Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

SERIOUS Infection


  • This topic is locked This topic is locked
12 replies to this topic

#1 debuall

debuall

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:24 PM

Posted 09 August 2012 - 03:38 PM

Hi, this is my first time posting here and I'm not quite sure what to do, so I'll give an outline of my problems and wait for a response.

PLEASE TELL ME WHAT I NEED TO INCLUDE OF MORE INFORMATION FOR MALWARE HELPERS TO ASSIST.

Ok, so a few days ago I managed to get rid of "(Something) (Something) Platinum" - a fake antivirus that displays 'warning' messages prompting me to download the premium version as it is my only hope apparently. Using another laptop to access forums, I managed to remove the annoying fake antivirus. Then, I keep getting pop-up warnings saying I have a trojan from c:\Windows\Installer\(Something) with 0000000cb.@ or 000000008@ or something at the end of the file name. There seems to be a big problem with services.exe in System32 and MANY Spyware programmes have told me of the serious trojan/malware problem but have suggested I buy the premium version to be secure... :huh::/

I'm being incredibly vague but I'm up for giving logs - I would need to be told which software to download and get the logs from though.

Thanks for any help, I appreciate it.

BC AdBot (Login to Remove)

 


#2 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,103 posts
  • ONLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:11:24 AM

Posted 09 August 2012 - 04:21 PM

Hello,

Please follow the instructions in ==>This Guide<== starting at step 6. If you cannot complete a step, skip it and continue.

Once the proper logs are created, then post them in a reply to this topic by using the Add Reply button.

If you can produce at least some of the logs, then please create the post and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the reply and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

Please note that I am not a member of the Malware Removal Team and will not be assisting you in removing the infection. I'm simply helping you to post the information they need in order to assist you.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

Orange Blossom :cherry:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Internet Security, NoScript Firefox ext.


animinionsmalltext.gif

#3 debuall

debuall
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:24 PM

Posted 09 August 2012 - 07:01 PM

Merged topics. Title was: Win32 Infection coming from services.exe in System 32 I repeatedly keep getting alerts that a Trojan has been introduced ~ OB

Every few minutes I get a pop-up from Avast saying that Trojan/Malware is attacking my laptop. I have found the folder in which another file is sending the infected trojans to, and they keep replacing themselves after repeated permanent deletion. The folder is in C:\Windows\Installer\{Random number/letter/dash combination}\U\Random infected repeatedly generated file. The alerts keep showing that the process is 'services.exe' from System32 and keeps quarantining the infected files that appear from nothing. (By the way thanks for volunteering your time to help me - I appreciate it)

My log is shown below.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_24
Run by Josh at 0:05:44 on 2012-08-10
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.4025.1773 [GMT 1:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
c:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
C:\Windows\PLFSetI.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe
C:\Program Files (x86)\Video Web Camera\traybar.exe
C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerEvent.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files (x86)\Freecorder\FLVSrvc.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Ask.com\Updater\Updater.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_270_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\dllhost.exe
C:\Windows\System32\msdtc.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://google.com/
uSearch Page = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=GB&userid=121ccefb-c587-47b9-8f35-

5f0b9289efb3&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}
uSearch Bar = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=GB&userid=121ccefb-c587-47b9-8f35-

5f0b9289efb3&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}
mDefault_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0809&m=easynote_tj65&r=27360610m5b6l0470z135f44m1w505
mStart Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0809&m=easynote_tj65&r=27360610m5b6l0470z135f44m1w505
uInternet Settings,ProxyOverride = plimus.com,www.plimus.com,regnow.com,www.regnow.com,
uSearchAssistant = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=GB&userid=121ccefb-c587-47b9-8f35-

5f0b9289efb3&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}
uURLSearchHooks: YTD Toolbar: {f3fee66e-e034-436a-86e4-9690573bee8a} - C:\Program Files (x86)\YTD Toolbar\IE\6.2\ytdToolbarIE.dll
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE

\rpbrowserrecordplugin.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: YTD Toolbar: {f3fee66e-e034-436a-86e4-9690573bee8a} - C:\Program Files (x86)\YTD Toolbar\IE\6.2\ytdToolbarIE.dll
BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: YTD Toolbar: {f3fee66e-e034-436a-86e4-9690573bee8a} - C:\Program Files (x86)\YTD Toolbar\IE\6.2\ytdToolbarIE.dll
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [Google Update] "C:\Users\Josh\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [MediaGet2] C:\Users\Josh\AppData\Local\MediaGet2\mediaget.exe --minimized
uRun: [ntrver] rundll32.exe "C:\Users\Josh\AppData\Roaming\ntrver.dll",BindContext
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe" -h -k
mRun: [Camera Assistant Software] "C:\Program Files (x86)\Video Web Camera\traybar.exe"
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun: [RemoteControl8] "c:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe"
mRun: [PDVD8LanguageShortcut] "c:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe"
mRun: [Freecorder FLV Service] "C:\Program Files (x86)\Freecorder\FLVSrvc.exe" /run
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mRun: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
mRun: [SearchSettings] "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
LSP: mswsock.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{6A5456F9-2A1E-43E4-9822-64474741F5CC} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{93E07199-A199-43A8-BA8E-CE7ADCD1B5DC} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{A5D4DA8F-F6A1-45FF-9BD8-E34956D4FD32} : DhcpNameServer = 192.168.42.129
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
STS: Windows DreamScene: {e31004d1-a431-41b8-826f-e902f9d95c81} - %SystemRoot%\SysWow64\DreamScene.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE

\rpbrowserrecordplugin.dll
BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO-X64: Search Helper - No File
BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Google Dictionary Compression sdch: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component

\fastsearch_B7C5AC242193BB3E.dll
BHO-X64: Google Dictionary Compression sdch - No File
BHO-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO-X64: Ask Toolbar BHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: YTD Toolbar: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YTD Toolbar\IE\6.2\ytdToolbarIE.dll
BHO-X64: Yontoo Layers: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll
BHO-X64: Yontoo Layers - No File
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB-X64: YTD Toolbar: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YTD Toolbar\IE\6.2\ytdToolbarIE.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
mRun-x64: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe" -h -k
mRun-x64: [Camera Assistant Software] "C:\Program Files (x86)\Video Web Camera\traybar.exe"
mRun-x64: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun-x64: [RemoteControl8] "c:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe"
mRun-x64: [PDVD8LanguageShortcut] "c:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe"
mRun-x64: [Freecorder FLV Service] "C:\Program Files (x86)\Freecorder\FLVSrvc.exe" /run
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun-x64: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mRun-x64: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
mRun-x64: [SearchSettings] "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRunOnce-x64: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
STS-X64: Windows DreamScene: {E31004D1-A431-41B8-826F-E902F9D95C81} - %SystemRoot%\SysWow64\DreamScene.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\deyaf1l0.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=18826
FF - prefs.js: browser.search.selectedEngine - Web Search
FF - prefs.js: browser.startup.homepage - hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=GB&userid=121ccefb-c587-47b9-8f35-

5f0b9289efb3&affid=111583&searchtype=hp&babsrc=lnkry
FF - prefs.js: keyword.URL - hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=GB&userid=121ccefb-c587-47b9-8f35-

5f0b9289efb3&affid=111583&searchtype=ds&babsrc=lnkry&q=
FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordlegacyext.dll
FF - component: C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\deyaf1l0.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Users\Josh\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 aswKbd;aswKbd;C:\Windows\system32\drivers\aswKbd.sys --> C:\Windows\system32\drivers\aswKbd.sys [?]
R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-12 140672]
R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-12-8 169312]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 Application Updater;Application Updater;C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe [2012-7-26 794560]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-7-7 44808]
R2 ePowerSvc;Acer ePower Service;C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [2010-2-24 844320]
R2 Greg_Service;GRegService;C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe [2009-8-28 1150496]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-8-9 655944]
R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe [2009-8-21 62720]
R2 SpyHunter 4 Service;SpyHunter 4 Service;C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [2012-7-11 1019328]
R2 Updater Service;Updater Service;C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe [2009-10-30 240160]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\Windows\system32\drivers\IntcHdmi.sys --> C:\Windows\system32\drivers\IntcHdmi.sys [?]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;C:\Windows\system32\DRIVERS\ManyCam_x64.sys --> C:\Windows\system32\DRIVERS\ManyCam_x64.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-6-12 136176]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-3 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-1 250056]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudbus.sys --> C:\Windows\system32\DRIVERS\ssudbus.sys [?]
S3 esgiguard;esgiguard;C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [2011-3-2 13088]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-6-12 136176]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys

[?]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-08-09 22:53:05 -------- d-----w- C:\Users\Josh\AppData\Roaming\Malwarebytes
2012-08-09 22:52:44 -------- d-----w- C:\ProgramData\Malwarebytes
2012-08-09 22:52:40 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-08-09 22:52:40 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-08-09 13:42:53 -------- d-----w- C:\ProgramData\RegAce
2012-08-09 13:42:38 -------- d-----w- C:\Program Files (x86)\RegAce System Suite
2012-08-09 12:38:13 -------- d-----w- C:\Users\Josh\AppData\Roaming\SUPERAntiSpyware.com
2012-08-09 12:37:54 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2012-08-09 12:37:54 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2012-08-09 11:16:13 -------- d-----w- C:\Users\Josh\AppData\Local\{0A9E0917-2CF0-4669-B087-30D013DC688C}
2012-08-09 11:16:01 -------- d-----w- C:\Users\Josh\AppData\Local\{DC8CC731-7C37-4A90-96A5-C401A920B980}
2012-08-08 21:01:30 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-08-08 21:01:30 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2012-08-08 20:19:01 -------- d-----w- C:\Program Files (x86)\Emsisoft Anti-Malware
2012-08-08 19:11:10 -------- d-----w- C:\Users\Josh\AppData\Local\{FF6778D8-7EA3-41B4-A6D5-93C3FF1EA63F}
2012-08-08 19:10:57 -------- d-----w- C:\Users\Josh\AppData\Local\{1EF2DB0F-7504-4183-9B9D-0EB568B1FB6E}
2012-08-08 17:28:10 110080 ----a-r- C:\Users\Josh\AppData\Roaming\Microsoft\Installer\{F896D026-9016-4122-B9BD-957FF092FFE9}\IconF7A21AF7.exe
2012-08-08 17:28:10 110080 ----a-r- C:\Users\Josh\AppData\Roaming\Microsoft\Installer\{F896D026-9016-4122-B9BD-957FF092FFE9}\IconD7F16134.exe
2012-08-08 17:28:10 110080 ----a-r- C:\Users\Josh\AppData\Roaming\Microsoft\Installer\{F896D026-9016-4122-B9BD-957FF092FFE9}\Icon1226A4C5.exe
2012-08-08 17:28:09 -------- d-----w- C:\sh4ldr
2012-08-08 17:28:09 -------- d-----w- C:\Program Files\Enigma Software Group
2012-08-08 17:26:42 -------- d-----w- C:\Windows\F896D02690164122B9BD957FF092FFE9.TMP
2012-08-08 17:26:39 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2012-08-08 16:58:18 -------- d-----w- C:\toolbarImages
2012-08-08 16:57:21 161792 --sha-w- C:\Users\Josh\AppData\Roaming\ntrver.dll
2012-08-08 16:00:42 -------- d-----w- C:\Users\Josh\AppData\Local\{F64ED54E-904C-4A78-AB59-6D45BD34ACCC}
2012-08-08 03:04:11 -------- d-----w- C:\Users\Josh\AppData\Local\{F690B13D-B0A6-4B19-996F-E49C3F7EAD38}
2012-08-08 03:04:01 -------- d-----w- C:\Users\Josh\AppData\Local\{52B83084-48DE-460D-BCED-CC1088D52423}
2012-08-07 15:03:34 -------- d-----w- C:\Users\Josh\AppData\Local\{0EACBDD7-6DD5-4FBC-AE1C-39A508AC2217}
2012-08-07 15:03:24 -------- d-----w- C:\Users\Josh\AppData\Local\{642B3F77-73E4-42FB-A198-BC21CD5EBC8F}
2012-08-06 18:04:28 -------- d-----w- C:\Users\Josh\AppData\Local\{A9A7F492-51D1-46FD-BDB8-85FD8701B154}
2012-08-06 18:04:16 -------- d-----w- C:\Users\Josh\AppData\Local\{A52D5548-6E2E-4BF2-AEDA-0CB45857523D}
2012-08-05 07:46:33 -------- d-----w- C:\Program Files (x86)\The Walking Dead
2012-08-05 07:33:48 -------- d-----w- C:\Users\Josh\AppData\Local\{AB2EACD4-1852-4939-B443-463F49B7EE20}
2012-08-05 07:33:37 -------- d-----w- C:\Users\Josh\AppData\Local\{A48007F3-D2C0-498E-A341-89B2A7F35023}
2012-08-05 07:25:05 -------- d-----w- C:\Users\Josh\AppData\Roaming\DAEMON Tools Pro
2012-08-05 07:23:28 -------- d-----w- C:\ProgramData\DAEMON Tools Pro
2012-08-04 23:25:07 -------- d-----w- C:\ProgramData\3DMGAME
2012-08-04 23:03:20 255552 ----a-w- C:\Windows\System32\drivers\mcdbus.sys
2012-08-04 22:32:34 -------- d-----w- C:\Users\Josh\AppData\Roaming\DAEMON Tools Lite
2012-08-04 22:32:31 -------- d-----w- C:\Users\Josh\AppData\Roaming\OpenCandy
2012-08-04 22:31:35 -------- d-----w- C:\ProgramData\DAEMON Tools Lite
2012-08-04 21:48:42 -------- d-----w- C:\Users\Josh\AppData\Roaming\Azureus
2012-08-04 21:48:03 -------- d-----w- C:\Users\Josh\AppData\Local\CRE
2012-08-04 21:47:48 -------- d-----w- C:\Program Files (x86)\Conduit
2012-08-04 21:47:45 -------- d-----w- C:\Users\Josh\AppData\Local\Conduit
2012-08-04 13:14:55 -------- d-----w- C:\Users\Josh\AppData\Local\{46CEACB6-E813-4089-AAFB-0A2738280099}
2012-08-04 13:14:44 -------- d-----w- C:\Users\Josh\AppData\Local\{871B754E-769D-45D0-B7B6-6A4662A2466C}
2012-08-03 12:59:22 -------- d-----w- C:\Users\Josh\AppData\Local\{67428C41-91AD-4715-8477-4A4DF68E448A}
2012-08-03 12:59:11 -------- d-----w- C:\Users\Josh\AppData\Local\{BF520D17-6FE3-410C-A039-8E647D4AAA86}
2012-08-02 23:42:57 -------- d-----w- C:\Users\Josh\AppData\Local\{1861EB28-B1CC-473E-9CA0-09E3CFD848E7}
2012-08-02 23:42:45 -------- d-----w- C:\Users\Josh\AppData\Local\{8054D517-8141-4867-B153-B20F80D259F0}
2012-08-02 03:46:00 -------- d-----w- C:\Users\Josh\AppData\Local\{53DBDF3E-AF24-4CE3-B220-782467C229F0}
2012-08-02 03:45:49 -------- d-----w- C:\Users\Josh\AppData\Local\{F827BA61-0166-4E2D-A48F-6FFA0EE9518E}
2012-08-01 14:15:13 -------- d-----w- C:\Users\Josh\AppData\Local\{3B24DE5A-1346-40AD-8BA8-83DF5D483AC6}
2012-08-01 14:14:59 -------- d-----w- C:\Users\Josh\AppData\Local\{9BFCFF62-01CE-49D8-AA66-8BF08FD59462}
2012-07-31 12:17:25 -------- d-----w- C:\Users\Josh\AppData\Local\{174BCF7A-71AA-40CC-A911-976E3B2645E9}
2012-07-31 12:17:12 -------- d-----w- C:\Users\Josh\AppData\Local\{65765B95-EFFD-4240-A4BF-CECFB47537E8}
2012-07-30 11:52:06 -------- d-----w- C:\Program Files (x86)\YTD Toolbar
2012-07-30 11:52:06 -------- d-----w- C:\Program Files (x86)\Common Files\Spigot
2012-07-30 11:52:06 -------- d-----w- C:\Program Files (x86)\Application Updater
2012-07-30 11:47:57 -------- d-----w- C:\Users\Josh\AppData\Local\{EF835D07-DF7F-4292-9252-ACC83CFAD0EF}
2012-07-30 11:47:45 -------- d-----w- C:\Users\Josh\AppData\Local\{87C874D9-AB87-4463-A246-5C81B7BE009E}
2012-07-29 12:31:04 -------- d-----w- C:\Users\Josh\AppData\Local\{20E977A2-4A2A-4E6A-8E5D-5745B2C7B99A}
2012-07-29 12:30:48 -------- d-----w- C:\Users\Josh\AppData\Local\{8136D842-6E16-4EA4-A290-A2FA90B8B704}
2012-07-28 12:24:15 -------- d-----w- C:\Users\Josh\AppData\Local\{484AC34C-62E0-431E-9CD5-0B4B03BA20A1}
2012-07-28 12:24:04 -------- d-----w- C:\Users\Josh\AppData\Local\{FD073945-9F46-4546-8677-569CDB997A6B}
2012-07-27 12:09:38 -------- d-----w- C:\Users\Josh\AppData\Local\{505F36C4-03CA-4B84-9BB2-8931BF326F55}
2012-07-27 12:09:25 -------- d-----w- C:\Users\Josh\AppData\Local\{8BC3B93E-4D4C-4A59-AC5D-A0537C17C854}
2012-07-26 12:51:07 -------- d-----w- C:\Users\Josh\AppData\Local\{AAEB40D3-46AA-429E-B7C4-C4024537222B}
2012-07-26 12:50:54 -------- d-----w- C:\Users\Josh\AppData\Local\{93DE5D47-9485-41CC-B465-D338CF4689C9}
2012-07-25 22:53:31 -------- d-----w- C:\Users\Josh\AppData\Local\{FDE66673-CDAC-43F0-9139-85992357B42F}
2012-07-25 22:53:20 -------- d-----w- C:\Users\Josh\AppData\Local\{6FF1EB83-4E8E-4347-ACB4-3CEE51A9C137}
2012-07-25 10:52:42 -------- d-----w- C:\Users\Josh\AppData\Local\{A450AB40-E278-4BB6-8F85-13C81B4C16B3}
2012-07-25 10:52:28 -------- d-----w- C:\Users\Josh\AppData\Local\{9AAAD242-A4E1-4C2C-A1A0-2A8FE5FA8D40}
2012-07-24 11:25:18 -------- d-----w- C:\Users\Josh\AppData\Local\{C2F9A233-5E66-4D65-A197-F8A1F47E097F}
2012-07-24 11:25:07 -------- d-----w- C:\Users\Josh\AppData\Local\{E58D84F1-67B9-42E8-8AF0-08B9D0FDDBD9}
2012-07-23 11:49:04 -------- d-----w- C:\Users\Josh\AppData\Local\{4C783634-06CC-43FD-BC35-EF50AE710A3E}
2012-07-23 11:48:45 -------- d-----w- C:\Users\Josh\AppData\Local\{B0760E87-CA90-4D5D-8ED5-1301A5D9E24A}
2012-07-22 08:46:29 -------- d-----w- C:\Users\Josh\AppData\Local\{9D7FBD18-CAA6-4D9E-B981-571B9C13C50F}
2012-07-22 08:46:19 -------- d-----w- C:\Users\Josh\AppData\Local\{2C76B8D4-F21C-4D5D-AC5D-9F3003A6116A}
2012-07-21 15:11:12 -------- d-----w- C:\Users\Josh\AppData\Local\{2A650EB8-C557-4B71-8E22-BA524457E3E7}
2012-07-21 15:11:01 -------- d-----w- C:\Users\Josh\AppData\Local\{86005CAC-014A-43E8-ADF6-EE61D6AADCEB}
2012-07-19 06:02:45 -------- d-----w- C:\Users\Josh\AppData\Local\{989E42F0-DFC1-4FBE-B111-1F26C1A1FF92}
2012-07-19 06:02:31 -------- d-----w- C:\Users\Josh\AppData\Local\{8C57D706-EC8A-4FED-83B5-FB0C39C1C284}
2012-07-18 12:26:09 -------- d-----w- C:\Users\Josh\AppData\Local\{9CD66CEB-0DD6-4D43-8965-18E5B5056C3A}
2012-07-18 12:25:58 -------- d-----w- C:\Users\Josh\AppData\Local\{1323E87B-0A54-45C8-B27D-314591A544C0}
2012-07-17 11:17:43 -------- d-----w- C:\Users\Josh\AppData\Local\{4DC46B88-9043-470A-AB59-E661A441C2F8}
2012-07-17 11:17:32 -------- d-----w- C:\Users\Josh\AppData\Local\{40AE3D4E-8A85-43F6-92C3-2BF9D7856B67}
2012-07-17 01:02:00 -------- d-----w- C:\Users\Josh\AppData\Local\{259D6274-B177-4DAD-9A2F-B215F6547033}
2012-07-16 10:30:49 -------- d-----w- C:\Users\Josh\AppData\Local\{F8FB7415-CFDE-4B0E-8761-9F46FBCEAA80}
2012-07-16 10:30:39 -------- d-----w- C:\Users\Josh\AppData\Local\{C68DF907-1AA0-4FCC-8DAA-1B904105CB97}
2012-07-15 21:00:15 -------- d-----w- C:\Users\Josh\AppData\Local\{546D5E91-01A7-4C7A-8B25-99C2351EE2D7}
2012-07-15 20:59:59 -------- d-----w- C:\Users\Josh\AppData\Local\{2B6D3CA8-90F5-489E-9687-EFAF4D3268A2}
2012-07-15 19:52:44 -------- d-----w- C:\Users\Josh\AppData\Local\{31E84F7F-D058-4474-828F-98927183AE01}
2012-07-15 01:27:45 -------- d-----w- C:\Users\Josh\AppData\Local\{B17850B2-83A1-480B-A863-CD43F7DA8402}
2012-07-15 01:27:34 -------- d-----w- C:\Users\Josh\AppData\Local\{16A1655B-7008-49A3-8E39-A4785C97282B}
2012-07-14 13:26:48 -------- d-----w- C:\Users\Josh\AppData\Local\{8005A113-E2EB-495F-9E7F-2131AEB1BA14}
2012-07-14 13:26:37 -------- d-----w- C:\Users\Josh\AppData\Local\{3ABA20F6-84E4-4536-A67A-C89F097AB20C}
2012-07-13 07:21:57 -------- d-----w- C:\Users\Josh\AppData\Local\{E555C2DF-51BD-4BED-9C68-369E5032F8B3}
2012-07-13 07:21:43 -------- d-----w- C:\Users\Josh\AppData\Local\{B014BBFB-4E44-4545-88D8-9619940198B3}
2012-07-12 08:33:25 -------- d-----w- C:\Users\Josh\AppData\Local\{8286D205-A432-4D19-AE28-AC39F86D1479}
2012-07-12 08:33:09 -------- d-----w- C:\Users\Josh\AppData\Local\{32020425-B7CB-49F8-B5F5-F8054F8714C3}
2012-07-12 08:32:50 -------- d-----w- C:\Users\Josh\AppData\Local\{80D51B15-7601-4625-A097-59A3B478BEDC}
2012-07-11 22:48:09 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-07-11 19:32:13 -------- d-----w- C:\Users\Josh\AppData\Local\{8DDF512D-5DEE-48D7-BFA9-39CFA650B4F7}
2012-07-11 19:32:02 -------- d-----w- C:\Users\Josh\AppData\Local\{605979DA-07BF-4D45-8347-A3C40708B038}
2012-07-11 06:50:52 -------- d-----w- C:\Users\Josh\AppData\Local\{28B6F7E0-AB24-4777-9530-6AE080E9FDB3}
2012-07-11 06:50:39 -------- d-----w- C:\Users\Josh\AppData\Local\{865D2EEA-6CC1-4EC8-9A6D-60E558C4FCFE}
.
==================== Find3M ====================
.
2012-08-03 16:47:15 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-03 16:47:15 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-07-03 16:21:52 958400 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2012-07-03 16:21:52 71064 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2012-07-03 16:21:52 54072 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2012-07-03 16:21:32 41224 ----a-w- C:\Windows\avastSS.scr
2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll
2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll
2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-02 14:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-02 14:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2012-05-16 14:37:51 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll
.
============= FINISH: 0:11:51.12 ===============

Attached Files


Edited by Orange Blossom, 10 August 2012 - 06:21 AM.


#4 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:24 AM

Posted 10 August 2012 - 11:00 PM

Hello and welcome. Please follow these guidelines while we work on your PC:
  • Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until Iíve given you the ďAll clear.Ē Absence of symptoms does not mean your machine is clean!
  • Please do not run any scans or install/uninstall any applications without being directed to do so.
  • Please note that the forum is very busy and if I don't hear from you within five days this thread will be closed.
Posted Image Download Combofix from either of the links below, and save it to your desktop.

Link 1
Link 2

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link
--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.
  • If you have trouble, stop and post back. Do not try to repeatedly run comboFix!
  • When finished, it will produce a report for you.
.
Note: If after running ComboFix you receive a message stating, "Illegal Operation Attempted on a registry key that has been marked for deletion" rebooting your computer will resolve the problem.

Please include the following in your next post:
  • ComboFix log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#5 debuall

debuall
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:24 PM

Posted 11 August 2012 - 04:41 AM

Here is the log you asked for - it apparently disinfected services.exe:

ComboFix 12-08-09.01 - Josh 11/08/2012 10:12:19.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.4025.2619 [GMT 1:00]
Running from: c:\users\Josh\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\program files (x86)\Common Files\packardbell.ico
c:\programdata\FullRemove.exe
c:\users\Josh\AppData\Roaming\ntrver.dll
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\@
c:\windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\L\00000004.@
c:\windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\00000004.@
c:\windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\00000008.@
c:\windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\000000cb.@
c:\windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trz11CF.tmp
c:\windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trz12E5.tmp
c:\windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trz140E.tmp
c:\windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trz1421.tmp
c:\windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trz15D.tmp
c:\windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trz15DE.tmp
c:\windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trz1727.tmp
c:\windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trz17E.tmp
c:\windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trz18A4.tmp
c:\windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trz199D.tmp
c:\windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trz1B91.tmp
c:\windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trz1D37.tmp
c:\windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trz1DD4.tmp
c:\windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trz2371.tmp
c:\windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trz2393.tmp
c:\windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trz24D9.tmp
c:\windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trz2558.tmp
c:\windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trz2559.tmp
c:\windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trz2AE8.tmp
c:\windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trz2B56.tmp
c:\windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trz2EFF.tmp
c:\windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trz305.tmp
c:\windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trz3388.tmp
c:\windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trz34E1.tmp
c:\windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trz35.tmp
c:\windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trz372F.tmp
c:\windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trz378.tmp
c:\windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trz3878.tmp
c:\windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trz3944.tmp
c:\windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trz3DFC.tmp
c:\windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trz3F17.tmp
c:\windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trz3F37.tmp
c:\windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trz3FED.tmp
c:\windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trz406.tmp
c:\windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trz41F0.tmp
c:\windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trz429D.tmp
c:\windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trz4427.tmp
c:\windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trz4570.tmp
c:\windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trz45DE.tmp
c:\windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trz4A48.tmp
c:\windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trz4A5C.tmp
c:\windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trz4BD4.tmp
c:\windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trz4C1D.tmp
c:\windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trz4CBA.tmp
c:\windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trz5882.tmp
c:\windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trz59DA.tmp
c:\windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trz59FA.tmp
c:\windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trz5A2A.tmp
c:\windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trz5AB8.tmp
c:\windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trz5ADE.tmp
c:\windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trz5CE2.tmp
c:\windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trz5D50.tmp
c:\windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trz6689.tmp
c:\windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trz674E.tmp
c:\windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trz67D2.tmp
c:\windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trz6A2.tmp
c:\windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trz6BB9.tmp
c:\windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trz6C2.tmp
c:\windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trz6DC6.tmp
c:\windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trz761D.tmp
c:\windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trz76EA.tmp
c:\windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trz7729.tmp
c:\windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trz7CA4.tmp
c:\windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trz7D90.tmp
c:\windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trz7EC.tmp
c:\windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trz7EF7.tmp
c:\windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trz80B0.tmp
c:\windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trz80B1.tmp
c:\windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trz8802.tmp
c:\windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trz88FA.tmp
c:\windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trz8AB0.tmp
c:\windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trz8B3D.tmp
c:\windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trz8B76.tmp
c:\windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trz8BF4.tmp
c:\windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trz8DB5.tmp
c:\windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trz8EAE.tmp
c:\windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trz8FA9.tmp
c:\windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trz903E.tmp
c:\windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trz9054.tmp
c:\windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trz90A4.tmp
c:\windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trz91D5.tmp
c:\windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trz93ED.tmp
c:\windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trz9494.tmp
c:\windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trz9848.tmp
c:\windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trz98E1.tmp
c:\windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trz9A8D.tmp
c:\windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trz9CCB.tmp
c:\windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trz9E49.tmp
c:\windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trz9E69.tmp
c:\windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trz9E6E.tmp
c:\windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trz9F69.tmp
c:\windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trz9FD1.tmp
c:\windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trz9FD2.tmp
c:\windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trz9FE3.tmp
c:\windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trzA203.tmp
c:\windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trzA283.tmp
c:\windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trzA3B8.tmp
c:\windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trzA445.tmp
c:\windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trzA9C1.tmp
c:\windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trzAB6F.tmp
c:\windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trzAC98.tmp
c:\windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trzB2A6.tmp
c:\windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trzB309.tmp
c:\windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trzB353.tmp
c:\windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trzB45C.tmp
c:\windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trzB5AC.tmp
c:\windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trzB61C.tmp
c:\windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trzB6C8.tmp
c:\windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trzB6F8.tmp
c:\windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trzB840.tmp
c:\windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trzBA48.tmp
c:\windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trzBA59.tmp
c:\windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trzBA97.tmp
c:\windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trzBCE5.tmp
c:\windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trzBCF6.tmp
c:\windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trzBE4E.tmp
c:\windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trzC01.tmp
c:\windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trzC16C.tmp
c:\windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trzC580.tmp
c:\windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trzC6C8.tmp
c:\windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trzC737.tmp
c:\windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trzC8E.tmp
c:\windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trzCCB3.tmp
c:\windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trzD0B6.tmp
c:\windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trzD0C2.tmp
c:\windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trzD0C7.tmp
c:\windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trzD2D5.tmp
c:\windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trzD681.tmp
c:\windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trzD692.tmp
c:\windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trzD7EA.tmp
c:\windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trzD900.tmp
c:\windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trzD948.tmp
c:\windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trzD94F.tmp
c:\windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trzD950.tmp
c:\windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trzE5DD.tmp
c:\windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trzE5EE.tmp
c:\windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trzEB1.tmp
c:\windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trzEB2D.tmp
c:\windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trzEB5C.tmp
c:\windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trzEB6C.tmp
c:\windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trzEE31.tmp
c:\windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trzEE41.tmp
c:\windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trzEFE8.tmp
c:\windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trzF054.tmp
c:\windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trzF075.tmp
c:\windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trzF269.tmp
c:\windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trzF4FB.tmp
c:\windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trzFA6.tmp
c:\windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trzFAC6.tmp
c:\windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trzFB63.tmp
c:\windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trzFFC6.tmp
.
Infected copy of c:\windows\system32\services.exe was found and disinfected
Restored copy from - c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-07-11 to 2012-08-11 )))))))))))))))))))))))))))))))
.
.
2012-08-11 09:24 . 2012-08-11 09:24 -------- d-----w- c:\users\Mcx1-JOSHS-PC\AppData\Local\temp
2012-08-11 09:24 . 2012-08-11 09:24 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-11 08:40 . 2012-08-11 08:40 -------- d-----w- C:\found.001
2012-08-09 22:53 . 2012-08-09 22:53 -------- d-----w- c:\users\Josh\AppData\Roaming\Malwarebytes
2012-08-09 22:52 . 2012-08-09 22:52 -------- d-----w- c:\programdata\Malwarebytes
2012-08-09 22:52 . 2012-08-09 22:52 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-08-09 22:52 . 2012-07-03 12:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-09 13:42 . 2012-08-09 14:26 -------- d-----w- c:\programdata\RegAce
2012-08-09 13:42 . 2012-08-09 13:42 -------- d-----w- c:\program files (x86)\RegAce System Suite
2012-08-09 12:38 . 2012-08-09 12:38 -------- d-----w- c:\users\Josh\AppData\Roaming\SUPERAntiSpyware.com
2012-08-09 12:37 . 2012-08-09 12:38 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-08-09 12:37 . 2012-08-09 12:37 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-08-08 21:01 . 2012-08-11 09:08 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-08-08 21:01 . 2012-08-11 09:08 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-08-08 20:19 . 2012-08-09 19:27 -------- d-----w- c:\program files (x86)\Emsisoft Anti-Malware
2012-08-08 17:28 . 2012-08-08 17:28 110080 ----a-r- c:\users\Josh\AppData\Roaming\Microsoft\Installer\{F896D026-9016-4122-B9BD-957FF092FFE9}\IconF7A21AF7.exe
2012-08-08 17:28 . 2012-08-08 17:28 110080 ----a-r- c:\users\Josh\AppData\Roaming\Microsoft\Installer\{F896D026-9016-4122-B9BD-957FF092FFE9}\IconD7F16134.exe
2012-08-08 17:28 . 2012-08-08 17:28 110080 ----a-r- c:\users\Josh\AppData\Roaming\Microsoft\Installer\{F896D026-9016-4122-B9BD-957FF092FFE9}\Icon1226A4C5.exe
2012-08-08 17:28 . 2012-08-08 17:28 -------- d-----w- C:\sh4ldr
2012-08-08 17:28 . 2012-08-08 17:28 -------- d-----w- c:\program files\Enigma Software Group
2012-08-08 17:26 . 2012-08-08 17:28 -------- d-----w- c:\windows\F896D02690164122B9BD957FF092FFE9.TMP
2012-08-08 17:26 . 2012-08-08 17:26 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2012-08-08 16:58 . 2012-08-08 16:58 -------- d-----w- C:\toolbarImages
2012-08-05 07:46 . 2012-08-05 07:51 -------- d-----w- c:\program files (x86)\The Walking Dead
2012-08-05 07:25 . 2012-08-05 07:25 -------- d-----w- c:\users\Josh\AppData\Roaming\DAEMON Tools Pro
2012-08-05 07:23 . 2012-08-05 07:24 -------- d-----w- c:\programdata\DAEMON Tools Pro
2012-08-04 23:25 . 2012-08-04 23:25 -------- d-----w- c:\programdata\3DMGAME
2012-08-04 23:03 . 2009-02-24 17:35 255552 ----a-w- c:\windows\system32\drivers\mcdbus.sys
2012-08-04 22:32 . 2012-08-04 22:33 -------- d-----w- c:\users\Josh\AppData\Roaming\DAEMON Tools Lite
2012-08-04 22:32 . 2012-08-04 22:55 -------- d-----w- c:\users\Josh\AppData\Roaming\OpenCandy
2012-08-04 22:31 . 2012-08-04 22:31 -------- d-----w- c:\programdata\DAEMON Tools Lite
2012-08-04 21:48 . 2012-08-04 21:49 -------- d-----w- c:\users\Josh\AppData\Roaming\Azureus
2012-08-04 21:48 . 2012-08-04 21:48 -------- d-----w- c:\users\Josh\AppData\Local\CRE
2012-08-04 21:47 . 2012-08-04 21:47 -------- d-----w- c:\program files (x86)\Conduit
2012-08-04 21:47 . 2012-08-04 21:51 -------- d-----w- c:\users\Josh\AppData\Local\Conduit
2012-07-30 11:52 . 2012-07-30 11:52 -------- d-----w- c:\program files (x86)\Application Updater
2012-07-30 11:52 . 2012-07-30 11:52 -------- d-----w- c:\program files (x86)\YTD Toolbar
2012-07-30 11:52 . 2012-07-30 11:52 -------- d-----w- c:\program files (x86)\Common Files\Spigot
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-03 16:47 . 2012-04-01 00:58 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-03 16:47 . 2011-05-15 11:34 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-11 22:42 . 2010-06-14 01:26 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-07-03 16:21 . 2012-02-24 21:53 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-07-03 16:21 . 2011-07-05 11:59 355856 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-07-03 16:21 . 2011-07-05 11:59 958400 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-07-03 16:21 . 2011-07-05 11:59 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-07-03 16:21 . 2011-07-05 11:59 71064 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-07-03 16:21 . 2011-07-05 11:59 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-07-03 16:21 . 2011-07-05 11:59 41224 ----a-w- c:\windows\avastSS.scr
2012-07-03 16:21 . 2011-07-05 11:59 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-07-03 16:21 . 2011-07-05 11:59 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-06-12 03:08 . 2012-07-11 22:48 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-06-09 05:43 . 2012-07-11 19:16 14172672 ----a-w- c:\windows\system32\shell32.dll
2012-06-06 06:06 . 2012-07-11 19:16 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 06:06 . 2012-07-11 19:16 1881600 ----a-w- c:\windows\system32\msxml3.dll
2012-06-06 06:02 . 2012-07-11 19:16 1133568 ----a-w- c:\windows\system32\cdosys.dll
2012-06-06 05:05 . 2012-07-11 19:16 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-06-06 05:05 . 2012-07-11 19:16 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-06-06 05:03 . 2012-07-11 19:16 805376 ----a-w- c:\windows\SysWow64\cdosys.dll
2012-06-02 22:19 . 2012-06-22 16:49 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-22 16:49 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-22 16:49 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-22 16:49 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-22 16:49 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-22 16:49 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-22 16:49 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 14:19 . 2012-06-22 16:48 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 14:15 . 2012-06-22 16:48 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 12:49 . 2012-07-11 22:41 17807360 ----a-w- c:\windows\system32\mshtml.dll
2012-06-02 12:17 . 2012-07-11 22:41 10924032 ----a-w- c:\windows\system32\ieframe.dll
2012-06-02 12:12 . 2012-07-11 22:41 2311680 ----a-w- c:\windows\system32\jscript9.dll
2012-06-02 12:05 . 2012-07-11 22:41 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-06-02 12:05 . 2012-07-11 22:41 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-06-02 12:04 . 2012-07-11 22:41 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-02 12:04 . 2012-07-11 22:41 237056 ----a-w- c:\windows\system32\url.dll
2012-06-02 12:03 . 2012-07-11 22:41 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-06-02 12:01 . 2012-07-11 22:41 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-02 12:00 . 2012-07-11 22:41 818688 ----a-w- c:\windows\system32\jscript.dll
2012-06-02 11:59 . 2012-07-11 22:41 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-06-02 11:57 . 2012-07-11 22:41 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-06-02 11:57 . 2012-07-11 22:41 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-02 11:54 . 2012-07-11 22:41 248320 ----a-w- c:\windows\system32\ieui.dll
2012-06-02 08:33 . 2012-07-11 22:41 1800192 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-06-02 08:25 . 2012-07-11 22:41 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-06-02 08:25 . 2012-07-11 22:41 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-06-02 08:20 . 2012-07-11 22:41 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-06-02 08:16 . 2012-07-11 22:41 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-06-02 05:50 . 2012-07-11 19:16 458704 ----a-w- c:\windows\system32\drivers\cng.sys
2012-06-02 05:48 . 2012-07-11 19:16 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 05:48 . 2012-07-11 19:16 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 05:45 . 2012-07-11 19:16 340992 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 05:44 . 2012-07-11 19:16 307200 ----a-w- c:\windows\system32\ncrypt.dll
2012-06-02 04:40 . 2012-07-11 19:16 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-06-02 04:40 . 2012-07-11 19:16 225280 ----a-w- c:\windows\SysWow64\schannel.dll
2012-06-02 04:39 . 2012-07-11 19:16 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-06-02 04:34 . 2012-07-11 19:16 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2012-05-16 14:37 . 2012-05-16 14:37 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-12-14 15:51 1514152 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2011-12-14 1514152]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MediaGet2"="c:\users\Josh\AppData\Local\MediaGet2\mediaget.exe" [2012-05-18 9106664]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-07-09 5661056]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe" [2009-08-21 262912]
"Camera Assistant Software"="c:\program files (x86)\Video Web Camera\traybar.exe" [2009-12-03 600688]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-11-01 1094736]
"RemoteControl8"="c:\program files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe" [2009-04-15 91432]
"PDVD8LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD8\Language\Language.exe" [2009-04-15 50472]
"Freecorder FLV Service"="c:\program files (x86)\Freecorder\FLVSrvc.exe" [2010-06-26 167936]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-07-03 4273976]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2011-12-14 1398440]
"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2012-05-16 296056]
"SearchSettings"="c:\program files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe" [2012-07-26 1095560]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer9"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-12 136176]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-03 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-03 250056]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-05-11 99384]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [2011-03-02 13088]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-12 136176]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys [2009-06-05 216064]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-12 1255736]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-06-09 55856]
S1 aswKbd;aswKbd; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-12-08 169312]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 Application Updater;Application Updater;c:\program files (x86)\Application Updater\ApplicationUpdater.exe [2012-07-26 794560]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-07-03 71064]
S2 ePowerSvc;Acer ePower Service;c:\program files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [2009-09-30 844320]
S2 Greg_Service;GRegService;c:\program files (x86)\Packard Bell\Registration\GregHSRW.exe [2009-08-28 1150496]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe [2009-08-21 62720]
S2 Updater Service;Updater Service;c:\program files\Packard Bell\Packard Bell Updater\UpdaterService.exe [2009-07-04 240160]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-07-10 139264]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2009-06-20 317480]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam_x64.sys [2011-09-29 27136]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-04-13 45432]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 16:47]
.
2012-08-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-12 17:14]
.
2012-08-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-12 17:14]
.
2012-08-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2098054662-866256808-3538115873-1001Core.job
- c:\users\Josh\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-14 21:48]
.
2012-08-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2098054662-866256808-3538115873-1001UA.job
- c:\users\Josh\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-14 21:48]
.
2012-08-11 c:\windows\Tasks\OpenCandyHelper.job
- c:\windows\system32\rundll32.exe [2009-07-13 01:14]
.
2012-08-11 c:\windows\Tasks\OpenCandyHelperRun.job
- c:\windows\system32\rundll32.exe [2009-07-13 01:14]
.
2012-08-09 c:\windows\Tasks\RegAce Scheduled Scan - Josh.job
- c:\program files (x86)\RegAce System Suite\RegAce.exe [2012-08-09 12:53]
.
2012-08-11 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 626f0fad-9645-4b75-a56c-c23490d05283.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
2012-08-10 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task ee1f0c2d-b6f5-4f95-a476-04239c644e0a.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-07-03 16:21 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2009-10-09 508472]
"PLFSetI"="c:\windows\PLFSetI.exe" [2009-11-20 200704]
"Acer ePower Management"="c:\program files\Packard Bell\Packard Bell Power Management\ePowerTray.exe" [2009-09-30 823840]
"OOTag"="c:\windows\oobeoffer\oobeoffer\ootag.exe" [2009-09-28 23072]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-09 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-09 387608]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-09 365592]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-04-13 2399632]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0809&m=easynote_tj65&r=27360610m5b6l0470z135f44m1w505
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = plimus.com,www.plimus.com,regnow.com,www.regnow.com,
uSearchAssistant = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=GB&userid=121ccefb-c587-47b9-8f35-5f0b9289efb3&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}
TCP: DhcpNameServer = 192.168.0.1
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\shell32.dll
FF - ProfilePath - c:\users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\deyaf1l0.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=18826
FF - prefs.js: browser.search.selectedEngine - Web Search
FF - prefs.js: browser.startup.homepage - hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=GB&userid=121ccefb-c587-47b9-8f35-5f0b9289efb3&affid=111583&searchtype=hp&babsrc=lnkry
FF - prefs.js: keyword.URL - hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=GB&userid=121ccefb-c587-47b9-8f35-5f0b9289efb3&affid=111583&searchtype=ds&babsrc=lnkry&q=
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-ntrver - c:\users\Josh\AppData\Roaming\ntrver.dll
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-PC Optimizer Pro - c:\program files\PC Optimizer Pro\StartApps.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA} - c:\programdata\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}\bm_installer.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\08\06\04\150\1d?"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
.
**************************************************************************
.
Completion time: 2012-08-11 10:32:52 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-11 09:32
.
Pre-Run: 219,193,794,560 bytes free
Post-Run: 220,736,950,272 bytes free
.
- - End Of File - - 26B699940BECFEB35CF421BFD7A51851

#6 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:24 AM

Posted 11 August 2012 - 09:30 AM

Please do this next:

Posted Image You have this program installed, Malwarebytes' Anti-Malware (MBAM). Please update it and run a scan.

Open MBAM
  • Click the Update tab
  • Click Check for Updates
  • If an update is found, it will download and install the latest version.
  • The program will close to update and reopen.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Uncheck any entries from C:\System Volume Information, C:\_OTL\MovedFiles or C:\Qoobox
  • Make sure that everything else is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

Please include the following in your next post:
  • MBAM log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#7 debuall

debuall
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:24 PM

Posted 11 August 2012 - 12:04 PM

Here it is:

Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.11.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Josh :: JOSHS-PC [administrator]

Protection: Enabled

11/08/2012 16:39:53
mbam-log-2012-08-11 (16-39-53).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 397994
Time elapsed: 1 hour(s), 21 minute(s), 26 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 58
C:\Qoobox\Quarantine\C\Users\Josh\AppData\Roaming\ntrver.dll.vir (Trojan.Midhos) -> No action taken.
C:\Qoobox\Quarantine\C\Windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\00000008.@.vir (Trojan.Dropper.BCMiner) -> No action taken.
C:\Qoobox\Quarantine\C\Windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trz1101.tmp (Rootkit.0Access) -> No action taken.
C:\Qoobox\Quarantine\C\Windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trz1519.tmp (Rootkit.0Access) -> No action taken.
C:\Qoobox\Quarantine\C\Windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trz19FD.tmp (Rootkit.0Access) -> No action taken.
C:\Qoobox\Quarantine\C\Windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trz1CDC.tmp (Rootkit.0Access) -> No action taken.
C:\Qoobox\Quarantine\C\Windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trz274D.tmp (Rootkit.0Access) -> No action taken.
C:\Qoobox\Quarantine\C\Windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trz29A0.tmp (Rootkit.0Access) -> No action taken.
C:\Qoobox\Quarantine\C\Windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trz2F5D.tmp (Rootkit.0Access) -> No action taken.
C:\Qoobox\Quarantine\C\Windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trz3644.tmp (Rootkit.0Access) -> No action taken.
C:\Qoobox\Quarantine\C\Windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trz3838.tmp (Rootkit.0Access) -> No action taken.
C:\Qoobox\Quarantine\C\Windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trz3923.tmp (Rootkit.0Access) -> No action taken.
C:\Qoobox\Quarantine\C\Windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trz3D6B.tmp (Rootkit.0Access) -> No action taken.
C:\Qoobox\Quarantine\C\Windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trz42DD.tmp (Rootkit.0Access) -> No action taken.
C:\Qoobox\Quarantine\C\Windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trz4493.tmp (Rootkit.0Access) -> No action taken.
C:\Qoobox\Quarantine\C\Windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trz47A.tmp (Rootkit.0Access) -> No action taken.
C:\Qoobox\Quarantine\C\Windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trz4928.tmp (Rootkit.0Access) -> No action taken.
C:\Qoobox\Quarantine\C\Windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trz4C36.tmp (Rootkit.0Access) -> No action taken.
C:\Qoobox\Quarantine\C\Windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trz5F99.tmp (Rootkit.0Access) -> No action taken.
C:\Qoobox\Quarantine\C\Windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trz621B.tmp (Rootkit.0Access) -> No action taken.
C:\Qoobox\Quarantine\C\Windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trz67F.tmp (Rootkit.0Access) -> No action taken.
C:\Qoobox\Quarantine\C\Windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trz7011.tmp (Rootkit.0Access) -> No action taken.
C:\Qoobox\Quarantine\C\Windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trz7216.tmp (Rootkit.0Access) -> No action taken.
C:\Qoobox\Quarantine\C\Windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trz7A9D.tmp (Rootkit.0Access) -> No action taken.
C:\Qoobox\Quarantine\C\Windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trz8D92.tmp (Rootkit.0Access) -> No action taken.
C:\Qoobox\Quarantine\C\Windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trz913D.tmp (Rootkit.0Access) -> No action taken.
C:\Qoobox\Quarantine\C\Windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trz9507.tmp (Rootkit.0Access) -> No action taken.
C:\Qoobox\Quarantine\C\Windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trz9E4F.tmp (Rootkit.0Access) -> No action taken.
C:\Qoobox\Quarantine\C\Windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trzA48A.tmp (Rootkit.0Access) -> No action taken.
C:\Qoobox\Quarantine\C\Windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trzA843.tmp (Rootkit.0Access) -> No action taken.
C:\Qoobox\Quarantine\C\Windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trzA856.tmp (Rootkit.0Access) -> No action taken.
C:\Qoobox\Quarantine\C\Windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trzAA58.tmp (Rootkit.0Access) -> No action taken.
C:\Qoobox\Quarantine\C\Windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trzACDC.tmp (Rootkit.0Access) -> No action taken.
C:\Qoobox\Quarantine\C\Windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trzAF1F.tmp (Rootkit.0Access) -> No action taken.
C:\Qoobox\Quarantine\C\Windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trzB055.tmp (Rootkit.0Access) -> No action taken.
C:\Qoobox\Quarantine\C\Windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trzB0F5.tmp (Rootkit.0Access) -> No action taken.
C:\Qoobox\Quarantine\C\Windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trzB376.tmp (Rootkit.0Access) -> No action taken.
C:\Qoobox\Quarantine\C\Windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trzB461.tmp (Rootkit.0Access) -> No action taken.
C:\Qoobox\Quarantine\C\Windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trzB79F.tmp (Rootkit.0Access) -> No action taken.
C:\Qoobox\Quarantine\C\Windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trzBC05.tmp (Rootkit.0Access) -> No action taken.
C:\Qoobox\Quarantine\C\Windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trzBDBB.tmp (Rootkit.0Access) -> No action taken.
C:\Qoobox\Quarantine\C\Windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trzC0AB.tmp (Rootkit.0Access) -> No action taken.
C:\Qoobox\Quarantine\C\Windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trzC2E.tmp (Rootkit.0Access) -> No action taken.
C:\Qoobox\Quarantine\C\Windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trzC502.tmp (Rootkit.0Access) -> No action taken.
C:\Qoobox\Quarantine\C\Windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trzC783.tmp (Rootkit.0Access) -> No action taken.
C:\Qoobox\Quarantine\C\Windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trzC9E6.tmp (Rootkit.0Access) -> No action taken.
C:\Qoobox\Quarantine\C\Windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trzCD03.tmp (Rootkit.0Access) -> No action taken.
C:\Qoobox\Quarantine\C\Windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trzD09F.tmp (Rootkit.0Access) -> No action taken.
C:\Qoobox\Quarantine\C\Windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trzDAC0.tmp (Rootkit.0Access) -> No action taken.
C:\Qoobox\Quarantine\C\Windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trzDE99.tmp (Rootkit.0Access) -> No action taken.
C:\Qoobox\Quarantine\C\Windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trzE6D7.tmp (Rootkit.0Access) -> No action taken.
C:\Qoobox\Quarantine\C\Windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trzE8CC.tmp (Rootkit.0Access) -> No action taken.
C:\Qoobox\Quarantine\C\Windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trzEDFD.tmp (Rootkit.0Access) -> No action taken.
C:\Qoobox\Quarantine\C\Windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trzEFE3.tmp (Rootkit.0Access) -> No action taken.
C:\Qoobox\Quarantine\C\Windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trzF487.tmp (Rootkit.0Access) -> No action taken.
C:\Qoobox\Quarantine\C\Windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trzF8B0.tmp (Rootkit.0Access) -> No action taken.
C:\Qoobox\Quarantine\C\Windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trzFC4B.tmp (Rootkit.0Access) -> No action taken.
C:\Qoobox\Quarantine\C\Windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trzFF2A.tmp (Rootkit.0Access) -> No action taken.

(end)

#8 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:24 AM

Posted 11 August 2012 - 02:10 PM

How is your computer running now? Please do this next:

Posted Image Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version Java components and update.
  • Go to Start > Control Panel > Programs > Uninstall a program, and remove all older versions of Java.
  • Click (highlight) any item with Java Runtime Environment (JRE or J2SE or Java™ 6) in the name and select "uninstall".
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Go to this page to download the latest version. Press the download button under JRE and follow the prompts. Accept the agreement and choose the Windows x86 offline option.
  • Run the insatller you just downloaded
Posted Image Go to thisLINK to run an online scannner from ESET.
  • Note: For browsers other than Internet Explorer, you will need to download and install esetsmartinstaller_enu.exe. Click on it and save the file to a convenient location. Double click on it to install and a new window will open.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • If you are using Internet Explorer, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic.
Please include the following in your next post:
  • How is the computer running now?
  • ESET log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#9 debuall

debuall
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:24 PM

Posted 11 August 2012 - 05:21 PM

My laptop is running fine - no alerts from Avast, no slowdowns every 2 minutes, everything seems fine :)

Log:

C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe a variant of Win32/Toolbar.Widgi application
C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll a variant of Win32/Toolbar.Widgi application
C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.10 a variant of Win32/Toolbar.Widgi application
C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.11 a variant of Win32/Toolbar.Widgi application
C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.12 a variant of Win32/Toolbar.Widgi application
C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.13 a variant of Win32/Toolbar.Widgi application
C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.14 a variant of Win32/Toolbar.Widgi application
C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.15 a variant of Win32/Toolbar.Widgi application
C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.5 a variant of Win32/Toolbar.Widgi application
C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.6 a variant of Win32/Toolbar.Widgi application
C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.7 a variant of Win32/Toolbar.Widgi application
C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.8 a variant of Win32/Toolbar.Widgi application
C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.9 a variant of Win32/Toolbar.Widgi application
C:\Program Files (x86)\RegAce System Suite\engine.dll a variant of Win32/Adware.AntiMalwarePro.AD application
C:\Program Files (x86)\RegAce System Suite\RegAce.exe a variant of Win32/Adware.PCFresher.A application
C:\Program Files (x86)\YTD Toolbar\IE\6.2\ytdToolbarIE.dll a variant of Win32/Toolbar.Widgi application
C:\Qoobox\Quarantine\C\Users\Josh\AppData\Roaming\ntrver.dll.vir a variant of Win32/Medfos.CE trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\00000008.@.vir Win64/Agent.BA trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trz1101.tmp Win64/Conedex.B trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trz1334.tmp Win64/Sirefef.AP trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trz1519.tmp Win64/Conedex.B trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trz179B.tmp Win64/Sirefef.AP trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trz19FD.tmp a variant of Win32/Sirefef.FD trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trz1AE8.tmp Win64/Sirefef.AP trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trz1CDC.tmp a variant of Win32/Sirefef.FD trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trz1FBB.tmp Win64/Sirefef.AP trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trz2180.tmp Win64/Sirefef.AP trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trz274D.tmp Win64/Conedex.B trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trz29A0.tmp a variant of Win32/Sirefef.FD trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trz2BE2.tmp Win64/Sirefef.AP trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trz2F5D.tmp Win64/Conedex.B trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trz31BF.tmp Win64/Sirefef.AP trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trz32E8.tmp Win64/Sirefef.AP trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trz3644.tmp a variant of Win32/Sirefef.FD trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trz3838.tmp a variant of Win32/Sirefef.FD trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trz3923.tmp a variant of Win32/Sirefef.FD trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trz3BD5.tmp Win64/Sirefef.AP trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trz3D6B.tmp a variant of Win32/Sirefef.FD trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trz40F7.tmp Win64/Sirefef.AP trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trz42DD.tmp a variant of Win32/Sirefef.FD trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trz4493.tmp a variant of Win32/Sirefef.FD trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trz4733.tmp Win64/Sirefef.AP trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trz47A.tmp a variant of Win32/Sirefef.FD trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trz4928.tmp a variant of Win32/Sirefef.FD trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trz4C36.tmp Win64/Conedex.B trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trz5D37.tmp Win64/Sirefef.AP trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trz5EBE.tmp Win64/Sirefef.AP trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trz5F99.tmp a variant of Win32/Sirefef.FD trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trz621B.tmp a variant of Win32/Sirefef.FD trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trz642E.tmp Win64/Sirefef.AP trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trz67F.tmp Win64/Conedex.B trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trz7011.tmp Win64/Conedex.B trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trz70FC.tmp Win64/Sirefef.AP trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trz7216.tmp a variant of Win32/Sirefef.FD trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trz7A9D.tmp a variant of Win32/Sirefef.FD trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trz806.tmp Win64/Sirefef.AP trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trz8D92.tmp Win64/Conedex.B trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trz900.tmp Win64/Sirefef.AP trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trz913D.tmp Win64/Conedex.B trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trz942C.tmp Win64/Sirefef.AP trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trz9507.tmp a variant of Win32/Sirefef.FD trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trz96BD.tmp Win64/Sirefef.AP trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trz9E4F.tmp Win64/Conedex.B trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trzA10E.tmp Win64/Sirefef.AP trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trzA48A.tmp a variant of Win32/Sirefef.FD trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trzA843.tmp Win64/Conedex.B trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trzA856.tmp Win64/Conedex.B trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trzA92E.tmp Win64/Sirefef.AP trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trzAA58.tmp a variant of Win32/Sirefef.FD trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trzAAB8.tmp Win64/Sirefef.AP trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trzAB81.tmp Win64/Sirefef.AP trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trzACDC.tmp a variant of Win32/Sirefef.FD trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trzAE12.tmp Win64/Sirefef.AP trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trzAF1F.tmp Win64/Conedex.B trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trzAF5B.tmp Win64/Sirefef.AP trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trzB055.tmp a variant of Win32/Sirefef.FD trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trzB0F5.tmp a variant of Win32/Sirefef.FD trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trzB376.tmp a variant of Win32/Sirefef.FD trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trzB461.tmp a variant of Win32/Sirefef.FD trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trzB52D.tmp Win64/Sirefef.AP trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trzB79F.tmp a variant of Win32/Sirefef.FD trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trzB9E2.tmp Win64/Sirefef.AP trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trzBC05.tmp a variant of Win32/Sirefef.FD trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trzBDBB.tmp a variant of Win32/Sirefef.FD trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trzC0AB.tmp Win64/Conedex.B trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trzC270.tmp Win64/Sirefef.AP trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trzC2E.tmp a variant of Win32/Sirefef.FD trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trzC36B.tmp Win64/Sirefef.AP trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trzC502.tmp a variant of Win32/Sirefef.FD trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trzC783.tmp a variant of Win32/Sirefef.FD trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trzC88D.tmp Win64/Sirefef.AP trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trzC9E6.tmp a variant of Win32/Sirefef.FD trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trzCD03.tmp a variant of Win32/Sirefef.FD trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trzCDCF.tmp Win64/Sirefef.AP trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trzD09F.tmp a variant of Win32/Sirefef.FD trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trzD35E.tmp Win64/Sirefef.AP trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trzDAC0.tmp a variant of Win32/Sirefef.FD trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trzDE99.tmp Win64/Conedex.B trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trzE030.tmp Win64/Sirefef.AP trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trzE2C0.tmp Win64/Sirefef.AP trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trzE51.tmp Win64/Sirefef.AP trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trzE6D7.tmp a variant of Win32/Sirefef.FD trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trzE8CC.tmp a variant of Win32/Sirefef.FD trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trzEA05.tmp Win64/Sirefef.AP trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trzEDFD.tmp a variant of Win32/Sirefef.FD trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trzEFE3.tmp a variant of Win32/Sirefef.FD trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trzF1E7.tmp Win64/Sirefef.AP trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trzF487.tmp a variant of Win32/Sirefef.FD trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trzF592.tmp Win64/Sirefef.AP trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trzF65D.tmp Win64/Sirefef.AP trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trzF8B0.tmp a variant of Win32/Sirefef.FD trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trzF99B.tmp Win64/Sirefef.AP trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trzFC4B.tmp a variant of Win32/Sirefef.FD trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{5a12a99d-79d0-13bd-2a5f-975f15edbbc9}\U\trzFF2A.tmp Win64/Conedex.B trojan
C:\Qoobox\Quarantine\C\Windows\System32\services.exe.vir Win64/Patched.B.Gen trojan
C:\Windows\Installer\55b4c.msi a variant of Win32/Toolbar.Widgi application
Operating memory a variant of Win32/Toolbar.Widgi application

#10 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:24 AM

Posted 11 August 2012 - 06:45 PM

Great! Most of those ESET detections are already in quarantine. The others were all related to some toolbars and other freeware apps you have running. They are flagged because because they are considered adware, install toolbars or have other unclear objectives. If you no longer want those apps, uninstall them via Control Panel > Programs > Uninstall a program.

All I have left for you is some very important cleanup:

Posted Image Uninstall ComboFix
  • Press the Windows key + R on your keyboard or click Start -> Run. Copy and past the following text into the run box that opens and press OK:
    Combofix /Uninstall
Posted Image

Posted Image Delete the following tools along with any other logs you saved from our work:
  • DDS
Posted Image Download TFC to your desktop
  • Close any open windows.
  • Double click the TFC icon to run the program
  • TFC will close all open programs itself in order to run,
  • Click the Start button to begin the process.
  • Allow TFC to run uninterrupted.
  • The program should not take long to finish it's job
  • Once its finished it should automatically reboot your machine,
  • if it doesn't, manually reboot to ensure a complete clean
Posted Image Finally, I'd like to make a couple of suggestions to help you stay clean in the future:
  • Restart any anti-malware programs that we disabled while we were cleaning your machine.
  • Keep your antivirus application and MBAM current and updated. Scan with them at least weekly.
  • Please read this post for some helpful information.
Please post once more so I know you are all set and I can mark this thread resolved. Good luck and stay safe!

Edited by RPMcMurphy, 11 August 2012 - 06:45 PM.

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#11 debuall

debuall
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:24 PM

Posted 11 August 2012 - 09:24 PM

Final reply as asked

Everything is fine now, thanks a ton for your help :)

#12 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:24 AM

Posted 11 August 2012 - 11:42 PM

You're welcome, debuall. Take care!

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#13 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:24 AM

Posted 12 August 2012 - 07:55 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users