23 20:22 1288472 ----a-w- c:\windows\system32\ntdll.dll
2012-01-23 20:30 . 2012-01-23 20:22 67072 ----a-w- c:\windows\system32\packager.dll
2012-01-23 20:30 . 2012-01-23 20:22 514560 ----a-w- c:\windows\system32\qdvd.dll
2012-01-23 20:30 . 2012-01-23 20:22 1328128 ----a-w- c:\windows\system32\quartz.dll
2012-01-04 00:42 . 2012-01-27 18:03 112056 ----a-w- c:\windows\system32\acaptuser32.dll
2011-12-30 22:02 . 2011-12-15 17:28 21848 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2011-12-15 17:36 . 2011-12-15 17:36 2048 ----a-w- c:\windows\system32\tzres.dll
2011-12-15 17:34 . 2011-12-15 17:34 3967856 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-12-15 17:34 . 2011-12-15 17:34 3912560 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-12-15 17:34 . 2011-12-15 17:34 38912 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-15 17:34 . 2011-12-15 17:34 534528 ----a-w- c:\windows\system32\EncDec.dll
2011-12-15 17:31 . 2011-12-15 17:31 75776 ----a-w- c:\windows\system32\psisrndr.ax
2011-12-15 17:31 . 2011-12-15 17:31 465408 ----a-w- c:\windows\system32\psisdecd.dll
2011-12-15 17:31 . 2011-12-15 17:31 571904 ----a-w- c:\windows\system32\oleaut32.dll
2011-12-15 17:31 . 2011-12-15 17:31 233472 ----a-w- c:\windows\system32\oleacc.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files\Yahoo!\Companion\Installs\cpn3\yt.dll" [2012-01-12 1517368]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-10-28 1352272]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
"ConsentPromptBehaviorAdmin"= 5 (0x5)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2010-10-28 10:13 64592 -c--a-w- c:\program files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\acaptuser32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PowerResizer.lnk]
backup=c:\windows\pss\PowerResizer.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^dad^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dora Fairytale Adventures Registration.lnk]
backup=c:\windows\pss\Dora Fairytale Adventures Registration.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-01-03 13:10 35736 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AvaFind]
2004-01-06 10:57 660992 ----a-w- c:\program files\AvaFind\AvaFind.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
2010-03-13 19:54 91520 -c--a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2008-07-22 23:33 150528 ----a-w- c:\program files\Hp\Digital Imaging\bin\HpqSRmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Download Assistant]
2010-11-04 01:50 1246544 ----a-w- c:\windows\System32\LogiLDA.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive]
2011-03-07 13:33 89456 -c--a-w- c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"AmIcoSinglun"=c:\program files\AmIcoSingLun\AmIcoSinglun.exe
"AgentMonitor"=c:\program files\VTech\DownloadManager\System\AgentMonitor.exe
.
R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-10-17 697328]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2010-05-03 27136]
R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\androidusb.sys [2011-01-04 25728]
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [2011-04-13 45464]
R3 DNIMp50;DNIMp50 NDIS Protocol Driver;c:\windows\system32\Drivers\DNIMp50.sys [2006-11-16 21504]
R3 DNISp50;DNISp50 NDIS Protocol Driver;c:\windows\system32\Drivers\DNISp50.sys [2006-11-16 20480]
R3 DrvAgent32;DrvAgent32;c:\windows\system32\Drivers\DrvAgent32.sys [2011-07-25 23456]
R3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro35.sys [2010-11-25 16968]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [2009-06-19 19712]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [2009-01-29 8320]
R3 motport;Motorola USB Diagnostic Port;c:\windows\system32\DRIVERS\motport.sys [2009-10-27 23936]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
R3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28u.sys [2007-08-16 552448]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-07-23 15872]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2011-07-23 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-12-15 1343400]
R4 CEEBC40A-FDED-4C59-B354-939132350B01;Roxio File Backup Service;c:\program files\Roxio\BackOnTrack\File Backup\FileBackupSVC.exe [2009-03-05 96752]
R4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-11-25 135664]
R4 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2009-11-25 135664]
R4 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]
S1 MpKsl983db176;MpKsl983db176;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B4290605-19E5-43BC-A038-FE8C529FF5B2}\MpKsl983db176.sys [2012-03-13 29904]
S1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;c:\windows\system32\DRIVERS\rtlprot.sys [2007-04-23 25896]
S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2011-06-30 101720]
S1 VWiFiFlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 20992]
S3 HSXHWBS3;HSXHWBS3;c:\windows\system32\DRIVERS\HSXHWBS3.sys [2009-02-13 206336]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\Drivers\LEqdUsb.Sys [2010-08-24 40912]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\Drivers\LHidEqd.Sys [2010-08-24 10448]
S3 netr73;RT73 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr73.sys [2010-02-24 562464]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - AVGIDSDriver
*Deregistered* - AVGIDSEH
*Deregistered* - AVGIDSFilter
*Deregistered* - AVGIDSShim
*Deregistered* - Avgrkx86
*Deregistered* - Avgtdix
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HsfXAudioService REG_MULTI_SZ HsfXAudioService
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-25 05:31]
.
2012-02-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-25 05:31]
.
2010-03-09 c:\windows\Tasks\SDMsgUpdate (SD).job
- c:\progra~1\SMARTD~1\Messages\SDNotify.exe [2009-10-23 18:39]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://yahoo.com/
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 75.75.76.76 75.75.75.75
TCP: Interfaces\{CD7E221E-9A6D-4183-AC4C-AF31BB021F77}: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-uTorrent - c:\program files\uTorrent\uTorrent.exe
.
.
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\windows\system32\crypserv.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\NVIDIA Corporation\Display\nvtray.exe
.
**************************************************************************
.
Completion time: 2012-03-13 16:26:45 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-13 20:26
ComboFix2.txt 2012-03-13 01:49
ComboFix3.txt 2012-03-04 02:34
.
Pre-Run: 557,830,344,704 bytes free
Post-Run: 558,016,626,688 bytes free
.
- - End Of File - - 03AA64AE94ED24CA18EA18C95054CA77

Thank you. I will wait for your response.

#11 1972vet

1972vet

  • Malware Response Team
  • 1,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midwest U.S.A.
  • Local time:10:59 AM

Posted 13 March 2012 - 05:16 PM

Very good detroitpaint! How's it running now? By the way, do you still intend to use TrendMicro Rootkit Buster?

Disabled Veteran, U.S.C.G. 1972 - 1978
mvpsigpic.jpg
2009 - 2013

Member: U.N.I.T.E.
Performance and Maintenance for Windows XP, Windows Vista and Windows Seven


#12 1972vet

1972vet

  • Malware Response Team
  • 1,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midwest U.S.A.
  • Local time:10:59 AM

Posted 18 March 2012 - 07:41 PM

Due to the lack of feedback this Topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to anyone of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

The fixes and advice in this thread are for this machine only. Do not apply the instructions from this thread to your own machine. Please start a new thread describing your issue and someone will be along to assist you.

Disabled Veteran, U.S.C.G. 1972 - 1978
mvpsigpic.jpg
2009 - 2013

Member: U.N.I.T.E.
Performance and Maintenance for Windows XP, Windows Vista and Windows Seven





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users