Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan.Agent virus SVCHOST.exe


  • This topic is locked This topic is locked
23 replies to this topic

#1 virussux

virussux

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:49 PM

Posted 11 March 2012 - 05:35 AM

Ok I have a virus that no program seems to be able to get rid of. MalwareBytes says it's removing it but it never does. It's made it so a lot of webpages don't work. And I cannot uninstall a program at all. I'm getting constant popups from MB saying that it has stopped a malicious threat.... The IP addresses aren't always the same. However, the process is always svchost.exe Here is the log:

Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.10.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421


Protection: Enabled

3/11/2012 3:06:01 AM
mbam-log-2012-03-11 (03-06-01).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 346946
Time elapsed: 28 minute(s), 5 second(s)

Memory Processes Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> 4840 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot.

(end)

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:49 AM

Posted 12 March 2012 - 02:15 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

In order for me to see the status of the infection I will need a new set of logs to start with.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.

Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:49 AM

Posted 14 March 2012 - 11:28 PM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 virussux

virussux
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:49 PM

Posted 15 March 2012 - 03:16 PM

Yes I still need help. I'm starting the process now. :) Thank you for not closing this.

#5 virussux

virussux
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:49 PM

Posted 15 March 2012 - 03:22 PM

Your instructions say Please disable any anti-malware program that will block scripts from running before running DDS.. But some of the virus programs cannot be opened, or removed.

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:49 AM

Posted 15 March 2012 - 05:17 PM

go ahead and run it and send me the report


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 virussux

virussux
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:49 PM

Posted 15 March 2012 - 05:37 PM

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Michelle at 17:35:26 on 2012-03-15
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6092.3245 [GMT -7:00]
.
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
AV: AVG Internet Security 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Internet Security 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
FW: AVG Firewall *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
C:\Program Files (x86)\AVG\AVG2012\avgfws.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\SysWOW64\ezSharedSvcHost.exe
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\ccSvcHst.exe
C:\Program Files (x86)\Common Files\Logishrd\LVMVFM\LVPrS64H.exe
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
-netsvcs
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k WbioSvcGroup
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Logitech\Vid HD\Vid.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\CyberLink\Shared files\brs.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpConnectionManager.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Logitech\LWS\LU\LULnchr.exe
C:\Program Files (x86)\Logitech\LWS\LU\LogitechUpdate.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\WUDFHost.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uURLSearchHooks: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\prxtbBitT.dll
mURLSearchHooks: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\prxtbBitT.dll
mWinlogon: Userinit=userinit.exe,
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\IPS\IPSBHO.DLL
BHO: TrueSuite Website Log On: {8590886e-ec8c-43c1-a32c-e4c2b0b6395b} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:49 AM

Posted 15 March 2012 - 10:25 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

:multiple Anti Virus programs:

It looks like you are operating your computer with multiple Anti Virus programs running in memory at once:

AV: Norton Internet Security
AV: AVG Internet Security 2012


Anti-virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash.

Please remove all but one of them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 virussux

virussux
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:49 PM

Posted 16 March 2012 - 02:18 AM

I didn't realize Windows Defender was enabled until after I ran combofix. It seems to be running a bit better. But time will tell. Here is the combofix log

ComboFix 12-03-15.03 - Michelle 03/16/2012 1:57.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6092.3886 [GMT -7:00]
Running from: c:\users\Michelle\Downloads\ComboFix.exe
AV: AVG Internet Security 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: AVG Internet Security 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
c:\windows\isRS-000.tmp
c:\windows\svchost.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-02-16 to 2012-03-16 )))))))))))))))))))))))))))))))
.
.
2012-03-16 09:03 . 2012-03-16 09:03 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-16 09:00 . 2012-03-16 09:00 -------- d-----w- c:\users\Michelle\AppData\Roaming\AVG2012
2012-03-16 08:50 . 2012-03-16 08:50 -------- d-----w- c:\users\Michelle\AppData\Roaming\SUPERAntiSpyware.com
2012-03-13 21:24 . 2012-03-13 21:24 -------- d-----w- c:\users\Michelle\AppData\Local\Mozilla
2012-03-11 21:50 . 2012-03-11 23:25 -------- d-----w- c:\users\Michelle\AppData\Local\Spotify
2012-03-11 21:50 . 2012-03-12 17:48 -------- d-----w- c:\users\Michelle\AppData\Roaming\Spotify
2012-03-10 22:24 . 2012-03-10 22:24 -------- d-----w- c:\programdata\AVAST Software
2012-03-10 22:24 . 2012-03-10 22:24 -------- d-----w- c:\program files\AVAST Software
2012-03-10 17:17 . 2012-03-16 08:41 -------- d-----w- c:\users\Michelle\AppData\Roaming\Skype
2012-03-10 17:17 . 2012-03-10 17:17 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-03-10 17:17 . 2012-03-10 17:17 -------- d-----r- c:\program files (x86)\Skype
2012-03-10 17:16 . 2012-03-10 17:17 -------- d-----w- c:\programdata\Skype
2012-03-10 17:12 . 2012-03-10 17:12 -------- d-----w- c:\users\Michelle\AppData\Local\Real
2012-03-10 17:12 . 2012-03-10 17:12 -------- d-----w- c:\program files (x86)\Common Files\xing shared
2012-03-10 17:12 . 2012-03-10 17:12 -------- d-----w- c:\program files (x86)\Real
2012-03-10 01:22 . 2012-03-10 01:23 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-03-10 01:22 . 2012-03-10 01:22 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-03-09 00:23 . 2012-03-09 05:30 -------- d-----w- c:\program files\Symantec
2012-03-09 00:22 . 2012-03-09 05:29 -------- d-----w- c:\windows\system32\drivers\N360x64
2012-03-09 00:22 . 2012-03-10 00:20 -------- d-----w- c:\program files (x86)\Norton 360
2012-03-09 00:20 . 2012-03-09 00:20 -------- d-----w- c:\programdata\PCSettings
2012-03-05 18:24 . 2012-03-15 23:02 -------- d-----w- c:\users\Guest
2012-03-03 11:00 . 2012-03-03 11:00 -------- d-----w- c:\program files (x86)\Microsoft CAPICOM 2.1.0.2
2012-03-03 00:43 . 2012-03-03 00:43 -------- d-----w- c:\programdata\{A8DA1505-E615-42BB-BB77-74D5CC91FE7E}
2012-03-02 04:12 . 2012-03-02 04:12 -------- d-----w- c:\programdata\LogiShrd
2012-03-02 04:10 . 2012-03-02 04:10 -------- d-----w- c:\users\Michelle\AppData\Local\LogiShrd
2012-03-02 04:09 . 2012-03-02 04:09 -------- d-----w- c:\users\Michelle\AppData\Roaming\Leadertech
2012-03-02 04:09 . 2012-03-02 04:09 53248 ----a-r- c:\users\Michelle\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2012-03-02 04:08 . 2012-03-16 09:04 -------- d-----w- c:\windows\SysWow64\logishrd
2012-03-02 04:08 . 2012-03-16 09:04 -------- d-----w- c:\windows\system32\logishrd
2012-03-02 04:08 . 2012-03-02 04:08 -------- d-----w- c:\programdata\Logitech
2012-03-02 04:08 . 2012-03-02 04:08 -------- d-----w- c:\program files (x86)\Common Files\LWS
2012-03-02 04:08 . 2012-03-02 04:09 -------- d-----w- c:\program files\Common Files\logishrd
2012-03-02 04:07 . 2012-03-02 04:10 -------- d-----w- c:\program files (x86)\Common Files\LogiShrd
2012-03-02 04:07 . 2012-03-02 04:09 -------- d-----w- c:\program files (x86)\Logitech
2012-03-02 03:55 . 2012-03-02 03:55 -------- d-----w- c:\program files\Google
2012-03-02 03:55 . 2012-03-10 17:12 -------- d-----w- c:\users\Michelle\AppData\Local\Google
2012-03-02 03:54 . 2012-03-10 17:12 -------- d-----w- c:\program files (x86)\Google
2012-03-02 00:28 . 2012-03-02 00:28 -------- d-----w- c:\programdata\Synaptics
2012-03-01 17:29 . 2012-03-01 17:29 654336 ------w- c:\windows\system32\stapi64.dll
2012-03-01 17:29 . 2012-03-01 17:29 528384 ----a-w- c:\windows\system32\drivers\stwrt64.sys
2012-03-01 17:29 . 2012-03-01 17:29 431616 ----a-w- c:\windows\system32\stcplx64.dll
2012-03-01 17:29 . 2012-03-01 17:29 1965056 ----a-w- c:\windows\system32\stapo64.dll
2012-03-01 17:29 . 2012-03-01 17:30 -------- d-----w- c:\program files\IDT
2012-03-01 17:28 . 2011-05-20 17:53 557848 ----a-w- c:\windows\system32\drivers\iaStor.sys
2012-03-01 17:28 . 2012-03-01 17:28 -------- d-----w- c:\users\Michelle\AppData\Roaming\InstallShield
2012-03-01 17:28 . 2012-03-01 17:28 9888360 ----a-w- c:\windows\SysWow64\RtsPStorIcon.dll
2012-03-01 17:26 . 2012-03-01 17:26 91648 ----a-w- c:\windows\system32\drivers\nusb3hub.sys
2012-03-01 17:26 . 2012-03-01 17:26 81920 ----a-w- c:\windows\system32\nusb3co2.dll
2012-03-01 17:26 . 2012-03-01 17:26 208896 ----a-w- c:\windows\system32\drivers\nusb3xhc.sys
2012-03-01 17:26 . 2012-03-01 17:26 66856 ----a-w- c:\windows\SysWow64\SynTPEnhPS.dll
2012-03-01 17:26 . 2012-03-01 17:26 276264 ----a-w- c:\windows\system32\SynCtrl.dll
2012-03-01 17:26 . 2012-03-01 17:26 226600 ----a-w- c:\windows\system32\SynTPAPI.dll
2012-03-01 17:26 . 2012-03-01 17:26 222504 ----a-w- c:\windows\SysWow64\SynCtrl.dll
2012-03-01 17:26 . 2012-03-01 17:26 177448 ----a-w- c:\windows\SysWow64\SynCOM.dll
2012-03-01 17:26 . 2012-03-01 17:26 148264 ----a-w- c:\windows\system32\SynTPCo9.dll
2012-03-01 17:26 . 2012-03-01 17:26 1451056 ----a-w- c:\windows\system32\drivers\SynTP.sys
2012-03-01 17:26 . 2012-03-01 17:26 107816 ----a-w- c:\windows\SysWow64\SynTPCOM.dll
2012-02-27 03:00 . 2012-02-29 08:44 -------- d-----w- c:\users\Michelle\riotsGamesLogs
2012-02-27 02:59 . 2012-02-27 02:59 -------- d-----w- c:\users\Michelle\AppData\Roaming\LolClient
2012-02-27 02:26 . 2008-07-31 18:41 68616 ----a-w- c:\windows\SysWow64\XAPOFX1_1.dll
2012-02-27 02:26 . 2008-07-31 18:40 509448 ----a-w- c:\windows\SysWow64\XAudio2_2.dll
2012-02-27 02:26 . 2008-07-12 16:18 467984 ----a-w- c:\windows\SysWow64\d3dx10_39.dll
2012-02-27 02:26 . 2008-07-12 16:18 3851784 ----a-w- c:\windows\SysWow64\D3DX9_39.dll
2012-02-27 02:26 . 2008-07-12 16:18 1493528 ----a-w- c:\windows\SysWow64\D3DCompiler_39.dll
2012-02-27 02:23 . 2012-02-27 02:23 -------- d-----w- C:\Riot Games
2012-02-27 01:33 . 2012-03-05 16:01 -------- d-----w- c:\users\Michelle\AppData\Local\PMB Files
2012-02-27 01:33 . 2012-03-03 05:12 -------- d-----w- c:\programdata\PMB Files
2012-02-27 01:32 . 2012-02-27 01:32 -------- d-----w- c:\program files (x86)\Pando Networks
2012-02-22 23:53 . 2012-02-22 23:53 -------- d-----w- c:\windows\system32\Macromed
2012-02-22 20:34 . 2012-02-23 00:19 -------- d-----w- C:\Games
2012-02-22 19:41 . 2012-02-22 19:41 -------- d-----w- c:\program files (x86)\ARO 2012
2012-02-22 19:40 . 2012-02-22 19:40 -------- d-----w- c:\program files (x86)\Conduit
2012-02-22 19:40 . 2012-02-22 19:40 -------- d-----w- c:\users\Michelle\AppData\Local\Conduit
2012-02-22 19:40 . 2012-02-22 19:40 -------- d-----w- c:\program files (x86)\BitTorrentBar
2012-02-22 19:40 . 2012-02-22 19:40 -------- d-----w- c:\users\Michelle\AppData\Roaming\OpenCandy
2012-02-19 23:18 . 2012-03-10 00:20 -------- d-----w- c:\programdata\AVG Secure Search
2012-02-19 00:45 . 2012-02-19 00:45 -------- d-----w- c:\users\Michelle\AppData\Roaming\OpenOffice.org
2012-02-19 00:28 . 2012-02-19 00:28 -------- d-----w- c:\program files (x86)\OpenOffice.org 3
2012-02-18 23:44 . 2012-03-14 23:17 -------- d-----w- c:\windows\system32\drivers\NISx64\1207000.00D
2012-02-18 23:22 . 2012-02-18 23:22 -------- d-----w- c:\program files (x86)\Cisco Systems
2012-02-18 23:22 . 2012-02-18 23:22 -------- d-----w- c:\programdata\Cisco Systems
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-10 17:12 . 2003-03-19 03:14 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2012-03-01 17:29 . 2011-08-15 18:18 4933120 ----a-w- c:\windows\system32\IDTNHP.dll
2012-03-01 17:29 . 2011-08-15 18:18 4779520 ----a-w- c:\windows\system32\stlang64.dll
2012-03-01 17:29 . 2011-08-15 18:18 212480 ----a-w- c:\windows\system32\IDTNJ.exe
2012-03-01 17:29 . 2011-08-15 18:18 1128448 ----a-w- c:\windows\sttray64.exe
2012-03-01 17:29 . 2011-08-15 18:18 1029120 ----a-w- c:\windows\system32\IDTNX.dll
2012-03-01 17:29 . 2011-08-15 18:18 224256 ----a-w- c:\windows\system32\staco64.dll
2012-03-01 17:29 . 2011-08-15 18:18 68608 ----a-w- c:\windows\system32\AESTAR64.dll
2012-03-01 17:29 . 2011-08-15 18:18 442368 ----a-w- c:\windows\system32\AESTEC64.dll
2012-03-01 17:29 . 2011-08-15 18:18 221184 ----a-w- c:\windows\system32\HPToneCtrls64.dll
2012-03-01 17:29 . 2011-08-15 18:18 162304 ----a-w- c:\windows\system32\AESTAC64.dll
2012-03-01 17:29 . 2011-08-15 18:18 90624 ----a-w- c:\windows\system32\AESTCo64.dll
2012-03-01 17:29 . 2011-08-15 18:18 6382080 ----a-w- c:\windows\system32\IDTNGUI.exe
2012-03-01 17:29 . 2011-08-15 18:18 1523712 ----a-w- c:\windows\system32\IDTNC64.cpl
2012-03-01 17:28 . 2011-08-15 18:18 338536 ----a-w- c:\windows\system32\drivers\RtsPStor.sys
2012-03-01 17:26 . 2010-12-17 02:26 411944 ----a-w- c:\windows\system32\SynCOM.dll
2012-02-22 23:53 . 2011-09-14 19:01 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-18 14:44 . 2012-01-18 14:44 263456 ----a-w- c:\windows\system32\lvco13311044.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"= "c:\program files (x86)\BitTorrentBar\prxtbBitT.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
2011-05-09 08:49 176936 ----a-w- c:\program files (x86)\BitTorrentBar\prxtbBitT.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"= "c:\program files (x86)\BitTorrentBar\prxtbBitT.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\progra~2\Yahoo!\Messenger\YahooMessenger.exe" [2011-08-22 6276408]
"Logitech Vid"="c:\program files (x86)\Logitech\Vid HD\Vid.exe" [2010-10-29 5915480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-05-20 284440]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-03-15 336384]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2012-03-01 113288]
"HPConnectionManager"="c:\program files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe" [2011-02-15 94264]
"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2010-02-03 87336]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared files\brs.exe" [2011-01-25 75048]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-11-09 586296]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-16 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-16 932288]
"Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2011-03-16 61112]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-01-25 2416480]
"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 379960]
"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2010-05-08 165208]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\Update\realsched.exe" [2012-03-10 296056]
.
c:\users\Michelle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech . Product Registration.lnk - c:\program files (x86)\Logitech\Ereg\eReg.exe [2009-11-16 517384]
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20111027.001\BHDrvx64.sys [2011-10-14 1155704]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1207000.00D\Ironx64.SYS [x]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 CLKMSVC10_38F51D56;CyberLink Product - 2011/08/15 11:32;c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [2011-01-25 241648]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-02 136176]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-10 86072]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys [x]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-11-09 138360]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-02 136176]
R3 hpCMSrv;HP Connection Manager 4.0 Service;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-02-15 1071160]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]
R3 LVUVC64;Logitech HD Webcam C310(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-07-28 340240]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1207000.00D\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1207000.00D\SYMEFA64.SYS [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20111111.030\IDSvia64.sys [2011-09-13 488568]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1207000.00D\SYMNETS.SYS [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2012-03-01 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-09-01 1166848]
S2 avgfws;AVG Firewall;c:\program files (x86)\AVG\AVG2012\avgfws.exe [2011-10-25 2398512]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]
S2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-06-03 134928]
S2 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-02-18 265544]
S2 HPAuto;HP Auto;c:\program files\Hewlett-Packard\HP Auto\HPAuto.exe [2011-02-17 682040]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-09-02 227896]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-09 26680]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-05-20 13592]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-03-01 2413056]
S2 LVPrcS64;Process Monitor;c:\program files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe [2010-05-08 197976]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\18.7.0.13\ccSvcHst.exe [2011-04-17 130008]
S2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-22 2656280]
S2 vToolbarUpdater;vToolbarUpdater;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe [2012-02-19 909152]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [x]
S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [x]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [x]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [x]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
*Deregistered* - CLKMDRV10_38F51D56
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-02 03:55]
.
2012-03-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-02 03:55]
.
2012-03-15 c:\windows\Tasks\HPCeeScheduleForMICHELLE-HP$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
2012-03-16 c:\windows\Tasks\HPCeeScheduleForMichelle.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-01-27 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-01-27 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-01-27 418328]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-07-28 1935120]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2012-03-01 1128448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
Toolbar-{95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
Wow6432Node-HKCU-Run-BitTorrent - c:\program files (x86)\BitTorrent\BitTorrent.exe
Wow6432Node-HKCU-Run-AROReminder - (no file)
Wow6432Node-HKLM-Run-ROC_roc_dec12 - c:\program files (x86)\AVG Secure Search\ROC_roc_dec12.exe
WebBrowser-{88C7F2AA-F93F-432C-8F0E-B7D85967A527} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe
AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\18.7.0.13\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\18.7.0.13\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SysWOW64\ezSharedSvcHost.exe
c:\program files (x86)\Common Files\Logishrd\LVMVFM\LVPrS64H.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe
c:\\.\globalroot\systemroot\svchost.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2012-03-16 02:08:50 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-16 09:08
.
Pre-Run: 516,385,984,512 bytes free
Post-Run: 516,871,073,792 bytes free
.
- - End Of File - - 9A1EF2A4ADF7C198E90677597BC31C89

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:49 AM

Posted 16 March 2012 - 02:50 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 virussux

virussux
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:49 PM

Posted 16 March 2012 - 08:06 PM

19:56:01.0617 5960 TDSS rootkit removing tool 2.7.20.0 Mar 9 2012 17:10:43
19:56:02.0072 5960 ============================================================
19:56:02.0072 5960 Current date / time: 2012/03/16 19:56:02.0072
19:56:02.0072 5960 SystemInfo:
19:56:02.0072 5960
19:56:02.0072 5960 OS Version: 6.1.7601 ServicePack: 1.0
19:56:02.0072 5960 Product type: Workstation
19:56:02.0072 5960 ComputerName: MICHELLE-HP
19:56:02.0072 5960 UserName: Michelle
19:56:02.0072 5960 Windows directory: C:\Windows
19:56:02.0072 5960 System windows directory: C:\Windows
19:56:02.0072 5960 Running under WOW64
19:56:02.0072 5960 Processor architecture: Intel x64
19:56:02.0072 5960 Number of processors: 8
19:56:02.0072 5960 Page size: 0x1000
19:56:02.0072 5960 Boot type: Normal boot
19:56:02.0072 5960 ============================================================
19:56:02.0431 5960 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:56:02.0435 5960 \Device\Harddisk0\DR0:
19:56:02.0435 5960 MBR used
19:56:02.0435 5960 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
19:56:02.0435 5960 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x48AD4800
19:56:02.0435 5960 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x48B38800, BlocksNum 0x1CEB800
19:56:02.0435 5960 \Device\Harddisk0\DR0\Partition3: MBR, Type 0xC, StartLBA 0x4A824000, BlocksNum 0x33AB0
19:56:02.0529 5960 Initialize success
19:56:02.0529 5960 ============================================================
19:56:05.0118 7740 ============================================================
19:56:05.0118 7740 Scan started
19:56:05.0118 7740 Mode: Manual;
19:56:05.0118 7740 ============================================================
19:56:05.0463 7740 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
19:56:05.0466 7740 1394ohci - ok
19:56:05.0536 7740 Accelerometer (5c368f4b04ed2a923e6afca2d37baff5) C:\Windows\system32\DRIVERS\Accelerometer.sys
19:56:05.0536 7740 Accelerometer - ok
19:56:05.0590 7740 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
19:56:05.0593 7740 ACPI - ok
19:56:05.0642 7740 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
19:56:05.0643 7740 AcpiPmi - ok
19:56:05.0692 7740 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
19:56:05.0696 7740 adp94xx - ok
19:56:05.0754 7740 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
19:56:05.0757 7740 adpahci - ok
19:56:05.0788 7740 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
19:56:05.0790 7740 adpu320 - ok
19:56:05.0860 7740 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
19:56:05.0866 7740 AFD - ok
19:56:05.0907 7740 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
19:56:05.0908 7740 agp440 - ok
19:56:05.0937 7740 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
19:56:05.0937 7740 aliide - ok
19:56:05.0967 7740 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
19:56:05.0967 7740 amdide - ok
19:56:06.0060 7740 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
19:56:06.0061 7740 AmdK8 - ok
19:56:06.0200 7740 amdkmdag (e08cf0ed91fcca0017776cff4a506012) C:\Windows\system32\DRIVERS\atikmdag.sys
19:56:06.0385 7740 amdkmdag - ok
19:56:06.0550 7740 amdkmdap (f072f317e430925c7d88c766db7da86e) C:\Windows\system32\DRIVERS\atikmpag.sys
19:56:06.0552 7740 amdkmdap - ok
19:56:06.0574 7740 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
19:56:06.0575 7740 AmdPPM - ok
19:56:06.0686 7740 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
19:56:06.0687 7740 amdsata - ok
19:56:06.0715 7740 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
19:56:06.0718 7740 amdsbs - ok
19:56:06.0735 7740 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
19:56:06.0735 7740 amdxata - ok
19:56:06.0777 7740 AMPPAL (7d9e301ab3247765702d0b65e2e47e50) C:\Windows\system32\DRIVERS\AMPPAL.sys
19:56:06.0780 7740 AMPPAL - ok
19:56:06.0828 7740 AMPPALP (7d9e301ab3247765702d0b65e2e47e50) C:\Windows\system32\DRIVERS\amppal.sys
19:56:06.0830 7740 AMPPALP - ok
19:56:06.0966 7740 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
19:56:06.0967 7740 AppID - ok
19:56:06.0994 7740 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
19:56:06.0996 7740 arc - ok
19:56:07.0017 7740 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
19:56:07.0018 7740 arcsas - ok
19:56:07.0041 7740 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
19:56:07.0041 7740 AsyncMac - ok
19:56:07.0083 7740 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
19:56:07.0083 7740 atapi - ok
19:56:07.0188 7740 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
19:56:07.0193 7740 b06bdrv - ok
19:56:07.0208 7740 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
19:56:07.0222 7740 b57nd60a - ok
19:56:07.0258 7740 BCM43XX (9e84a931dbee0292e38ed672f6293a99) C:\Windows\system32\DRIVERS\bcmwl664.sys
19:56:07.0271 7740 BCM43XX - ok
19:56:07.0335 7740 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
19:56:07.0335 7740 Beep - ok
19:56:07.0515 7740 BHDrvx64 (cd0ecb395666fc9ae23d7381e9e3370d) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20111027.001\BHDrvx64.sys
19:56:07.0521 7740 BHDrvx64 - ok
19:56:07.0581 7740 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys
19:56:07.0581 7740 blbdrive - ok
19:56:07.0629 7740 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
19:56:07.0630 7740 bowser - ok
19:56:07.0681 7740 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
19:56:07.0682 7740 BrFiltLo - ok
19:56:07.0715 7740 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
19:56:07.0716 7740 BrFiltUp - ok
19:56:07.0765 7740 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
19:56:07.0766 7740 BridgeMP - ok
19:56:07.0837 7740 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
19:56:07.0840 7740 Brserid - ok
19:56:07.0854 7740 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
19:56:07.0855 7740 BrSerWdm - ok
19:56:07.0889 7740 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
19:56:07.0889 7740 BrUsbMdm - ok
19:56:07.0925 7740 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
19:56:07.0926 7740 BrUsbSer - ok
19:56:07.0945 7740 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
19:56:07.0946 7740 BTHMODEM - ok
19:56:08.0003 7740 catchme - ok
19:56:08.0040 7740 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
19:56:08.0042 7740 cdfs - ok
19:56:08.0094 7740 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys



aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-03-16 20:00:59
-----------------------------
20:00:59.762 OS Version: Windows x64 6.1.7601 Service Pack 1
20:00:59.762 Number of processors: 8 586 0x2A07
20:00:59.763 ComputerName: MICHELLE-HP UserName: Michelle
20:01:00.245 Initialize success
20:04:39.659 AVAST engine defs: 12031600
20:05:33.856 The log file has been saved successfully to "C:\Users\Michelle\Desktop\aswMBR.txt"



The aswMBR is awfully short. Did I not run it correctly?

#12 virussux

virussux
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:49 PM

Posted 16 March 2012 - 08:12 PM

Ok I feel stupid now. Here's the log


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-03-16 20:00:59
-----------------------------
20:00:59.762 OS Version: Windows x64 6.1.7601 Service Pack 1
20:00:59.762 Number of processors: 8 586 0x2A07
20:00:59.763 ComputerName: MICHELLE-HP UserName: Michelle
20:01:00.245 Initialize success
20:04:39.659 AVAST engine defs: 12031600
20:05:33.856 The log file has been saved successfully to "C:\Users\Michelle\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-03-16 20:07:05
-----------------------------
20:07:05.012 OS Version: Windows x64 6.1.7601 Service Pack 1
20:07:05.012 Number of processors: 8 586 0x2A07
20:07:05.013 ComputerName: MICHELLE-HP UserName: Michelle
20:07:05.468 Initialize success
20:07:08.264 AVAST engine defs: 12031600
20:07:11.250 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
20:07:11.252 Disk 0 Vendor: SAMSUNG_ 2AK1 Size: 610480MB BusType: 3
20:07:11.262 Disk 0 MBR read successfully
20:07:11.264 Disk 0 MBR scan
20:07:11.267 Disk 0 Windows 7 default MBR code
20:07:11.277 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
20:07:11.285 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 595369 MB offset 409600
20:07:11.316 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 14807 MB offset 1219725312
20:07:11.331 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 103 MB offset 1250050048
20:07:11.366 Disk 0 scanning C:\Windows\system32\drivers
20:07:20.370 Service scanning
20:07:38.843 Modules scanning
20:07:38.849 Disk 0 trace - called modules:
20:07:38.864 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys iaStor.sys hal.dll
20:07:38.868 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006c11790]
20:07:38.871 3 CLASSPNP.SYS[fffff88001fc343f] -> nt!IofCallDriver -> [0xfffffa8006a5cb10]
20:07:38.874 5 hpdskflt.sys[fffff88001f6a189] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8006936050]
20:07:39.544 AVAST engine scan C:\Windows
20:07:41.394 AVAST engine scan C:\Windows\system32
20:09:06.630 AVAST engine scan C:\Windows\system32\drivers
20:09:15.610 AVAST engine scan C:\Users\Michelle
20:10:37.857 AVAST engine scan C:\ProgramData
20:11:32.377 Scan finished successfully
20:11:40.359 Disk 0 MBR has been saved successfully to "C:\Users\Michelle\Desktop\MBR.dat"
20:11:40.363 The log file has been saved successfully to "C:\Users\Michelle\Desktop\aswMBR.txt"

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:49 AM

Posted 16 March 2012 - 10:08 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Folder::
c:\program files (x86)\Conduit
c:\users\Michelle\AppData\Local\Conduit
c:\program files (x86)\BitTorrentBar

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 virussux

virussux
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:49 PM

Posted 16 March 2012 - 10:25 PM

ComboFix 12-03-15.03 - Michelle 03/16/2012 22:12:54.2.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6092.3980 [GMT -7:00]
Running from: c:\users\Michelle\Downloads\ComboFix.exe
Command switches used :: c:\users\Michelle\Desktop\CFScript.txt
AV: AVG Internet Security 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: AVG Internet Security 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\BitTorrentBar
c:\program files (x86)\BitTorrentBar\BitTorrentBarToolbarHelper.exe
c:\program files (x86)\BitTorrentBar\GottenAppsContextMenu.xml
c:\program files (x86)\BitTorrentBar\ldrtbBitT.dll
c:\program files (x86)\BitTorrentBar\OtherAppsContextMenu.xml
c:\program files (x86)\BitTorrentBar\prxtbBitT.dll
c:\program files (x86)\BitTorrentBar\SharedAppsContextMenu.xml
c:\program files (x86)\BitTorrentBar\tbBitT.dll
c:\program files (x86)\BitTorrentBar\toolbar.cfg
c:\program files (x86)\BitTorrentBar\ToolbarContextMenu.xml
c:\program files (x86)\BitTorrentBar\uninstall.exe
c:\program files (x86)\Conduit
c:\program files (x86)\Conduit\Community Alerts\Alert.dll
c:\users\Michelle\AppData\Local\Conduit
c:\users\Michelle\AppData\Local\Conduit\CT2790392\BitTorrentBarAutoUpdateHelper.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-02-17 to 2012-03-17 )))))))))))))))))))))))))))))))
.
.
2012-03-17 05:17 . 2012-03-17 05:17 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-17 02:56 . 2012-03-17 02:56 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-16 09:30 . 2012-03-01 21:21 8643640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{363603D7-AD5F-4F88-89F4-E889F86B1185}\mpengine.dll
2012-03-16 09:00 . 2012-03-16 09:00 -------- d-----w- c:\users\Michelle\AppData\Roaming\AVG2012
2012-03-16 08:50 . 2012-03-16 08:50 -------- d-----w- c:\users\Michelle\AppData\Roaming\SUPERAntiSpyware.com
2012-03-15 22:08 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-03-15 22:08 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-03-15 22:08 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-15 22:08 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-15 22:08 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-15 22:08 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-15 22:08 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-15 22:08 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-15 22:08 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-15 22:08 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-13 21:24 . 2012-03-13 21:24 -------- d-----w- c:\users\Michelle\AppData\Local\Mozilla
2012-03-11 21:50 . 2012-03-11 23:25 -------- d-----w- c:\users\Michelle\AppData\Local\Spotify
2012-03-11 21:50 . 2012-03-12 17:48 -------- d-----w- c:\users\Michelle\AppData\Roaming\Spotify
2012-03-10 22:24 . 2012-03-10 22:24 -------- d-----w- c:\programdata\AVAST Software
2012-03-10 22:24 . 2012-03-10 22:24 -------- d-----w- c:\program files\AVAST Software
2012-03-10 17:17 . 2012-03-16 08:41 -------- d-----w- c:\users\Michelle\AppData\Roaming\Skype
2012-03-10 17:17 . 2012-03-10 17:17 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-03-10 17:17 . 2012-03-10 17:17 -------- d-----r- c:\program files (x86)\Skype
2012-03-10 17:16 . 2012-03-10 17:17 -------- d-----w- c:\programdata\Skype
2012-03-10 17:12 . 2012-03-10 17:12 -------- d-----w- c:\users\Michelle\AppData\Local\Real
2012-03-10 17:12 . 2012-03-10 17:12 -------- d-----w- c:\program files (x86)\Common Files\xing shared
2012-03-10 17:12 . 2012-03-10 17:12 -------- d-----w- c:\program files (x86)\Real
2012-03-10 01:22 . 2012-03-10 01:23 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-03-10 01:22 . 2012-03-10 01:22 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-03-09 00:23 . 2012-03-09 05:30 -------- d-----w- c:\program files\Symantec
2012-03-09 00:22 . 2012-03-09 05:29 -------- d-----w- c:\windows\system32\drivers\N360x64
2012-03-09 00:22 . 2012-03-10 00:20 -------- d-----w- c:\program files (x86)\Norton 360
2012-03-09 00:20 . 2012-03-09 00:20 -------- d-----w- c:\programdata\PCSettings
2012-03-05 18:24 . 2012-03-15 23:02 -------- d-----w- c:\users\Guest
2012-03-03 11:00 . 2012-03-03 11:00 -------- d-----w- c:\program files (x86)\Microsoft CAPICOM 2.1.0.2
2012-03-03 00:43 . 2012-03-03 00:43 -------- d-----w- c:\programdata\{A8DA1505-E615-42BB-BB77-74D5CC91FE7E}
2012-03-02 04:12 . 2012-03-02 04:12 -------- d-----w- c:\programdata\LogiShrd
2012-03-02 04:10 . 2012-03-02 04:10 -------- d-----w- c:\users\Michelle\AppData\Local\LogiShrd
2012-03-02 04:09 . 2012-03-02 04:09 -------- d-----w- c:\users\Michelle\AppData\Roaming\Leadertech
2012-03-02 04:09 . 2012-03-02 04:09 53248 ----a-r- c:\users\Michelle\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2012-03-02 04:08 . 2012-03-17 05:18 -------- d-----w- c:\windows\SysWow64\logishrd
2012-03-02 04:08 . 2012-03-17 05:18 -------- d-----w- c:\windows\system32\logishrd
2012-03-02 04:08 . 2012-03-02 04:08 -------- d-----w- c:\programdata\Logitech
2012-03-02 04:08 . 2012-03-02 04:08 -------- d-----w- c:\program files (x86)\Common Files\LWS
2012-03-02 04:08 . 2012-03-02 04:09 -------- d-----w- c:\program files\Common Files\logishrd
2012-03-02 04:07 . 2012-03-02 04:10 -------- d-----w- c:\program files (x86)\Common Files\LogiShrd
2012-03-02 04:07 . 2012-03-02 04:09 -------- d-----w- c:\program files (x86)\Logitech
2012-03-02 03:55 . 2012-03-02 03:55 -------- d-----w- c:\program files\Google
2012-03-02 03:55 . 2012-03-10 17:12 -------- d-----w- c:\users\Michelle\AppData\Local\Google
2012-03-02 03:54 . 2012-03-10 17:12 -------- d-----w- c:\program files (x86)\Google
2012-03-02 00:28 . 2012-03-02 00:28 -------- d-----w- c:\programdata\Synaptics
2012-03-01 17:29 . 2012-03-01 17:29 654336 ------w- c:\windows\system32\stapi64.dll
2012-03-01 17:29 . 2012-03-01 17:29 528384 ----a-w- c:\windows\system32\drivers\stwrt64.sys
2012-03-01 17:29 . 2012-03-01 17:29 431616 ----a-w- c:\windows\system32\stcplx64.dll
2012-03-01 17:29 . 2012-03-01 17:29 1965056 ----a-w- c:\windows\system32\stapo64.dll
2012-03-01 17:29 . 2012-03-01 17:30 -------- d-----w- c:\program files\IDT
2012-03-01 17:28 . 2011-05-20 17:53 557848 ----a-w- c:\windows\system32\drivers\iaStor.sys
2012-03-01 17:28 . 2012-03-01 17:28 -------- d-----w- c:\users\Michelle\AppData\Roaming\InstallShield
2012-03-01 17:28 . 2012-03-01 17:28 9888360 ----a-w- c:\windows\SysWow64\RtsPStorIcon.dll
2012-03-01 17:26 . 2012-03-01 17:26 91648 ----a-w- c:\windows\system32\drivers\nusb3hub.sys
2012-03-01 17:26 . 2012-03-01 17:26 81920 ----a-w- c:\windows\system32\nusb3co2.dll
2012-03-01 17:26 . 2012-03-01 17:26 208896 ----a-w- c:\windows\system32\drivers\nusb3xhc.sys
2012-03-01 17:26 . 2012-03-01 17:26 66856 ----a-w- c:\windows\SysWow64\SynTPEnhPS.dll
2012-03-01 17:26 . 2012-03-01 17:26 276264 ----a-w- c:\windows\system32\SynCtrl.dll
2012-03-01 17:26 . 2012-03-01 17:26 226600 ----a-w- c:\windows\system32\SynTPAPI.dll
2012-03-01 17:26 . 2012-03-01 17:26 222504 ----a-w- c:\windows\SysWow64\SynCtrl.dll
2012-03-01 17:26 . 2012-03-01 17:26 177448 ----a-w- c:\windows\SysWow64\SynCOM.dll
2012-03-01 17:26 . 2012-03-01 17:26 148264 ----a-w- c:\windows\system32\SynTPCo9.dll
2012-03-01 17:26 . 2012-03-01 17:26 1451056 ----a-w- c:\windows\system32\drivers\SynTP.sys
2012-03-01 17:26 . 2012-03-01 17:26 107816 ----a-w- c:\windows\SysWow64\SynTPCOM.dll
2012-02-27 03:00 . 2012-02-29 08:44 -------- d-----w- c:\users\Michelle\riotsGamesLogs
2012-02-27 02:59 . 2012-02-27 02:59 -------- d-----w- c:\users\Michelle\AppData\Roaming\LolClient
2012-02-27 02:26 . 2008-07-31 18:41 68616 ----a-w- c:\windows\SysWow64\XAPOFX1_1.dll
2012-02-27 02:26 . 2008-07-31 18:40 509448 ----a-w- c:\windows\SysWow64\XAudio2_2.dll
2012-02-27 02:26 . 2008-07-12 16:18 467984 ----a-w- c:\windows\SysWow64\d3dx10_39.dll
2012-02-27 02:26 . 2008-07-12 16:18 3851784 ----a-w- c:\windows\SysWow64\D3DX9_39.dll
2012-02-27 02:26 . 2008-07-12 16:18 1493528 ----a-w- c:\windows\SysWow64\D3DCompiler_39.dll
2012-02-27 02:23 . 2012-02-27 02:23 -------- d-----w- C:\Riot Games
2012-02-27 01:33 . 2012-03-05 16:01 -------- d-----w- c:\users\Michelle\AppData\Local\PMB Files
2012-02-27 01:33 . 2012-03-03 05:12 -------- d-----w- c:\programdata\PMB Files
2012-02-27 01:32 . 2012-02-27 01:32 -------- d-----w- c:\program files (x86)\Pando Networks
2012-02-22 23:53 . 2012-02-22 23:53 -------- d-----w- c:\windows\system32\Macromed
2012-02-22 20:34 . 2012-02-23 00:19 -------- d-----w- C:\Games
2012-02-22 19:41 . 2012-02-22 19:41 -------- d-----w- c:\program files (x86)\ARO 2012
2012-02-22 19:40 . 2012-02-22 19:40 -------- d-----w- c:\users\Michelle\AppData\Roaming\OpenCandy
2012-02-19 23:18 . 2012-03-10 00:20 -------- d-----w- c:\programdata\AVG Secure Search
2012-02-19 00:45 . 2012-02-19 00:45 -------- d-----w- c:\users\Michelle\AppData\Roaming\OpenOffice.org
2012-02-19 00:28 . 2012-02-19 00:28 -------- d-----w- c:\program files (x86)\OpenOffice.org 3
2012-02-18 23:44 . 2012-03-14 23:17 -------- d-----w- c:\windows\system32\drivers\NISx64\1207000.00D
2012-02-18 23:22 . 2012-02-18 23:22 -------- d-----w- c:\program files (x86)\Cisco Systems
2012-02-18 23:22 . 2012-02-18 23:22 -------- d-----w- c:\programdata\Cisco Systems
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-10 17:12 . 2003-03-19 03:14 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2012-03-01 17:29 . 2011-08-15 18:18 4933120 ----a-w- c:\windows\system32\IDTNHP.dll
2012-03-01 17:29 . 2011-08-15 18:18 4779520 ----a-w- c:\windows\system32\stlang64.dll
2012-03-01 17:29 . 2011-08-15 18:18 212480 ----a-w- c:\windows\system32\IDTNJ.exe
2012-03-01 17:29 . 2011-08-15 18:18 1128448 ----a-w- c:\windows\sttray64.exe
2012-03-01 17:29 . 2011-08-15 18:18 1029120 ----a-w- c:\windows\system32\IDTNX.dll
2012-03-01 17:29 . 2011-08-15 18:18 224256 ----a-w- c:\windows\system32\staco64.dll
2012-03-01 17:29 . 2011-08-15 18:18 68608 ----a-w- c:\windows\system32\AESTAR64.dll
2012-03-01 17:29 . 2011-08-15 18:18 442368 ----a-w- c:\windows\system32\AESTEC64.dll
2012-03-01 17:29 . 2011-08-15 18:18 221184 ----a-w- c:\windows\system32\HPToneCtrls64.dll
2012-03-01 17:29 . 2011-08-15 18:18 162304 ----a-w- c:\windows\system32\AESTAC64.dll
2012-03-01 17:29 . 2011-08-15 18:18 90624 ----a-w- c:\windows\system32\AESTCo64.dll
2012-03-01 17:29 . 2011-08-15 18:18 6382080 ----a-w- c:\windows\system32\IDTNGUI.exe
2012-03-01 17:29 . 2011-08-15 18:18 1523712 ----a-w- c:\windows\system32\IDTNC64.cpl
2012-03-01 17:28 . 2011-08-15 18:18 338536 ----a-w- c:\windows\system32\drivers\RtsPStor.sys
2012-03-01 17:26 . 2010-12-17 02:26 411944 ----a-w- c:\windows\system32\SynCOM.dll
2012-02-23 16:18 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-22 23:53 . 2011-09-14 19:01 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-18 14:44 . 2012-01-18 14:44 263456 ----a-w- c:\windows\system32\lvco13311044.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-03-16_09.05.08 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-21 03:09 . 2012-03-17 02:59 60100 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-03-17 04:51 40742 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-09-14 18:31 . 2012-03-17 04:51 13424 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1918111312-2679071396-3633538438-1000_UserData.bin
+ 2009-07-14 04:46 . 2012-03-17 03:04 94744 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2009-07-14 04:46 . 2012-03-16 08:52 94744 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2011-10-08 01:09 . 2012-03-16 09:13 5298 c:\windows\system32\wdi\ERCQueuedResolutions.dat
- 2012-03-16 09:04 . 2012-03-16 09:04 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-03-17 05:18 . 2012-03-17 05:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-03-17 05:18 . 2012-03-17 05:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-03-16 09:04 . 2012-03-16 09:04 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-03-10 00:23 . 2012-03-16 08:56 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2012-03-10 00:23 . 2012-03-16 14:18 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 04:54 . 2012-03-16 08:56 114688 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-03-16 14:17 114688 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-09-14 21:04 . 2012-03-16 09:13 294636 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2009-07-14 02:36 . 2012-03-16 08:50 624178 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-03-17 04:54 624178 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-03-16 08:50 106522 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-03-17 04:54 106522 c:\windows\system32\perfc009.dat
- 2009-07-14 04:45 . 2012-02-20 15:51 293792 c:\windows\system32\FNTCACHE.DAT
+ 2009-07-14 04:45 . 2012-03-16 14:17 293792 c:\windows\system32\FNTCACHE.DAT
- 2009-07-14 05:01 . 2012-03-16 09:04 277268 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-03-17 05:17 277268 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 04:54 . 2012-03-16 14:17 2064384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-03-16 08:56 2064384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-03-16 14:17 3997696 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-03-16 08:56 3997696 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:45 . 2012-03-15 22:05 7204521 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2009-07-14 04:45 . 2012-03-16 14:19 7204521 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2011-08-15 18:40 . 2012-03-16 09:04 3705240 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-08-15 18:40 . 2012-03-17 05:17 3705240 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2009-07-14 02:34 . 2012-02-20 15:50 10223616 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2009-07-14 02:34 . 2012-03-16 14:16 10223616 c:\windows\system32\SMI\Store\Machine\schema.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
c:\program files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll" [BU]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\progra~2\Yahoo!\Messenger\YahooMessenger.exe" [2011-08-22 6276408]
"Logitech Vid"="c:\program files (x86)\Logitech\Vid HD\Vid.exe" [2010-10-29 5915480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-05-20 284440]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-03-15 336384]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2012-03-01 113288]
"HPConnectionManager"="c:\program files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe" [2011-02-15 94264]
"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2010-02-03 87336]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared files\brs.exe" [2011-01-25 75048]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-11-09 586296]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-16 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-16 932288]
"Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2011-03-16 61112]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-01-25 2416480]
"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 379960]
"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2010-05-08 165208]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\Update\realsched.exe" [2012-03-10 296056]
.
c:\users\Michelle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech . Product Registration.lnk - c:\program files (x86)\Logitech\Ereg\eReg.exe [2009-11-16 517384]
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20111027.001\BHDrvx64.sys [2011-10-14 1155704]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1207000.00D\Ironx64.SYS [x]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 CLKMSVC10_38F51D56;CyberLink Product - 2011/08/15 11:32;c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [2011-01-25 241648]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-02 136176]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-10 86072]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys [x]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-11-09 138360]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-02 136176]
R3 hpCMSrv;HP Connection Manager 4.0 Service;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-02-15 1071160]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]
R3 LVUVC64;Logitech HD Webcam C310(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-07-28 340240]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1207000.00D\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1207000.00D\SYMEFA64.SYS [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20111111.030\IDSvia64.sys [2011-09-13 488568]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1207000.00D\SYMNETS.SYS [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2012-03-01 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-09-01 1166848]
S2 avgfws;AVG Firewall;c:\program files (x86)\AVG\AVG2012\avgfws.exe [2011-10-25 2398512]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]
S2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-06-03 134928]
S2 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-02-18 265544]
S2 HPAuto;HP Auto;c:\program files\Hewlett-Packard\HP Auto\HPAuto.exe [2011-02-17 682040]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-09-02 227896]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-09 26680]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-05-20 13592]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-03-01 2413056]
S2 LVPrcS64;Process Monitor;c:\program files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe [2010-05-08 197976]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\18.7.0.13\ccSvcHst.exe [2011-04-17 130008]
S2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-22 2656280]
S2 vToolbarUpdater;vToolbarUpdater;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe [2012-02-19 909152]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [x]
S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [x]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [x]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [x]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - CLKMDRV10_38F51D56
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-02 03:55]
.
2012-03-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-02 03:55]
.
2012-03-15 c:\windows\Tasks\HPCeeScheduleForMICHELLE-HP$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
2012-03-16 c:\windows\Tasks\HPCeeScheduleForMichelle.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-01-27 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-01-27 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-01-27 418328]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-07-28 1935120]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2012-03-01 1128448]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{88c7f2aa-f93f-432c-8f0e-b7d85967a527} - c:\program files (x86)\BitTorrentBar\prxtbBitT.dll
BHO-{88c7f2aa-f93f-432c-8f0e-b7d85967a527} - c:\program files (x86)\BitTorrentBar\prxtbBitT.dll
Toolbar-{88c7f2aa-f93f-432c-8f0e-b7d85967a527} - c:\program files (x86)\BitTorrentBar\prxtbBitT.dll
WebBrowser-{88C7F2AA-F93F-432C-8F0E-B7D85967A527} - (no file)
AddRemove-BitTorrentBar Toolbar - c:\program files (x86)\BitTorrentBar\uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\18.7.0.13\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\18.7.0.13\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SysWOW64\ezSharedSvcHost.exe
c:\program files (x86)\Common Files\Logishrd\LVMVFM\LVPrS64H.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2012-03-16 22:21:34 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-17 05:21
ComboFix2.txt 2012-03-16 09:08
.
Pre-Run: 516,433,055,744 bytes free
Post-Run: 516,221,419,520 bytes free
.
- - End Of File - - C2B8C6D184F3AC05CE459AFEE39D3A89

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:49 AM

Posted 16 March 2012 - 10:50 PM

Hello

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users