Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Zeroaccess Rootkit - google redirect, internet connectivity issues


  • This topic is locked This topic is locked
23 replies to this topic

#1 jmhhoch

jmhhoch

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:04 AM

Posted 26 September 2012 - 12:10 PM

Hello,
Like many others that I have seen posts from, I have tried multiple methods to remove what I presume is the zeroaccess rootkit trojan. I have viewed multiple bleepingcomputer forums (although I have not followed other users instructions). I have followed instructions according to the below websites/blogs including Malwarebytes, Kaspersky TDSSKiller, Combofix, RogueKiller, HitmanPro, microsoft security essentials and windows repair tools from tweaking.com. I have also uninstalled java, ran the windows SFC tool, ran windows updates & the symantec zeroaccess removal tool.

http://malwaretips.com/blogs/zeroaccess-sirefef-virus/
http://www.theregister.co.uk/2012/09/03/java_cleanup/

I have run these tools in multiple successions based upon advice from various blogs. Now, i've decided to create an account and follow the steps on this website. After the initial time I ran through, the tools removed a few trojans & I thought it was gone. The internet speed vastly increased and redirects stopped. However, a couple days later, redirects are back & internet connectivity is randomly blocked. Right now after a few hours last night, redirects aren't happening, but internet connectivity is still randomly blocked. So, I'm assuming it is not gone.

At this point, I want to be sure I can actually remove the trojan. Otherwise, I am fine to re-partition my hard drive and reload my backed up files. Your help is greatly appreciated!!

Below is my DDS txt**********

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by customer at 12:48:36 on 2012-09-26
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.5887.3426 [GMT -4:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\svchost.exe -k yksvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\ehome\ehRecvr.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe
C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.0\ToolbarUpdater.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
C:\Users\customer\AppData\Local\Akamai\netsession_win.exe
C:\Users\customer\AppData\Local\Akamai\netsession_win.exe
C:\Users\customer\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe
C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe
C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe
C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\DllHost.exe
C:\Users\customer\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\customer\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\customer\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\customer\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\customer\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\customer\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\customer\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe
C:\Program Files (x86)\Cobian Backup 11\Cobian.exe
C:\Program Files (x86)\Cobian Backup 11\cbInterface.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\customer\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.igoogle.com/
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=dx4300&r=173608109606p03c5vql5k4661527n
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - C:\Program Files (x86)\TechSmith\SnagIt 8\SnagItBHO.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\12.2.0.5\AVG Secure Search_toolbar.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: SnagIt: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - C:\Program Files (x86)\TechSmith\SnagIt 8\SnagItIEAddin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\12.2.0.5\AVG Secure Search_toolbar.dll
uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
uRun: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
uRun: [com.apple.dav.bookmarks.daemon] C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
uRun: [Akamai NetSession Interface] "C:\Users\customer\AppData\Local\Akamai\netsession_win.exe"
mRun: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" -h -k
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Gateway Photo Frame] C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe -A
mRun: [Hotkey Utility] C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe
mRun: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun: [ROC_roc_ssl_v12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\Users\customer\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\customer\AppData\Roaming\Dropbox\bin\Dropbox.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: Append to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert link target to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
Trusted Zone: apple.com\gs
DPF: {2BCDB465-81F9-41CB-832C-8037A4064446} - C:\Users\customer\AppData\Local\Temp\f5tmp\urxvpn.cab
DPF: {3605B612-C3CF-4AB4-A426-2D853391DB2E} - hxxp://10.11.113.173/qcbin/capicom.dll
DPF: {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} - C:\Users\customer\AppData\Local\Temp\f5tmp\f5tunsrv.cab
DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} - C:\Users\customer\AppData\Local\Temp\IXP000.TMP\InstallerControl.cab
DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} - C:\Users\customer\AppData\Local\Temp\f5tmp\urxshost.cab
DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} - C:\Users\customer\AppData\Local\Temp\f5tmp\urxhost.cab
DPF: {FCADE536-93F5-4577-80A3-E7C32FAC4C7D} - hxxp://10.11.113.173/qcbin/Spider10.cab
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{DA5E37A8-7774-4723-B80D-D08647B14DCB} : DhcpNameServer = 75.75.75.75 75.75.76.76
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: saphtmlp - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\Program Files (x86)\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL
Handler: sapr3 - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\Program Files (x86)\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.0\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: SnagIt Toolbar Loader: {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\SnagIt 8\SnagItBHO.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO-X64: AVG Do Not Track - No File
BHO-X64: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.2.0.5\AVG Secure Search_toolbar.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
BHO-X64: Google Dictionary Compression sdch: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
BHO-X64: Google Dictionary Compression sdch - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: SmartSelect - No File
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: SnagIt: {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\SnagIt 8\SnagItIEAddin.dll
TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.2.0.5\AVG Secure Search_toolbar.dll
mRun-x64: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" -h -k
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [Gateway Photo Frame] C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe -A
mRun-x64: [Hotkey Utility] C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe
mRun-x64: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun-x64: [ROC_roc_ssl_v12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\system32\DRIVERS\avgidsha.sys --> C:\Windows\system32\DRIVERS\avgidsha.sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 avgtp;avgtp;\??\C:\Windows\system32\drivers\avgtpx64.sys --> C:\Windows\system32\drivers\avgtpx64.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-8-13 5167736]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288]
R2 cbVSCService11;Cobian Backup 11 Volume Shadow Copy Requester;C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe [2012-9-26 67584]
R2 Greg_Service;GRegService;C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe [2009-8-28 1150496]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-9-23 399432]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-9-23 676936]
R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe [2009-8-12 62208]
R2 Updater Service;Updater Service;C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe [2009-10-27 240160]
R2 vToolbarUpdater12.2.0;vToolbarUpdater12.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.0\ToolbarUpdater.exe [2012-9-3 927840]
R2 yksvc;Marvell Yukon Service;C:\Windows\System32\svchost.exe -k yksvcs [2009-7-13 20992]
R3 AVer7231_x64;AVerMedia 7231 capture service;C:\Windows\system32\DRIVERS\AVer7231_x64.sys --> C:\Windows\system32\DRIVERS\AVer7231_x64.sys [?]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\avgidsdrivera.sys --> C:\Windows\system32\DRIVERS\avgidsdrivera.sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\avgidsfiltera.sys --> C:\Windows\system32\DRIVERS\avgidsfiltera.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 OA002Afx;Provides a software interface to control audio effects of OA002 camera.;\??\C:\Windows\system32\Drivers\OA002Afx.sys --> C:\Windows\system32\Drivers\OA002Afx.sys [?]
R3 OA002Ufd;Creative Camera OA002 Upper Filter Driver;C:\Windows\system32\DRIVERS\OA002Ufd.sys --> C:\Windows\system32\DRIVERS\OA002Ufd.sys [?]
R3 OA002Vid;Creative Camera OA002 Function Driver;C:\Windows\system32\DRIVERS\OA002Vid.sys --> C:\Windows\system32\DRIVERS\OA002Vid.sys [?]
R3 rtl819xp;Realtek RTL8190\RTL8192E 802.11n Wireless LAN (Mini-)PCI NIC NT Driver;C:\Windows\system32\DRIVERS\rtl819xp.sys --> C:\Windows\system32\DRIVERS\rtl819xp.sys [?]
R3 urvpndrv;F5 Networks VPN Adapter;C:\Windows\system32\DRIVERS\covpnv64.sys --> C:\Windows\system32\DRIVERS\covpnv64.sys [?]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S3 f5ipfw;F5 Networks StoneWall Filter;\??\C:\Windows\system32\drivers\urfltv64.sys --> C:\Windows\system32\drivers\urfltv64.sys [?]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\system32\DRIVERS\netaapl64.sys --> C:\Windows\system32\DRIVERS\netaapl64.sys [?]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-9-12 368896]
S3 SrvHsfPCI;SrvHsfPCI;C:\Windows\system32\DRIVERS\VSTBS26.SYS --> C:\Windows\system32\DRIVERS\VSTBS26.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-09-26 16:36:51 -------- d-----w- C:\Program Files (x86)\Cobian Backup 11
2012-09-26 04:33:38 -------- d-----w- C:\$RECYCLE.BIN
2012-09-26 04:07:43 9308616 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F77A9797-57EC-4A3C-9F23-C66F0A043E99}\mpengine.dll
2012-09-26 04:06:19 9308616 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-09-26 03:55:48 -------- d-----w- C:\Users\customer\AppData\Local\ElevatedDiagnostics
2012-09-26 02:37:51 98816 ----a-w- C:\Windows\sed.exe
2012-09-26 02:37:51 518144 ----a-w- C:\Windows\SWREG.exe
2012-09-26 02:37:51 256000 ----a-w- C:\Windows\PEV.exe
2012-09-26 02:37:51 208896 ----a-w- C:\Windows\MBR.exe
2012-09-26 02:36:22 -------- d-----w- C:\Users\customer\AppData\Roaming\Windows Live Writer
2012-09-26 02:36:22 -------- d-----w- C:\Users\customer\AppData\Local\Windows Live Writer
2012-09-25 23:19:49 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys
2012-09-25 23:19:48 41472 ----a-w- C:\Windows\System32\drivers\RNDISMP.sys
2012-09-25 23:19:48 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-09-25 23:19:47 376688 ----a-w- C:\Windows\System32\drivers\netio.sys
2012-09-25 23:19:47 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2012-09-25 23:19:43 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe
2012-09-24 12:45:14 -------- d-----w- C:\Windows\SysWow64\wbem\Performance
2012-09-24 12:42:39 303616 ----a-w- C:\SetACL.exe
2012-09-24 12:26:50 290304 ----a-w- C:\subinacl.exe
2012-09-24 12:24:54 -------- d-----w- C:\RegBackup
2012-09-24 11:48:17 -------- d-----w- C:\Tweaking.com_Windows_Repair_Logs
2012-09-24 11:41:18 12872 ----a-w- C:\Windows\System32\bootdelete.exe
2012-09-24 11:06:26 -------- d-----w- C:\Program Files\HitmanPro
2012-09-24 11:06:06 -------- d-----w- C:\ProgramData\HitmanPro
2012-09-24 03:45:46 -------- d-----w- C:\ProgramData\Kaspersky Lab
2012-09-24 02:24:45 27256 ----a-w- C:\Windows\System32\drivers\FixZeroAccess.sys
2012-09-23 23:31:31 -------- d-----w- C:\Users\customer\AppData\Roaming\Malwarebytes
2012-09-23 23:31:19 -------- d-----w- C:\ProgramData\Malwarebytes
2012-09-23 23:31:17 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-09-23 23:31:17 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-09-23 23:28:46 -------- d-----w- C:\Windows\System32\SPReview
2012-09-23 23:27:42 -------- d-----w- C:\Windows\System32\EventProviders
2012-09-23 23:14:56 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2BDE06FD-C61C-4172-A253-526837962227}\gapaengine.dll
2012-09-23 23:09:28 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2012-09-23 23:09:03 -------- d-----w- C:\Program Files\Microsoft Security Client
2012-09-23 22:18:18 -------- d-----w- C:\Users\customer\AppData\Local\CrashDumps
2012-09-21 21:24:34 33240 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
2012-09-21 21:23:34 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-09-21 21:23:34 -------- d-----w- C:\Program Files\iTunes
2012-09-21 21:23:34 -------- d-----w- C:\Program Files\iPod
2012-09-14 07:04:53 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2012-09-13 13:55:14 574464 ----a-w- C:\Windows\System32\d3d10level9.dll
2012-09-13 13:55:14 490496 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
2012-09-03 14:41:40 -------- d-----w- C:\Users\customer\AppData\Roaming\AVG2012
2012-09-03 14:34:29 -------- d-----w- C:\Users\customer\AppData\Local\AVG Secure Search
2012-09-03 14:34:10 -------- d-----w- C:\ProgramData\AVG Secure Search
2012-09-03 14:33:57 31080 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys
2012-09-03 14:33:56 -------- d-----w- C:\Program Files (x86)\Common Files\AVG Secure Search
2012-09-03 14:33:55 -------- d-----w- C:\Program Files (x86)\AVG Secure Search
2012-09-03 14:31:39 -------- d-----w- C:\Windows\SysWow64\drivers\AVG
2012-09-03 14:31:00 -------- d-----w- C:\Windows\System32\drivers\AVG
2012-09-03 14:31:00 -------- d-----w- C:\ProgramData\AVG2012
2012-09-03 14:31:00 -------- d-----w- C:\$AVG
2012-09-03 14:29:47 -------- d-----w- C:\Program Files (x86)\AVG
2012-09-03 14:17:39 -------- d-----w- C:\ProgramData\MFAData
2012-09-03 14:17:39 -------- d-----w- C:\ProgramData\Common Files
2012-08-31 02:03:48 228768 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
.
==================== Find3M ====================
.
2012-09-23 23:47:23 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2012-09-23 23:47:22 175616 ----a-w- C:\Windows\System32\msclmd.dll
2012-08-31 02:03:48 128456 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
2012-08-24 19:43:16 384352 ----a-w- C:\Windows\System32\drivers\avgtdia.sys
2012-08-24 10:31:32 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-08-24 10:21:18 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-08-24 10:20:11 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-08-24 10:14:45 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-08-24 10:13:29 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-08-24 10:09:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-08-24 06:59:17 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-08-24 06:51:27 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-08-24 06:51:02 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-08-24 06:47:26 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-08-24 06:47:12 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-08-24 06:43:58 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-08-21 17:01:20 125872 ----a-w- C:\Windows\System32\GEARAspi64.dll
2012-08-21 17:01:20 106928 ----a-w- C:\Windows\SysWow64\GEARAspi.dll
2012-07-26 07:21:28 291680 ----a-w- C:\Windows\System32\drivers\avgldx64.sys
2012-07-18 18:15:06 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-07-09 17:42:56 4547984 ----a-w- C:\Windows\System32\usbaaplrc.dll
2012-07-09 17:42:54 52736 ----a-w- C:\Windows\System32\drivers\usbaapl64.sys
2012-07-04 22:13:27 59392 ----a-w- C:\Windows\System32\browcli.dll
2012-07-04 22:13:27 136704 ----a-w- C:\Windows\System32\browser.dll
2012-07-04 21:14:34 41984 ----a-w- C:\Windows\SysWow64\browcli.dll
2010-03-29 11:29:14 626688 ----a-w- C:\Program Files (x86)\Common Files\sapconsaccess.dll
2010-03-29 11:29:14 40960 ----a-w- C:\Program Files (x86)\Common Files\DigitalSignature.ocx
2010-03-29 11:29:14 3145728 ----a-w- C:\Program Files (x86)\Common Files\sapxlhelper.dll
2010-03-29 11:29:14 192512 ----a-w- C:\Program Files (x86)\Common Files\sapconsr3.dll
.
============= FINISH: 12:50:38.17 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:09:04 AM

Posted 26 September 2012 - 02:29 PM

Good evening. :)

Do you have a flashdrive of at least 64 Mb that you can wipe clean?

So long, and thanks for all the fish.

 

 


#3 jmhhoch

jmhhoch
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:04 AM

Posted 26 September 2012 - 02:52 PM

Hello,
Yes, I have a 4GB flashdrive that I can use. What's next? Thanks for your assistance!

John

#4 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:09:04 AM

Posted 26 September 2012 - 05:20 PM

  • Download ListParts64 to a USB flash drive.
  • Plug the USB drive into the infected machine.

Boot your computer into Recovery Environment

  • Restart the computer and press F8 repeatedly until the Advanced Options Menu appears.
  • Select Repair your computer.
  • Select Language and click Next
  • Enter password (if necessary) and click OK, you should now see the screen below ...

Posted Image

  • Select the Command Prompt option.
  • A command window will open.
  • Type notepad then hit Enter.
  • Notepad will open.
  • Click File > Open then select Computer.
  • Note down the drive letter for your USB Drive.
  • Close Notepad.
[*]Back in the command window ....
  • Type e:\listparts64.exe and hit Enter (where e: is replaced by the drive letter for your USB drive)
  • ListParts will start to run.
  • Press the Scan button.
  • When finished scanning it will make a log Result.txt on the flash drive.
[*]Close the command window.
[*]Boot back into normal mode and post me the Result.txt log please.
[/list]

So long, and thanks for all the fish.

 

 


#5 jmhhoch

jmhhoch
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:04 AM

Posted 26 September 2012 - 05:33 PM

Below is the results log.
Thanks,
**********

ListParts by Farbar Version: 25-09-2012
Ran by SYSTEM (administrator) on 26-09-2012 at 18:32:00
Windows 7 (X64)
Running From: D:\
Language: 0409
************************************************************

========================= Memory info ======================

Percentage of memory in use: 10%
Total physical RAM: 5887.3 MB
Available physical RAM: 5252.21 MB
Total Pagefile: 5885.45 MB
Available Pagefile: 5229.76 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB

======================= Partitions =========================

1 Drive c: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: () (Removable) (Total:3.74 GB) (Free:3.74 GB) FAT32
3 Drive e: (Gateway) (Fixed) (Total:915.41 GB) (Free:738.91 GB) NTFS
4 Drive f: (PQSERVICE) (Fixed) (Total:16 GB) (Free:6.06 GB) NTFS
11 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 931 GB 0 B
Disk 1 Online 3835 MB 0 B
Disk 2 No Media 0 B 0 B
Disk 3 No Media 0 B 0 B
Disk 4 No Media 0 B 0 B
Disk 5 No Media 0 B 0 B
Disk 6 No Media 0 B 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Recovery 16 GB 1024 KB
Partition 2 Primary 100 MB 16 GB
Partition 3 Primary 915 GB 16 GB

======================================================================================================

Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F PQSERVICE NTFS Partition 16 GB Healthy Hidden

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C SYSTEM RESE NTFS Partition 100 MB Healthy

======================================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 E Gateway NTFS Partition 915 GB Healthy

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3827 MB 19 KB

======================================================================================================

Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 D FAT32 Removable 3827 MB Healthy

======================================================================================================

****** End Of Log ******

#6 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:09:04 AM

Posted 27 September 2012 - 02:07 PM

Good evening. :)
That one didn't show anything, so we'll try something else:

For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive. Plug the flashdrive into the infected PC and then enter System Recovery Options.

  • To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Click on Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
On the System Recovery Options menu you will get the following options:

  • Startup Repair
  • System Restore
  • Windows Complete PC Restore
  • Windows Memory Diagnostic Tool
  • Command Prompt

  • Select Command Prompt.
  • In the Command Window type in notepad and hit <ENTER>.
  • When a notepad window opens, under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst64.exe and hit <ENTER>.

    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • A log, called FRST.txt, will be created on the flash drive - please copy and paste the contents in your reply.

So long, and thanks for all the fish.

 

 


#7 jmhhoch

jmhhoch
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:04 AM

Posted 27 September 2012 - 04:19 PM

Thanks. Here are the results from the new scan:


Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 25-09-2012
Ran by SYSTEM at 27-09-2012 17:14:48
Running from D:\
Windows 7 Professional (X64) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [8115744 2009-09-21] (Realtek Semiconductor)
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1289704 2012-09-12] (Microsoft Corporation)
HKLM-x32\...\Run: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" -h -k [244480 2009-08-12] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [35696 2009-10-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2009-07-02] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Gateway Photo Frame] C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe -A [124416 2009-07-20] (IOI)
HKLM-x32\...\Run: [Hotkey Utility] C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe [469536 2009-11-11] ()
HKLM-x32\...\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe [479232 2005-07-15] (Google Inc.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [935288 2009-09-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-09-27] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-08-27] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [37232 2008-06-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [640376 2008-06-11] (Adobe Systems Inc.)
HKLM-x32\...\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" [2596984 2012-07-30] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" [1162848 2012-09-03] ()
HKLM-x32\...\Run: [ROC_roc_ssl_v12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12 [1020512 2012-09-03] ()
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421776 2012-09-09] (Apple Inc.)
HKU\customer\...\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59280 2012-08-29] (Apple Inc.)
HKU\customer\...\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59280 2012-09-10] (Apple Inc.)
HKU\customer\...\Run: [com.apple.dav.bookmarks.daemon] C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe [59280 2012-09-05] (Apple Inc.)
HKU\customer\...\Run: [Akamai NetSession Interface] "C:\Users\customer\AppData\Local\Akamai\netsession_win.exe" [4440896 2012-08-10] (Akamai Technologies, Inc.)
HKU\Default\...\RunOnce: [ScrSav] C:\Program Files (x86)\Gateway\Screensaver\run_Gateway.exe /default [162336 2009-07-21] ()
HKU\Default User\...\RunOnce: [ScrSav] C:\Program Files (x86)\Gateway\Screensaver\run_Gateway.exe /default [162336 2009-07-21] ()
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
AppInit_DLLs: C:\Windows\System32\acaptuser64.dll
Startup: C:\Users\customer\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> (No File)

==================== Services (Whitelisted) ===================

2 AVGIDSAgent; "C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe" [5167736 2012-08-12] (AVG Technologies CZ, s.r.o.)
2 avgwd; "C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe" [193288 2012-02-14] (AVG Technologies CZ, s.r.o.)
2 cbVSCService11; C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe [67584 2012-07-31] (CobianSoft, Luis Cobian)
2 MBAMScheduler; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe" [399432 2012-09-07] (Malwarebytes Corporation)
2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [676936 2012-09-07] (Malwarebytes Corporation)
2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [22072 2012-09-12] (Microsoft Corporation)
3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [368896 2012-09-12] (Microsoft Corporation)
2 vToolbarUpdater12.2.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.0\ToolbarUpdater.exe [927840 2012-09-03] ()
2 yksvc; C:\Windows\System32\yk62x64.dll [382976 2009-06-15] (Marvell)

==================== Drivers (Whitelisted) =====================

3 AVer7231_x64; C:\Windows\System32\Drivers\AVer7231_x64.sys [1622528 2009-08-24] (AVerMedia TECHNOLOGIES, Inc.)
3 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [124496 2011-12-23] (AVG Technologies CZ, s.r.o. )
3 AVGIDSFilter; C:\Windows\System32\DRIVERS\avgidsfiltera.sys [29776 2011-12-23] (AVG Technologies CZ, s.r.o. )
0 AVGIDSHA; C:\Windows\System32\Drivers\AVGIDSHA.sys [28480 2012-04-19] (AVG Technologies CZ, s.r.o. )
1 Avgldx64; C:\Windows\System32\Drivers\Avgldx64.sys [291680 2012-07-25] (AVG Technologies CZ, s.r.o.)
1 Avgmfx64; C:\Windows\System32\Drivers\Avgmfx64.sys [47696 2011-12-23] (AVG Technologies CZ, s.r.o.)
0 Avgrkx64; C:\Windows\System32\Drivers\Avgrkx64.sys [36944 2012-01-31] (AVG Technologies CZ, s.r.o.)
1 Avgtdia; C:\Windows\System32\Drivers\Avgtdia.sys [384352 2012-08-24] (AVG Technologies CZ, s.r.o.)
1 avgtp; \??\C:\Windows\system32\drivers\avgtpx64.sys [31080 2012-09-03] (AVG Technologies)
3 f5ipfw; \??\C:\Windows\system32\drivers\urfltv64.sys [18448 2010-01-25] (F5 Networks)
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [25928 2012-09-07] (Malwarebytes Corporation)
3 rtl819xp; C:\Windows\System32\Drivers\rtl819xp.sys [607232 2009-07-02] (Realtek Semiconductor Corporation )
3 urvpndrv; C:\Windows\System32\DRIVERS\covpnv64.sys [41232 2010-01-25] (F5 Networks, Inc.)

==================== NetSvcs (Whitelisted) ====================


==================== One Month Created Files and Folders ========

2012-09-27 17:14 - 2012-09-27 17:14 - 00000000 ____D C:\FRST
2012-09-26 08:48 - 2012-09-26 08:48 - 00607260 ____R (Swearware) C:\Users\customer\Downloads\dds.com
2012-09-26 08:48 - 2012-09-26 08:48 - 00000478 ____A C:\Users\customer\Downloads\defogger_disable.log
2012-09-26 08:48 - 2012-09-26 08:48 - 00000000 ____A C:\Users\customer\defogger_reenable
2012-09-26 08:47 - 2012-09-26 08:47 - 00050477 ____A C:\Users\customer\Downloads\Defogger.exe
2012-09-26 08:36 - 2012-09-26 08:36 - 00000000 ____D C:\Program Files (x86)\Cobian Backup 11
2012-09-26 08:34 - 2012-09-26 08:35 - 19620864 ____A (Luis Cobian, CobianSoft) C:\Users\customer\Downloads\cbSetup.exe
2012-09-25 20:38 - 2012-09-25 20:38 - 00021652 ____A C:\ComboFix.txt
2012-09-25 20:20 - 2012-09-25 20:20 - 00000000 ____D C:\Users\NewAdmin\AppData\Local\IOI
2012-09-25 20:20 - 2012-09-25 20:20 - 00000000 ____D C:\Users\NewAdmin\AppData\Local\AVG Secure Search
2012-09-25 20:19 - 2012-09-25 20:20 - 00000000 ____D C:\Users\NewAdmin\AppData\Roaming\Adobe
2012-09-25 20:19 - 2012-09-25 20:19 - 00114136 ____A C:\Windows\System32\GDIPFONTCACHEV1.DAT
2012-09-25 20:19 - 2012-09-25 20:19 - 00008224 ____A C:\Users\NewAdmin\AppData\Local\GDIPFONTCACHEV1.DAT
2012-09-25 20:19 - 2012-09-25 20:19 - 00000000 ____D C:\Users\NewAdmin\AppData\Roaming\AVG2012
2012-09-25 20:19 - 2012-09-25 20:19 - 00000000 ____D C:\Users\NewAdmin\AppData\Roaming\ATI
2012-09-25 20:19 - 2012-09-25 20:19 - 00000000 ____D C:\Users\NewAdmin\AppData\Roaming\Apple Computer
2012-09-25 20:19 - 2012-09-25 20:19 - 00000000 ____D C:\Users\NewAdmin\AppData\Local\ATI
2012-09-25 20:19 - 2012-09-25 20:19 - 00000000 ____D C:\Users\NewAdmin\AppData\Local\Apple Computer
2012-09-25 20:19 - 2012-09-25 20:19 - 00000000 ____D C:\Users\NewAdmin\AppData\Local\Adobe
2012-09-25 20:18 - 2012-09-25 20:18 - 00000000 ____D C:\Users\NewAdmin\AppData\Local\VirtualStore
2012-09-25 20:16 - 2012-09-25 20:18 - 00000000 ____D C:\users\NewAdmin
2012-09-25 20:16 - 2012-09-25 20:16 - 00000020 __ASH C:\Users\NewAdmin\ntuser.ini
2012-09-25 20:16 - 2011-08-21 13:10 - 00000000 ____D C:\Users\NewAdmin\AppData\Roaming\Macromedia
2012-09-25 20:16 - 2010-08-14 02:04 - 00000000 ____D C:\Users\NewAdmin\AppData\Local\Microsoft Help
2012-09-25 20:12 - 2012-09-25 20:12 - 01805736 ____A (Symantec Corporation) C:\Users\customer\Downloads\FixZeroAccess (3).exe
2012-09-25 20:12 - 2012-09-25 20:12 - 01805736 ____A (Symantec Corporation) C:\Users\customer\Downloads\FixZeroAccess (2).exe
2012-09-25 19:47 - 2012-09-25 19:48 - 00347424 ____A (Microsoft Corporation) C:\Users\customer\Downloads\MicrosoftFixit.wu.LB.132272061515183754.2.1.Run.exe
2012-09-25 19:31 - 2012-09-25 19:31 - 00868683 ____A C:\Users\customer\AppData\Local\census.cache
2012-09-25 19:31 - 2012-09-25 19:31 - 00115627 ____A C:\Users\customer\AppData\Local\ars.cache
2012-09-25 19:19 - 2012-09-25 19:19 - 00000036 ____A C:\Users\customer\AppData\Local\housecall.guid.cache
2012-09-25 19:12 - 2012-09-25 19:13 - 01805736 ____A (Symantec Corporation) C:\Users\customer\Downloads\FixZeroAccess (1).exe
2012-09-25 19:11 - 2012-09-25 19:11 - 00894952 ____A (Oracle Corporation) C:\Users\customer\Downloads\chromeinstall-7u7.exe
2012-09-25 19:02 - 2012-09-25 19:02 - 00001390 ____A C:\Users\customer\Desktop\RKreport[4].txt
2012-09-25 18:59 - 2012-09-25 18:59 - 00001588 ____A C:\Users\customer\Desktop\RKreport[2].txt
2012-09-25 18:59 - 2012-09-25 18:59 - 00001273 ____A C:\Users\customer\Desktop\RKreport[3].txt
2012-09-25 18:58 - 2012-09-25 18:58 - 00001620 ____A C:\Users\customer\Desktop\RKreport[1].txt
2012-09-25 18:57 - 2012-09-25 18:59 - 00000000 ____D C:\Users\customer\Desktop\RK_Quarantine
2012-09-25 18:37 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe
2012-09-25 18:37 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe
2012-09-25 18:37 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-09-25 18:37 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-09-25 18:37 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-09-25 18:37 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe
2012-09-25 18:37 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe
2012-09-25 18:37 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe
2012-09-25 18:36 - 2012-09-25 18:36 - 00000000 ____D C:\Users\customer\AppData\Roaming\Windows Live Writer
2012-09-25 18:36 - 2012-09-25 18:36 - 00000000 ____D C:\Users\customer\AppData\Local\Windows Live Writer
2012-09-25 18:35 - 2012-09-25 20:38 - 00000000 ____D C:\Qoobox
2012-09-25 18:32 - 2012-09-25 18:32 - 04757278 ____R (Swearware) C:\Users\customer\Downloads\ComboFix.exe
2012-09-25 18:24 - 2012-09-26 08:50 - 00000000 ____D C:\Users\customer\Desktop\test
2012-09-25 17:48 - 2012-09-25 17:50 - 08864168 ____A (SurfRight B.V.) C:\Users\customer\Downloads\HitmanPro36_x64 (1).exe
2012-09-25 15:19 - 2012-08-22 10:12 - 01913200 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-09-25 15:19 - 2012-08-22 10:12 - 00950128 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys
2012-09-25 15:19 - 2012-08-22 10:12 - 00376688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys
2012-09-25 15:19 - 2012-08-22 10:12 - 00288624 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS
2012-09-25 15:19 - 2012-08-21 13:01 - 00245760 ____A (Microsoft Corporation) C:\Windows\System32\OxpsConverter.exe
2012-09-25 15:19 - 2012-07-04 12:26 - 00041472 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\RNDISMP.sys
2012-09-24 04:42 - 2008-05-07 21:03 - 00303616 ____A ( ) C:\SetACL.exe
2012-09-24 04:26 - 2012-09-24 04:26 - 00000207 ____A C:\Windows\tweaking.com-regbackup-JOHNHOCHWALT-Microsoft-Windows-7-Professional-(64-bit).dat
2012-09-24 04:26 - 2004-06-11 15:33 - 00290304 ____A (Microsoft Corporation) C:\subinacl.exe
2012-09-24 04:24 - 2012-09-24 04:24 - 00000000 ____D C:\RegBackup
2012-09-24 03:49 - 2012-09-24 04:53 - 00181064 ____A (Sysinternals) C:\Windows\PSEXESVC.EXE
2012-09-24 03:47 - 2012-09-24 03:47 - 05313275 ____A C:\Users\customer\Downloads\tweaking.com_windows_repair_aio_setup (2).exe
2012-09-24 03:44 - 2012-09-24 03:44 - 05313275 ____A C:\Users\customer\Downloads\tweaking.com_windows_repair_aio_setup (1).exe.nbkj0zq.partial
2012-09-24 03:42 - 2012-09-24 03:42 - 05313275 ____A C:\Users\customer\Downloads\tweaking.com_windows_repair_aio_setup.exe.7mbfqg6.partial
2012-09-24 03:41 - 2012-09-24 03:41 - 00012872 ____A (SurfRight B.V.) C:\Windows\System32\bootdelete.exe
2012-09-24 03:06 - 2012-09-24 05:07 - 00000000 ____D C:\Program Files\HitmanPro
2012-09-24 03:06 - 2012-09-24 03:41 - 00000000 ____D C:\Users\All Users\HitmanPro
2012-09-24 03:05 - 2012-09-24 03:05 - 08864168 ____A (SurfRight B.V.) C:\Users\customer\Downloads\HitmanPro36_x64.exe
2012-09-23 20:07 - 2012-09-23 20:07 - 02322184 ____A (ESET) C:\Users\customer\Downloads\esetsmartinstaller_enu.exe
2012-09-23 19:45 - 2012-09-23 19:45 - 00000000 ____D C:\Users\All Users\Kaspersky Lab
2012-09-23 19:37 - 2012-09-23 19:43 - 136705456 ____A C:\Users\customer\Downloads\setup_11.0.0.1245.x01_2012_09_24_06_50.exe
2012-09-23 19:06 - 2012-09-23 19:06 - 04009167 ____A C:\Users\customer\Downloads\ServicesRepair.exe
2012-09-23 19:02 - 2012-09-23 19:02 - 02033481 ____A C:\Users\customer\Downloads\EZ_Sirefix.exe
2012-09-23 19:02 - 2012-09-23 19:02 - 00000000 ____D C:\Users\Public\Desktop\CC Support
2012-09-23 18:35 - 2012-09-23 18:52 - 00000000 ____D C:\Windows\erdnt
2012-09-23 18:24 - 2012-09-25 20:13 - 00027256 ____A (Symantec Corporation) C:\Windows\System32\Drivers\FixZeroAccess.sys
2012-09-23 18:24 - 2012-09-23 18:24 - 01805736 ____A (Symantec Corporation) C:\Users\customer\Downloads\FixZeroAccess.exe
2012-09-23 15:31 - 2012-09-23 15:31 - 00000000 ____D C:\Users\customer\AppData\Roaming\Malwarebytes
2012-09-23 15:31 - 2012-09-23 15:31 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-09-23 15:31 - 2012-09-23 15:31 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-09-23 15:31 - 2012-09-07 13:04 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-09-23 15:28 - 2012-09-23 15:28 - 00000000 ____D C:\Windows\System32\SPReview
2012-09-23 15:27 - 2012-09-23 15:27 - 00000000 ____D C:\Windows\System32\EventProviders
2012-09-23 15:20 - 2012-09-25 20:40 - 00001945 ____A C:\Windows\epplauncher.mif
2012-09-23 15:09 - 2012-09-25 20:40 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-09-23 15:09 - 2012-09-25 20:40 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-09-23 15:09 - 2012-09-24 04:45 - 00005392 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-09-23 14:54 - 2012-09-23 14:54 - 12621696 ____A (Microsoft Corporation) C:\Users\customer\Downloads\mseinstall.exe
2012-09-23 14:18 - 2012-09-23 14:18 - 00000000 ____D C:\Users\customer\AppData\Local\CrashDumps
2012-09-21 23:01 - 2012-08-24 03:15 - 17810944 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-09-21 23:01 - 2012-08-24 02:39 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-09-21 23:01 - 2012-08-24 02:31 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-09-21 23:01 - 2012-08-24 02:22 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-09-21 23:01 - 2012-08-24 02:21 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-09-21 23:01 - 2012-08-24 02:20 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-09-21 23:01 - 2012-08-24 02:18 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-09-21 23:01 - 2012-08-24 02:17 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-09-21 23:01 - 2012-08-24 02:14 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-09-21 23:01 - 2012-08-24 02:14 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-09-21 23:01 - 2012-08-24 02:13 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-09-21 23:01 - 2012-08-24 02:12 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-09-21 23:01 - 2012-08-24 02:11 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-09-21 23:01 - 2012-08-24 02:10 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-09-21 23:01 - 2012-08-24 02:09 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-09-21 23:01 - 2012-08-24 02:04 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-09-21 23:01 - 2012-08-23 23:27 - 12319744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-09-21 23:01 - 2012-08-23 23:03 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-09-21 23:01 - 2012-08-23 22:59 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-09-21 23:01 - 2012-08-23 22:51 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-09-21 23:01 - 2012-08-23 22:51 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-09-21 23:01 - 2012-08-23 22:51 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-09-21 23:01 - 2012-08-23 22:49 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-09-21 23:01 - 2012-08-23 22:48 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-09-21 23:01 - 2012-08-23 22:47 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-09-21 23:01 - 2012-08-23 22:47 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-09-21 23:01 - 2012-08-23 22:47 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-09-21 23:01 - 2012-08-23 22:45 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-09-21 23:01 - 2012-08-23 22:44 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-09-21 23:01 - 2012-08-23 22:44 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-09-21 23:01 - 2012-08-23 22:43 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-09-21 23:01 - 2012-08-23 22:40 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-09-21 13:24 - 2012-09-21 13:24 - 00001790 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-09-21 13:24 - 2012-08-21 09:01 - 00033240 ____A (GEAR Software Inc.) C:\Windows\System32\Drivers\GEARAspiWDM.sys
2012-09-21 13:23 - 2012-09-21 13:24 - 00000000 ____D C:\Users\All Users\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-09-21 13:23 - 2012-09-21 13:24 - 00000000 ____D C:\Program Files\iTunes
2012-09-21 13:23 - 2012-09-21 13:23 - 00000000 ____D C:\Program Files\iPod
2012-09-18 07:20 - 2012-09-18 07:20 - 04987069 ____A C:\Users\customer\Downloads\IMG_8402.MOV
2012-09-13 23:04 - 2012-09-13 23:04 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2012-09-13 05:55 - 2012-08-02 09:58 - 00574464 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2012-09-13 05:55 - 2012-08-02 08:57 - 00490496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2012-09-09 14:05 - 2012-09-09 14:05 - 08056864 ____A C:\Users\customer\Downloads\Reetu's Birthday 2012.zip
2012-09-03 07:56 - 2012-09-03 07:57 - 14452511 ____A C:\Users\customer\Downloads\Holden Beach 2012 (part 1).zip
2012-09-03 07:53 - 2012-09-03 07:54 - 09214868 ____A C:\Users\customer\Downloads\Las Vegas 2012.zip
2012-09-03 06:41 - 2012-09-03 06:41 - 00000000 ____D C:\Users\customer\AppData\Roaming\AVG2012
2012-09-03 06:34 - 2012-09-11 05:45 - 00000972 ____A C:\Users\Public\Desktop\AVG 2012.lnk
2012-09-03 06:34 - 2012-09-03 06:34 - 00000000 ____D C:\Users\customer\AppData\Local\AVG Secure Search
2012-09-03 06:34 - 2012-09-03 06:34 - 00000000 ____D C:\Users\All Users\AVG Secure Search
2012-09-03 06:33 - 2012-09-03 06:34 - 00000000 ____D C:\Program Files (x86)\AVG Secure Search
2012-09-03 06:33 - 2012-09-03 06:33 - 00031080 ____A (AVG Technologies) C:\Windows\System32\Drivers\avgtpx64.sys
2012-09-03 06:31 - 2012-09-26 05:42 - 00000000 ____D C:\Windows\System32\Drivers\AVG
2012-09-03 06:31 - 2012-09-03 06:50 - 00000000 ____D C:\Users\All Users\AVG2012
2012-09-03 06:31 - 2012-09-03 06:31 - 00000000 ____D C:\Windows\SysWOW64\Drivers\AVG
2012-09-03 06:31 - 2012-09-03 06:31 - 00000000 ____D C:\$AVG
2012-09-03 06:29 - 2012-09-03 06:29 - 00000000 ____D C:\Program Files (x86)\AVG
2012-09-03 06:17 - 2012-09-26 05:42 - 00000000 ____D C:\Users\All Users\MFAData
2012-09-03 06:11 - 2012-09-03 06:12 - 16409960 ____A (Safer Networking Limited ) C:\Users\customer\Downloads\spybotsd162.exe
2012-09-03 05:57 - 2012-09-03 05:57 - 00920512 ____A C:\Users\customer\Downloads\Norton_Removal_Tool.exe
2012-08-30 18:03 - 2012-08-30 18:03 - 00228768 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\MpFilter.sys

==================== 3 Months Modified Files ==================

2012-09-27 13:12 - 2009-07-13 20:45 - 00015072 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-09-27 13:12 - 2009-07-13 20:45 - 00015072 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-09-27 13:11 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-09-27 13:11 - 2009-07-13 20:51 - 00097777 ____A C:\Windows\setupact.log
2012-09-26 11:59 - 2010-02-22 08:22 - 01753942 ____A C:\Windows\WindowsUpdate.log
2012-09-26 11:44 - 2010-08-13 23:58 - 00000920 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2390954311-317396011-2047375762-1000UA.job
2012-09-26 08:48 - 2012-09-26 08:48 - 00607260 ____R (Swearware) C:\Users\customer\Downloads\dds.com
2012-09-26 08:48 - 2012-09-26 08:48 - 00000478 ____A C:\Users\customer\Downloads\defogger_disable.log
2012-09-26 08:48 - 2012-09-26 08:48 - 00000000 ____A C:\Users\customer\defogger_reenable
2012-09-26 08:47 - 2012-09-26 08:47 - 00050477 ____A C:\Users\customer\Downloads\Defogger.exe
2012-09-26 08:35 - 2012-09-26 08:34 - 19620864 ____A (Luis Cobian, CobianSoft) C:\Users\customer\Downloads\cbSetup.exe
2012-09-26 08:34 - 2009-07-13 21:13 - 00005168 ____A C:\Windows\System32\PerfStringBackup.INI
2012-09-25 20:40 - 2012-09-23 15:20 - 00001945 ____A C:\Windows\epplauncher.mif
2012-09-25 20:38 - 2012-09-25 20:38 - 00021652 ____A C:\ComboFix.txt
2012-09-25 20:33 - 2009-07-13 18:34 - 00000215 ____A C:\Windows\system.ini
2012-09-25 20:32 - 2009-10-27 00:20 - 00348754 ____A C:\Windows\PFRO.log
2012-09-25 20:19 - 2012-09-25 20:19 - 00114136 ____A C:\Windows\System32\GDIPFONTCACHEV1.DAT
2012-09-25 20:19 - 2012-09-25 20:19 - 00008224 ____A C:\Users\NewAdmin\AppData\Local\GDIPFONTCACHEV1.DAT
2012-09-25 20:16 - 2012-09-25 20:16 - 00000020 __ASH C:\Users\NewAdmin\ntuser.ini
2012-09-25 20:13 - 2012-09-23 18:24 - 00027256 ____A (Symantec Corporation) C:\Windows\System32\Drivers\FixZeroAccess.sys
2012-09-25 20:12 - 2012-09-25 20:12 - 01805736 ____A (Symantec Corporation) C:\Users\customer\Downloads\FixZeroAccess (3).exe
2012-09-25 20:12 - 2012-09-25 20:12 - 01805736 ____A (Symantec Corporation) C:\Users\customer\Downloads\FixZeroAccess (2).exe
2012-09-25 19:48 - 2012-09-25 19:47 - 00347424 ____A (Microsoft Corporation) C:\Users\customer\Downloads\MicrosoftFixit.wu.LB.132272061515183754.2.1.Run.exe
2012-09-25 19:31 - 2012-09-25 19:31 - 00868683 ____A C:\Users\customer\AppData\Local\census.cache
2012-09-25 19:31 - 2012-09-25 19:31 - 00115627 ____A C:\Users\customer\AppData\Local\ars.cache
2012-09-25 19:19 - 2012-09-25 19:19 - 00000036 ____A C:\Users\customer\AppData\Local\housecall.guid.cache
2012-09-25 19:13 - 2012-09-25 19:12 - 01805736 ____A (Symantec Corporation) C:\Users\customer\Downloads\FixZeroAccess (1).exe
2012-09-25 19:11 - 2012-09-25 19:11 - 00894952 ____A (Oracle Corporation) C:\Users\customer\Downloads\chromeinstall-7u7.exe
2012-09-25 19:02 - 2012-09-25 19:02 - 00001390 ____A C:\Users\customer\Desktop\RKreport[4].txt
2012-09-25 18:59 - 2012-09-25 18:59 - 00001588 ____A C:\Users\customer\Desktop\RKreport[2].txt
2012-09-25 18:59 - 2012-09-25 18:59 - 00001273 ____A C:\Users\customer\Desktop\RKreport[3].txt
2012-09-25 18:58 - 2012-09-25 18:58 - 00001620 ____A C:\Users\customer\Desktop\RKreport[1].txt
2012-09-25 18:32 - 2012-09-25 18:32 - 04757278 ____R (Swearware) C:\Users\customer\Downloads\ComboFix.exe
2012-09-25 17:50 - 2012-09-25 17:48 - 08864168 ____A (SurfRight B.V.) C:\Users\customer\Downloads\HitmanPro36_x64 (1).exe
2012-09-25 14:44 - 2010-08-13 23:58 - 00000868 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2390954311-317396011-2047375762-1000Core.job
2012-09-24 04:56 - 2010-08-05 03:54 - 00114136 ____A C:\Users\customer\AppData\Local\GDIPFONTCACHEV1.DAT
2012-09-24 04:56 - 2009-07-13 20:45 - 00432720 ____A C:\Windows\System32\FNTCACHE.DAT
2012-09-24 04:53 - 2012-09-24 03:49 - 00181064 ____A (Sysinternals) C:\Windows\PSEXESVC.EXE
2012-09-24 04:45 - 2012-09-23 15:09 - 00005392 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-09-24 04:26 - 2012-09-24 04:26 - 00000207 ____A C:\Windows\tweaking.com-regbackup-JOHNHOCHWALT-Microsoft-Windows-7-Professional-(64-bit).dat
2012-09-24 03:47 - 2012-09-24 03:47 - 05313275 ____A C:\Users\customer\Downloads\tweaking.com_windows_repair_aio_setup (2).exe
2012-09-24 03:44 - 2012-09-24 03:44 - 05313275 ____A C:\Users\customer\Downloads\tweaking.com_windows_repair_aio_setup (1).exe.nbkj0zq.partial
2012-09-24 03:42 - 2012-09-24 03:42 - 05313275 ____A C:\Users\customer\Downloads\tweaking.com_windows_repair_aio_setup.exe.7mbfqg6.partial
2012-09-24 03:41 - 2012-09-24 03:41 - 00012872 ____A (SurfRight B.V.) C:\Windows\System32\bootdelete.exe
2012-09-24 03:05 - 2012-09-24 03:05 - 08864168 ____A (SurfRight B.V.) C:\Users\customer\Downloads\HitmanPro36_x64.exe
2012-09-23 20:07 - 2012-09-23 20:07 - 02322184 ____A (ESET) C:\Users\customer\Downloads\esetsmartinstaller_enu.exe
2012-09-23 19:43 - 2012-09-23 19:37 - 136705456 ____A C:\Users\customer\Downloads\setup_11.0.0.1245.x01_2012_09_24_06_50.exe
2012-09-23 19:06 - 2012-09-23 19:06 - 04009167 ____A C:\Users\customer\Downloads\ServicesRepair.exe
2012-09-23 19:02 - 2012-09-23 19:02 - 02033481 ____A C:\Users\customer\Downloads\EZ_Sirefix.exe
2012-09-23 18:48 - 2012-08-18 08:23 - 00000027 ____A C:\Windows\System32\Drivers\etc\hosts_bak_781
2012-09-23 18:24 - 2012-09-23 18:24 - 01805736 ____A (Symantec Corporation) C:\Users\customer\Downloads\FixZeroAccess.exe
2012-09-23 15:47 - 2009-07-13 18:36 - 00175616 ____A (Microsoft Corporation) C:\Windows\System32\msclmd.dll
2012-09-23 15:47 - 2009-07-13 18:36 - 00152576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msclmd.dll
2012-09-23 14:54 - 2012-09-23 14:54 - 12621696 ____A (Microsoft Corporation) C:\Users\customer\Downloads\mseinstall.exe
2012-09-21 13:24 - 2012-09-21 13:24 - 00001790 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-09-18 07:20 - 2012-09-18 07:20 - 04987069 ____A C:\Users\customer\Downloads\IMG_8402.MOV
2012-09-13 23:01 - 2010-08-14 17:15 - 64462936 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-09-11 05:45 - 2012-09-03 06:34 - 00000972 ____A C:\Users\Public\Desktop\AVG 2012.lnk
2012-09-09 14:05 - 2012-09-09 14:05 - 08056864 ____A C:\Users\customer\Downloads\Reetu's Birthday 2012.zip
2012-09-07 13:04 - 2012-09-23 15:31 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-09-03 07:57 - 2012-09-03 07:56 - 14452511 ____A C:\Users\customer\Downloads\Holden Beach 2012 (part 1).zip
2012-09-03 07:54 - 2012-09-03 07:53 - 09214868 ____A C:\Users\customer\Downloads\Las Vegas 2012.zip
2012-09-03 06:33 - 2012-09-03 06:33 - 00031080 ____A (AVG Technologies) C:\Windows\System32\Drivers\avgtpx64.sys
2012-09-03 06:12 - 2012-09-03 06:11 - 16409960 ____A (Safer Networking Limited ) C:\Users\customer\Downloads\spybotsd162.exe
2012-09-03 05:57 - 2012-09-03 05:57 - 00920512 ____A C:\Users\customer\Downloads\Norton_Removal_Tool.exe
2012-09-03 05:33 - 2010-08-13 23:58 - 00002433 ____A C:\Users\customer\Desktop\Google Chrome.lnk
2012-08-30 18:03 - 2012-08-30 18:03 - 00228768 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\MpFilter.sys
2012-08-30 18:03 - 2012-03-20 16:44 - 00128456 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\NisDrvWFP.sys
2012-08-27 05:55 - 2012-08-27 05:54 - 00274896 ____A C:\Windows\Minidump\082712-48609-01.dmp
2012-08-27 05:54 - 2010-08-14 08:09 - 789651029 ____A C:\Windows\MEMORY.DMP
2012-08-26 13:16 - 2012-08-26 13:16 - 00002432 ____A C:\{186D4AA2-63B6-4236-A25D-682BBEFBA39F}
2012-08-26 13:15 - 2012-08-26 13:15 - 00002448 ____A C:\{EFDAD0EA-34F8-406E-8EBA-D60E5F3F131A}
2012-08-26 12:40 - 2012-08-26 12:40 - 00002568 ____A C:\{B4FF8220-A079-4362-8B7D-094B36D5330F}
2012-08-24 11:43 - 2012-08-24 11:43 - 00384352 ____A (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgtdia.sys
2012-08-24 03:15 - 2012-09-21 23:01 - 17810944 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-08-24 02:39 - 2012-09-21 23:01 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-08-24 02:31 - 2012-09-21 23:01 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-08-24 02:22 - 2012-09-21 23:01 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-08-24 02:21 - 2012-09-21 23:01 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-08-24 02:20 - 2012-09-21 23:01 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-08-24 02:18 - 2012-09-21 23:01 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-08-24 02:17 - 2012-09-21 23:01 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-08-24 02:14 - 2012-09-21 23:01 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-08-24 02:14 - 2012-09-21 23:01 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-08-24 02:13 - 2012-09-21 23:01 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-08-24 02:12 - 2012-09-21 23:01 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-08-24 02:11 - 2012-09-21 23:01 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-08-24 02:10 - 2012-09-21 23:01 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-08-24 02:09 - 2012-09-21 23:01 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-08-24 02:04 - 2012-09-21 23:01 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-08-23 23:27 - 2012-09-21 23:01 - 12319744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-08-23 23:03 - 2012-09-21 23:01 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-08-23 22:59 - 2012-09-21 23:01 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-08-23 22:51 - 2012-09-21 23:01 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-08-23 22:51 - 2012-09-21 23:01 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-08-23 22:51 - 2012-09-21 23:01 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-08-23 22:49 - 2012-09-21 23:01 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-08-23 22:48 - 2012-09-21 23:01 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-08-23 22:47 - 2012-09-21 23:01 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-08-23 22:47 - 2012-09-21 23:01 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-08-23 22:47 - 2012-09-21 23:01 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-08-23 22:45 - 2012-09-21 23:01 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-08-23 22:44 - 2012-09-21 23:01 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-08-23 22:44 - 2012-09-21 23:01 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-08-23 22:43 - 2012-09-21 23:01 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-08-23 22:40 - 2012-09-21 23:01 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-08-22 10:12 - 2012-09-25 15:19 - 01913200 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-08-22 10:12 - 2012-09-25 15:19 - 00950128 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys
2012-08-22 10:12 - 2012-09-25 15:19 - 00376688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys
2012-08-22 10:12 - 2012-09-25 15:19 - 00288624 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS
2012-08-21 13:01 - 2012-09-25 15:19 - 00245760 ____A (Microsoft Corporation) C:\Windows\System32\OxpsConverter.exe
2012-08-21 09:01 - 2012-09-21 13:24 - 00033240 ____A (GEAR Software Inc.) C:\Windows\System32\Drivers\GEARAspiWDM.sys
2012-08-21 09:01 - 2010-08-14 00:30 - 00125872 ____A (GEAR Software Inc.) C:\Windows\System32\GEARAspi64.dll
2012-08-21 09:01 - 2010-08-14 00:30 - 00106928 ____A (GEAR Software Inc.) C:\Windows\SysWOW64\GEARAspi.dll
2012-08-18 08:23 - 2012-08-18 08:23 - 00443281 ___RA C:\Windows\System32\Drivers\etc\hosts.20120818-123705.backup
2012-08-18 05:24 - 2012-08-18 05:24 - 00000010 ____A C:\Users\customer\Desktop\FileSharingPassword.txt
2012-08-18 05:20 - 2012-08-18 05:20 - 00003584 ____A C:\Users\customer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-08-02 09:58 - 2012-09-13 05:55 - 00574464 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2012-08-02 08:57 - 2012-09-13 05:55 - 00490496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2012-07-30 04:28 - 2012-07-30 04:12 - 388117165 ____A C:\Users\customer\Downloads\Personal.zip
2012-07-30 03:21 - 2012-07-30 03:20 - 19411010 ____A C:\Users\customer\Downloads\Pictures.zip
2012-07-29 23:06 - 2009-07-13 18:34 - 00000478 ____A C:\Windows\win.ini
2012-07-29 08:34 - 2012-07-29 08:34 - 00000138 ____A C:\Users\customer\Downloads\Objectives.zip
2012-07-29 08:10 - 2012-07-29 08:10 - 00026078 ____A C:\Users\customer\Downloads\technicalresumeandcoverletter.zip
2012-07-25 23:21 - 2012-07-25 23:21 - 00291680 ____A (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgldx64.sys
2012-07-18 10:15 - 2012-08-15 05:31 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-09 09:42 - 2012-07-09 09:42 - 04547984 ____A (Apple, Inc.) C:\Windows\System32\usbaaplrc.dll
2012-07-09 09:42 - 2012-07-09 09:42 - 00052736 ____A (Apple, Inc.) C:\Windows\System32\Drivers\usbaapl64.sys
2012-07-04 14:16 - 2012-08-15 05:32 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll
2012-07-04 14:13 - 2012-08-15 05:32 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll
2012-07-04 14:13 - 2012-08-15 05:32 - 00059392 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll
2012-07-04 13:16 - 2012-08-15 05:32 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll
2012-07-04 13:14 - 2012-08-15 05:32 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll
2012-07-04 12:26 - 2012-09-25 15:19 - 00041472 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\RNDISMP.sys
2012-07-04 07:44 - 2012-07-04 07:44 - 00868094 ____A C:\Users\customer\Desktop\Womenswear - Blazer and Pant Styles.pptx

==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-09-23 15:28:42
Restore point made on: 2012-09-23 23:00:41
Restore point made on: 2012-09-24 04:21:57
Restore point made on: 2012-09-24 04:25:10
Restore point made on: 2012-09-25 19:12:46
Restore point made on: 2012-09-25 20:03:55
Restore point made on: 2012-09-25 20:39:18
Restore point made on: 2012-09-26 08:43:04

==================== Memory info ===========================

Percentage of memory in use: 14%
Total physical RAM: 5887.3 MB
Available physical RAM: 5056.11 MB
Total Pagefile: 5885.45 MB
Available Pagefile: 5049.2 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

==================== Partitions =============================

1 Drive c: (Gateway) (Fixed) (Total:915.41 GB) (Free:738.58 GB) NTFS
2 Drive d: () (Removable) (Total:3.74 GB) (Free:3.74 GB) FAT32
3 Drive f: (PQSERVICE) (Fixed) (Total:16 GB) (Free:6.06 GB) NTFS
10 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
11 Drive y: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 931 GB 0 B
Disk 1 Online 3835 MB 0 B
Disk 2 No Media 0 B 0 B
Disk 3 No Media 0 B 0 B
Disk 4 No Media 0 B 0 B
Disk 5 No Media 0 B 0 B
Disk 6 No Media 0 B 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Recovery 16 GB 1024 KB
Partition 2 Primary 100 MB 16 GB
Partition 3 Primary 915 GB 16 GB

==================================================================================

Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F PQSERVICE NTFS Partition 16 GB Healthy Hidden

=========================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y SYSTEM RESE NTFS Partition 100 MB Healthy

=========================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C Gateway NTFS Partition 915 GB Healthy

=========================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3827 MB 19 KB

==================================================================================

Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 D FAT32 Removable 3827 MB Healthy

=========================================================

Last Boot: 2012-09-26 04:07

==================== End Of Log =============================

#8 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:09:04 AM

Posted 28 September 2012 - 02:19 PM

Good evening. :)

Take a trip to this webpage for download links and instructions for running Combofix by sUBs: http://www.bleepingcomputer.com/combofix/how-to-use-combofix *

  • When prompted to save Combofix, change the filename BEFORE saving it - any name will do, as long as it has .exe at the end.
  • Please be aware that this tool may require the PC to be rebooted so close any programs you have open before you start.
  • When CF has finished, it will produce a log - C:\ComboFix.txt - copy and paste
  • Let me know how the PC is behaving.
* There are two points to note from the instructions page:

1) The Recovery Console.

It is recommended that you install this as, in certain circumstances, it may be the difference between a successful repair and a reformat. If you are uncertain as to whether or not you already have the Recovery Console installed, simply run CF and it will prompt you if it does not detect it.
CF will complete some, but not all, of it's removal tasks without the installation of the Console, so you are free to choose whether you want to complete this step, but it is in your interests to do so.

2) Disabling your Anti-Virus.

CF has been the victim of false-positive detections on occasion and a resident AV may incorrectly identify and delete part of the tool which won't do it much good. If you don't disable your AV, you may not get the results you hoped for!

So long, and thanks for all the fish.

 

 


#9 jmhhoch

jmhhoch
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:04 AM

Posted 28 September 2012 - 02:52 PM

Hello,
Thank you for the help. So far, the computer is acting somewhat normal. The internet has not disconnected in 10 minutes. However, I haven't really been using it and just keeping it shut down until we are either able to fix the issue or otherwise reformat it. Below is the log results from CF:


ComboFix 12-09-27.03 - customer 09/28/2012 15:39:58.4.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.5887.4012 [GMT -4:00]
Running from: c:\users\customer\Desktop\AppFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-08-28 to 2012-09-28 )))))))))))))))))))))))))))))))
.
.
2012-09-28 19:47 . 2012-09-28 19:47 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-28 01:14 . 2012-09-28 01:14 -------- d-----w- C:\FRST
2012-09-26 16:36 . 2012-09-26 16:36 -------- d-----w- c:\program files (x86)\Cobian Backup 11
2012-09-26 04:16 . 2012-09-26 04:18 -------- d-----w- c:\users\NewAdmin
2012-09-26 04:07 . 2012-08-30 04:27 9308616 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F77A9797-57EC-4A3C-9F23-C66F0A043E99}\mpengine.dll
2012-09-26 04:06 . 2012-08-30 04:27 9308616 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-09-26 03:55 . 2012-09-26 03:55 -------- d-----w- c:\users\customer\AppData\Local\ElevatedDiagnostics
2012-09-26 02:36 . 2012-09-26 02:36 -------- d-----w- c:\users\customer\AppData\Local\Windows Live Writer
2012-09-26 02:36 . 2012-09-26 02:36 -------- d-----w- c:\users\customer\AppData\Roaming\Windows Live Writer
2012-09-25 23:19 . 2012-08-22 18:12 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-09-25 23:19 . 2012-08-22 18:12 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-09-25 23:19 . 2012-07-04 20:26 41472 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2012-09-25 23:19 . 2012-08-22 18:12 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-09-25 23:19 . 2012-08-22 18:12 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-09-25 23:19 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-09-24 12:45 . 2012-09-24 12:45 -------- d-----w- c:\windows\SysWow64\wbem\Performance
2012-09-24 12:42 . 2008-05-08 05:03 303616 ----a-w- C:\SetACL.exe
2012-09-24 12:26 . 2004-06-11 23:33 290304 ----a-w- C:\subinacl.exe
2012-09-24 12:24 . 2012-09-24 12:24 -------- d-----w- C:\RegBackup
2012-09-24 11:49 . 2012-09-24 12:53 181064 ----a-w- c:\windows\PSEXESVC.EXE
2012-09-24 11:48 . 2012-09-24 12:51 -------- d-----w- C:\Tweaking.com_Windows_Repair_Logs
2012-09-24 11:41 . 2012-09-24 11:41 12872 ----a-w- c:\windows\system32\bootdelete.exe
2012-09-24 11:06 . 2012-09-24 13:07 -------- d-----w- c:\program files\HitmanPro
2012-09-24 11:06 . 2012-09-24 11:41 -------- d-----w- c:\programdata\HitmanPro
2012-09-24 03:45 . 2012-09-24 03:45 -------- d-----w- c:\programdata\Kaspersky Lab
2012-09-24 02:24 . 2012-09-26 04:13 27256 ----a-w- c:\windows\system32\drivers\FixZeroAccess.sys
2012-09-23 23:31 . 2012-09-23 23:31 -------- d-----w- c:\users\customer\AppData\Roaming\Malwarebytes
2012-09-23 23:31 . 2012-09-23 23:31 -------- d-----w- c:\programdata\Malwarebytes
2012-09-23 23:31 . 2012-09-23 23:31 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-09-23 23:31 . 2012-09-07 21:04 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-23 23:28 . 2012-09-23 23:28 -------- d-----w- c:\windows\system32\SPReview
2012-09-23 23:27 . 2012-09-23 23:27 -------- d-----w- c:\windows\system32\EventProviders
2012-09-23 23:14 . 2012-09-23 23:14 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2BDE06FD-C61C-4172-A253-526837962227}\gapaengine.dll
2012-09-23 23:09 . 2012-09-26 04:40 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-09-23 23:09 . 2012-09-26 04:40 -------- d-----w- c:\program files\Microsoft Security Client
2012-09-23 22:18 . 2012-09-23 22:18 -------- d-----w- c:\users\customer\AppData\Local\CrashDumps
2012-09-21 21:24 . 2012-08-21 17:01 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-09-21 21:23 . 2012-09-21 21:24 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-09-21 21:23 . 2012-09-21 21:24 -------- d-----w- c:\program files\iTunes
2012-09-21 21:23 . 2012-09-21 21:23 -------- d-----w- c:\program files\iPod
2012-09-14 07:04 . 2012-09-14 07:04 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-09-14 07:01 . 2012-09-14 07:01 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-09-13 13:55 . 2012-08-02 17:58 574464 ----a-w- c:\windows\system32\d3d10level9.dll
2012-09-13 13:55 . 2012-08-02 16:57 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2012-09-03 14:41 . 2012-09-03 14:41 -------- d-----w- c:\users\customer\AppData\Roaming\AVG2012
2012-09-03 14:34 . 2012-09-03 14:34 -------- d-----w- c:\users\customer\AppData\Local\AVG Secure Search
2012-09-03 14:34 . 2012-09-03 14:34 -------- d-----w- c:\programdata\AVG Secure Search
2012-09-03 14:33 . 2012-09-03 14:33 31080 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2012-09-03 14:33 . 2012-09-03 14:33 -------- d-----w- c:\program files (x86)\Common Files\AVG Secure Search
2012-09-03 14:33 . 2012-09-03 14:34 -------- d-----w- c:\program files (x86)\AVG Secure Search
2012-09-03 14:31 . 2012-09-03 14:31 -------- d-----w- c:\windows\SysWow64\drivers\AVG
2012-09-03 14:31 . 2012-09-28 19:35 -------- d-----w- c:\windows\system32\drivers\AVG
2012-09-03 14:31 . 2012-09-03 14:50 -------- d-----w- c:\programdata\AVG2012
2012-09-03 14:31 . 2012-09-03 14:31 -------- d-----w- C:\$AVG
2012-09-03 14:29 . 2012-09-03 14:29 -------- d-----w- c:\program files (x86)\AVG
2012-09-03 14:17 . 2012-09-28 19:35 -------- d-----w- c:\programdata\MFAData
2012-09-03 14:17 . 2012-09-03 14:17 -------- d-----w- c:\programdata\Common Files
2012-08-31 02:03 . 2012-08-31 02:03 228768 ----a-w- c:\windows\system32\drivers\MpFilter.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-23 23:47 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-09-23 23:47 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2012-09-14 07:01 . 2010-08-15 01:15 64462936 ----a-w- c:\windows\system32\MRT.exe
2012-08-31 02:03 . 2012-03-21 00:44 128456 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-08-24 19:43 . 2012-08-24 19:43 384352 ----a-w- c:\windows\system32\drivers\avgtdia.sys
2012-08-21 17:01 . 2010-08-14 08:30 125872 ----a-w- c:\windows\system32\GEARAspi64.dll
2012-08-21 17:01 . 2010-08-14 08:30 106928 ----a-w- c:\windows\SysWow64\GEARAspi.dll
2012-07-26 07:21 . 2012-07-26 07:21 291680 ----a-w- c:\windows\system32\drivers\avgldx64.sys
2012-07-18 18:15 . 2012-08-15 13:31 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-09 17:42 . 2012-07-09 17:42 4547984 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-07-09 17:42 . 2012-07-09 17:42 52736 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
2012-07-04 22:16 . 2012-08-15 13:32 73216 ----a-w- c:\windows\system32\netapi32.dll
2012-07-04 22:13 . 2012-08-15 13:32 59392 ----a-w- c:\windows\system32\browcli.dll
2012-07-04 22:13 . 2012-08-15 13:32 136704 ----a-w- c:\windows\system32\browser.dll
2012-07-04 21:14 . 2012-08-15 13:32 41984 ----a-w- c:\windows\SysWow64\browcli.dll
2010-03-29 11:29 . 2010-09-17 14:41 3145728 ----a-w- c:\program files (x86)\Common Files\sapxlhelper.dll
2010-03-29 11:29 . 2010-09-17 14:41 626688 ----a-w- c:\program files (x86)\Common Files\sapconsaccess.dll
2010-03-29 11:29 . 2010-09-17 14:41 192512 ----a-w- c:\program files (x86)\Common Files\sapconsr3.dll
2010-03-29 11:29 . 2010-09-17 14:41 40960 ----a-w- c:\program files (x86)\Common Files\DigitalSignature.ocx
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-09-03 14:33 2045024 ----a-w- c:\program files (x86)\AVG Secure Search\12.2.0.5\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\12.2.0.5\AVG Secure Search_toolbar.dll" [2012-09-03 2045024]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\customer\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\customer\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\customer\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2012-08-29 59280]
"ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2012-09-10 59280]
"com.apple.dav.bookmarks.daemon"="c:\program files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe" [2012-09-05 59280]
"Akamai NetSession Interface"="c:\users\customer\AppData\Local\Akamai\netsession_win.exe" [2012-08-10 4440896]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" [2009-08-12 244480]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-02 98304]
"Gateway Photo Frame"="c:\program files (x86)\Gateway Photo Frame\ButtonMonitor.exe" [2009-07-20 124416]
"Hotkey Utility"="c:\program files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe" [2009-11-12 469536]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files (x86)\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-09-27 59240]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-12 640376]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-07-31 2596984]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-09-03 1162848]
"ROC_roc_ssl_v12"="c:\program files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" [2012-09-03 1020512]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776]
.
c:\users\customer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\customer\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\avgidsagent.exe [2012-08-13 5167736]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-07 676936]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 f5ipfw;F5 Networks StoneWall Filter;c:\windows\system32\drivers\urfltv64.sys [2010-01-25 18448]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-07 25928]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [2010-04-20 22528]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-31 128456]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-13 368896]
R3 SrvHsfPCI;SrvHsfPCI;c:\windows\system32\DRIVERS\VSTBS26.SYS [2009-06-10 411136]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-08-14 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-07-26 291680]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-08-24 384352]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2012-09-03 31080]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-07-02 203264]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 cbVSCService11;Cobian Backup 11 Volume Shadow Copy Requester;c:\program files (x86)\Cobian Backup 11\cbVSCService11.exe [2012-07-31 67584]
S2 Greg_Service;GRegService;c:\program files (x86)\Gateway\Registration\GregHSRW.exe [2009-08-28 1150496]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-07 399432]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe [2009-08-12 62208]
S2 Updater Service;Updater Service;c:\program files\Gateway\Gateway Updater\UpdaterService.exe [2009-07-04 240160]
S2 vToolbarUpdater12.2.0;vToolbarUpdater12.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.0\ToolbarUpdater.exe [2012-09-03 927840]
S2 yksvc;Marvell Yukon Service;c:\windows\System32\svchost.exe [2009-07-14 27136]
S3 AVer7231_x64;AVerMedia 7231 capture service;c:\windows\system32\DRIVERS\AVer7231_x64.sys [2009-08-24 1622528]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]
S3 OA002Afx;Provides a software interface to control audio effects of OA002 camera.;c:\windows\system32\Drivers\OA002Afx.sys [2007-06-08 219544]
S3 OA002Ufd;Creative Camera OA002 Upper Filter Driver;c:\windows\system32\DRIVERS\OA002Ufd.sys [2008-06-04 168864]
S3 OA002Vid;Creative Camera OA002 Function Driver;c:\windows\system32\DRIVERS\OA002Vid.sys [2008-08-01 306560]
S3 rtl819xp;Realtek RTL8190\RTL8192E 802.11n Wireless LAN (Mini-)PCI NIC NT Driver;c:\windows\system32\DRIVERS\rtl819xp.sys [2009-07-03 607232]
S3 urvpndrv;F5 Networks VPN Adapter;c:\windows\system32\DRIVERS\covpnv64.sys [2010-01-25 41232]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-15 393216]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2390954311-317396011-2047375762-1000Core.job
- c:\users\customer\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-14 07:58]
.
2012-09-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2390954311-317396011-2047375762-1000UA.job
- c:\users\customer\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-14 07:58]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\customer\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\customer\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\customer\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\customer\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-09-21 8115744]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 1289704]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\acaptuser64.dll
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.igoogle.com/
uLocal Page = c:\windows\system32\blank.htm
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=dx4300&r=173608109606p03c5vql5k4661527n
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append to existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert link target to existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
Trusted Zone: apple.com\gs
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.0\ViProtocol.dll
DPF: {FCADE536-93F5-4577-80A3-E7C32FAC4C7D} - hxxp://10.11.113.173/qcbin/Spider10.cab
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\shell32.dll
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
Completion time: 2012-09-28 15:49:00
ComboFix-quarantined-files.txt 2012-09-28 19:49
ComboFix2.txt 2012-09-26 04:38
ComboFix3.txt 2012-09-26 02:52
.
Pre-Run: 791,824,637,952 bytes free
Post-Run: 791,384,539,136 bytes free
.
- - End Of File - - 1975D2CC8862D2221A7DE40F91777E2C

#10 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:09:04 AM

Posted 29 September 2012 - 04:10 PM

Good evening. :)

Firstly you need to uninstall one of your anti-virus programs. The golden rule is that you only run one in real-time and you have both AVG Anti-Virus Free Edition 2012 and Microsoft Security Essentials installed. Once you've done that, and rebooted, take the PC for a spin and see how it behaves. Then pay a visit to the ESET Online Scanner.

  • Click the ESET Online Scanner button and a new window will open - you may need to maximise it.
  • Click the Run ESET Online Scanner button in the new window.
  • If you are using any other browser than IE, you will be prompted to download and run esetsmartinstaller_enu.exe and the scan will run from within the window that the executable opens.
  • Regardless of which browser you are using, you will be shown some terms and conditions and you will need to accept these to continue.
  • If you are running IE for this scan you will then be prompted to allow an ActiveX component to be downloaded, unless you already have it installed, and the scan will run inside IE.
  • When you see the Computer Scan Settings window, you will need to make the following changes:

    • UNCHECK Remove found threats - this is important.
    • Check Scan archives
    • Click on Advanced settings
    • Check Scan for potentially unsafe applications
  • Once ready, click Start to begin - not a surprise really!
  • The anti-virus definitions will now be downloaded, so don't forget to allow them through your firewall if prompted.
  • The above will take a little time, so now is a good time to fire up the kettle and open the biccies.
  • Once the scan has completed you will be shown the results - assuming that the scanner has found anything.
  • Click List of found threats and then Export to text file... and save the log somewhere convenient.
  • You can then close out the scanner - don't bother uninstalling it as you may need to use it again.
  • Please post the contents of this file in your next reply, or let me know that nothing was identified.

Will you also throw in a fresh DDS log and let me know how the PC is behaving.

So long, and thanks for all the fish.

 

 


#11 jmhhoch

jmhhoch
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:04 AM

Posted 30 September 2012 - 12:11 PM

Hello,
I ran the ESET online scanner. It scanned 229325 files and found 0 infected files. So, nothing there. I uninstalled the AVG antivirus software. I had installed Microsoft Security Essentials last week as I thought it was Microsoft's version of an adware/malware preventing software. I didn't realize it was a complete antivirus software on its own. After the reboot, the computer is behaving fine right now. It is currently staying connected to the internet without any issues.

I also ran DDS and below is the contents from the logfile:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by customer at 13:08:18 on 2012-09-30
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.5887.3638 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k yksvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe
C:\Windows\ehome\ehRecvr.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
C:\Users\customer\AppData\Local\Akamai\netsession_win.exe
C:\Users\customer\AppData\Local\Akamai\netsession_win.exe
C:\Users\customer\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe
C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe
C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe
C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Users\customer\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\customer\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\customer\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\customer\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\customer\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11c_ActiveX.exe
C:\Windows\system32\taskhost.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\taskmgr.exe
C:\Users\customer\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.igoogle.com/
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=dx4300&r=173608109606p03c5vql5k4661527n
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - C:\Program Files (x86)\TechSmith\SnagIt 8\SnagItBHO.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: SnagIt: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - C:\Program Files (x86)\TechSmith\SnagIt 8\SnagItIEAddin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
uRun: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
uRun: [com.apple.dav.bookmarks.daemon] C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
uRun: [Akamai NetSession Interface] "C:\Users\customer\AppData\Local\Akamai\netsession_win.exe"
mRun: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" -h -k
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Gateway Photo Frame] C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe -A
mRun: [Hotkey Utility] C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe
mRun: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
mRun: [ROC_roc_ssl_v12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\Users\customer\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\customer\AppData\Roaming\Dropbox\bin\Dropbox.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: Append to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert link target to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
Trusted Zone: apple.com\gs
DPF: {2BCDB465-81F9-41CB-832C-8037A4064446} - C:\Users\customer\AppData\Local\Temp\f5tmp\urxvpn.cab
DPF: {3605B612-C3CF-4AB4-A426-2D853391DB2E} - hxxp://10.11.113.173/qcbin/capicom.dll
DPF: {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} - C:\Users\customer\AppData\Local\Temp\f5tmp\f5tunsrv.cab
DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} - C:\Users\customer\AppData\Local\Temp\IXP000.TMP\InstallerControl.cab
DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} - C:\Users\customer\AppData\Local\Temp\f5tmp\urxshost.cab
DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} - C:\Users\customer\AppData\Local\Temp\f5tmp\urxhost.cab
DPF: {FCADE536-93F5-4577-80A3-E7C32FAC4C7D} - hxxp://10.11.113.173/qcbin/Spider10.cab
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{DA5E37A8-7774-4723-B80D-D08647B14DCB} : DhcpNameServer = 75.75.75.75 75.75.76.76
Handler: saphtmlp - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\Program Files (x86)\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL
Handler: sapr3 - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\Program Files (x86)\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: SnagIt Toolbar Loader: {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\SnagIt 8\SnagItBHO.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
BHO-X64: Google Dictionary Compression sdch: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
BHO-X64: Google Dictionary Compression sdch - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: SmartSelect - No File
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: SnagIt: {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\SnagIt 8\SnagItIEAddin.dll
TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
mRun-x64: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" -h -k
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [Gateway Photo Frame] C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe -A
mRun-x64: [Hotkey Utility] C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe
mRun-x64: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
mRun-x64: [ROC_roc_ssl_v12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 cbVSCService11;Cobian Backup 11 Volume Shadow Copy Requester;C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe [2012-9-26 67584]
R2 Greg_Service;GRegService;C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe [2009-8-28 1150496]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-9-23 399432]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-9-23 676936]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe [2009-8-12 62208]
R2 Updater Service;Updater Service;C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe [2009-10-27 240160]
R2 yksvc;Marvell Yukon Service;C:\Windows\System32\svchost.exe -k yksvcs [2009-7-13 20992]
R3 AVer7231_x64;AVerMedia 7231 capture service;C:\Windows\system32\DRIVERS\AVer7231_x64.sys --> C:\Windows\system32\DRIVERS\AVer7231_x64.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-9-12 368896]
R3 OA002Afx;Provides a software interface to control audio effects of OA002 camera.;\??\C:\Windows\system32\Drivers\OA002Afx.sys --> C:\Windows\system32\Drivers\OA002Afx.sys [?]
R3 OA002Ufd;Creative Camera OA002 Upper Filter Driver;C:\Windows\system32\DRIVERS\OA002Ufd.sys --> C:\Windows\system32\DRIVERS\OA002Ufd.sys [?]
R3 OA002Vid;Creative Camera OA002 Function Driver;C:\Windows\system32\DRIVERS\OA002Vid.sys --> C:\Windows\system32\DRIVERS\OA002Vid.sys [?]
R3 rtl819xp;Realtek RTL8190\RTL8192E 802.11n Wireless LAN (Mini-)PCI NIC NT Driver;C:\Windows\system32\DRIVERS\rtl819xp.sys --> C:\Windows\system32\DRIVERS\rtl819xp.sys [?]
R3 urvpndrv;F5 Networks VPN Adapter;C:\Windows\system32\DRIVERS\covpnv64.sys --> C:\Windows\system32\DRIVERS\covpnv64.sys [?]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S3 f5ipfw;F5 Networks StoneWall Filter;\??\C:\Windows\system32\drivers\urfltv64.sys --> C:\Windows\system32\drivers\urfltv64.sys [?]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\system32\DRIVERS\netaapl64.sys --> C:\Windows\system32\DRIVERS\netaapl64.sys [?]
S3 SrvHsfPCI;SrvHsfPCI;C:\Windows\system32\DRIVERS\VSTBS26.SYS --> C:\Windows\system32\DRIVERS\VSTBS26.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-09-30 17:07:26 9308616 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{937FD55B-408B-4A46-9D6A-523EDB294794}\mpengine.dll
2012-09-30 14:37:28 -------- d-----w- C:\Program Files (x86)\ESET
2012-09-30 14:29:32 927800 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-09-30 14:29:09 972192 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1FEA76F6-E6A1-465D-8F2B-818EC05F5726}\gapaengine.dll
2012-09-30 14:17:32 9308616 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-09-30 12:27:15 -------- d-sh--w- C:\$RECYCLE.BIN
2012-09-28 01:14:33 -------- d-----w- C:\FRST
2012-09-26 16:36:51 -------- d-----w- C:\Program Files (x86)\Cobian Backup 11
2012-09-26 03:55:48 -------- d-----w- C:\Users\customer\AppData\Local\ElevatedDiagnostics
2012-09-26 02:37:51 98816 ----a-w- C:\Windows\sed.exe
2012-09-26 02:37:51 518144 ----a-w- C:\Windows\SWREG.exe
2012-09-26 02:37:51 256000 ----a-w- C:\Windows\PEV.exe
2012-09-26 02:37:51 208896 ----a-w- C:\Windows\MBR.exe
2012-09-26 02:36:22 -------- d-----w- C:\Users\customer\AppData\Roaming\Windows Live Writer
2012-09-26 02:36:22 -------- d-----w- C:\Users\customer\AppData\Local\Windows Live Writer
2012-09-25 23:19:49 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys
2012-09-25 23:19:48 41472 ----a-w- C:\Windows\System32\drivers\RNDISMP.sys
2012-09-25 23:19:48 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-09-25 23:19:47 376688 ----a-w- C:\Windows\System32\drivers\netio.sys
2012-09-25 23:19:47 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2012-09-25 23:19:43 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe
2012-09-24 12:45:14 -------- d-----w- C:\Windows\SysWow64\wbem\Performance
2012-09-24 12:42:39 303616 ----a-w- C:\SetACL.exe
2012-09-24 12:26:50 290304 ----a-w- C:\subinacl.exe
2012-09-24 12:24:54 -------- d-----w- C:\RegBackup
2012-09-24 11:48:17 -------- d-----w- C:\Tweaking.com_Windows_Repair_Logs
2012-09-24 11:41:18 12872 ----a-w- C:\Windows\System32\bootdelete.exe
2012-09-24 11:06:26 -------- d-----w- C:\Program Files\HitmanPro
2012-09-24 11:06:06 -------- d-----w- C:\ProgramData\HitmanPro
2012-09-24 03:45:46 -------- d-----w- C:\ProgramData\Kaspersky Lab
2012-09-24 02:24:45 27256 ----a-w- C:\Windows\System32\drivers\FixZeroAccess.sys
2012-09-23 23:31:31 -------- d-----w- C:\Users\customer\AppData\Roaming\Malwarebytes
2012-09-23 23:31:19 -------- d-----w- C:\ProgramData\Malwarebytes
2012-09-23 23:31:17 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-09-23 23:31:17 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-09-23 23:28:46 -------- d-----w- C:\Windows\System32\SPReview
2012-09-23 23:27:42 -------- d-----w- C:\Windows\System32\EventProviders
2012-09-23 23:09:28 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2012-09-23 23:09:03 -------- d-----w- C:\Program Files\Microsoft Security Client
2012-09-23 22:18:18 -------- d-----w- C:\Users\customer\AppData\Local\CrashDumps
2012-09-21 21:24:34 33240 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
2012-09-21 21:23:34 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-09-21 21:23:34 -------- d-----w- C:\Program Files\iTunes
2012-09-21 21:23:34 -------- d-----w- C:\Program Files\iPod
2012-09-14 07:04:53 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2012-09-13 13:55:14 574464 ----a-w- C:\Windows\System32\d3d10level9.dll
2012-09-13 13:55:14 490496 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
2012-09-03 14:41:40 -------- d-----w- C:\Users\customer\AppData\Roaming\AVG2012
2012-09-03 14:33:56 -------- d-----w- C:\Program Files (x86)\Common Files\AVG Secure Search
2012-09-03 14:31:00 -------- d--h--w- C:\$AVG
2012-09-03 14:31:00 -------- d-----w- C:\ProgramData\AVG2012
2012-09-03 14:29:47 -------- d-----w- C:\Program Files (x86)\AVG
2012-09-03 14:17:39 -------- d-----w- C:\ProgramData\MFAData
2012-09-03 14:17:39 -------- d-----w- C:\ProgramData\Common Files
.
==================== Find3M ====================
.
2012-09-23 23:47:23 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2012-09-23 23:47:22 175616 ----a-w- C:\Windows\System32\msclmd.dll
2012-08-31 02:03:48 228768 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
2012-08-31 02:03:48 128456 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
2012-08-24 10:31:32 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-08-24 10:21:18 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-08-24 10:20:11 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-08-24 10:14:45 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-08-24 10:13:29 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-08-24 10:09:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-08-24 06:59:17 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-08-24 06:51:27 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-08-24 06:51:02 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-08-24 06:47:26 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-08-24 06:47:12 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-08-24 06:43:58 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-08-21 17:01:20 125872 ----a-w- C:\Windows\System32\GEARAspi64.dll
2012-08-21 17:01:20 106928 ----a-w- C:\Windows\SysWow64\GEARAspi.dll
2012-07-18 18:15:06 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-07-09 17:42:56 4547984 ----a-w- C:\Windows\System32\usbaaplrc.dll
2012-07-09 17:42:54 52736 ----a-w- C:\Windows\System32\drivers\usbaapl64.sys
2012-07-04 22:13:27 59392 ----a-w- C:\Windows\System32\browcli.dll
2012-07-04 22:13:27 136704 ----a-w- C:\Windows\System32\browser.dll
2012-07-04 21:14:34 41984 ----a-w- C:\Windows\SysWow64\browcli.dll
2010-03-29 11:29:14 626688 ----a-w- C:\Program Files (x86)\Common Files\sapconsaccess.dll
2010-03-29 11:29:14 40960 ----a-w- C:\Program Files (x86)\Common Files\DigitalSignature.ocx
2010-03-29 11:29:14 3145728 ----a-w- C:\Program Files (x86)\Common Files\sapxlhelper.dll
2010-03-29 11:29:14 192512 ----a-w- C:\Program Files (x86)\Common Files\sapconsr3.dll
.
============= FINISH: 13:09:18.32 ===============

Attached is the DDS attach.txt

Attached Files



#12 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:09:04 AM

Posted 01 October 2012 - 02:43 PM

Good evening. :)

Your copy of Adobe Reader is out of date. You can get the latest version here, feel free to uncheck the McAfee download first, or you can update from within the program itself: Help > Check for Updates...

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Assuming that the PC is still playing nicely i'd say you were done. I want you to run your PC as normal for a few days and when you are happy that everything is fine, do the following:

Create a new Restore Point with a memorable name - this will give a clean one should you need it in the future. If you use a Restore Point from before this point you may reinstall any infection that was present at the time, so only do so if using this latest one doesn't solve any issues.
A tutorial for System Restore is available here.

Some bedtime reading: This is a very good tutorial about keeping your computer safe and secure on the internet. It's a little old, but still contains some good ideas.

So long, and thanks for all the fish.

 

 


#13 jmhhoch

jmhhoch
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:04 AM

Posted 01 October 2012 - 05:00 PM

Hello (good evening),

To update you, things were going fine yesterday. Today I am again getting internet connection drops and now google chrome / IE slowness in accessing websites. It was working fine all morning. I am working on my business laptop on the same wireless network, and my wife has been using this desktop this morning. It only started reacting slow after about 4-5 hours on the computer.

To narrow some of the possibilities, I have updated the driver for the wireless nic. Also, the wireless network connectivity is fine as we don't experience the same thing on any laptops or other IT devices. So, it is definitely just this machine.

So, I am guessing it is not quite gone yet. I just re-ran the ESET online scan. It again found no results. I also ran the DDS again in case you can see something in there as to what is currently running that could be causing issues. If not, do you have any other ideas to try?



.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by customer at 16:31:26 on 2012-10-01
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.5887.4123 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k yksvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe
C:\Windows\ehome\ehRecvr.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
C:\Users\customer\AppData\Local\Akamai\netsession_win.exe
C:\Users\customer\AppData\Local\Akamai\netsession_win.exe
C:\Users\customer\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe
C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe
C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe
C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Users\customer\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\customer\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\customer\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\customer\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\customer\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\customer\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\customer\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\customer\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.igoogle.com/
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=dx4300&r=173608109606p03c5vql5k4661527n
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - C:\Program Files (x86)\TechSmith\SnagIt 8\SnagItBHO.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: SnagIt: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - C:\Program Files (x86)\TechSmith\SnagIt 8\SnagItIEAddin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
uRun: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
uRun: [com.apple.dav.bookmarks.daemon] C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
uRun: [Akamai NetSession Interface] "C:\Users\customer\AppData\Local\Akamai\netsession_win.exe"
mRun: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" -h -k
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Gateway Photo Frame] C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe -A
mRun: [Hotkey Utility] C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe
mRun: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
mRun: [ROC_roc_ssl_v12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\Users\customer\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\customer\AppData\Roaming\Dropbox\bin\Dropbox.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: Append to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert link target to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
Trusted Zone: apple.com\gs
DPF: {2BCDB465-81F9-41CB-832C-8037A4064446} - C:\Users\customer\AppData\Local\Temp\f5tmp\urxvpn.cab
DPF: {3605B612-C3CF-4AB4-A426-2D853391DB2E} - hxxp://10.11.113.173/qcbin/capicom.dll
DPF: {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} - C:\Users\customer\AppData\Local\Temp\f5tmp\f5tunsrv.cab
DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} - C:\Users\customer\AppData\Local\Temp\IXP000.TMP\InstallerControl.cab
DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} - C:\Users\customer\AppData\Local\Temp\f5tmp\urxshost.cab
DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} - C:\Users\customer\AppData\Local\Temp\f5tmp\urxhost.cab
DPF: {FCADE536-93F5-4577-80A3-E7C32FAC4C7D} - hxxp://10.11.113.173/qcbin/Spider10.cab
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{DA5E37A8-7774-4723-B80D-D08647B14DCB} : DhcpNameServer = 75.75.75.75 75.75.76.76
Handler: saphtmlp - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\Program Files (x86)\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL
Handler: sapr3 - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\Program Files (x86)\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: SnagIt Toolbar Loader: {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\SnagIt 8\SnagItBHO.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
BHO-X64: Google Dictionary Compression sdch: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
BHO-X64: Google Dictionary Compression sdch - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: SmartSelect - No File
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: SnagIt: {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\SnagIt 8\SnagItIEAddin.dll
TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
mRun-x64: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" -h -k
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [Gateway Photo Frame] C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe -A
mRun-x64: [Hotkey Utility] C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe
mRun-x64: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
mRun-x64: [ROC_roc_ssl_v12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 cbVSCService11;Cobian Backup 11 Volume Shadow Copy Requester;C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe [2012-9-26 67584]
R2 Greg_Service;GRegService;C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe [2009-8-28 1150496]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-9-23 399432]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-9-23 676936]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe [2009-8-12 62208]
R2 Updater Service;Updater Service;C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe [2009-10-27 240160]
R2 yksvc;Marvell Yukon Service;C:\Windows\System32\svchost.exe -k yksvcs [2009-7-13 20992]
R3 AVer7231_x64;AVerMedia 7231 capture service;C:\Windows\system32\DRIVERS\AVer7231_x64.sys --> C:\Windows\system32\DRIVERS\AVer7231_x64.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-9-12 368896]
R3 OA002Afx;Provides a software interface to control audio effects of OA002 camera.;\??\C:\Windows\system32\Drivers\OA002Afx.sys --> C:\Windows\system32\Drivers\OA002Afx.sys [?]
R3 OA002Ufd;Creative Camera OA002 Upper Filter Driver;C:\Windows\system32\DRIVERS\OA002Ufd.sys --> C:\Windows\system32\DRIVERS\OA002Ufd.sys [?]
R3 OA002Vid;Creative Camera OA002 Function Driver;C:\Windows\system32\DRIVERS\OA002Vid.sys --> C:\Windows\system32\DRIVERS\OA002Vid.sys [?]
R3 rtl819xpn64;Realtek RTL8190/RTL8192E 802.11n Wireless LAN (Mini-)PCI NIC NT Driver;C:\Windows\system32\DRIVERS\rtl819xp.sys --> C:\Windows\system32\DRIVERS\rtl819xp.sys [?]
R3 urvpndrv;F5 Networks VPN Adapter;C:\Windows\system32\DRIVERS\covpnv64.sys --> C:\Windows\system32\DRIVERS\covpnv64.sys [?]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S3 f5ipfw;F5 Networks StoneWall Filter;\??\C:\Windows\system32\drivers\urfltv64.sys --> C:\Windows\system32\drivers\urfltv64.sys [?]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\system32\DRIVERS\netaapl64.sys --> C:\Windows\system32\DRIVERS\netaapl64.sys [?]
S3 rtl819xp;Realtek RTL8190\RTL8192E 802.11n Wireless LAN (Mini-)PCI NIC NT Driver;C:\Windows\system32\DRIVERS\rtl819xp.sys --> C:\Windows\system32\DRIVERS\rtl819xp.sys [?]
S3 SrvHsfPCI;SrvHsfPCI;C:\Windows\system32\DRIVERS\VSTBS26.SYS --> C:\Windows\system32\DRIVERS\VSTBS26.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-10-01 16:00:20 9308616 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D70A051A-0C7A-4B9E-B3C0-84E5EFF3752C}\mpengine.dll
2012-09-30 17:07:26 9308616 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-09-30 14:37:28 -------- d-----w- C:\Program Files (x86)\ESET
2012-09-30 14:29:32 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-09-30 14:29:09 972192 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1FEA76F6-E6A1-465D-8F2B-818EC05F5726}\gapaengine.dll
2012-09-30 12:27:15 -------- d-sh--w- C:\$RECYCLE.BIN
2012-09-28 01:14:33 -------- d-----w- C:\FRST
2012-09-26 16:36:51 -------- d-----w- C:\Program Files (x86)\Cobian Backup 11
2012-09-26 03:55:48 -------- d-----w- C:\Users\customer\AppData\Local\ElevatedDiagnostics
2012-09-26 02:37:51 98816 ----a-w- C:\Windows\sed.exe
2012-09-26 02:37:51 518144 ----a-w- C:\Windows\SWREG.exe
2012-09-26 02:37:51 256000 ----a-w- C:\Windows\PEV.exe
2012-09-26 02:37:51 208896 ----a-w- C:\Windows\MBR.exe
2012-09-26 02:36:22 -------- d-----w- C:\Users\customer\AppData\Roaming\Windows Live Writer
2012-09-26 02:36:22 -------- d-----w- C:\Users\customer\AppData\Local\Windows Live Writer
2012-09-25 23:19:49 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys
2012-09-25 23:19:48 41472 ----a-w- C:\Windows\System32\drivers\RNDISMP.sys
2012-09-25 23:19:48 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-09-25 23:19:47 376688 ----a-w- C:\Windows\System32\drivers\netio.sys
2012-09-25 23:19:47 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2012-09-25 23:19:43 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe
2012-09-24 12:45:14 -------- d-----w- C:\Windows\SysWow64\wbem\Performance
2012-09-24 12:42:39 303616 ----a-w- C:\SetACL.exe
2012-09-24 12:26:50 290304 ----a-w- C:\subinacl.exe
2012-09-24 12:24:54 -------- d-----w- C:\RegBackup
2012-09-24 11:48:17 -------- d-----w- C:\Tweaking.com_Windows_Repair_Logs
2012-09-24 11:41:18 12872 ----a-w- C:\Windows\System32\bootdelete.exe
2012-09-24 11:06:26 -------- d-----w- C:\Program Files\HitmanPro
2012-09-24 11:06:06 -------- d-----w- C:\ProgramData\HitmanPro
2012-09-24 03:45:46 -------- d-----w- C:\ProgramData\Kaspersky Lab
2012-09-24 02:24:45 27256 ----a-w- C:\Windows\System32\drivers\FixZeroAccess.sys
2012-09-23 23:31:31 -------- d-----w- C:\Users\customer\AppData\Roaming\Malwarebytes
2012-09-23 23:31:19 -------- d-----w- C:\ProgramData\Malwarebytes
2012-09-23 23:31:17 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-09-23 23:31:17 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-09-23 23:28:46 -------- d-----w- C:\Windows\System32\SPReview
2012-09-23 23:27:42 -------- d-----w- C:\Windows\System32\EventProviders
2012-09-23 23:09:28 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2012-09-23 23:09:03 -------- d-----w- C:\Program Files\Microsoft Security Client
2012-09-23 22:18:18 -------- d-----w- C:\Users\customer\AppData\Local\CrashDumps
2012-09-21 21:24:34 33240 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
2012-09-21 21:23:34 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-09-21 21:23:34 -------- d-----w- C:\Program Files\iTunes
2012-09-21 21:23:34 -------- d-----w- C:\Program Files\iPod
2012-09-14 07:04:53 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2012-09-13 13:55:14 574464 ----a-w- C:\Windows\System32\d3d10level9.dll
2012-09-13 13:55:14 490496 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
2012-09-03 14:41:40 -------- d-----w- C:\Users\customer\AppData\Roaming\AVG2012
2012-09-03 14:33:56 -------- d-----w- C:\Program Files (x86)\Common Files\AVG Secure Search
2012-09-03 14:31:00 -------- d--h--w- C:\$AVG
2012-09-03 14:31:00 -------- d-----w- C:\ProgramData\AVG2012
2012-09-03 14:29:47 -------- d-----w- C:\Program Files (x86)\AVG
2012-09-03 14:17:39 -------- d-----w- C:\ProgramData\MFAData
2012-09-03 14:17:39 -------- d-----w- C:\ProgramData\Common Files
.
==================== Find3M ====================
.
2012-09-23 23:47:23 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2012-09-23 23:47:22 175616 ----a-w- C:\Windows\System32\msclmd.dll
2012-08-31 02:03:48 228768 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
2012-08-31 02:03:48 128456 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
2012-08-24 10:31:32 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-08-24 10:21:18 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-08-24 10:20:11 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-08-24 10:14:45 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-08-24 10:13:29 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-08-24 10:09:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-08-24 06:59:17 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-08-24 06:51:27 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-08-24 06:51:02 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-08-24 06:47:26 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-08-24 06:47:12 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-08-24 06:43:58 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-08-21 17:01:20 125872 ----a-w- C:\Windows\System32\GEARAspi64.dll
2012-08-21 17:01:20 106928 ----a-w- C:\Windows\SysWow64\GEARAspi.dll
2012-07-18 18:15:06 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-07-09 17:42:56 4547984 ----a-w- C:\Windows\System32\usbaaplrc.dll
2012-07-09 17:42:54 52736 ----a-w- C:\Windows\System32\drivers\usbaapl64.sys
2012-07-04 22:13:27 59392 ----a-w- C:\Windows\System32\browcli.dll
2012-07-04 22:13:27 136704 ----a-w- C:\Windows\System32\browser.dll
2012-07-04 21:14:34 41984 ----a-w- C:\Windows\SysWow64\browcli.dll
2010-03-29 11:29:14 626688 ----a-w- C:\Program Files (x86)\Common Files\sapconsaccess.dll
2010-03-29 11:29:14 40960 ----a-w- C:\Program Files (x86)\Common Files\DigitalSignature.ocx
2010-03-29 11:29:14 3145728 ----a-w- C:\Program Files (x86)\Common Files\sapxlhelper.dll
2010-03-29 11:29:14 192512 ----a-w- C:\Program Files (x86)\Common Files\sapconsr3.dll
.
============= FINISH: 16:31:58.16 ===============

#14 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:09:04 AM

Posted 03 October 2012 - 01:54 PM

Good evening. :)

Download aswMBR.exe from here and save it to your Desktop.

  • Double click the tool to run it.
  • When prompted "Would you like to download latest Avast! virus definitions?" click Yes - you may need to allow access through your firewall.
  • Click the Scan button to, well, start the scan - obvious really!
  • Once the scan reports "Scan finished successfully" click Save log.
  • On my system it offers to save it to the Desktop, which may or may not be it's default behaviour, but it's as handy a place as any.
  • You'll also see a file called MBR.dat appear as well - this is a backup that it created, just in case it's needed. Keep it handy for now.

I'd like the contents of aswMBR.txt in your next reply, if you'd be so kind.

So long, and thanks for all the fish.

 

 


#15 jmhhoch

jmhhoch
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:04 AM

Posted 03 October 2012 - 03:37 PM

Thank you. Here are the contents of that scan:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-10-03 15:21:55
-----------------------------
15:21:55.951 OS Version: Windows x64 6.1.7601 Service Pack 1
15:21:55.951 Number of processors: 4 586 0x402
15:21:55.951 ComputerName: JOHNHOCHWALT UserName: customer
15:21:58.973 Initialize success
15:31:00.419 AVAST engine defs: 12100301
15:32:05.935 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
15:32:05.940 Disk 0 Vendor: WDC_WD10EADS-22M2B0 01.00A01 Size: 953869MB BusType: 3
15:32:05.958 Disk 0 MBR read successfully
15:32:05.964 Disk 0 MBR scan
15:32:05.972 Disk 0 unknown MBR code
15:32:05.979 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 16384 MB offset 2048
15:32:05.997 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 33556480
15:32:06.009 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 937383 MB offset 33761280
15:32:06.038 Disk 0 scanning C:\Windows\system32\drivers
15:32:16.528 Service scanning
15:32:37.415 Modules scanning
15:32:37.433 Disk 0 trace - called modules:
15:32:37.457 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
15:32:37.463 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005f50060]
15:32:37.468 3 CLASSPNP.SYS[fffff880018e443f] -> nt!IofCallDriver -> [0xfffffa8005e009b0]
15:32:37.473 5 ACPI.sys[fffff88000eec7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0xfffffa8005ebb060]
15:32:39.807 AVAST engine scan C:\Windows
15:32:43.718 AVAST engine scan C:\Windows\system32
15:35:47.610 AVAST engine scan C:\Windows\system32\drivers
15:36:10.490 AVAST engine scan C:\Users\customer
16:08:28.574 AVAST engine scan C:\ProgramData
16:09:50.531 Scan finished successfully
16:16:33.549 Disk 0 MBR has been saved successfully to "C:\Users\customer\Desktop\MBR.dat"
16:16:33.553 The log file has been saved successfully to "C:\Users\customer\Desktop\aswMBR.txt"




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users