Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

CODE C malware - unable to remove


  • This topic is locked This topic is locked
14 replies to this topic

#1 Anita88

Anita88

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:10 AM

Posted 27 March 2012 - 04:36 PM

Hi,

I downloaded Codec C when trying to watch a video online.I updated and ran a full scan of my computer with Norton 360, but nothing was found. I also used CCleaner but it does not seem to have made a difference. Also, all the program in my start menu on Windows are not appearing and firefox and google chrome have new home pages. I tried to remove it from control panel as well but it wont let me. Please could you let me know what i need to do?

Thanks
Anita

Sorry - I cant find where to attach the DDS and attach text so i have copied it below:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Anita1 at 22:55:41 on 2012-03-27
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3767.2349 [GMT 1:00]
.
AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
c:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
C:\Program Files (x86)\Launch Manager\dsiwmis.exe
C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe
C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Norton 360\Engine\5.2.0.13\ccSvcHst.exe
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Norton 360\Engine\5.2.0.13\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe
C:\Windows\System32\StikyNot.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Windows\system32\igfxext.exe
C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
C:\Program Files (x86)\Launch Manager\LMworker.exe
C:\Program Files (x86)\O2CM-CE\O2 Connection Manager\tscui.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerEvent.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\PROGRA~2\MOZILL~1\firefox.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wuauclt.exe
C:\PROGRA~2\MOZILL~1\plugin-container.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/
uDefault_Page_URL = hxxp://packardbell.msn.com
mDefault_Page_URL = hxxp://packardbell.msn.com
mStart Page = hxxp://packardbell.msn.com
uURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Codec-C Class: {19480e4e-f264-4dfb-b991-c35664edbe49} - C:\ProgramData\Codec-C\bhoclass.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton 360\Engine\5.2.0.13\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton 360\Engine\5.2.0.13\IPS\IPSBHO.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton 360\Engine\5.2.0.13\coIEPlg.dll
TB: {687578B9-7132-4A7A-80E4-30EE31099E03} - No File
uRun: [Google Update] "C:\Users\Anita1\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe" -h -k
mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun: [O2Start] C:\Program Files (x86)\O2CM-CE\O2 Connection Manager\tscui.exe /s
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
TCP: Interfaces\{76E77387-4566-496C-AA3C-CDED6B14E325} : NameServer = 82.132.254.3 82.132.254.2
TCP: Interfaces\{E706EEFD-5C4D-43BE-B190-DCF55203089E} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{E706EEFD-5C4D-43BE-B190-DCF55203089E}\544494D4142353 : DhcpNameServer = 192.168.0.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Codec-C Class: {19480E4E-F264-4DFB-B991-C35664EDBE49} - C:\ProgramData\Codec-C\bhoclass.dll
BHO-X64: Codec-C - No File
BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\5.2.0.13\coIEPlg.dll
BHO-X64: Symantec NCO BHO - No File
BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\5.2.0.13\IPS\IPSBHO.DLL
BHO-X64: Symantec Intrusion Prevention - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\5.2.0.13\coIEPlg.dll
TB-X64: {687578B9-7132-4A7A-80E4-30EE31099E03} - No File
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe" -h -k
mRun-x64: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun-x64: [O2Start] C:\Program Files (x86)\O2CM-CE\O2 Connection Manager\tscui.exe /s
mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Anita1\AppData\Roaming\Mozilla\Firefox\Profiles\jxs051hx.default\
FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Anita1\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=111363
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - a0f2a80d000000000000000000000000
FF - user.js: extensions.BabylonToolbar_i.hardId - a0f2a80d000000000000000000000000
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15423
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1715:30:24
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\N360x64\0502000.00D\SYMDS64.SYS --> C:\Windows\system32\drivers\N360x64\0502000.00D\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\N360x64\0502000.00D\SYMEFA64.SYS --> C:\Windows\system32\drivers\N360x64\0502000.00D\SYMEFA64.SYS [?]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\BASHDefs\20120317.002\BHDrvx64.sys [2012-3-20 1157240]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\IPSDefs\20120324.004\IDSviA64.sys [2012-3-27 488568]
R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\N360x64\0502000.00D\Ironx64.SYS --> C:\Windows\system32\drivers\N360x64\0502000.00D\Ironx64.SYS [?]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\N360x64\0502000.00D\SYMNETS.SYS --> C:\Windows\system32\Drivers\N360x64\0502000.00D\SYMNETS.SYS [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-9-30 169408]
R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2011-5-26 321104]
R2 ePowerSvc;Acer ePower Service;C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [2011-6-19 867712]
R2 GREGService;GREGService;C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe [2010-1-8 23584]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-5-26 13336]
R2 Live Updater Service;Live Updater Service;C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe [2011-5-26 244624]
R2 N360;Norton 360;C:\Program Files (x86)\Norton 360\Engine\5.2.0.13\ccsvchst.exe [2012-1-31 130008]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-5-4 503080]
R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]
R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe [2010-6-28 255744]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-5-26 2320920]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-2-5 138360]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\system32\DRIVERS\ETD.sys --> C:\Windows\system32\DRIVERS\ETD.sys [?]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\drivers\HECIx64.sys --> C:\Windows\system32\drivers\HECIx64.sys [?]
R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-3-1 183560]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]
.
=============== Created Last 30 ================
.
2012-03-27 21:31:08 -------- d-----w- C:\Users\Anita1\AppData\Local\{85FBFF70-5401-493A-B1A9-F49E5C77B1FC}
2012-03-27 21:30:00 -------- d-----w- C:\Users\Anita1\AppData\Local\{61682404-7434-4393-A32C-72D117DC20CC}
2012-03-27 20:43:17 -------- d-----w- C:\Program Files\CCleaner
2012-03-27 20:15:37 -------- d-----w- C:\Users\Anita1\AppData\Local\{7C4398C0-9E63-4DCD-BDEE-A7C722CEDB68}
2012-03-27 20:14:30 -------- d-----w- C:\Users\Anita1\AppData\Local\{E34B4359-2E25-4E62-9ADC-938E074F7A54}
2012-03-27 20:07:27 -------- d-----w- C:\Users\Anita1\AppData\Local\NPE
2012-03-27 18:08:21 -------- d-----w- C:\Users\Anita1\AppData\Local\{9E4FA8C8-CFB2-48C5-8CA0-D6D8E0D7D193}
2012-03-26 18:05:14 -------- d-----w- C:\Users\Anita1\AppData\Local\{CB3B68B1-775B-426A-A110-BBEDF4791B18}
2012-03-26 18:04:07 -------- d-----w- C:\Users\Anita1\AppData\Local\{10B7891C-4C47-4FC0-BAFB-32AA510C449F}
2012-03-25 16:53:05 -------- d-----w- C:\Users\Anita1\AppData\Local\{FAE2332C-9D1B-42D1-B73E-0B2BACBBB134}
2012-03-25 12:41:57 691712 ----a-w- C:\Windows\System32\drivers\mod7700.sys
2012-03-25 12:41:57 29696 ----a-w- C:\Windows\System32\drivers\ewdcsc.sys
2012-03-25 12:41:57 119296 ----a-w- C:\Windows\System32\drivers\ewusbnet.sys
2012-03-25 12:41:57 117120 ----a-w- C:\Windows\System32\drivers\ewusbfake.sys
2012-03-25 12:41:57 115072 ----a-w- C:\Windows\System32\drivers\ewusbmdm.sys
2012-03-25 12:41:09 -------- d-----w- C:\Users\Anita1\AppData\Local\{40BB687B-E670-46E5-B62F-1FCD6D05D25F}
2012-03-25 03:12:25 -------- d-----w- C:\Users\Anita1\AppData\Local\{7AEA7C86-3710-43CC-9D5A-A3E2B1FF6202}
2012-03-24 15:30:17 -------- d-----w- C:\Users\Anita1\AppData\Local\Babylon
2012-03-24 15:30:15 -------- d-----w- C:\Users\Anita1\AppData\Roaming\Babylon
2012-03-24 15:30:15 -------- d-----w- C:\ProgramData\Babylon
2012-03-24 15:25:17 -------- d-----w- C:\ProgramData\Premium
2012-03-24 15:25:06 -------- d-----w- C:\Program Files (x86)\Optimizer Pro
2012-03-24 15:24:24 -------- d-----w- C:\ProgramData\Codec-C
2012-03-24 15:23:19 -------- d-----w- C:\ProgramData\InstallMate
2012-03-24 10:32:01 592824 ----a-w- C:\Program Files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-24 10:32:01 44472 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozglue.dll
2012-03-24 10:25:40 -------- d-----w- C:\Users\Anita1\AppData\Local\{71555E3E-7B68-4148-8397-B4E6CC3D3584}
2012-03-23 21:08:06 -------- d-----w- C:\Users\Anita1\AppData\Local\{EC0B29E0-172E-4679-9E78-3DED847A2CBC}
2012-03-21 19:03:12 -------- d-----w- C:\Users\Anita1\AppData\Local\{55E2DE99-1EB3-4B14-9177-1AC6EA3918FD}
2012-03-21 19:02:01 -------- d-----w- C:\Users\Anita1\AppData\Local\{BAA4AC74-5DE5-47C7-B866-A744F889B8A7}
2012-03-20 19:30:53 -------- d-----w- C:\Users\Anita1\AppData\Local\{952B7BA3-F9A5-4512-A36B-8CFB3BD23F6A}
2012-03-20 19:29:34 -------- d-----w- C:\Users\Anita1\AppData\Local\{B4B86D89-D9B0-45FC-AC0A-026F85CC02B3}
2012-03-19 18:31:10 -------- d-----w- C:\Users\Anita1\AppData\Local\{EF448204-E3D8-4BC9-AD51-951139CD164B}
2012-03-19 18:30:02 -------- d-----w- C:\Users\Anita1\AppData\Local\{99998CE2-7E30-478D-A00C-CD1599A6AB01}
2012-03-18 21:26:36 -------- d-----w- C:\Users\Anita1\AppData\Local\{98554836-FD69-455B-8F47-9BD0ED8CFDD8}
2012-03-18 21:24:19 -------- d-----w- C:\Users\Anita1\AppData\Local\{6BE78800-F8DD-4809-9656-6A859DA35538}
2012-03-18 20:51:33 -------- d-----w- C:\Users\Anita1\AppData\Local\{95FC150C-B620-41AF-8677-0BE2FC3C1A33}
2012-03-18 20:31:49 -------- d-----w- C:\Users\Anita1\AppData\Local\{ED6FB996-D4DB-444A-8003-1302AFFE12E7}
2012-03-16 18:27:33 -------- d-----w- C:\Users\Anita1\AppData\Local\{31E6D203-2816-400E-B300-D4F09C075C95}
2012-03-16 18:26:16 -------- d-----w- C:\Users\Anita1\AppData\Local\{884D097F-4676-48A6-A9B0-199A42E44D80}
2012-03-15 18:13:01 -------- d-----w- C:\Users\Anita1\AppData\Local\{B749CE4C-9B34-43C2-9F9A-D5D0DCD2FE63}
2012-03-15 18:12:18 -------- d-----w- C:\Users\Anita1\AppData\Local\{02D30B0C-9A89-4FAA-B5E5-5EEDDD699892}
2012-03-14 18:43:23 -------- d-----w- C:\Users\Anita1\AppData\Local\{ACCA8AB1-7D95-4EDA-97E2-6BBF40269368}
2012-03-14 18:42:14 -------- d-----w- C:\Users\Anita1\AppData\Local\{E2C775EE-1511-49FA-952E-5BF90529E5BE}
2012-03-13 23:27:10 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-03-13 23:27:10 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-03-13 23:27:09 3913584 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-03-13 21:03:21 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-03-13 21:03:19 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2012-03-13 21:03:19 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-03-13 20:47:37 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-03-13 20:47:37 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-03-13 20:47:37 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-03-13 20:47:36 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-03-13 20:47:36 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-03-13 20:47:36 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-03-13 20:47:36 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-03-13 20:41:35 -------- d-----w- C:\Users\Anita1\AppData\Local\{45199E71-3894-4685-A789-5C1753036155}
2012-03-13 20:40:56 -------- d-----w- C:\Users\Anita1\AppData\Local\{3350C19F-6E13-4186-A6A6-79817A8723FE}
2012-03-12 18:19:39 -------- d-----w- C:\Users\Anita1\AppData\Local\{88433906-08B2-44D1-B245-84842563181A}
2012-03-12 18:18:51 -------- d-----w- C:\Users\Anita1\AppData\Local\{8CE6FEA1-4236-43C3-A3D7-DF729BDD4866}
2012-03-11 15:29:21 -------- d-----w- C:\Users\Anita1\AppData\Local\{BC7CFA93-7AFC-483B-9F67-071F11241F7E}
2012-03-10 22:37:08 -------- d-----w- C:\Users\Anita1\AppData\Local\{B52F60E2-5359-4C33-B9E0-A51BBE6DFD0F}
2012-03-10 10:51:39 -------- d-----w- C:\Users\Anita1\AppData\Local\{7E6964EE-88E6-48AB-A170-1015D63F83AD}
2012-03-10 10:50:54 -------- d-----w- C:\Users\Anita1\AppData\Local\{A95C708F-FD10-400B-AF7E-CE3FA77DEBAF}
2012-03-09 19:58:53 -------- d-----w- C:\Users\Anita1\AppData\Local\{900F8489-ECE3-4F2C-BB95-073842C39CC7}
2012-03-09 19:57:11 -------- d-----w- C:\Users\Anita1\AppData\Local\{4061A864-AE08-4AE5-A173-E5C40836BFE7}
2012-03-08 21:57:15 -------- d-----w- C:\Users\Anita1\AppData\Local\{ED8C7849-8D16-48D3-A1C7-858770631A9F}
2012-03-08 21:56:27 -------- d-----w- C:\Users\Anita1\AppData\Local\{6ADDB847-7FBE-4F78-9578-94F9E7C6D5AF}
2012-03-07 18:23:29 -------- d-----w- C:\Users\Anita1\AppData\Local\{918AA0AE-2F74-4D4F-92F8-416F7BD8E258}
2012-03-07 18:22:11 -------- d-----w- C:\Users\Anita1\AppData\Local\{DCE85487-033B-484E-BBD8-AE5E1FDF5263}
2012-03-06 20:13:49 -------- d-----w- C:\Users\Anita1\AppData\Local\{49A0AAC8-0B6F-4097-8867-A8353632DB58}
2012-03-05 20:52:20 -------- d-----w- C:\Users\Anita1\AppData\Local\{E168794D-FA15-4BF2-BBD8-5CBF69B8B61C}
2012-03-05 20:51:02 -------- d-----w- C:\Users\Anita1\AppData\Local\{CE78122B-8902-4794-A69B-BDDE00D8D3BB}
2012-03-04 15:22:14 -------- d-----w- C:\Program Files (x86)\Conduit
2012-03-04 15:22:11 -------- d-----w- C:\Users\Anita1\AppData\Local\Conduit
2012-03-04 13:21:52 -------- d-----w- C:\Users\Anita1\AppData\Local\{60F4E466-313A-4F29-844E-7181BB0D7C94}
2012-03-03 20:51:52 -------- d-----w- C:\Users\Anita1\AppData\Local\{989A09DC-DE0A-4754-802E-F038463FD35B}
2012-03-03 20:48:41 -------- d-----w- C:\Users\Anita1\AppData\Local\{1E57FF2D-9332-4DF0-9BA6-FD6AAFBD7FFC}
2012-03-03 12:19:54 -------- d-----w- C:\Users\Anita1\AppData\Local\{B2F4C7B9-9350-4C6B-A169-F50ADC346241}
2012-03-03 00:51:56 -------- d-----w- C:\Users\Anita1\AppData\Local\{C229E2D1-CA25-41E8-9426-E23A3B61677F}
2012-03-01 23:13:28 -------- d-----w- C:\Users\Anita1\AppData\Local\DDMSettings
2012-03-01 23:11:51 -------- d-----w- C:\Program Files\DivX
2012-03-01 23:11:42 -------- d-----w- C:\Program Files (x86)\Common Files\DivX Shared
2012-03-01 23:04:52 -------- d-----w- C:\Program Files (x86)\DivX
2012-03-01 23:02:30 -------- d-----w- C:\ProgramData\DivX
2012-03-01 18:54:09 -------- d-----w- C:\Users\Anita1\AppData\Local\{599CC5CF-0794-4E4A-A72E-35447D69FC02}
2012-02-29 18:20:49 -------- d-----w- C:\Users\Anita1\AppData\Local\{A87CDE3B-73C3-4CFE-A7A5-BC8EFE6C92E9}
2012-02-29 18:20:03 -------- d-----w- C:\Users\Anita1\AppData\Local\{4CD919AF-EA57-4550-9A14-913D56BFEF5B}
2012-02-28 22:23:59 -------- d-----w- C:\Users\Anita1\AppData\Local\{949D1B8E-076F-4DD3-9752-29865BE68493}
2012-02-28 22:21:47 -------- d-----w- C:\Users\Anita1\AppData\Local\{908CFB7D-7AE9-41EF-BC76-DB0F2199F757}
2012-02-27 18:48:29 -------- d-----w- C:\Users\Anita1\AppData\Local\{DCAB8EB3-1595-4583-8799-E3353388822C}
.
==================== Find3M ====================
.
2012-03-01 22:53:07 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-04 10:44:20 509952 ----a-w- C:\Windows\System32\ntshrui.dll
2012-01-04 08:58:41 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll
2012-01-04 00:48:42 354176 ----a-w- C:\Windows\SysWow64\DivXControlPanelApplet.cpl
2011-12-30 06:26:08 515584 ----a-w- C:\Windows\System32\timedate.cpl
2011-12-30 05:27:56 478720 ----a-w- C:\Windows\SysWow64\timedate.cpl
.
============= FINISH: 22:56:13.88 ===============

Hi,

I am having the same problem as stated in this post http://www.bleepingcomputer.com/forums/topic447403.html.
Icons are not showing on desktop either and I have selected the two option you said but this has made no difference. I have tried Malwarebytes but that doesnt seem to have worked either.

Thanks
Anita

Edited by Queen-Evie, 27 March 2012 - 06:08 PM.
Moved from Virus, Trojan, Spyware, and Malware Removal Logs ~Budapest


BC AdBot (Login to Remove)

 


#2 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:05:10 AM

Posted 29 March 2012 - 09:01 AM

Hi,

Post contents of attach.txt log too (should exist after DDS run).

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#3 Anita88

Anita88
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:10 AM

Posted 29 March 2012 - 02:51 PM

Hi,

please see zipped attached file for attach.txt

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 30/10/2011 12:44:15
System Uptime: 27/03/2012 22:29:01 (0 hours ago)
.
Motherboard: Packard Bell | | EasyNote TK85
Processor: Intel® Core™ i3 CPU M 370 @ 2.40GHz | CPU | 2399/1066mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 679 GiB total, 628.435 GiB free.
D: is CDROM ()
E: is CDROM (CDFS)
F: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP21: 01/02/2012 21:33:09 - Scheduled Checkpoint
RP22: 09/02/2012 22:36:59 - Scheduled Checkpoint
RP23: 16/02/2012 23:07:51 - Windows Update
RP24: 23/02/2012 23:54:19 - Scheduled Checkpoint
RP25: 04/03/2012 16:43:04 - Scheduled Checkpoint
RP26: 13/03/2012 23:25:59 - Windows Update
RP27: 20/03/2012 22:46:25 - Windows Update
.
==== Installed Programs ======================
.
???? ??? Windows Live
???? Windows Live
????? Windows Live
?????? ??????? ?? Windows Live
???????? ?????????? Windows Live
?????????? Windows Live
??????????? ?? Windows Live
Acrobat.com
Adobe AIR
Adobe Community Help
Adobe Photoshop Elements 9
Adobe Premiere Elements 9
Adobe Reader 9.1 MUI
Agatha Christie - 4:50 from Paddington
Backup Manager Basic
Bejeweled 2 Deluxe
Bing Bar
Chuzzle Deluxe
Codec-C
Crazy Chicken Kart 2
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Diner Dash 2 Restaurant Rescue
DivX Setup
eBay Worldwide
Elements 9 Organizer
Elements STI Installer
FATE
Fotogalerija Windows Live
Galeria de Fotografias do Windows Live
Galeria fotografii uslugi Windows Live
Galeria fotogràfica del Windows Live
Galerie de photos Windows Live
Galerie foto Windows Live
Galería fotográfica de Windows Live
Google Chrome
Identity Card
Intel® Control Center
Intel® Graphics Media Accelerator Driver
Intel® Management Engine Components
Intel® Rapid Storage Technology
Jewel Quest Solitaire
John Deere Drive Green
Junk Mail filter update
Launch Manager
Mesh Runtime
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Student 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_CRT_x86
Mozilla Firefox 11.0 (x86 en-GB)
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Mystery P.I. - The London Caper
Nero Control Center 10
Nero ControlCenter 10 Help (CHM)
Nero Core Components 10
Nero DiscSpeed 10
Nero DiscSpeed 10 Help (CHM)
Nero Express 10
Nero Express 10 Help (CHM)
Nero Multimedia Suite 10 Essentials
Nero StartSmart 10
Nero StartSmart 10 Help (CHM)
Nero Update
Norton 360
Norton Online Backup
O2 Connection Manager
Packard Bell Games
Packard Bell MyBackup
Packard Bell Power Management
Packard Bell Recovery Management
Packard Bell Registration
Packard Bell ScreenSaver
Packard Bell Social Networks
Packard Bell Updater
Penguins!
Plants vs. Zombies - Game of the Year
Poczta uslugi Windows Live
Podstawowe programy Windows Live
Polar Bowler
Pošta Windows Live
Raccolta foto di Windows Live
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
S?????? f?t???af??? t?? Windows Live
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio Viewer 2010 (KB2597170) 32-Bit Edition
Sky Go Desktop
Skype™ 5.0
Slingo Deluxe
Torchlight
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553323) 32-Bit Edition
Update for Microsoft Outlook Social Connector (KB2583935)
Update Installer for WildTangent Games App
VC80CRTRedist - 8.0.50727.6195
Video Web Camera
Virtual Villagers - The Secret City
Wedding Dash
Welcome Center
WildTangent Games App (Packard Bell Games)
Windows Live
Windows Live ???
Windows Live ????
Windows Live Argazki Galeria
Windows Live Communications Platform
Windows Live Essentials
Windows Live Fotótár
Windows Live Fotogalerie
Windows Live Fotogalleri
Windows Live Fotogaléria
Windows Live Fotograf Galerisi
Windows Live Galeria de Fotos
Windows Live Galerija fotografija
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Temel Parçalar
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Liven asennustyökalu
Windows Liven sähköposti
Windows Liven valokuvavalikoima
Zuma Deluxe
.
==== Event Viewer Messages From Past Week ========
.
27/03/2012 22:31:34, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{76E77387-4566-496C-AA3C-CDED6B14E325} because another computer on the network has the same name. The server could not start.
27/03/2012 22:30:00, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: An instance of the service is already running.
27/03/2012 22:29:30, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
27/03/2012 22:29:30, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.
27/03/2012 21:18:52, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
27/03/2012 21:17:27, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
25/03/2012 17:52:24, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR2.
.
==== End Of File ===========================


Thanks
Anita

Edited by Anita88, 29 March 2012 - 02:53 PM.


#4 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:05:10 AM

Posted 29 March 2012 - 11:39 PM

Hi


Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully first.

Please continue as follows:

  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
    Remember to re-enable them afterwards.

  • Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New dds log.


A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#5 Anita88

Anita88
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:10 AM

Posted 30 March 2012 - 06:39 PM

Please find report below - many thanks for your help with this

ComboFix 12-03-30.06 - Anita1 31/03/2012 0:26.4.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3767.2529 [GMT 1:00]
Running from: c:\users\Anita1\Desktop\ComboFix.exe
AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-02-28 to 2012-03-30 )))))))))))))))))))))))))))))))
.
.
2012-03-30 23:30 . 2012-03-30 23:30 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-30 23:24 . 2008-08-22 12:07 691712 ----a-w- c:\windows\system32\drivers\mod7700.sys
2012-03-30 23:24 . 2008-08-22 12:06 119296 ----a-w- c:\windows\system32\drivers\ewusbnet.sys
2012-03-30 23:24 . 2008-08-22 12:06 115072 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys
2012-03-30 23:24 . 2008-08-22 12:06 117120 ----a-w- c:\windows\system32\drivers\ewusbfake.sys
2012-03-30 23:24 . 2008-08-22 12:06 29696 ----a-w- c:\windows\system32\drivers\ewdcsc.sys
2012-03-27 20:43 . 2012-03-27 20:50 -------- d-----w- c:\program files\CCleaner
2012-03-27 20:07 . 2012-03-27 20:21 -------- d-----w- c:\users\Anita1\AppData\Local\NPE
2012-03-24 15:30 . 2012-03-24 15:30 237 ----a-w- C:\user.js
2012-03-24 15:30 . 2012-03-24 15:30 -------- d-----w- c:\users\Anita1\AppData\Local\Babylon
2012-03-24 15:30 . 2012-03-24 15:30 -------- d-----w- c:\users\Anita1\AppData\Roaming\Babylon
2012-03-24 15:30 . 2012-03-24 15:30 -------- d-----w- c:\programdata\Babylon
2012-03-24 15:25 . 2012-03-24 15:25 -------- d-----w- c:\programdata\Premium
2012-03-24 15:25 . 2012-03-25 12:42 -------- d-----w- c:\program files (x86)\Optimizer Pro
2012-03-24 15:23 . 2012-03-24 15:30 -------- d-----w- c:\programdata\InstallMate
2012-03-24 10:32 . 2012-03-24 10:32 592824 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-24 10:32 . 2012-03-24 10:32 44472 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll
2012-03-13 23:27 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-13 23:27 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-13 23:27 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-13 21:03 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-03-13 21:03 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-03-13 21:03 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-13 20:47 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-13 20:47 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-13 20:47 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-13 20:47 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-13 20:47 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-13 20:47 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-13 20:47 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-04 15:22 . 2012-03-04 15:22 -------- d-----w- c:\program files (x86)\Conduit
2012-03-04 15:22 . 2012-03-04 18:13 -------- d-----w- c:\users\Anita1\AppData\Local\Conduit
2012-03-01 23:13 . 2012-03-01 23:13 -------- d-----w- c:\users\Anita1\AppData\Local\DDMSettings
2012-03-01 23:12 . 2012-03-24 15:24 -------- d-----w- c:\users\Anita1\AppData\Roaming\DivX
2012-03-01 23:11 . 2012-03-01 23:12 -------- d-----w- c:\program files\DivX
2012-03-01 23:11 . 2012-03-01 23:12 -------- d-----w- c:\program files (x86)\Common Files\DivX Shared
2012-03-01 23:04 . 2012-03-01 23:12 -------- d-----w- c:\program files (x86)\DivX
2012-03-01 23:02 . 2012-03-01 23:12 -------- d-----w- c:\programdata\DivX
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-01 22:53 . 2011-10-30 16:52 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-04 10:44 . 2012-02-16 18:32 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-01-04 08:58 . 2012-02-16 18:32 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2012-01-04 00:48 . 2012-01-04 00:48 354176 ----a-w- c:\windows\SysWow64\DivXControlPanelApplet.cpl
.
.
((((((((((((((((((((((((((((( SnapShot@2012-03-30_23.13.49 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-21 03:09 . 2012-03-30 23:24 48928 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-03-30 23:24 38864 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-10-30 12:46 . 2012-03-30 23:24 11038 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3669376872-2096048284-156794456-1001_UserData.bin
- 2009-07-14 05:30 . 2012-03-30 20:32 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2009-07-14 05:30 . 2012-03-30 23:24 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2012-03-30 23:31 . 2012-03-30 23:31 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-03-30 23:13 . 2012-03-30 23:13 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-03-30 23:13 . 2012-03-30 23:13 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-03-30 23:31 . 2012-03-30 23:31 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 02:36 . 2012-03-30 22:40 628460 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-03-30 23:28 628460 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-03-30 23:28 110612 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-03-30 22:40 110612 c:\windows\system32\perfc009.dat
- 2009-07-14 05:30 . 2012-03-30 20:32 143360 c:\windows\system32\DriverStore\infstrng.dat
+ 2009-07-14 05:30 . 2012-03-30 23:24 143360 c:\windows\system32\DriverStore\infstrng.dat
+ 2009-07-14 05:30 . 2012-03-30 23:24 143360 c:\windows\system32\DriverStore\infstor.dat
- 2009-07-14 05:30 . 2012-03-30 20:32 143360 c:\windows\system32\DriverStore\infstor.dat
- 2009-07-14 05:01 . 2012-03-30 23:12 320812 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-03-30 23:30 320812 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-10-30 17:04 . 2012-03-30 23:30 1712052 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3669376872-2096048284-156794456-1001-8192.dat
- 2011-10-30 17:04 . 2012-03-30 23:12 1712052 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3669376872-2096048284-156794456-1001-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{19480E4E-F264-4DFB-B991-C35664EDBE49}]
c:\programdata\Codec-C\bhoclass.dll [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-04-13 284696]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe" [2010-06-28 263936]
"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-08-10 975952]
"O2Start"="c:\program files (x86)\O2CM-CE\O2 Connection Manager\tscui.exe" [2008-10-10 2662400]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
2;2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-01 183560]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0502000.00D\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0502000.00D\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\BASHDefs\20120317.002\BHDrvx64.sys [2012-03-02 1157240]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\IPSDefs\20120329.002\IDSvia64.sys [2012-03-06 488568]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0502000.00D\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\0502000.00D\SYMNETS.SYS [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-09-30 169408]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-08-10 321104]
S2 ePowerSvc;Acer ePower Service;c:\program files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [2011-01-05 867712]
S2 GREGService;GREGService;c:\program files (x86)\Packard Bell\Registration\GREGsvc.exe [2010-01-08 23584]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-04-13 13336]
S2 Live Updater Service;Live Updater Service;c:\program files\Packard Bell\Packard Bell Updater\UpdaterService.exe [2011-01-31 244624]
S2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\5.2.0.13\ccSvcHst.exe [2011-04-17 130008]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-05-04 503080]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe [2010-06-28 255744]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-02-04 138360]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3669376872-2096048284-156794456-1001Core.job
- c:\users\Anita1\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-30 15:56]
.
2012-03-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3669376872-2096048284-156794456-1001UA.job
- c:\users\Anita1\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-30 15:56]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-07-23 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-07-23 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-07-23 415256]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-06-22 10920552]
"ETDWare"="c:\program files (x86)\Elantech\ETDCtrl.exe" [BU]
"Acer ePower Management"="c:\program files\Packard Bell\Packard Bell Power Management\ePowerTray.exe" [2011-01-05 860040]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-07-29 497648]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.co.uk/
mStart Page = hxxp://packardbell.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~4\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{76E77387-4566-496C-AA3C-CDED6B14E325}: NameServer = 82.132.254.3 82.132.254.2
FF - ProfilePath - c:\users\Anita1\AppData\Roaming\Mozilla\Firefox\Profiles\jxs051hx.default\
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=111363
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - a0f2a80d000000000000000000000000
FF - user.js: extensions.BabylonToolbar_i.hardId - a0f2a80d000000000000000000000000
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15423
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1715:30
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton 360\Engine\5.2.0.13\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\5.2.0.13\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
.
**************************************************************************
.
Completion time: 2012-03-31 00:34:44 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-30 23:34
ComboFix2.txt 2012-03-30 23:17
.
Pre-Run: 686,182,924,288 bytes free
Post-Run: 686,098,456,576 bytes free
.
- - End Of File - - 5F216A9371BEF2F172060AD7AC2346D4

#6 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:05:10 AM

Posted 31 March 2012 - 04:03 AM

Hi again,



Open notepad and copy/paste the text in the quotebox below into it:

File::
C:\user.js
Folder::
c:\users\Anita1\AppData\Local\Babylon
c:\users\Anita1\AppData\Roaming\Babylon
c:\programdata\Babylon
c:\programdata\Premium
c:\program files (x86)\Optimizer Pro
c:\programdata\InstallMate
DDS::
BHO: Codec-C Class: {19480e4e-f264-4dfb-b991-c35664edbe49} - C:\ProgramData\Codec-C\bhoclass.dll
TB: {687578B9-7132-4A7A-80E4-30EE31099E03} - No File
BHO-X64: Codec-C Class: {19480E4E-F264-4DFB-B991-C35664EDBE49} - C:\ProgramData\Codec-C\bhoclass.dll
BHO-X64: Codec-C - No File
Firefox::
FF - ProfilePath - C:\Users\Anita1\AppData\Roaming\Mozilla\Firefox\Profiles\jxs051hx.default\
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=111363
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - a0f2a80d000000000000000000000000
FF - user.js: extensions.BabylonToolbar_i.hardId - a0f2a80d000000000000000000000000
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15423
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1715:30:24
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst


Save this as
CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.

Posted Image

Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe (let the tool to update itself if prompted).
Then post the resultant log.


Uninstall old Adobe Reader versions and get the latest one (Adobe Reader 10.1 and separate 10.1.1 10.1.2 updates for it) here or get Foxit Reader here. Make sure you don't (unless you want to) install toolbar if choose Foxit Reader! You may also check free readers introduced here.


* Go here to run an online scanner from ESET.
  • Note: You will need to use Internet explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is UNchecked and the option Scan unwanted applications is checkmarked.
  • Click Scan
  • Wait for the scan to finish.


Post back its report, a fresh dds.txt log and above mentioned ComboFix resultant log.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#7 Anita88

Anita88
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:10 AM

Posted 01 April 2012 - 12:40 AM

Hi please see below logs for combofix, ESET and DDS.

The ESET showed No threats were found on the computer


ComboFix 12-03-30.06 - Anita1 01/04/2012 2:17.5.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3767.2637 [GMT 1:00]
Running from: c:\users\Anita1\Desktop\ComboFix.exe
Command switches used :: c:\users\Anita1\Desktop\CFScript.txt
AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
FILE ::
"C:\user.js"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Optimizer Pro
c:\programdata\Babylon
c:\programdata\InstallMate
c:\programdata\InstallMate\{B01A9061-55EF-4AEF-9983-6BD5B2D76491}\_Setup.dll
c:\programdata\InstallMate\{B01A9061-55EF-4AEF-9983-6BD5B2D76491}\_Setupx.dll
c:\programdata\InstallMate\{B01A9061-55EF-4AEF-9983-6BD5B2D76491}\0.ini
c:\programdata\InstallMate\{B01A9061-55EF-4AEF-9983-6BD5B2D76491}\20120324152319.log
c:\programdata\InstallMate\{B01A9061-55EF-4AEF-9983-6BD5B2D76491}\20120324152918.log
c:\programdata\InstallMate\{B01A9061-55EF-4AEF-9983-6BD5B2D76491}\Setup.dat
c:\programdata\InstallMate\{B01A9061-55EF-4AEF-9983-6BD5B2D76491}\Setup.exe
c:\programdata\InstallMate\{B01A9061-55EF-4AEF-9983-6BD5B2D76491}\Setup.ico
c:\programdata\InstallMate\{B01A9061-55EF-4AEF-9983-6BD5B2D76491}\TsuDll.dll
c:\programdata\Premium
C:\user.js
c:\users\Anita1\AppData\Local\Babylon
c:\users\Anita1\AppData\Local\Babylon\Setup\bab033.tbinst.dat
c:\users\Anita1\AppData\Local\Babylon\Setup\bab091.norecovericon.dat
c:\users\Anita1\AppData\Local\Babylon\Setup\Babylon.dat
c:\users\Anita1\AppData\Local\Babylon\Setup\BExternal.dll
c:\users\Anita1\AppData\Local\Babylon\Setup\HtmlScreens\blueStar.png
c:\users\Anita1\AppData\Local\Babylon\Setup\HtmlScreens\eula.html
c:\users\Anita1\AppData\Local\Babylon\Setup\HtmlScreens\globe.png
c:\users\Anita1\AppData\Local\Babylon\Setup\HtmlScreens\options.js
c:\users\Anita1\AppData\Local\Babylon\Setup\HtmlScreens\page0.html
c:\users\Anita1\AppData\Local\Babylon\Setup\HtmlScreens\page2.css
c:\users\Anita1\AppData\Local\Babylon\Setup\HtmlScreens\page2.html
c:\users\Anita1\AppData\Local\Babylon\Setup\HtmlScreens\page2Lrg.css
c:\users\Anita1\AppData\Local\Babylon\Setup\HtmlScreens\page3.css
c:\users\Anita1\AppData\Local\Babylon\Setup\HtmlScreens\page3.html
c:\users\Anita1\AppData\Local\Babylon\Setup\HtmlScreens\page3Lrg.css
c:\users\Anita1\AppData\Local\Babylon\Setup\HtmlScreens\pBar.gif
c:\users\Anita1\AppData\Local\Babylon\Setup\HtmlScreens\progress.png
c:\users\Anita1\AppData\Local\Babylon\Setup\HtmlScreens\setup.js
c:\users\Anita1\AppData\Local\Babylon\Setup\HtmlScreens\title.png
c:\users\Anita1\AppData\Local\Babylon\Setup\HtmlScreens\toolBar.jpg
c:\users\Anita1\AppData\Local\Babylon\Setup\IECookieLow.dll
c:\users\Anita1\AppData\Local\Babylon\Setup\Setup-tbmntr903.zpb
c:\users\Anita1\AppData\Local\Babylon\Setup\Setup.exe
c:\users\Anita1\AppData\Local\Babylon\Setup\SetupStrings.dat
c:\users\Anita1\AppData\Local\Babylon\Setup\sqlite3.dll
c:\users\Anita1\AppData\Roaming\Babylon
c:\users\Anita1\AppData\Roaming\Babylon\log_file.txt
.
.
((((((((((((((((((((((((( Files Created from 2012-03-01 to 2012-04-01 )))))))))))))))))))))))))))))))
.
.
2012-04-01 01:22 . 2012-04-01 01:22 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-01 01:14 . 2008-08-22 12:07 691712 ----a-w- c:\windows\system32\drivers\mod7700.sys
2012-04-01 01:14 . 2008-08-22 12:06 119296 ----a-w- c:\windows\system32\drivers\ewusbnet.sys
2012-04-01 01:14 . 2008-08-22 12:06 115072 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys
2012-04-01 01:14 . 2008-08-22 12:06 117120 ----a-w- c:\windows\system32\drivers\ewusbfake.sys
2012-04-01 01:14 . 2008-08-22 12:06 29696 ----a-w- c:\windows\system32\drivers\ewdcsc.sys
2012-03-27 20:43 . 2012-03-27 20:50 -------- d-----w- c:\program files\CCleaner
2012-03-27 20:07 . 2012-03-27 20:21 -------- d-----w- c:\users\Anita1\AppData\Local\NPE
2012-03-24 10:32 . 2012-03-24 10:32 592824 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-24 10:32 . 2012-03-24 10:32 44472 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll
2012-03-13 23:27 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-13 23:27 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-13 23:27 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-13 21:03 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-03-13 21:03 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-03-13 21:03 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-13 20:47 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-13 20:47 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-13 20:47 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-13 20:47 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-13 20:47 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-13 20:47 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-13 20:47 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-04 15:22 . 2012-03-04 15:22 -------- d-----w- c:\program files (x86)\Conduit
2012-03-04 15:22 . 2012-03-04 18:13 -------- d-----w- c:\users\Anita1\AppData\Local\Conduit
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-01 22:53 . 2011-10-30 16:52 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-04 10:44 . 2012-02-16 18:32 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-01-04 08:58 . 2012-02-16 18:32 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2012-01-04 00:48 . 2012-01-04 00:48 354176 ----a-w- c:\windows\SysWow64\DivXControlPanelApplet.cpl
.
.
((((((((((((((((((((((((((((( SnapShot@2012-03-30_23.13.49 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-21 03:09 . 2012-03-31 16:01 49236 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-04-01 01:13 39090 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-10-30 12:46 . 2012-04-01 01:13 11094 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3669376872-2096048284-156794456-1001_UserData.bin
- 2009-07-14 05:30 . 2012-03-30 20:32 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2009-07-14 05:30 . 2012-04-01 01:14 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2012-04-01 01:23 . 2012-04-01 01:23 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-03-30 23:13 . 2012-03-30 23:13 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-04-01 01:23 . 2012-04-01 01:23 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-03-30 23:13 . 2012-03-30 23:13 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-11-01 21:39 . 2012-03-31 17:21 246676 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2009-07-14 02:36 . 2012-03-30 22:40 628460 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-04-01 01:16 628460 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-03-30 22:40 110612 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-04-01 01:16 110612 c:\windows\system32\perfc009.dat
- 2009-07-14 05:30 . 2012-03-30 20:32 143360 c:\windows\system32\DriverStore\infstrng.dat
+ 2009-07-14 05:30 . 2012-04-01 01:14 143360 c:\windows\system32\DriverStore\infstrng.dat
- 2009-07-14 05:30 . 2012-03-30 20:32 143360 c:\windows\system32\DriverStore\infstor.dat
+ 2009-07-14 05:30 . 2012-04-01 01:14 143360 c:\windows\system32\DriverStore\infstor.dat
- 2009-07-14 05:01 . 2012-03-30 23:12 320812 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-04-01 01:22 320812 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-10-30 17:04 . 2012-04-01 01:22 1712052 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3669376872-2096048284-156794456-1001-8192.dat
- 2011-10-30 17:04 . 2012-03-30 23:12 1712052 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3669376872-2096048284-156794456-1001-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-04-13 284696]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe" [2010-06-28 263936]
"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-08-10 975952]
"O2Start"="c:\program files (x86)\O2CM-CE\O2 Connection Manager\tscui.exe" [2008-10-10 2662400]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
2;2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-05-04 503080]
R2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-03-18 2320920]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-01 183560]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0502000.00D\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0502000.00D\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\BASHDefs\20120317.002\BHDrvx64.sys [2012-03-02 1157240]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\IPSDefs\20120330.002\IDSvia64.sys [2012-03-06 488568]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0502000.00D\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\0502000.00D\SYMNETS.SYS [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-09-30 169408]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-08-10 321104]
S2 ePowerSvc;Acer ePower Service;c:\program files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [2011-01-05 867712]
S2 GREGService;GREGService;c:\program files (x86)\Packard Bell\Registration\GREGsvc.exe [2010-01-08 23584]
S2 Live Updater Service;Live Updater Service;c:\program files\Packard Bell\Packard Bell Updater\UpdaterService.exe [2011-01-31 244624]
S2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\5.2.0.13\ccSvcHst.exe [2011-04-17 130008]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe [2010-06-28 255744]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-02-04 138360]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3669376872-2096048284-156794456-1001Core.job
- c:\users\Anita1\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-30 15:56]
.
2012-03-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3669376872-2096048284-156794456-1001UA.job
- c:\users\Anita1\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-30 15:56]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-07-23 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-07-23 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-07-23 415256]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-06-22 10920552]
"ETDWare"="c:\program files (x86)\Elantech\ETDCtrl.exe" [BU]
"Acer ePower Management"="c:\program files\Packard Bell\Packard Bell Power Management\ePowerTray.exe" [2011-01-05 860040]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-07-29 497648]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.co.uk/
mStart Page = hxxp://packardbell.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~4\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{76E77387-4566-496C-AA3C-CDED6B14E325}: NameServer = 82.132.254.3 82.132.254.2
FF - ProfilePath - c:\users\Anita1\AppData\Roaming\Mozilla\Firefox\Profiles\jxs051hx.default\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton 360\Engine\5.2.0.13\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\5.2.0.13\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
.
**************************************************************************
.
Completion time: 2012-04-01 02:26:12 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-01 01:26
ComboFix2.txt 2012-03-30 23:34
ComboFix3.txt 2012-03-30 23:17
.
Pre-Run: 685,865,586,688 bytes free
Post-Run: 685,784,395,776 bytes free
.
- - End Of File - - FD9600CAC38700F5C0A2C093E359F6F4


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Anita1 at 6:37:32 on 2012-04-01
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3767.2147 [GMT 1:00]
.
AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
c:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
C:\Program Files (x86)\Launch Manager\dsiwmis.exe
C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe
C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Norton 360\Engine\5.2.0.13\ccSvcHst.exe
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Norton 360\Engine\5.2.0.13\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Windows\system32\igfxext.exe
C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\O2CM-CE\O2 Connection Manager\tscui.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
C:\Program Files (x86)\Launch Manager\LMworker.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerEvent.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/
mStart Page = hxxp://packardbell.msn.com
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton 360\Engine\5.2.0.13\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton 360\Engine\5.2.0.13\IPS\IPSBHO.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton 360\Engine\5.2.0.13\coIEPlg.dll
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe" -h -k
mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun: [O2Start] C:\Program Files (x86)\O2CM-CE\O2 Connection Manager\tscui.exe /s
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{76E77387-4566-496C-AA3C-CDED6B14E325} : NameServer = 82.132.254.3 82.132.254.2
TCP: Interfaces\{E706EEFD-5C4D-43BE-B190-DCF55203089E} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{E706EEFD-5C4D-43BE-B190-DCF55203089E}\544494D4142353 : DhcpNameServer = 192.168.0.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\5.2.0.13\coIEPlg.dll
BHO-X64: Symantec NCO BHO - No File
BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\5.2.0.13\IPS\IPSBHO.DLL
BHO-X64: Symantec Intrusion Prevention - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\5.2.0.13\coIEPlg.dll
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe" -h -k
mRun-x64: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun-x64: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun-x64: [O2Start] C:\Program Files (x86)\O2CM-CE\O2 Connection Manager\tscui.exe /s
mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Anita1\AppData\Roaming\Mozilla\Firefox\Profiles\jxs051hx.default\
FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Anita1\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\N360x64\0502000.00D\SYMDS64.SYS --> C:\Windows\system32\drivers\N360x64\0502000.00D\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\N360x64\0502000.00D\SYMEFA64.SYS --> C:\Windows\system32\drivers\N360x64\0502000.00D\SYMEFA64.SYS [?]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\BASHDefs\20120317.002\BHDrvx64.sys [2012-3-20 1157240]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\IPSDefs\20120330.002\IDSviA64.sys [2012-3-31 488568]
R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\N360x64\0502000.00D\Ironx64.SYS --> C:\Windows\system32\drivers\N360x64\0502000.00D\Ironx64.SYS [?]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\N360x64\0502000.00D\SYMNETS.SYS --> C:\Windows\system32\Drivers\N360x64\0502000.00D\SYMNETS.SYS [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-9-30 169408]
R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2011-5-26 321104]
R2 ePowerSvc;Acer ePower Service;C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [2011-6-19 867712]
R2 GREGService;GREGService;C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe [2010-1-8 23584]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-5-26 13336]
R2 Live Updater Service;Live Updater Service;C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe [2011-5-26 244624]
R2 N360;Norton 360;C:\Program Files (x86)\Norton 360\Engine\5.2.0.13\ccsvchst.exe [2012-1-31 130008]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-5-4 503080]
R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]
R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe [2010-6-28 255744]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-5-26 2320920]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-2-5 138360]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\system32\DRIVERS\ETD.sys --> C:\Windows\system32\DRIVERS\ETD.sys [?]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\drivers\HECIx64.sys --> C:\Windows\system32\drivers\HECIx64.sys [?]
R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
S2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-3-1 183560]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]
.
=============== Created Last 30 ================
.
2012-04-01 01:57:07 -------- d-----w- C:\Program Files (x86)\ESET
2012-04-01 01:27:40 -------- d-sh--w- C:\$RECYCLE.BIN
2012-04-01 01:14:35 691712 ----a-w- C:\Windows\System32\drivers\mod7700.sys
2012-04-01 01:14:35 29696 ----a-w- C:\Windows\System32\drivers\ewdcsc.sys
2012-04-01 01:14:35 119296 ----a-w- C:\Windows\System32\drivers\ewusbnet.sys
2012-04-01 01:14:35 117120 ----a-w- C:\Windows\System32\drivers\ewusbfake.sys
2012-04-01 01:14:35 115072 ----a-w- C:\Windows\System32\drivers\ewusbmdm.sys
2012-03-30 23:08:01 98816 ----a-w- C:\Windows\sed.exe
2012-03-30 23:08:01 518144 ----a-w- C:\Windows\SWREG.exe
2012-03-30 23:08:01 256000 ----a-w- C:\Windows\PEV.exe
2012-03-30 23:08:01 208896 ----a-w- C:\Windows\MBR.exe
2012-03-30 20:30:16 -------- d-----w- C:\Users\Anita1\AppData\Local\{5BFC4475-98E9-470C-BAE6-9FC8C3B30ADC}
2012-03-29 17:39:44 -------- d-----w- C:\Users\Anita1\AppData\Local\{46D2B6DA-414B-4B79-9615-A58D6B0A232D}
2012-03-28 20:38:17 -------- d-----w- C:\Users\Anita1\AppData\Local\{1CDC3FA1-BE37-4159-B817-71459727EA46}
2012-03-27 21:31:08 -------- d-----w- C:\Users\Anita1\AppData\Local\{85FBFF70-5401-493A-B1A9-F49E5C77B1FC}
2012-03-27 21:30:00 -------- d-----w- C:\Users\Anita1\AppData\Local\{61682404-7434-4393-A32C-72D117DC20CC}
2012-03-27 20:43:17 -------- d-----w- C:\Program Files\CCleaner
2012-03-27 20:15:37 -------- d-----w- C:\Users\Anita1\AppData\Local\{7C4398C0-9E63-4DCD-BDEE-A7C722CEDB68}
2012-03-27 20:14:30 -------- d-----w- C:\Users\Anita1\AppData\Local\{E34B4359-2E25-4E62-9ADC-938E074F7A54}
2012-03-27 20:07:27 -------- d-----w- C:\Users\Anita1\AppData\Local\NPE
2012-03-27 18:08:21 -------- d-----w- C:\Users\Anita1\AppData\Local\{9E4FA8C8-CFB2-48C5-8CA0-D6D8E0D7D193}
2012-03-26 18:05:14 -------- d-----w- C:\Users\Anita1\AppData\Local\{CB3B68B1-775B-426A-A110-BBEDF4791B18}
2012-03-26 18:04:07 -------- d-----w- C:\Users\Anita1\AppData\Local\{10B7891C-4C47-4FC0-BAFB-32AA510C449F}
2012-03-25 16:53:05 -------- d-----w- C:\Users\Anita1\AppData\Local\{FAE2332C-9D1B-42D1-B73E-0B2BACBBB134}
2012-03-25 12:41:09 -------- d-----w- C:\Users\Anita1\AppData\Local\{40BB687B-E670-46E5-B62F-1FCD6D05D25F}
2012-03-25 03:12:25 -------- d-----w- C:\Users\Anita1\AppData\Local\{7AEA7C86-3710-43CC-9D5A-A3E2B1FF6202}
2012-03-24 10:32:01 592824 ----a-w- C:\Program Files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-24 10:32:01 44472 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozglue.dll
2012-03-24 10:25:40 -------- d-----w- C:\Users\Anita1\AppData\Local\{71555E3E-7B68-4148-8397-B4E6CC3D3584}
2012-03-23 21:08:06 -------- d-----w- C:\Users\Anita1\AppData\Local\{EC0B29E0-172E-4679-9E78-3DED847A2CBC}
2012-03-21 19:03:12 -------- d-----w- C:\Users\Anita1\AppData\Local\{55E2DE99-1EB3-4B14-9177-1AC6EA3918FD}
2012-03-21 19:02:01 -------- d-----w- C:\Users\Anita1\AppData\Local\{BAA4AC74-5DE5-47C7-B866-A744F889B8A7}
2012-03-20 19:30:53 -------- d-----w- C:\Users\Anita1\AppData\Local\{952B7BA3-F9A5-4512-A36B-8CFB3BD23F6A}
2012-03-20 19:29:34 -------- d-----w- C:\Users\Anita1\AppData\Local\{B4B86D89-D9B0-45FC-AC0A-026F85CC02B3}
2012-03-19 18:31:10 -------- d-----w- C:\Users\Anita1\AppData\Local\{EF448204-E3D8-4BC9-AD51-951139CD164B}
2012-03-19 18:30:02 -------- d-----w- C:\Users\Anita1\AppData\Local\{99998CE2-7E30-478D-A00C-CD1599A6AB01}
2012-03-18 21:26:36 -------- d-----w- C:\Users\Anita1\AppData\Local\{98554836-FD69-455B-8F47-9BD0ED8CFDD8}
2012-03-18 21:24:19 -------- d-----w- C:\Users\Anita1\AppData\Local\{6BE78800-F8DD-4809-9656-6A859DA35538}
2012-03-18 20:51:33 -------- d-----w- C:\Users\Anita1\AppData\Local\{95FC150C-B620-41AF-8677-0BE2FC3C1A33}
2012-03-18 20:31:49 -------- d-----w- C:\Users\Anita1\AppData\Local\{ED6FB996-D4DB-444A-8003-1302AFFE12E7}
2012-03-16 18:27:33 -------- d-----w- C:\Users\Anita1\AppData\Local\{31E6D203-2816-400E-B300-D4F09C075C95}
2012-03-16 18:26:16 -------- d-----w- C:\Users\Anita1\AppData\Local\{884D097F-4676-48A6-A9B0-199A42E44D80}
2012-03-15 18:13:01 -------- d-----w- C:\Users\Anita1\AppData\Local\{B749CE4C-9B34-43C2-9F9A-D5D0DCD2FE63}
2012-03-15 18:12:18 -------- d-----w- C:\Users\Anita1\AppData\Local\{02D30B0C-9A89-4FAA-B5E5-5EEDDD699892}
2012-03-14 18:43:23 -------- d-----w- C:\Users\Anita1\AppData\Local\{ACCA8AB1-7D95-4EDA-97E2-6BBF40269368}
2012-03-14 18:42:14 -------- d-----w- C:\Users\Anita1\AppData\Local\{E2C775EE-1511-49FA-952E-5BF90529E5BE}
2012-03-13 23:27:10 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-03-13 23:27:10 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-03-13 23:27:09 3913584 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-03-13 21:03:21 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-03-13 21:03:19 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2012-03-13 21:03:19 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-03-13 20:47:37 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-03-13 20:47:37 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-03-13 20:47:37 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-03-13 20:47:36 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-03-13 20:47:36 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-03-13 20:47:36 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-03-13 20:47:36 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-03-13 20:41:35 -------- d-----w- C:\Users\Anita1\AppData\Local\{45199E71-3894-4685-A789-5C1753036155}
2012-03-13 20:40:56 -------- d-----w- C:\Users\Anita1\AppData\Local\{3350C19F-6E13-4186-A6A6-79817A8723FE}
2012-03-12 18:19:39 -------- d-----w- C:\Users\Anita1\AppData\Local\{88433906-08B2-44D1-B245-84842563181A}
2012-03-12 18:18:51 -------- d-----w- C:\Users\Anita1\AppData\Local\{8CE6FEA1-4236-43C3-A3D7-DF729BDD4866}
2012-03-11 15:29:21 -------- d-----w- C:\Users\Anita1\AppData\Local\{BC7CFA93-7AFC-483B-9F67-071F11241F7E}
2012-03-10 22:37:08 -------- d-----w- C:\Users\Anita1\AppData\Local\{B52F60E2-5359-4C33-B9E0-A51BBE6DFD0F}
2012-03-10 10:51:39 -------- d-----w- C:\Users\Anita1\AppData\Local\{7E6964EE-88E6-48AB-A170-1015D63F83AD}
2012-03-10 10:50:54 -------- d-----w- C:\Users\Anita1\AppData\Local\{A95C708F-FD10-400B-AF7E-CE3FA77DEBAF}
2012-03-09 19:58:53 -------- d-----w- C:\Users\Anita1\AppData\Local\{900F8489-ECE3-4F2C-BB95-073842C39CC7}
2012-03-09 19:57:11 -------- d-----w- C:\Users\Anita1\AppData\Local\{4061A864-AE08-4AE5-A173-E5C40836BFE7}
2012-03-08 21:57:15 -------- d-----w- C:\Users\Anita1\AppData\Local\{ED8C7849-8D16-48D3-A1C7-858770631A9F}
2012-03-08 21:56:27 -------- d-----w- C:\Users\Anita1\AppData\Local\{6ADDB847-7FBE-4F78-9578-94F9E7C6D5AF}
2012-03-07 18:23:29 -------- d-----w- C:\Users\Anita1\AppData\Local\{918AA0AE-2F74-4D4F-92F8-416F7BD8E258}
2012-03-07 18:22:11 -------- d-----w- C:\Users\Anita1\AppData\Local\{DCE85487-033B-484E-BBD8-AE5E1FDF5263}
2012-03-06 20:13:49 -------- d-----w- C:\Users\Anita1\AppData\Local\{49A0AAC8-0B6F-4097-8867-A8353632DB58}
2012-03-05 20:52:20 -------- d-----w- C:\Users\Anita1\AppData\Local\{E168794D-FA15-4BF2-BBD8-5CBF69B8B61C}
2012-03-05 20:51:02 -------- d-----w- C:\Users\Anita1\AppData\Local\{CE78122B-8902-4794-A69B-BDDE00D8D3BB}
2012-03-04 15:22:14 -------- d-----w- C:\Program Files (x86)\Conduit
2012-03-04 15:22:11 -------- d-----w- C:\Users\Anita1\AppData\Local\Conduit
2012-03-04 13:21:52 -------- d-----w- C:\Users\Anita1\AppData\Local\{60F4E466-313A-4F29-844E-7181BB0D7C94}
2012-03-03 20:51:52 -------- d-----w- C:\Users\Anita1\AppData\Local\{989A09DC-DE0A-4754-802E-F038463FD35B}
2012-03-03 20:48:41 -------- d-----w- C:\Users\Anita1\AppData\Local\{1E57FF2D-9332-4DF0-9BA6-FD6AAFBD7FFC}
2012-03-03 12:19:54 -------- d-----w- C:\Users\Anita1\AppData\Local\{B2F4C7B9-9350-4C6B-A169-F50ADC346241}
2012-03-03 00:51:56 -------- d-----w- C:\Users\Anita1\AppData\Local\{C229E2D1-CA25-41E8-9426-E23A3B61677F}
.
==================== Find3M ====================
.
2012-01-04 10:44:20 509952 ----a-w- C:\Windows\System32\ntshrui.dll
2012-01-04 08:58:41 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll
2012-01-04 00:48:42 354176 ----a-w- C:\Windows\SysWow64\DivXControlPanelApplet.cpl
.
============= FINISH: 6:38:10.20 ===============

#8 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:05:10 AM

Posted 01 April 2012 - 02:41 AM

Hi,

Are there any issues still present?

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#9 Anita88

Anita88
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:10 AM

Posted 01 April 2012 - 05:01 AM

Hi,

The issue that I still have is that none of my programs appear in all programs on the start menu (ie microsoft office..like word, excel etc) and folders like accessories dont contain all the stuff that they should.

Also codec-c still it exists in the programmes i have on my computer and it wont let me uninstall it.

Thanks

#10 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:05:10 AM

Posted 01 April 2012 - 10:49 AM

The issue that I still have is that none of my programs appear in all programs on the start menu (ie microsoft office..like word, excel etc) and folders like accessories dont contain all the stuff that they should.

I can't guarantee those can be restored without reinstalling the apps but I have a couple of things we can try. First, please try to run this. Let me know if it helped.

Also codec-c still it exists in the programmes i have on my computer and it wont let me uninstall it.

Do you mean that it exists in Programs and Features menu? What happens if you try to uninstall?

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#11 Anita88

Anita88
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:10 AM

Posted 01 April 2012 - 12:43 PM

Hi,

Codec-c has now been uninstalled - thanks!

However i still dont have all the programmes in the start menu even after running the programme you provided. Is there anything else I can try? The programmes have not been deleted as they still in the programme files folder but they just dont show up on the start menu under all programms.

Thanks

#12 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:05:10 AM

Posted 01 April 2012 - 01:05 PM

You can try this. If it doesn't help then you need to manually add those missing items back or alternatively reinstall affected applications.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#13 Anita88

Anita88
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:10 AM

Posted 01 April 2012 - 04:05 PM

okay thank you - that did help but i will add the rest manually.

Thanks

#14 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:05:10 AM

Posted 02 April 2012 - 02:20 AM

You're welcome :)

Here's a list of the final steps.


THESE STEPS ARE VERY IMPORTANT

Let's reset system restore
Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: You will lose all previous restore points which are likely to be infected. Please note you need Administrator Access to do clean the restore points.

A To disable the System Restore feature:

1. Click on the Start button.
2. Hover over the Computer option, right click on it and then click Properties.
3. On the left hand side, click Advanced Settings.
4. If asked to permit the action, click on Allow.
5. Click on the System Protection tab.
6. Select c: drive and click Configure...
7. Select Turn off protection
8. Press OK.
Repeat steps 6-8 for each hard drive.

B. Reboot.

C Turn ON System Restore.
Follow the steps like you did when disabling system restore but on step 7. select Restore system settings and previous versions of files -option.



Now lets uninstall ComboFix:
  • Click START then RUN
  • Now copy-paste Combofix /uninstall in the runbox and click OK



UPDATING WINDOWS AND INTERNET EXPLORER

IMPORTANT: You Need to Update Windows and Internet Explorer to protect your computer from the malware that is around on the Internet. Please go to the windows update site to get the critical updates.



Download and run Secunia Personal Software Inspector (PSI) and fix its findings. Leave the program installed so you'll stay alarmed about vulnerable components in future too.


Just a final reminder for you. I am trying to stress these two points.
UPDATE UPDATE UPDATE!!! Make sure you do this about every 1-2 weeks.
Make sure all of your security programs are up to date.
Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.


Once again, please post and tell me how things are going with your system... problems etc.

Have a great day,
Blade B)

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#15 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:05:10 AM

Posted 14 April 2012 - 04:24 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users