Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Zero Access / Win64/Patched.A on services.exe and websites redirect


  • This topic is locked This topic is locked
36 replies to this topic

#1 kd011143

kd011143

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:23 PM

Posted 15 October 2012 - 02:12 AM

Just yesterday, my computer went through the so-called FBI virus. It was unexpected, because I was just looking at a walkthrough from gamefaqs for a game I was playing. So I panicked but looked up how to unlock my computer from the virus with my phone instead. I removed cftmon (NOT cftmon.exe) from the startup as the website recommended, but couldn't find any other files or registries that different websites provided as a possibility, so that was the only file I removed. While doing so, I ran a whole computer scan from AVG and Malwarebytes anti-malware and I saw the services.exe was infected with Win64/Patched.A according to AVG, along with other trojan horses that kept coming back. When I ran Malwarebytes, after the initial run-through and deleting infected files (services.exe wasn't one of them), it didn't detect any threats. When I'm in normal mode, AVG keeps letting me know the services.exe is infected with the virus. And trojan horses keep coming back even after the treatment. So I went onto google and tried to search how to fix it. And I noticed the websites I clicked on got redirected to various websites that I did not want, like trying to sell me something. Even in the safe mode, a sudden popup comes up with a solicitation or advertisement when I didn't even click on anything. So I ran TDSS, since that's one of things I read on other people's recommendation. It detected services.exe as a threat again, but with some variation of AccessZ.A virus. So I'm not sure which one it is infected with, but neither program could fix the problem. They keep saying either there was an error or this file cannot be cured or deleted. So I'm only running my computer on safe mode and only when necessary until this is all fixed. I ran defogger and dds, and I'm using 64-bit, so they told me not to use GMER. I'll copy and paste the dds.txt here. Another virus keeps coming back is Luhe.Sirefef.A. It says it's healed, but it keeps coming back. This dds was run on safe mode with networking. If this has to be run on normal mode, please let me know.
And should I change all my passwords for e-mail, online banking, etc? How vulnerable is my computer? I always have free AVG 2013 on and check it at least every 2 weeks or so and I'm not really sure how I got infected without any notice until today. Also, everytime I try to run AVG 2013 on safe mode, it gives me error code 0xe0010058.

Thank you for your help!

DDS (Ver_2012-10-14.05) - NTFS_AMD64 NETWORK
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1
Run by pinetree at 2:50:12 on 2012-10-15
Microsoft Windows 7 Professional 6.1.7600.0.949.82.1033.18.4063.2752 [GMT -4:00]
.
AV: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
"C:\Windows\SysWOW64\svchost.exe" -k LocalServiceDns
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://google.com/
uProxyServer = hxxp=127.0.0.1:5050
uURLSearchHooks: 곰TV 길잡이: {375A6AB2-FEEC-445D-B853-2139FB561F80} - C:\Program Files (x86)\GRETECH\GomTVHelper\ghelper.dll
uURLSearchHooks: {2c1e21b5-5666-4cd5-8152-96b690b7216e} - <orphaned>
uURLSearchHooks: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\prxtbBitT.dll
mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll
mURLSearchHooks: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\prxtbBitT.dll
dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: 곰TV 길잡이: {375A6AB2-FEEC-445D-B853-2139FB561F80} - C:\Program Files (x86)\GRETECH\GomTVHelper\ghelper.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -
BHO: XFINITY Toolbar: {4b9bcce8-a70b-402a-a7e1-db96831ee26f} - C:\Program Files (x86)\xfin_portal\comcastdx.dll
BHO: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\prxtbBitT.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.2.5.34\AVG Secure Search_toolbar.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll
BHO: Updater For XFIN_PORTAL: {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} - C:\Program Files (x86)\xfin_portal\auxi\comcastAu.dll
BHO: GOM Player + Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: DAEMON Tools Toolbar: {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll
TB: AIM Toolbar: {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll
TB: GOM Player + Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>
TB: BitTorrentBar Toolbar: {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - C:\Program Files (x86)\BitTorrentBar\prxtbBitT.dll
TB: DAEMON Tools Toolbar: {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll
TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll
TB: GOM Player + Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: XFINITY Toolbar: {4b9bcce8-a70b-402a-a7e1-db96831ee26f} - C:\Program Files (x86)\xfin_portal\comcastdx.dll
TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.2.5.34\AVG Secure Search_toolbar.dll
TB: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\prxtbBitT.dll
uRun: [Google Update] "C:\Users\pinetree\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
uRun: [MRDaemon.exe] C:\Program Files (x86)\Naver\QuickManager2\MRDaemon.exe
uRun: [Desktop Software] "C:\Program Files (x86)\Common Files\SupportSoft\bin\bcont.exe" /ini "C:\Program Files (x86)\ComcastUI\Desktop Software\uinstaller.ini" /fromrun /starthidden
uRun: [ComcastAntispyClient] "C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntispy.exe" /hide
uRun: [BitTorrent] "C:\Program Files (x86)\BitTorrent\BitTorrent.exe" /MINIMIZED
uRun: [AIM Toolbar] rundll32.exe "C:\Users\pinetree\AppData\Local\AirportMania2\AIM Toolbar\kbkbfsimx.dll",DllRegisterServerW
mRun: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
mRun: [AML] C:\Program Files (x86)\Sony\VAIO Launcher\AML.exe InitApp
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [MAAgent] C:\Program Files (x86)\MarkAny\ContentSAFER\MAAgent.exe
mRun: [hamUp.exe] C:\Program Files (x86)\FileHam.com\FileHam(normal)\hamUp.exe
mRun: [BYRUA_AGENT] C:\ProgramData\LGMOBILEAX\BYR_Client\VZWUAAgent.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [ROC_ROC_JULY_P1] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
mRun: [ROC_ROC_NT] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT
mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript
mRunOnce: [3B8A5061-3CBB-4613-8F82-64326F0BE700] cmd.exe /C start /D "C:\Users\pinetree\AppData\Local\Temp" /B 3B8A5061-3CBB-4613-8F82-64326F0BE700.exe -postboot
mRunOnce: [CFDF77BD-98A1-49E6-890B-C3EAE680DB94] cmd.exe /C start /D "C:\Users\pinetree\AppData\Local\Temp" /B CFDF77BD-98A1-49E6-890B-C3EAE680DB94.exe -postboot
StartupFolder: C:\Users\pinetree\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
uPolicies-Explorer: HideSCAHealth = dword:1
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Microsoft Excel로 내보내기(&X) - C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: {013BCEA5-8309-448b-8604-85F23D7861A5} - {375A6AB2-FEEC-445D-B853-2139FB561F80} - C:\Program Files (x86)\GRETECH\GomTVHelper\ghelper.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
LSP: mswsock.dll
Trusted Zone: wedisk.co.kr
Trusted Zone: wedisk.net
DPF: {00001026-A15C-11D4-97A4-0050BF0FBE67} - hxxp://download.netmarble.net/web/nmstarter/NMStarter26_20091109.cab
DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} - hxxp://esupport.sony.com/VaioInfo.CAB
DPF: {0349EF81-B9C1-4B97-86F7-7B931D0E2532} - hxxp://sticube.clubbox.co.kr/sticubeupdate/cab/NowStarter2.cab
DPF: {063F7D71-5E0B-48F2-87D5-F63C5917947E} - hxxps://platform.nexon.com/activex/ahnlab/aosmgr.cab
DPF: {24F6E6A8-852C-45A8-ADD3-C4AB0D6FD231} - hxxps://plugin.inicis.com/wallet61/INIwallet61_vista.cab
DPF: {270EC7A6-4096-469B-865C-F9678A2C742B} - hxxp://www.payzone.co.kr/EasyPayX/EasyPayX.cab
DPF: {33EAE546-128F-41C3-BAD4-7624EB5E3730} - hxxp://s.nx.com/s2/game/maplestory/FileDownLoad/AddOn.cab
DPF: {37122E24-7327-4326-9AC1-430F5081CA3B} - hxxp://tomfile.com/app/TomfileWebControl.cab
DPF: {4AA897C5-56EB-434C-8516-EC9005CE5BA1} - hxxp://launch.kr.gameclub.com/Activex/GameClubCOM.cab
DPF: {5267557D-D090-44EA-BCAA-8576A24810C5} - hxxp://download.netmarble.net/web/6N/pccheck/SystemInformerCJI1009.cab
DPF: {5547DED5-E6A9-469A-90F0-5BFE5CD33FF1} - hxxps://pay.kcp.co.kr/plugin_new/file/KCPPaymentUX.cab
DPF: {5C1B293E-DA77-4AFF-8B52-63DEF8C8A071} - hxxp://nmweb.cdn.global.netmarble.com/Messaging/NMAutoUpdateX.cab
DPF: {7E9FDB80-5316-11D4-B02C-00C04F0CD404} - hxxps://vbv.samsungcard.co.kr/XecureObject/xw_install.cab
DPF: {811576B0-FD69-4414-8C43-AB30546C102D} - hxxp://down.speeddownload.kr/info/SpeedDownAxProj.cab
DPF: {871B7F45-1A71-4A2F-9E21-4E89C347784E} - hxxp://gl.wedisk.co.kr/app/WeShortCut.cab
DPF: {89F434A7-4A49-4394-AC02-007480331AE2} - hxxp://download.netmarble.net/ActiveX/NMAutoUpdateX/SystemIDInfo/NMSystemIDInfo_1.0.0.1.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {92E82FBB-DA00-41E0-ABFE-95482E21A4F6} - hxxp://download.netmarble.net/NMChatX/NMTransX.cab
DPF: {9709739B-4909-489B-A1F7-148C74F16EEE} - hxxp://s.nx.com/ActiveX/ocx/nxsysinfo.cab
DPF: {A047BE6C-A1CE-41C7-A6EC-85FC184D16F1} - hxxp://download.netmarble.net/web/NMGameCheck/nmDownloadActiveX1001.cab
DPF: {A1B83F7D-05D8-42F8-9C29-99ED06CD528C} - hxxp://speed.nia.or.kr/login/SysNIAforHuman.cab
DPF: {A4508A45-F1C4-40F3-99B4-0CA08AC77E3B} - hxxp://download.netmarble.net/kdefense/kdfense8.cab
DPF: {BCBE34D4-BCCD-4326-9957-C809324D15DD} - hxxp://nmweb.cdn.global.netmarble.com/Messaging/GlbNMWebMessenger.cab
DPF: {C044CD87-DFB0-4130-A5E4-49361106FBC8} - hxxp://www.hangame.com/common/HanSetup1030.cab
DPF: {C1143E84-B2B1-473B-9F20-E62DD754FCAF} - hxxps://vbv.samsungcard.co.kr/ubikey/VineTransfer.cab
DPF: {C193DE20-29F4-4B4F-963B-EB20CB3186C0} - hxxp://speed.nia.or.kr/login/SpeedTest.cab
DPF: {C32E5F6F-078D-461A-AB16-A56D55F35BEA} - hxxp://download.netmarble.net/web/nmshortcut/nmshortcut_1.0.0.1.cab
DPF: {C634DAF9-AC32-475C-9D66-81B7210E8EE4} - hxxp://gl.wedisk.co.kr/app/WeDiskUpdate.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} - hxxps://vbv.samsungcard.co.kr/keycrypt/npkcx.cab
DPF: {DB962ED5-C4A1-4B50-8CEB-D6F9CD70A6F8} - hxxp://download.netmarble.net/web/NMGameCheck/NMGameCheck.cab
DPF: {DBF3954F-8AF4-4E8C-AFC8-32916D13B6AD} - hxxp://kamuse.zcdn.co.kr/kamuse/kcsdownload/activex/KCSActiveXv3-1000.cab
DPF: {E78928A6-3D2A-4BF7-A100-F3FBAA351B49} - hxxps://www.vpay.co.kr/kvpfiles_new/KVPISPCTLD_VISTA64.cab
DPF: {FE342FC7-4374-4EBE-86DB-D73AE861F779} - hxxp://file.naver.com/activex/NaverAXGuide.cab
TCP: NameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{873E0769-68CC-43E7-8CC4-CF8F60314A45} : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{873E0769-68CC-43E7-8CC4-CF8F60314A45}\2456C6B696E6F574F575962756C6563737F5339324245444 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{873E0769-68CC-43E7-8CC4-CF8F60314A45}\2656C6B696E6E2139363 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{873E0769-68CC-43E7-8CC4-CF8F60314A45}\2656C6B696E6E233933363 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{873E0769-68CC-43E7-8CC4-CF8F60314A45}\4756E656E647 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{873E0769-68CC-43E7-8CC4-CF8F60314A45}\741647F62702755637C65697023456E6475627 : DHCPNameServer = 68.105.28.16 68.105.29.16
TCP: Interfaces\{873E0769-68CC-43E7-8CC4-CF8F60314A45}\761647F627865747 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{873E0769-68CC-43E7-8CC4-CF8F60314A45}\84F6C6964616970294E6E60255E69667562737964797023456E6475627 : DHCPNameServer = 172.27.172.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll
Notify: VESWinlogon - VESWinlogon.dll
SSODL: WebCheck - <orphaned>
SEH: ShellHook Class - {88485281-8b4b-4f8d-9ede-82e29a064277} - C:\Program Files (x86)\MarkAny\ContentSAFER\MACSMANAGER.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg pku2u livessp
x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-TB: DAEMON Tools Toolbar: {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll
x64-Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
x64-Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\pinetree\AppData\Roaming\Mozilla\Firefox\Profiles\tmxkkm4c.default\
FF - prefs.js: browser.search.selectedEngine - XFINITY
FF - prefs.js: browser.startup.homepage - hxxp://xfinity.comcast.net/?cid=insDate07202012
FF - prefs.js: keyword.URL - hxxps://isearch.avg.com/search?cid={A3C5DB37-740A-4EBD-8FC9-A24DF3C3242E}&mid=94b23337078447d68f66d16809248aeb-3a7529fff43154dc31904055d7e8f6e7f4dc2067&lang=en&ds=AVG&pr=fr&d=2012-05-02 13:48:41&v=12.2.5.32&sap=ku&q=
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
FF - component: C:\Users\pinetree\AppData\Roaming\Mozilla\Firefox\Profiles\tmxkkm4c.default\extensions\{4b9bcce8-a70b-402a-a7e1-db96831ee26f}\components\dtTransparency.dll
FF - component: C:\Users\pinetree\AppData\Roaming\Mozilla\Firefox\Profiles\tmxkkm4c.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\components\RadioWMPCoreGecko10.dll
FF - component: C:\Users\pinetree\AppData\Roaming\Mozilla\Firefox\Profiles\tmxkkm4c.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\components\RadioWMPCoreGecko11.dll
FF - component: C:\Users\pinetree\AppData\Roaming\Mozilla\Firefox\Profiles\tmxkkm4c.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\components\RadioWMPCoreGecko12.dll
FF - component: C:\Users\pinetree\AppData\Roaming\Mozilla\Firefox\Profiles\tmxkkm4c.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\components\RadioWMPCoreGecko19.dll
FF - component: C:\Users\pinetree\AppData\Roaming\Mozilla\Firefox\Profiles\tmxkkm4c.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\components\RadioWMPCoreGecko5.dll
FF - component: C:\Users\pinetree\AppData\Roaming\Mozilla\Firefox\Profiles\tmxkkm4c.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\components\RadioWMPCoreGecko6.dll
FF - component: C:\Users\pinetree\AppData\Roaming\Mozilla\Firefox\Profiles\tmxkkm4c.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\components\RadioWMPCoreGecko7.dll
FF - component: C:\Users\pinetree\AppData\Roaming\Mozilla\Firefox\Profiles\tmxkkm4c.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\components\RadioWMPCoreGecko8.dll
FF - component: C:\Users\pinetree\AppData\Roaming\Mozilla\Firefox\Profiles\tmxkkm4c.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\components\RadioWMPCoreGecko9.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.6\npsitesafety.dll
FF - plugin: C:\Program Files (x86)\Common Files\GRETECH\npgomtvx_nie.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\npjpi170_05.dll
FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Users\pinetree\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Users\pinetree\AppData\Roaming\GameClub\NPMicroGamesCOM.dll
FF - plugin: C:\Users\pinetree\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\pinetree\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2012-9-21 61792]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2012-9-21 225120]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2012-10-5 111456]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2012-9-14 40800]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-5-15 55280]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2012-9-21 200032]
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2012-9-4 31080]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\NETw5v64.sys [2010-5-15 5435904]
R3 SFEP;Sony Firmware Extension Parser;C:\Windows\System32\drivers\SFEP.sys [2010-5-15 11392]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
S1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2012-9-13 151904]
S1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2012-10-2 185696]
S2 acedrv11;acedrv11;C:\Windows\System32\drivers\acedrv11.sys [2011-6-25 335288]
S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-5-15 203264]
S2 AntiSpywareService;Comcast AntiSpyware;C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe [2009-6-17 616408]
S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2012-10-2 5783672]
S2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-2 193568]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 NATService;NATService;C:\Program Files (x86)\NAT Service\natsvc.exe [2011-8-28 655960]
S2 Roxio Upnp Server 10;Roxio Upnp Server 10;C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [2009-6-26 362992]
S2 RtkAudioService;Realtek Audio Service;C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [2010-5-15 189984]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S2 VCFw;VAIO Content Folder Watcher;C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2009-7-22 642920]
S2 vToolbarUpdater12.2.6;vToolbarUpdater12.2.6;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe [2012-9-4 722528]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-7-21 250808]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-1-29 167264]
S3 btusbflt;Bluetooth USB Filter;C:\Windows\System32\drivers\btusbflt.sys [2010-4-14 54824]
S3 CAXHWAZL;CAXHWAZL;C:\Windows\System32\drivers\CAXHWAZL.sys [2010-5-15 300032]
S3 JRSKD24;JRSKD24;C:\Windows\System32\JRSKD24.SYS [2010-7-17 12824]
S3 Mkd2Bthf;Mkd2Bthf;C:\Windows\System32\drivers\Mkd2BthF.sys [2011-9-6 98040]
S3 Mkd2Nadr;Mkd2Nadr;C:\Windows\System32\drivers\Mkd2Nadr.sys [2011-9-6 107768]
S3 Mkd3kfNt;Mkd3kfNt;C:\Windows\System32\drivers\mkd3kfnt.sys [2011-9-6 183544]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\System32\GameMon.des -service --> C:\Windows\System32\GameMon.des -service [?]
S3 npkcft64;npkcft64;C:\Windows\SysWOW64\npkcft64.sys [2010-11-13 48160]
S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2009-6-26 313840]
S3 SOHCImp;VAIO Media plus Content Importer;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2010-5-15 120104]
S3 SOHDBSvr;VAIO Media plus Database Manager;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [2010-5-15 70952]
S3 SOHDms;VAIO Media plus Digital Media Server;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2010-5-15 427304]
S3 SOHDs;VAIO Media plus Device Searcher;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2010-5-15 75048]
S3 SOHPlMgr;VAIO Media plus Playlist Manager;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [2010-5-15 91432]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 SWDUMon;SWDUMon;C:\Windows\System32\drivers\SWDUMon.sys [2012-8-16 15712]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2011-5-10 51712]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2010-5-15 468264]
S3 vzandnetadb;ADB Interface DriverNet for VZW;C:\Windows\System32\drivers\lgvzandnetadb.sys [2011-10-10 31744]
S3 vzandnetdiag;LGE AndroidNet for VZW USB Serial Port;C:\Windows\System32\drivers\lgvzandnetdiag64.sys [2011-10-10 29696]
S3 vzandnetmodem;LGE AndroidNet for VZW USB Modem;C:\Windows\System32\drivers\lgvzandnetmdm64.sys [2011-10-10 36352]
S3 vzandnetndis;LGE AndroidNet for VZW NDIS Ethernet Adapter;C:\Windows\System32\drivers\lgvzandnetndis64.sys [2011-10-21 94208]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-5-24 1255736]
.
=============== File Associations ===============
.
FileExt: .inf: inffile=C:\Windows\System32\NOTEPAD.EXE %1 [UserChoice]
ShellExec: VCExporterLaunch.exe: open="C:\Program Files (x86)\Sony\VAIO VP Utilities\VCELaunch.exe" "%1"
.
=============== Created Last 30 ================
.
2012-10-15 04:05:27 -------- d-----w- C:\TDSSKiller_Quarantine
2012-10-14 18:31:20 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2012-10-11 22:16:59 -------- d-----w- C:\Program Files (x86)\Carpe Fulgur
2012-10-07 05:48:58 -------- d-----w- C:\Program Files (x86)\EA Sports
2012-10-05 07:26:22 111456 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys
2012-10-02 07:30:38 185696 ----a-w- C:\Windows\System32\drivers\avgldx64.sys
2012-09-29 17:21:16 -------- d-----w- C:\Users\pinetree\AppData\Roaming\AVG2013
2012-09-29 17:18:30 -------- d-----w- C:\Users\pinetree\AppData\Roaming\TuneUp Software
2012-09-29 17:18:21 -------- d-----w- C:\Program Files (x86)\AVG Secure Search
2012-09-29 17:13:17 -------- d-----w- C:\ProgramData\AVG2013
2012-09-29 17:02:33 -------- d-----w- C:\Users\pinetree\AppData\Local\MFAData
2012-09-29 17:02:33 -------- d-----w- C:\Users\pinetree\AppData\Local\Avg2013
2012-09-21 07:46:04 200032 ----a-w- C:\Windows\System32\drivers\avgtdia.sys
2012-09-21 07:46:00 225120 ----a-w- C:\Windows\System32\drivers\avgloga.sys
2012-09-21 07:45:50 61792 ----a-w- C:\Windows\System32\drivers\avgidsha.sys
.
==================== Find3M ====================
.
2012-10-14 20:17:02 15712 ----a-w- C:\Windows\System32\drivers\SWDUMon.sys
2012-10-09 05:23:39 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-09 05:23:39 696760 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-09-14 07:05:18 40800 ----a-w- C:\Windows\System32\drivers\avgrkx64.sys
2012-09-13 07:11:18 151904 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys
2012-09-11 23:08:12 1320952 ----a-w- C:\Program Files (x86)\svc_setup.exe
2012-09-07 21:04:46 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-09-06 02:14:08 65536 ----a-w- C:\Windows\IFinst27.exe
2012-09-04 04:35:24 31080 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys
2012-08-24 10:31:32 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-08-24 10:21:18 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-08-24 10:20:11 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-08-24 10:14:45 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-08-24 10:13:29 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-08-24 10:09:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-08-24 06:59:17 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-08-24 06:51:27 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-08-24 06:51:02 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-08-24 06:47:26 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-08-24 06:47:12 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-08-24 06:43:58 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-08-02 17:55:04 574464 ----a-w- C:\Windows\System32\d3d10level9.dll
2012-08-02 17:05:42 490496 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
2012-07-25 02:24:24 466456 ----a-w- C:\Windows\System32\wrap_oal.dll
2012-07-25 02:24:23 444952 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
2012-07-25 02:24:23 122904 ----a-w- C:\Windows\System32\OpenAL32.dll
2012-07-25 02:24:23 109080 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
2012-07-18 17:31:12 3146752 ----a-w- C:\Windows\System32\win32k.sys
.
============= FINISH: 2:50:21.59 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 KarstenHansen

KarstenHansen

    The Dane


  • Members
  • 1,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:23 AM

Posted 15 October 2012 - 07:12 AM

Hi kd011143 :)
I will be handling your log to help you get cleaned up. Please give me some time to look it over and I will get back to you as soon as possible.

#3 KarstenHansen

KarstenHansen

    The Dane


  • Members
  • 1,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:23 AM

Posted 17 October 2012 - 08:29 AM

Hi kd011143 :)

:welcome: to BleepingComputer. My name is Karsten and I'll help you with the cleanup of malware from your computer.

Please be aware of the following:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
  • Please complete all steps in the specified order.
  • Even if tools don't find malware, I want you to post the logfiles anyway.
  • Please copy and paste the logfiles directly into your posts. Please do not attach them unless you are instructed to do so.
  • Read the instructions carefully. If you have problems, stop what you were doing and describe the problems you encountered as precisely as you can.
  • If you can't answer for the next few days, please let me know. If you haven't answered within 5 days, I am assuming that you don't need help anymore and your topic will be closed.
  • If you decide to clean your PC, work with us until a team member tells you that you are clean.
  • As my first language is not English, please do not use slang or idioms. It could be hard for me to understand.
NEXT

Going over your logs I noticed that you have Bittorrent installed.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall Bittorrent, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Add/Remove Programs.

If you wish to keep it, please do not use it until your computer is cleaned.

NEXT

One or more of the identified infections is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.

NEXT

Let us start by having combofix take a look at your PC. Please do the following:
We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

NEXT

Let's have a look at what TDSSKiller has previously removed:

  • Please download TDSS Qlook and save it to your desktop.
  • Double-click the program and run it.
  • Type the letter A and press ENTER.
  • A logfile will open (TDSSQ.txt), please copy and paste the contents of that logfile into your next reply.

Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup:
  • Combofix log
  • TDSS Qlook log


#4 kd011143

kd011143
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:23 PM

Posted 17 October 2012 - 09:23 AM

Thank you for the response! I have few questions beofre i run those though. Does it make a difference whether it is run on safe mode or not? I also have backed up everything i need so i could format and reinstall if that is the best point of action, but how can i be certain that what i backed up is not infected already? It is just in an external hard drive. I ran the drive through malwarebytes before and no infection. Would it be better to make sure the drive is clean and format?

#5 KarstenHansen

KarstenHansen

    The Dane


  • Members
  • 1,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:23 AM

Posted 17 October 2012 - 10:55 AM

Hi kd011143 :)

Thank you for the response! I have few questions beofre i run those though. Does it make a difference whether it is run on safe mode or not? I also have backed up everything i need so i could format and reinstall if that is the best point of action, but how can i be certain that what i backed up is not infected already? It is just in an external hard drive. I ran the drive through malwarebytes before and no infection. Would it be better to make sure the drive is clean and format?


I would like you to run these tools from normal mode as that is where they operate the best. If you want to reformat and want to be sure the data is clean then you should go through with the cleanup, and afterwards backup again, that way you can be sure your data is clean as well. Its good you have a backup for now (a potentially infected backup is sure better than no backup at all), but better safe than sorry and backup later again.

#6 kd011143

kd011143
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:23 PM

Posted 17 October 2012 - 06:56 PM

So my internet won't work at all on normal mode. Even going to google fails. I thought it might be the proxy setting, but it wasn't at least that I can tell. So I ran the program on normal mode and use internet to post this on safe mode. And I'm definitely in favor of formatting my computer and reinstalling everything. I used to do it once every six months or so, but gotten lazy and haven't done that for a year now. I just want to make sure all my backup files are clean. Is there a way to see my external hard drive data is clean or not? I filled up my external hard drive (1.5TB) pretty much full, so much of the data there haven't been on my computer in a while. And even though I disabled AVG completely and manually killed all the processes, ComboFix still gave me a warning about AVG. Thought I'll make a note of it here just in case.

This is the TDSSQ log

TDSSKiller Quarantine Information log
TDSS Qlook Version 1.0.0.5 - pinetree - 10/17/2012 Wed - 19:05:37.17.
Microsoft Windows 7 Professional 6.1.7600
***** START SCAN 10/17/2012 Wed 19:05:38.62 *****

---------- TDSSKiller logs ----------

TDSSKiller.2.8.10.0_15.10.2012_00.04.15_log.txt
TDSSKiller.2.8.10.0_15.10.2012_00.18.57_log.txt
TDSSKiller.2.8.10.0_15.10.2012_00.26.09_log.txt
TDSSKiller.2.8.10.0_17.10.2012_18.35.13_log.txt

---------- TDSSStarter logs ----------


---------- DIR LIST ----------

C:\TDSSKiller_Quarantine\17.10.2012_18.35.13
C:\TDSSKiller_Quarantine\15.10.2012_00.26.10
C:\TDSSKiller_Quarantine\15.10.2012_00.18.58
C:\TDSSKiller_Quarantine\15.10.2012_00.04.15
C:\TDSSKiller_Quarantine\15.10.2012_00.04.15\zasubsys0002
C:\TDSSKiller_Quarantine\15.10.2012_00.04.15\susp0003
C:\TDSSKiller_Quarantine\15.10.2012_00.04.15\susp0002
C:\TDSSKiller_Quarantine\15.10.2012_00.04.15\susp0001
C:\TDSSKiller_Quarantine\15.10.2012_00.04.15\susp0000
C:\TDSSKiller_Quarantine\15.10.2012_00.04.15\zasubsys0001
C:\TDSSKiller_Quarantine\15.10.2012_00.04.15\zasubsys0000
C:\TDSSKiller_Quarantine\15.10.2012_00.04.15\susp0000\object.ini
C:\TDSSKiller_Quarantine\15.10.2012_00.04.15\susp0000\svc0000
C:\TDSSKiller_Quarantine\15.10.2012_00.04.15\susp0000\svc0000\object.ini
C:\TDSSKiller_Quarantine\15.10.2012_00.04.15\susp0000\svc0000\tsk0000.dta
C:\TDSSKiller_Quarantine\15.10.2012_00.04.15\susp0000\svc0000\tsk0000.ini
C:\TDSSKiller_Quarantine\15.10.2012_00.04.15\susp0001\object.ini
C:\TDSSKiller_Quarantine\15.10.2012_00.04.15\susp0001\svc0000
C:\TDSSKiller_Quarantine\15.10.2012_00.04.15\susp0001\svc0000\object.ini
C:\TDSSKiller_Quarantine\15.10.2012_00.04.15\susp0001\svc0000\tsk0000.dta
C:\TDSSKiller_Quarantine\15.10.2012_00.04.15\susp0001\svc0000\tsk0000.ini
C:\TDSSKiller_Quarantine\15.10.2012_00.04.15\susp0002\object.ini
C:\TDSSKiller_Quarantine\15.10.2012_00.04.15\susp0002\svc0000
C:\TDSSKiller_Quarantine\15.10.2012_00.04.15\susp0002\svc0000\object.ini
C:\TDSSKiller_Quarantine\15.10.2012_00.04.15\susp0002\svc0000\tsk0000.dta
C:\TDSSKiller_Quarantine\15.10.2012_00.04.15\susp0002\svc0000\tsk0000.ini
C:\TDSSKiller_Quarantine\15.10.2012_00.04.15\susp0003\object.ini
C:\TDSSKiller_Quarantine\15.10.2012_00.04.15\susp0003\svc0000
C:\TDSSKiller_Quarantine\15.10.2012_00.04.15\susp0003\svc0000\object.ini
C:\TDSSKiller_Quarantine\15.10.2012_00.04.15\susp0003\svc0000\tsk0000.dta
C:\TDSSKiller_Quarantine\15.10.2012_00.04.15\susp0003\svc0000\tsk0000.ini
C:\TDSSKiller_Quarantine\15.10.2012_00.04.15\zasubsys0000\zafs0000
C:\TDSSKiller_Quarantine\15.10.2012_00.04.15\zasubsys0000\object.ini
C:\TDSSKiller_Quarantine\15.10.2012_00.04.15\zasubsys0000\file0000
C:\TDSSKiller_Quarantine\15.10.2012_00.04.15\zasubsys0000\file0000\object.ini
C:\TDSSKiller_Quarantine\15.10.2012_00.04.15\zasubsys0000\file0000\tsk0000.dta
C:\TDSSKiller_Quarantine\15.10.2012_00.04.15\zasubsys0000\file0000\tsk0000.ini
C:\TDSSKiller_Quarantine\15.10.2012_00.04.15\zasubsys0000\zafs0000\tsk0007.dta
C:\TDSSKiller_Quarantine\15.10.2012_00.04.15\zasubsys0000\zafs0000\tsk0006.ini
C:\TDSSKiller_Quarantine\15.10.2012_00.04.15\zasubsys0000\zafs0000\tsk0006.dta
C:\TDSSKiller_Quarantine\15.10.2012_00.04.15\zasubsys0000\zafs0000\tsk0005.ini
C:\TDSSKiller_Quarantine\15.10.2012_00.04.15\zasubsys0000\zafs0000\tsk0005.dta
C:\TDSSKiller_Quarantine\15.10.2012_00.04.15\zasubsys0000\zafs0000\tsk0004.ini
C:\TDSSKiller_Quarantine\15.10.2012_00.04.15\zasubsys0000\zafs0000\tsk0003.dta
C:\TDSSKiller_Quarantine\15.10.2012_00.04.15\zasubsys0000\zafs0000\tsk0003.ini
C:\TDSSKiller_Quarantine\15.10.2012_00.04.15\zasubsys0000\zafs0000\tsk0004.dta
C:\TDSSKiller_Quarantine\15.10.2012_00.04.15\zasubsys0000\zafs0000\tsk0007.ini
C:\TDSSKiller_Quarantine\15.10.2012_00.04.15\zasubsys0000\zafs0000\tsk0002.dta
C:\TDSSKiller_Quarantine\15.10.2012_00.04.15\zasubsys0000\zafs0000\tsk0002.ini
C:\TDSSKiller_Quarantine\15.10.2012_00.04.15\zasubsys0000\zafs0000\tsk0001.dta
C:\TDSSKiller_Quarantine\15.10.2012_00.04.15\zasubsys0000\zafs0000\tsk0001.ini
C:\TDSSKiller_Quarantine\15.10.2012_00.04.15\zasubsys0000\zafs0000\tsk0000.dta
C:\TDSSKiller_Quarantine\15.10.2012_00.04.15\zasubsys0000\zafs0000\tsk0000.ini
C:\TDSSKiller_Quarantine\15.10.2012_00.04.15\zasubsys0001\object.ini
C:\TDSSKiller_Quarantine\15.10.2012_00.04.15\zasubsys0001\zafs0000
C:\TDSSKiller_Quarantine\15.10.2012_00.04.15\zasubsys0001\file0000
C:\TDSSKiller_Quarantine\15.10.2012_00.04.15\zasubsys0001\file0000\object.ini
C:\TDSSKiller_Quarantine\15.10.2012_00.04.15\zasubsys0001\file0000\tsk0000.dta
C:\TDSSKiller_Quarantine\15.10.2012_00.04.15\zasubsys0001\file0000\tsk0000.ini
C:\TDSSKiller_Quarantine\15.10.2012_00.04.15\zasubsys0001\zafs0000\tsk0007.dta
C:\TDSSKiller_Quarantine\15.10.2012_00.04.15\zasubsys0001\zafs0000\tsk0006.ini
C:\TDSSKiller_Quarantine\15.10.2012_00.04.15\zasubsys0001\zafs0000\tsk0006.dta
C:\TDSSKiller_Quarantine\15.10.2012_00.04.15\zasubsys0001\zafs0000\tsk0005.ini
C:\TDSSKiller_Quarantine\15.10.2012_00.04.15\zasubsys0001\zafs0000\tsk0005.dta
C:\TDSSKiller_Quarantine\15.10.2012_00.04.15\zasubsys0001\zafs0000\tsk0004.ini
C:\TDSSKiller_Quarantine\15.10.2012_00.04.15\zasubsys0001\zafs0000\tsk0004.dta
C:\TDSSKiller_Quarantine\15.10.2012_00.04.15\zasubsys0001\zafs0000\tsk0007.ini
C:\TDSSKiller_Quarantine\15.10.2012_00.04.15\zasubsys0001\zafs0000\tsk0002.ini
C:\TDSSKiller_Quarantine\15.10.2012_00.04.15\zasubsys0001\zafs0000\tsk0002.dta
C:\TDSSKiller_Quarantine\15.10.2012_00.04.15\zasubsys0001\zafs0000\tsk0001.ini
C:\TDSSKiller_Quarantine\15.10.2012_00.04.15\zasubsys0001\zafs0000\tsk0001.dta
C:\TDSSKiller_Quarantine\15.10.2012_00.04.15\zasubsys0001\zafs0000\tsk0000.ini
C:\TDSSKiller_Quarantine\15.10.2012_00.04.15\zasubsys0001\zafs0000\tsk0000.dta
C:\TDSSKiller_Quarantine\15.10.2012_00.04.15\zasubsys0001\zafs0000\tsk0003.ini
C:\TDSSKiller_Quarantine\15.10.2012_00.04.15\zasubsys0001\zafs0000\tsk0003.dta
C:\TDSSKiller_Quarantine\15.10.2012_00.04.15\zasubsys0002\object.ini
C:\TDSSKiller_Quarantine\15.10.2012_00.04.15\zasubsys0002\zafs0000
C:\TDSSKiller_Quarantine\15.10.2012_00.04.15\zasubsys0002\file0000
C:\TDSSKiller_Quarantine\15.10.2012_00.04.15\zasubsys0002\file0000\object.ini
C:\TDSSKiller_Quarantine\15.10.2012_00.04.15\zasubsys0002\file0000\tsk0000.dta
C:\TDSSKiller_Quarantine\15.10.2012_00.04.15\zasubsys0002\file0000\tsk0000.ini
C:\TDSSKiller_Quarantine\15.10.2012_00.04.15\zasubsys0002\zafs0000\tsk0010.dta
C:\TDSSKiller_Quarantine\15.10.2012_00.04.15\zasubsys0002\zafs0000\tsk0009.ini
C:\TDSSKiller_Quarantine\15.10.2012_00.04.15\zasubsys0002\zafs0000\tsk0009.dta
C:\TDSSKiller_Quarantine\15.10.2012_00.04.15\zasubsys0002\zafs0000\tsk0008.ini
C:\TDSSKiller_Quarantine\15.10.2012_00.04.15\zasubsys0002\zafs0000\tsk0008.dta
C:\TDSSKiller_Quarantine\15.10.2012_00.04.15\zasubsys0002\zafs0000\tsk0007.ini
C:\TDSSKiller_Quarantine\15.10.2012_00.04.15\zasubsys0002\zafs0000\tsk0007.dta
C:\TDSSKiller_Quarantine\15.10.2012_00.04.15\zasubsys0002\zafs0000\tsk0006.ini
C:\TDSSKiller_Quarantine\15.10.2012_00.04.15\zasubsys0002\zafs0000\tsk0006.dta
C:\TDSSKiller_Quarantine\15.10.2012_00.04.15\zasubsys0002\zafs0000\tsk0010.ini
C:\TDSSKiller_Quarantine\15.10.2012_00.04.15\zasubsys0002\zafs0000\tsk0004.ini
C:\TDSSKiller_Quarantine\15.10.2012_00.04.15\zasubsys0002\zafs0000\tsk0005.ini
C:\TDSSKiller_Quarantine\15.10.2012_00.04.15\zasubsys0002\zafs0000\tsk0004.dta
C:\TDSSKiller_Quarantine\15.10.2012_00.04.15\zasubsys0002\zafs0000\tsk0003.ini
C:\TDSSKiller_Quarantine\15.10.2012_00.04.15\zasubsys0002\zafs0000\tsk0003.dta
C:\TDSSKiller_Quarantine\15.10.2012_00.04.15\zasubsys0002\zafs0000\tsk0002.ini
C:\TDSSKiller_Quarantine\15.10.2012_00.04.15\zasubsys0002\zafs0000\tsk0002.dta
C:\TDSSKiller_Quarantine\15.10.2012_00.04.15\zasubsys0002\zafs0000\tsk0001.ini
C:\TDSSKiller_Quarantine\15.10.2012_00.04.15\zasubsys0002\zafs0000\tsk0001.dta
C:\TDSSKiller_Quarantine\15.10.2012_00.04.15\zasubsys0002\zafs0000\tsk0000.ini
C:\TDSSKiller_Quarantine\15.10.2012_00.04.15\zasubsys0002\zafs0000\tsk0000.dta
C:\TDSSKiller_Quarantine\15.10.2012_00.04.15\zasubsys0002\zafs0000\tsk0005.dta
C:\TDSSKiller_Quarantine\15.10.2012_00.18.58\zasubsys0000
C:\TDSSKiller_Quarantine\15.10.2012_00.18.58\susp0003
C:\TDSSKiller_Quarantine\15.10.2012_00.18.58\susp0002
C:\TDSSKiller_Quarantine\15.10.2012_00.18.58\susp0001
C:\TDSSKiller_Quarantine\15.10.2012_00.18.58\susp0000
C:\TDSSKiller_Quarantine\15.10.2012_00.18.58\susp0000\object.ini
C:\TDSSKiller_Quarantine\15.10.2012_00.18.58\susp0000\svc0000
C:\TDSSKiller_Quarantine\15.10.2012_00.18.58\susp0000\svc0000\object.ini
C:\TDSSKiller_Quarantine\15.10.2012_00.18.58\susp0000\svc0000\tsk0000.dta
C:\TDSSKiller_Quarantine\15.10.2012_00.18.58\susp0000\svc0000\tsk0000.ini
C:\TDSSKiller_Quarantine\15.10.2012_00.18.58\susp0001\object.ini
C:\TDSSKiller_Quarantine\15.10.2012_00.18.58\susp0001\svc0000
C:\TDSSKiller_Quarantine\15.10.2012_00.18.58\susp0001\svc0000\tsk0000.dta
C:\TDSSKiller_Quarantine\15.10.2012_00.18.58\susp0001\svc0000\object.ini
C:\TDSSKiller_Quarantine\15.10.2012_00.18.58\susp0001\svc0000\tsk0000.ini
C:\TDSSKiller_Quarantine\15.10.2012_00.18.58\susp0002\object.ini
C:\TDSSKiller_Quarantine\15.10.2012_00.18.58\susp0002\svc0000
C:\TDSSKiller_Quarantine\15.10.2012_00.18.58\susp0002\svc0000\tsk0000.dta
C:\TDSSKiller_Quarantine\15.10.2012_00.18.58\susp0002\svc0000\object.ini
C:\TDSSKiller_Quarantine\15.10.2012_00.18.58\susp0002\svc0000\tsk0000.ini
C:\TDSSKiller_Quarantine\15.10.2012_00.18.58\susp0003\object.ini
C:\TDSSKiller_Quarantine\15.10.2012_00.18.58\susp0003\svc0000
C:\TDSSKiller_Quarantine\15.10.2012_00.18.58\susp0003\svc0000\object.ini
C:\TDSSKiller_Quarantine\15.10.2012_00.18.58\susp0003\svc0000\tsk0000.dta
C:\TDSSKiller_Quarantine\15.10.2012_00.18.58\susp0003\svc0000\tsk0000.ini
C:\TDSSKiller_Quarantine\15.10.2012_00.18.58\zasubsys0000\object.ini
C:\TDSSKiller_Quarantine\15.10.2012_00.18.58\zasubsys0000\zafs0000
C:\TDSSKiller_Quarantine\15.10.2012_00.18.58\zasubsys0000\file0000
C:\TDSSKiller_Quarantine\15.10.2012_00.18.58\zasubsys0000\file0000\tsk0000.dta
C:\TDSSKiller_Quarantine\15.10.2012_00.18.58\zasubsys0000\file0000\object.ini
C:\TDSSKiller_Quarantine\15.10.2012_00.18.58\zasubsys0000\file0000\tsk0000.ini
C:\TDSSKiller_Quarantine\15.10.2012_00.18.58\zasubsys0000\zafs0000\tsk0010.dta
C:\TDSSKiller_Quarantine\15.10.2012_00.18.58\zasubsys0000\zafs0000\tsk0010.ini
C:\TDSSKiller_Quarantine\15.10.2012_00.18.58\zasubsys0000\zafs0000\tsk0009.ini
C:\TDSSKiller_Quarantine\15.10.2012_00.18.58\zasubsys0000\zafs0000\tsk0009.dta
C:\TDSSKiller_Quarantine\15.10.2012_00.18.58\zasubsys0000\zafs0000\tsk0008.ini
C:\TDSSKiller_Quarantine\15.10.2012_00.18.58\zasubsys0000\zafs0000\tsk0008.dta
C:\TDSSKiller_Quarantine\15.10.2012_00.18.58\zasubsys0000\zafs0000\tsk0007.ini
C:\TDSSKiller_Quarantine\15.10.2012_00.18.58\zasubsys0000\zafs0000\tsk0007.dta
C:\TDSSKiller_Quarantine\15.10.2012_00.18.58\zasubsys0000\zafs0000\tsk0006.ini
C:\TDSSKiller_Quarantine\15.10.2012_00.18.58\zasubsys0000\zafs0000\tsk0006.dta
C:\TDSSKiller_Quarantine\15.10.2012_00.18.58\zasubsys0000\zafs0000\tsk0005.dta
C:\TDSSKiller_Quarantine\15.10.2012_00.18.58\zasubsys0000\zafs0000\tsk0005.ini
C:\TDSSKiller_Quarantine\15.10.2012_00.18.58\zasubsys0000\zafs0000\tsk0004.ini
C:\TDSSKiller_Quarantine\15.10.2012_00.18.58\zasubsys0000\zafs0000\tsk0004.dta
C:\TDSSKiller_Quarantine\15.10.2012_00.18.58\zasubsys0000\zafs0000\tsk0003.ini
C:\TDSSKiller_Quarantine\15.10.2012_00.18.58\zasubsys0000\zafs0000\tsk0003.dta
C:\TDSSKiller_Quarantine\15.10.2012_00.18.58\zasubsys0000\zafs0000\tsk0002.dta
C:\TDSSKiller_Quarantine\15.10.2012_00.18.58\zasubsys0000\zafs0000\tsk0002.ini
C:\TDSSKiller_Quarantine\15.10.2012_00.18.58\zasubsys0000\zafs0000\tsk0001.dta
C:\TDSSKiller_Quarantine\15.10.2012_00.18.58\zasubsys0000\zafs0000\tsk0001.ini
C:\TDSSKiller_Quarantine\15.10.2012_00.18.58\zasubsys0000\zafs0000\tsk0000.ini
C:\TDSSKiller_Quarantine\15.10.2012_00.18.58\zasubsys0000\zafs0000\tsk0000.dta
C:\TDSSKiller_Quarantine\15.10.2012_00.26.10\zasubsys0000
C:\TDSSKiller_Quarantine\15.10.2012_00.26.10\zasubsys0000\zafs0000
C:\TDSSKiller_Quarantine\15.10.2012_00.26.10\zasubsys0000\object.ini
C:\TDSSKiller_Quarantine\15.10.2012_00.26.10\zasubsys0000\file0000
C:\TDSSKiller_Quarantine\15.10.2012_00.26.10\zasubsys0000\file0000\object.ini
C:\TDSSKiller_Quarantine\15.10.2012_00.26.10\zasubsys0000\file0000\tsk0000.dta
C:\TDSSKiller_Quarantine\15.10.2012_00.26.10\zasubsys0000\file0000\tsk0000.ini
C:\TDSSKiller_Quarantine\15.10.2012_00.26.10\zasubsys0000\zafs0000\tsk0010.dta
C:\TDSSKiller_Quarantine\15.10.2012_00.26.10\zasubsys0000\zafs0000\tsk0009.ini
C:\TDSSKiller_Quarantine\15.10.2012_00.26.10\zasubsys0000\zafs0000\tsk0009.dta
C:\TDSSKiller_Quarantine\15.10.2012_00.26.10\zasubsys0000\zafs0000\tsk0008.ini
C:\TDSSKiller_Quarantine\15.10.2012_00.26.10\zasubsys0000\zafs0000\tsk0008.dta
C:\TDSSKiller_Quarantine\15.10.2012_00.26.10\zasubsys0000\zafs0000\tsk0007.ini
C:\TDSSKiller_Quarantine\15.10.2012_00.26.10\zasubsys0000\zafs0000\tsk0007.dta
C:\TDSSKiller_Quarantine\15.10.2012_00.26.10\zasubsys0000\zafs0000\tsk0006.ini
C:\TDSSKiller_Quarantine\15.10.2012_00.26.10\zasubsys0000\zafs0000\tsk0006.dta
C:\TDSSKiller_Quarantine\15.10.2012_00.26.10\zasubsys0000\zafs0000\tsk0005.ini
C:\TDSSKiller_Quarantine\15.10.2012_00.26.10\zasubsys0000\zafs0000\tsk0005.dta
C:\TDSSKiller_Quarantine\15.10.2012_00.26.10\zasubsys0000\zafs0000\tsk0010.ini
C:\TDSSKiller_Quarantine\15.10.2012_00.26.10\zasubsys0000\zafs0000\tsk0004.dta
C:\TDSSKiller_Quarantine\15.10.2012_00.26.10\zasubsys0000\zafs0000\tsk0004.ini
C:\TDSSKiller_Quarantine\15.10.2012_00.26.10\zasubsys0000\zafs0000\tsk0003.ini
C:\TDSSKiller_Quarantine\15.10.2012_00.26.10\zasubsys0000\zafs0000\tsk0003.dta
C:\TDSSKiller_Quarantine\15.10.2012_00.26.10\zasubsys0000\zafs0000\tsk0002.dta
C:\TDSSKiller_Quarantine\15.10.2012_00.26.10\zasubsys0000\zafs0000\tsk0002.ini
C:\TDSSKiller_Quarantine\15.10.2012_00.26.10\zasubsys0000\zafs0000\tsk0000.ini
C:\TDSSKiller_Quarantine\15.10.2012_00.26.10\zasubsys0000\zafs0000\tsk0000.dta
C:\TDSSKiller_Quarantine\15.10.2012_00.26.10\zasubsys0000\zafs0000\tsk0001.dta
C:\TDSSKiller_Quarantine\15.10.2012_00.26.10\zasubsys0000\zafs0000\tsk0001.ini
C:\TDSSKiller_Quarantine\17.10.2012_18.35.13\zasubsys0000
C:\TDSSKiller_Quarantine\17.10.2012_18.35.13\zasubsys0000\zafs0000
C:\TDSSKiller_Quarantine\17.10.2012_18.35.13\zasubsys0000\object.ini
C:\TDSSKiller_Quarantine\17.10.2012_18.35.13\zasubsys0000\file0000
C:\TDSSKiller_Quarantine\17.10.2012_18.35.13\zasubsys0000\file0000\tsk0000.dta
C:\TDSSKiller_Quarantine\17.10.2012_18.35.13\zasubsys0000\file0000\object.ini
C:\TDSSKiller_Quarantine\17.10.2012_18.35.13\zasubsys0000\file0000\tsk0000.ini
C:\TDSSKiller_Quarantine\17.10.2012_18.35.13\zasubsys0000\zafs0000\tsk0003.dta
C:\TDSSKiller_Quarantine\17.10.2012_18.35.13\zasubsys0000\zafs0000\tsk0002.ini
C:\TDSSKiller_Quarantine\17.10.2012_18.35.13\zasubsys0000\zafs0000\tsk0002.dta
C:\TDSSKiller_Quarantine\17.10.2012_18.35.13\zasubsys0000\zafs0000\tsk0003.ini
C:\TDSSKiller_Quarantine\17.10.2012_18.35.13\zasubsys0000\zafs0000\tsk0001.ini
C:\TDSSKiller_Quarantine\17.10.2012_18.35.13\zasubsys0000\zafs0000\tsk0001.dta
C:\TDSSKiller_Quarantine\17.10.2012_18.35.13\zasubsys0000\zafs0000\tsk0000.dta
C:\TDSSKiller_Quarantine\17.10.2012_18.35.13\zasubsys0000\zafs0000\tsk0000.ini

---------- INI FILES ----------

=== C:\TDSSKiller_Quarantine\15.10.2012_00.04.15\susp0000\object.ini

[InfectedObject]
Verdict: UnsignedFile.Multi.Generic


=== C:\TDSSKiller_Quarantine\15.10.2012_00.04.15\susp0000\svc0000\object.ini

[InfectedObject]
Type: Service
Name: IDriverT
Type: n/a (0x10)
Start: Demand (0x3)
ImagePath: "C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe"


=== C:\TDSSKiller_Quarantine\15.10.2012_00.04.15\susp0000\svc0000\tsk0000.ini

[InfectedFile]
Type: Raw image
Src: C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
md5: 6F95324909B502E2651442C1548AB12F


=== C:\TDSSKiller_Quarantine\15.10.2012_00.04.15\susp0001\object.ini

[InfectedObject]
Verdict: UnsignedFile.Multi.Generic


=== C:\TDSSKiller_Quarantine\15.10.2012_00.04.15\susp0001\svc0000\object.ini

[InfectedObject]
Type: Service
Name: SampleCollector
Type: n/a (0x10)
Start: Demand (0x3)
ImagePath: "C:\Program Files\Sony\VAIO Care\collsvc.exe" "/service" "/counter=\Processor(_Total)\% Processor Time:5" "/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:5" "/counter=\Network Interface(*)\Bytes Total/sec:5" "/directory=inteldata"


=== C:\TDSSKiller_Quarantine\15.10.2012_00.04.15\susp0001\svc0000\tsk0000.ini

[InfectedFile]
Type: Raw image
Src: C:\Program Files\Sony\VAIO Care\collsvc.exe
md5: 9A5FB8DE6567BC86FCCDE2F0336857A3


=== C:\TDSSKiller_Quarantine\15.10.2012_00.04.15\susp0002\object.ini

[InfectedObject]
Verdict: UnsignedFile.Multi.Generic


=== C:\TDSSKiller_Quarantine\15.10.2012_00.04.15\susp0002\svc0000\object.ini

[InfectedObject]
Type: Service
Name: VAIO Entertainment TV Device Arbitration Service
Type: n/a (0x10)
Start: Demand (0x3)
ImagePath: "C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe"


=== C:\TDSSKiller_Quarantine\15.10.2012_00.04.15\susp0002\svc0000\tsk0000.ini

[InfectedFile]
Type: Raw image
Src: C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe
md5: 4E7135D6D0127067E4CFEE12259F895D


=== C:\TDSSKiller_Quarantine\15.10.2012_00.04.15\susp0003\object.ini

[InfectedObject]
Verdict: UnsignedFile.Multi.Generic


=== C:\TDSSKiller_Quarantine\15.10.2012_00.04.15\susp0003\svc0000\object.ini

[InfectedObject]
Type: Service
Name: VzCdbSvc
Type: n/a (0x10)
Start: Auto (0x2)
ImagePath: "C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe"


=== C:\TDSSKiller_Quarantine\15.10.2012_00.04.15\susp0003\svc0000\tsk0000.ini

[InfectedFile]
Type: Raw image
Src: C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
md5: D8BEF4AC1EAC809DBDBD441D6CFF6C4C


=== C:\TDSSKiller_Quarantine\15.10.2012_00.04.15\zasubsys0000\object.ini

[InfectedObject]
Verdict: Virus.Win64.ZAccess.a


=== C:\TDSSKiller_Quarantine\15.10.2012_00.04.15\zasubsys0000\file0000\object.ini

[InfectedObject]
Type: File


=== C:\TDSSKiller_Quarantine\15.10.2012_00.04.15\zasubsys0000\file0000\tsk0000.ini

[InfectedFile]
Type: Raw image
Src: C:\Windows\system32\services.exe
md5: 50BEA589F7D7958BDD2528A8F69D05CC


=== C:\TDSSKiller_Quarantine\15.10.2012_00.04.15\zasubsys0000\zafs0000\tsk0000.ini

[InfectedFile]
Name: C:\Windows\assembly\GAC_32\desktop.ini
Size: 4608


=== C:\TDSSKiller_Quarantine\15.10.2012_00.04.15\zasubsys0000\zafs0000\tsk0001.ini

[InfectedFile]
Name: C:\Windows\assembly\GAC_64\desktop.ini
Size: 6144


=== C:\TDSSKiller_Quarantine\15.10.2012_00.04.15\zasubsys0000\zafs0000\tsk0002.ini

[InfectedFile]
Name: C:\Windows\installer\{636557e1-9a3f-88ab-c676-23e0df88a7f7}\@
Size: 2048


=== C:\TDSSKiller_Quarantine\15.10.2012_00.04.15\zasubsys0000\zafs0000\tsk0003.ini

[InfectedFile]
Name: C:\Windows\installer\{636557e1-9a3f-88ab-c676-23e0df88a7f7}\L\00000004.@
Size: 804


=== C:\TDSSKiller_Quarantine\15.10.2012_00.04.15\zasubsys0000\zafs0000\tsk0004.ini

[InfectedFile]
Name: C:\Windows\installer\{636557e1-9a3f-88ab-c676-23e0df88a7f7}\L\201d3dde
Size: 222


=== C:\TDSSKiller_Quarantine\15.10.2012_00.04.15\zasubsys0000\zafs0000\tsk0005.ini

[InfectedFile]
Name: C:\Windows\installer\{636557e1-9a3f-88ab-c676-23e0df88a7f7}\U\00000004.@
Size: 2048


=== C:\TDSSKiller_Quarantine\15.10.2012_00.04.15\zasubsys0000\zafs0000\tsk0006.ini

[InfectedFile]
Name: C:\Windows\installer\{636557e1-9a3f-88ab-c676-23e0df88a7f7}\U\80000032.@
Size: 87040


=== C:\TDSSKiller_Quarantine\15.10.2012_00.04.15\zasubsys0000\zafs0000\tsk0007.ini

[InfectedFile]
Name: C:\Windows\installer\{636557e1-9a3f-88ab-c676-23e0df88a7f7}\U\80000064.@
Size: 72704


=== C:\TDSSKiller_Quarantine\15.10.2012_00.04.15\zasubsys0001\object.ini

[InfectedObject]
Verdict: Virus.Win64.ZAccess.a


=== C:\TDSSKiller_Quarantine\15.10.2012_00.04.15\zasubsys0001\file0000\object.ini

[InfectedObject]
Type: File


=== C:\TDSSKiller_Quarantine\15.10.2012_00.04.15\zasubsys0001\file0000\tsk0000.ini

[InfectedFile]
Type: Raw image
Src: C:\Windows\system32\services.exe
md5: 50BEA589F7D7958BDD2528A8F69D05CC


=== C:\TDSSKiller_Quarantine\15.10.2012_00.04.15\zasubsys0001\zafs0000\tsk0000.ini

[InfectedFile]
Name: C:\Windows\assembly\GAC_32\desktop.ini
Size: 4608


=== C:\TDSSKiller_Quarantine\15.10.2012_00.04.15\zasubsys0001\zafs0000\tsk0001.ini

[InfectedFile]
Name: C:\Windows\assembly\GAC_64\desktop.ini
Size: 6144


=== C:\TDSSKiller_Quarantine\15.10.2012_00.04.15\zasubsys0001\zafs0000\tsk0002.ini

[InfectedFile]
Name: C:\Windows\installer\{636557e1-9a3f-88ab-c676-23e0df88a7f7}\@
Size: 2048


=== C:\TDSSKiller_Quarantine\15.10.2012_00.04.15\zasubsys0001\zafs0000\tsk0003.ini

[InfectedFile]
Name: C:\Windows\installer\{636557e1-9a3f-88ab-c676-23e0df88a7f7}\L\00000004.@
Size: 804


=== C:\TDSSKiller_Quarantine\15.10.2012_00.04.15\zasubsys0001\zafs0000\tsk0004.ini

[InfectedFile]
Name: C:\Windows\installer\{636557e1-9a3f-88ab-c676-23e0df88a7f7}\L\201d3dde
Size: 234


=== C:\TDSSKiller_Quarantine\15.10.2012_00.04.15\zasubsys0001\zafs0000\tsk0005.ini

[InfectedFile]
Name: C:\Windows\installer\{636557e1-9a3f-88ab-c676-23e0df88a7f7}\U\00000004.@
Size: 2048


=== C:\TDSSKiller_Quarantine\15.10.2012_00.04.15\zasubsys0001\zafs0000\tsk0006.ini

[InfectedFile]
Name: C:\Windows\installer\{636557e1-9a3f-88ab-c676-23e0df88a7f7}\U\80000032.@
Size: 87040


=== C:\TDSSKiller_Quarantine\15.10.2012_00.04.15\zasubsys0001\zafs0000\tsk0007.ini

[InfectedFile]
Name: C:\Windows\installer\{636557e1-9a3f-88ab-c676-23e0df88a7f7}\U\80000064.@
Size: 72704


=== C:\TDSSKiller_Quarantine\15.10.2012_00.04.15\zasubsys0002\object.ini

[InfectedObject]
Verdict: Virus.Win64.ZAccess.a


=== C:\TDSSKiller_Quarantine\15.10.2012_00.04.15\zasubsys0002\file0000\object.ini

[InfectedObject]
Type: File


=== C:\TDSSKiller_Quarantine\15.10.2012_00.04.15\zasubsys0002\file0000\tsk0000.ini

[InfectedFile]
Type: Raw image
Src: C:\Windows\system32\services.exe
md5: 50BEA589F7D7958BDD2528A8F69D05CC


=== C:\TDSSKiller_Quarantine\15.10.2012_00.04.15\zasubsys0002\zafs0000\tsk0000.ini

[InfectedFile]
Name: C:\Windows\assembly\GAC_32\desktop.ini
Size: 4608


=== C:\TDSSKiller_Quarantine\15.10.2012_00.04.15\zasubsys0002\zafs0000\tsk0001.ini

[InfectedFile]
Name: C:\Windows\assembly\GAC_64\desktop.ini
Size: 6144


=== C:\TDSSKiller_Quarantine\15.10.2012_00.04.15\zasubsys0002\zafs0000\tsk0002.ini

[InfectedFile]
Name: C:\Windows\installer\{636557e1-9a3f-88ab-c676-23e0df88a7f7}\@
Size: 2048


=== C:\TDSSKiller_Quarantine\15.10.2012_00.04.15\zasubsys0002\zafs0000\tsk0003.ini

[InfectedFile]
Name: C:\Windows\installer\{636557e1-9a3f-88ab-c676-23e0df88a7f7}\L\00000004.@
Size: 804


=== C:\TDSSKiller_Quarantine\15.10.2012_00.04.15\zasubsys0002\zafs0000\tsk0004.ini

[InfectedFile]
Name: C:\Windows\installer\{636557e1-9a3f-88ab-c676-23e0df88a7f7}\L\201d3dde
Size: 289


=== C:\TDSSKiller_Quarantine\15.10.2012_00.04.15\zasubsys0002\zafs0000\tsk0005.ini

[InfectedFile]
Name: C:\Windows\installer\{636557e1-9a3f-88ab-c676-23e0df88a7f7}\U\00000004.@
Size: 2048


=== C:\TDSSKiller_Quarantine\15.10.2012_00.04.15\zasubsys0002\zafs0000\tsk0006.ini

[InfectedFile]
Name: C:\Windows\installer\{636557e1-9a3f-88ab-c676-23e0df88a7f7}\U\00000008.@
Size: 232960


=== C:\TDSSKiller_Quarantine\15.10.2012_00.04.15\zasubsys0002\zafs0000\tsk0007.ini

[InfectedFile]
Name: C:\Windows\installer\{636557e1-9a3f-88ab-c676-23e0df88a7f7}\U\000000cb.@
Size: 1632


=== C:\TDSSKiller_Quarantine\15.10.2012_00.04.15\zasubsys0002\zafs0000\tsk0008.ini

[InfectedFile]
Name: C:\Windows\installer\{636557e1-9a3f-88ab-c676-23e0df88a7f7}\U\80000000.@
Size: 16896


=== C:\TDSSKiller_Quarantine\15.10.2012_00.04.15\zasubsys0002\zafs0000\tsk0009.ini

[InfectedFile]
Name: C:\Windows\installer\{636557e1-9a3f-88ab-c676-23e0df88a7f7}\U\80000032.@
Size: 87040


=== C:\TDSSKiller_Quarantine\15.10.2012_00.04.15\zasubsys0002\zafs0000\tsk0010.ini

[InfectedFile]
Name: C:\Windows\installer\{636557e1-9a3f-88ab-c676-23e0df88a7f7}\U\80000064.@
Size: 72704


=== C:\TDSSKiller_Quarantine\15.10.2012_00.18.58\susp0000\object.ini

[InfectedObject]
Verdict: UnsignedFile.Multi.Generic


=== C:\TDSSKiller_Quarantine\15.10.2012_00.18.58\susp0000\svc0000\object.ini

[InfectedObject]
Type: Service
Name: IDriverT
Type: n/a (0x10)
Start: Demand (0x3)
ImagePath: "C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe"


=== C:\TDSSKiller_Quarantine\15.10.2012_00.18.58\susp0000\svc0000\tsk0000.ini

[InfectedFile]
Type: Raw image
Src: C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
md5: 6F95324909B502E2651442C1548AB12F


=== C:\TDSSKiller_Quarantine\15.10.2012_00.18.58\susp0001\object.ini

[InfectedObject]
Verdict: UnsignedFile.Multi.Generic


=== C:\TDSSKiller_Quarantine\15.10.2012_00.18.58\susp0001\svc0000\object.ini

[InfectedObject]
Type: Service
Name: SampleCollector
Type: n/a (0x10)
Start: Demand (0x3)
ImagePath: "C:\Program Files\Sony\VAIO Care\collsvc.exe" "/service" "/counter=\Processor(_Total)\% Processor Time:5" "/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:5" "/counter=\Network Interface(*)\Bytes Total/sec:5" "/directory=inteldata"


=== C:\TDSSKiller_Quarantine\15.10.2012_00.18.58\susp0001\svc0000\tsk0000.ini

[InfectedFile]
Type: Raw image
Src: C:\Program Files\Sony\VAIO Care\collsvc.exe
md5: 9A5FB8DE6567BC86FCCDE2F0336857A3


=== C:\TDSSKiller_Quarantine\15.10.2012_00.18.58\susp0002\object.ini

[InfectedObject]
Verdict: UnsignedFile.Multi.Generic


=== C:\TDSSKiller_Quarantine\15.10.2012_00.18.58\susp0002\svc0000\object.ini

[InfectedObject]
Type: Service
Name: VAIO Entertainment TV Device Arbitration Service
Type: n/a (0x10)
Start: Demand (0x3)
ImagePath: "C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe"


=== C:\TDSSKiller_Quarantine\15.10.2012_00.18.58\susp0002\svc0000\tsk0000.ini

[InfectedFile]
Type: Raw image
Src: C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe
md5: 4E7135D6D0127067E4CFEE12259F895D


=== C:\TDSSKiller_Quarantine\15.10.2012_00.18.58\susp0003\object.ini

[InfectedObject]
Verdict: UnsignedFile.Multi.Generic


=== C:\TDSSKiller_Quarantine\15.10.2012_00.18.58\susp0003\svc0000\object.ini

[InfectedObject]
Type: Service
Name: VzCdbSvc
Type: n/a (0x10)
Start: Auto (0x2)
ImagePath: "C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe"


=== C:\TDSSKiller_Quarantine\15.10.2012_00.18.58\susp0003\svc0000\tsk0000.ini

[InfectedFile]
Type: Raw image
Src: C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
md5: D8BEF4AC1EAC809DBDBD441D6CFF6C4C


=== C:\TDSSKiller_Quarantine\15.10.2012_00.18.58\zasubsys0000\object.ini

[InfectedObject]
Verdict: Virus.Win64.ZAccess.a


=== C:\TDSSKiller_Quarantine\15.10.2012_00.18.58\zasubsys0000\file0000\object.ini

[InfectedObject]
Type: File


=== C:\TDSSKiller_Quarantine\15.10.2012_00.18.58\zasubsys0000\file0000\tsk0000.ini

[InfectedFile]
Type: Raw image
Src: C:\Windows\system32\services.exe
md5: 50BEA589F7D7958BDD2528A8F69D05CC


=== C:\TDSSKiller_Quarantine\15.10.2012_00.18.58\zasubsys0000\zafs0000\tsk0000.ini

[InfectedFile]
Name: C:\Windows\assembly\GAC_32\desktop.ini
Size: 4608


=== C:\TDSSKiller_Quarantine\15.10.2012_00.18.58\zasubsys0000\zafs0000\tsk0001.ini

[InfectedFile]
Name: C:\Windows\assembly\GAC_64\desktop.ini
Size: 6144


=== C:\TDSSKiller_Quarantine\15.10.2012_00.18.58\zasubsys0000\zafs0000\tsk0002.ini

[InfectedFile]
Name: C:\Windows\installer\{636557e1-9a3f-88ab-c676-23e0df88a7f7}\@
Size: 2048


=== C:\TDSSKiller_Quarantine\15.10.2012_00.18.58\zasubsys0000\zafs0000\tsk0003.ini

[InfectedFile]
Name: C:\Windows\installer\{636557e1-9a3f-88ab-c676-23e0df88a7f7}\L\00000004.@
Size: 804


=== C:\TDSSKiller_Quarantine\15.10.2012_00.18.58\zasubsys0000\zafs0000\tsk0004.ini

[InfectedFile]
Name: C:\Windows\installer\{636557e1-9a3f-88ab-c676-23e0df88a7f7}\L\201d3dde
Size: 289


=== C:\TDSSKiller_Quarantine\15.10.2012_00.18.58\zasubsys0000\zafs0000\tsk0005.ini

[InfectedFile]
Name: C:\Windows\installer\{636557e1-9a3f-88ab-c676-23e0df88a7f7}\U\00000004.@
Size: 2048


=== C:\TDSSKiller_Quarantine\15.10.2012_00.18.58\zasubsys0000\zafs0000\tsk0006.ini

[InfectedFile]
Name: C:\Windows\installer\{636557e1-9a3f-88ab-c676-23e0df88a7f7}\U\00000008.@
Size: 232960


=== C:\TDSSKiller_Quarantine\15.10.2012_00.18.58\zasubsys0000\zafs0000\tsk0007.ini

[InfectedFile]
Name: C:\Windows\installer\{636557e1-9a3f-88ab-c676-23e0df88a7f7}\U\000000cb.@
Size: 1632


=== C:\TDSSKiller_Quarantine\15.10.2012_00.18.58\zasubsys0000\zafs0000\tsk0008.ini

[InfectedFile]
Name: C:\Windows\installer\{636557e1-9a3f-88ab-c676-23e0df88a7f7}\U\80000000.@
Size: 16896


=== C:\TDSSKiller_Quarantine\15.10.2012_00.18.58\zasubsys0000\zafs0000\tsk0009.ini

[InfectedFile]
Name: C:\Windows\installer\{636557e1-9a3f-88ab-c676-23e0df88a7f7}\U\80000032.@
Size: 87040


=== C:\TDSSKiller_Quarantine\15.10.2012_00.18.58\zasubsys0000\zafs0000\tsk0010.ini

[InfectedFile]
Name: C:\Windows\installer\{636557e1-9a3f-88ab-c676-23e0df88a7f7}\U\80000064.@
Size: 72704


=== C:\TDSSKiller_Quarantine\15.10.2012_00.26.10\zasubsys0000\object.ini

[InfectedObject]
Verdict: Virus.Win64.ZAccess.a


=== C:\TDSSKiller_Quarantine\15.10.2012_00.26.10\zasubsys0000\file0000\object.ini

[InfectedObject]
Type: File


=== C:\TDSSKiller_Quarantine\15.10.2012_00.26.10\zasubsys0000\file0000\tsk0000.ini

[InfectedFile]
Type: Raw image
Src: C:\Windows\system32\services.exe
md5: 50BEA589F7D7958BDD2528A8F69D05CC


=== C:\TDSSKiller_Quarantine\15.10.2012_00.26.10\zasubsys0000\zafs0000\tsk0000.ini

[InfectedFile]
Name: C:\Windows\assembly\GAC_32\desktop.ini
Size: 4608


=== C:\TDSSKiller_Quarantine\15.10.2012_00.26.10\zasubsys0000\zafs0000\tsk0001.ini

[InfectedFile]
Name: C:\Windows\assembly\GAC_64\desktop.ini
Size: 6144


=== C:\TDSSKiller_Quarantine\15.10.2012_00.26.10\zasubsys0000\zafs0000\tsk0002.ini

[InfectedFile]
Name: C:\Windows\installer\{636557e1-9a3f-88ab-c676-23e0df88a7f7}\@
Size: 2048


=== C:\TDSSKiller_Quarantine\15.10.2012_00.26.10\zasubsys0000\zafs0000\tsk0003.ini

[InfectedFile]
Name: C:\Windows\installer\{636557e1-9a3f-88ab-c676-23e0df88a7f7}\L\00000004.@
Size: 804


=== C:\TDSSKiller_Quarantine\15.10.2012_00.26.10\zasubsys0000\zafs0000\tsk0004.ini

[InfectedFile]
Name: C:\Windows\installer\{636557e1-9a3f-88ab-c676-23e0df88a7f7}\L\201d3dde
Size: 289


=== C:\TDSSKiller_Quarantine\15.10.2012_00.26.10\zasubsys0000\zafs0000\tsk0005.ini

[InfectedFile]
Name: C:\Windows\installer\{636557e1-9a3f-88ab-c676-23e0df88a7f7}\U\00000004.@
Size: 2048


=== C:\TDSSKiller_Quarantine\15.10.2012_00.26.10\zasubsys0000\zafs0000\tsk0006.ini

[InfectedFile]
Name: C:\Windows\installer\{636557e1-9a3f-88ab-c676-23e0df88a7f7}\U\00000008.@
Size: 232960


=== C:\TDSSKiller_Quarantine\15.10.2012_00.26.10\zasubsys0000\zafs0000\tsk0007.ini

[InfectedFile]
Name: C:\Windows\installer\{636557e1-9a3f-88ab-c676-23e0df88a7f7}\U\000000cb.@
Size: 1632


=== C:\TDSSKiller_Quarantine\15.10.2012_00.26.10\zasubsys0000\zafs0000\tsk0008.ini

[InfectedFile]
Name: C:\Windows\installer\{636557e1-9a3f-88ab-c676-23e0df88a7f7}\U\80000000.@
Size: 16896


=== C:\TDSSKiller_Quarantine\15.10.2012_00.26.10\zasubsys0000\zafs0000\tsk0009.ini

[InfectedFile]
Name: C:\Windows\installer\{636557e1-9a3f-88ab-c676-23e0df88a7f7}\U\80000032.@
Size: 87040


=== C:\TDSSKiller_Quarantine\15.10.2012_00.26.10\zasubsys0000\zafs0000\tsk0010.ini

[InfectedFile]
Name: C:\Windows\installer\{636557e1-9a3f-88ab-c676-23e0df88a7f7}\U\80000064.@
Size: 72704


=== C:\TDSSKiller_Quarantine\17.10.2012_18.35.13\zasubsys0000\object.ini

[InfectedObject]
Verdict: Virus.Win64.ZAccess.a


=== C:\TDSSKiller_Quarantine\17.10.2012_18.35.13\zasubsys0000\file0000\object.ini

[InfectedObject]
Type: File


=== C:\TDSSKiller_Quarantine\17.10.2012_18.35.13\zasubsys0000\file0000\tsk0000.ini

[InfectedFile]
Type: Raw image
Src: C:\Windows\system32\services.exe
md5: 50BEA589F7D7958BDD2528A8F69D05CC


=== C:\TDSSKiller_Quarantine\17.10.2012_18.35.13\zasubsys0000\zafs0000\tsk0000.ini

[InfectedFile]
Name: C:\Windows\installer\{636557e1-9a3f-88ab-c676-23e0df88a7f7}\@
Size: 2048


=== C:\TDSSKiller_Quarantine\17.10.2012_18.35.13\zasubsys0000\zafs0000\tsk0001.ini

[InfectedFile]
Name: C:\Windows\installer\{636557e1-9a3f-88ab-c676-23e0df88a7f7}\L\00000004.@
Size: 804


=== C:\TDSSKiller_Quarantine\17.10.2012_18.35.13\zasubsys0000\zafs0000\tsk0002.ini

[InfectedFile]
Name: C:\Windows\installer\{636557e1-9a3f-88ab-c676-23e0df88a7f7}\L\201d3dde
Size: 297


=== C:\TDSSKiller_Quarantine\17.10.2012_18.35.13\zasubsys0000\zafs0000\tsk0003.ini

[InfectedFile]
Name: C:\Windows\installer\{636557e1-9a3f-88ab-c676-23e0df88a7f7}\U\00000004.@
Size: 2048


***** END SCAN 10/17/2012 Wed 19:05:40.19 *****



This is the ComboFix log.

ComboFix 12-10-17.05 - pinetree 7/2012 Wed 19:20:26.1.2 - x64
Microsoft Windows 7 Professional 6.1.7600.0.949.82.1033.18.4063.2764 [GMT -4:00]
Running from: c:\users\pinetree\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\program files (x86)\NAT Service
c:\program files (x86)\NAT Service\natsvc.exe
c:\program files (x86)\NAT Service\unins000.dat
c:\program files (x86)\NAT Service\unins000.exe
c:\program files (x86)\NAT Service\upsvc.exe
c:\program files (x86)\Naver
c:\programdata\2181742.pad
c:\users\pinetree\AppData\Local\AirportMania2\AIM Toolbar\kbkbfsimx.dll
c:\users\pinetree\Desktop\Internet Explorer.lnk
c:\windows\apppatch\AppLoc.exe
c:\windows\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\Installer\{636557e1-9a3f-88ab-c676-23e0df88a7f7}\@
c:\windows\Installer\{636557e1-9a3f-88ab-c676-23e0df88a7f7}\L\00000004.@
c:\windows\Installer\{636557e1-9a3f-88ab-c676-23e0df88a7f7}\L\201d3dde
c:\windows\Installer\{636557e1-9a3f-88ab-c676-23e0df88a7f7}\U\00000008.@
c:\windows\Installer\{636557e1-9a3f-88ab-c676-23e0df88a7f7}\U\000000cb.@
c:\windows\Installer\{636557e1-9a3f-88ab-c676-23e0df88a7f7}\U\80000064.@
c:\windows\IsUn0412.exe
c:\windows\iun6002.exe
c:\windows\PFRO.log
c:\windows\SysWow64\msstdfmt.dll
c:\windows\SysWow64\npkpdb.dll
c:\windows\SysWow64\Oleaut32.1
c:\windows\SysWow64\URTTemp
c:\windows\SysWow64\URTTemp\regtlib.exe
.
Infected copy of c:\windows\system32\Services.exe was found and disinfected
Restored copy from - c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_NATService
.
.
((((((((((((((((((((((((( Files Created from 2012-09-17 to 2012-10-17 )))))))))))))))))))))))))))))))
.
.
2012-10-17 23:28 . 2012-10-17 23:28 -------- d-----w- c:\users\hedev\AppData\Local\temp
2012-10-17 23:28 . 2012-10-17 23:28 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-15 04:05 . 2012-10-17 22:37 -------- d-----w- C:\TDSSKiller_Quarantine
2012-10-14 18:31 . 2012-10-14 18:31 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-10-13 13:58 . 2012-10-13 13:58 -------- d-----w- c:\users\Default\AppData\Roaming\TuneUp Software
2012-10-11 22:16 . 2012-10-11 22:16 -------- d-----w- c:\program files (x86)\Carpe Fulgur
2012-10-07 05:58 . 2012-10-07 05:58 -------- d--h--r- c:\users\pinetree\AppData\Roaming\SecuROM
2012-10-07 05:48 . 2012-10-07 05:48 -------- d-----w- c:\program files (x86)\EA Sports
2012-10-05 07:26 . 2012-10-05 07:26 111456 ----a-w- c:\windows\system32\drivers\avgmfx64.sys
2012-10-02 07:30 . 2012-10-02 07:30 185696 ----a-w- c:\windows\system32\drivers\avgldx64.sys
2012-09-29 17:21 . 2012-09-29 17:21 -------- d-----w- c:\users\pinetree\AppData\Roaming\AVG2013
2012-09-29 17:18 . 2012-09-29 17:18 -------- d-----w- c:\users\pinetree\AppData\Roaming\TuneUp Software
2012-09-29 17:18 . 2012-09-29 17:18 -------- d-----w- c:\program files (x86)\AVG Secure Search
2012-09-29 17:13 . 2012-10-14 23:11 -------- d-----w- c:\programdata\AVG2013
2012-09-29 17:02 . 2012-10-14 17:06 -------- d-----w- c:\users\pinetree\AppData\Local\Avg2013
2012-09-29 17:02 . 2012-09-29 17:02 -------- d-----w- c:\users\pinetree\AppData\Local\MFAData
2012-09-24 05:41 . 2012-09-24 05:41 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-09-21 07:46 . 2012-09-21 07:46 200032 ----a-w- c:\windows\system32\drivers\avgtdia.sys
2012-09-21 07:46 . 2012-09-21 07:46 225120 ----a-w- c:\windows\system32\drivers\avgloga.sys
2012-09-21 07:45 . 2012-09-21 07:45 61792 ----a-w- c:\windows\system32\drivers\avgidsha.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-17 23:32 . 2012-08-16 21:04 15712 ----a-w- c:\windows\system32\drivers\SWDUMon.sys
2012-10-09 05:23 . 2012-07-21 07:12 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-09 05:23 . 2011-06-16 04:47 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-24 05:41 . 2011-04-26 01:44 64462936 ----a-w- c:\windows\system32\MRT.exe
2012-09-14 07:05 . 2012-09-14 07:05 40800 ----a-w- c:\windows\system32\drivers\avgrkx64.sys
2012-09-13 07:11 . 2012-09-13 07:11 151904 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys
2012-09-11 23:08 . 2012-09-11 23:08 1320952 ----a-w- c:\program files (x86)\svc_setup.exe
2012-09-07 21:04 . 2011-01-22 18:36 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-06 02:14 . 2011-12-15 05:51 65536 ----a-w- c:\windows\IFinst27.exe
2012-09-04 04:35 . 2012-09-04 04:35 31080 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2012-08-02 17:55 . 2012-09-12 00:30 574464 ----a-w- c:\windows\system32\d3d10level9.dll
2012-08-02 17:05 . 2012-09-12 00:30 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2012-07-25 02:24 . 2011-10-03 23:51 466456 ----a-w- c:\windows\system32\wrap_oal.dll
2012-07-25 02:24 . 2011-10-03 23:51 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2012-07-25 02:24 . 2011-10-03 23:51 122904 ----a-w- c:\windows\system32\OpenAL32.dll
2012-07-25 02:24 . 2011-10-03 23:51 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-09-29 17:18 1734240 ----a-w- c:\program files (x86)\AVG Secure Search\12.2.5.34\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-02-08 21:40 1362320 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2010-02-08 1362320]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\12.2.5.34\AVG Secure Search_toolbar.dll" [2012-09-29 1734240]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-08-13 1353080]
"Desktop Software"="c:\program files (x86)\Common Files\SupportSoft\bin\bcont.exe" [2009-04-24 1025320]
"ComcastAntispyClient"="c:\program files (x86)\comcasttb\ComcastSpywareScan\ComcastAntispy.exe" [2009-08-19 1589208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2009-05-26 317288]
"AML"="c:\program files (x86)\Sony\VAIO Launcher\AML.exe" [2009-07-15 1101824]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-08-05 98304]
"MAAgent"="c:\program files (x86)\MarkAny\ContentSAFER\MAAgent.exe" [2008-09-19 61440]
"BYRUA_AGENT"="c:\programdata\LGMOBILEAX\BYR_Client\VZWUAAgent.exe" [2011-06-14 392280]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-11-13 421736]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-09-29 947808]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2012-10-10 3116152]
"ROC_ROC_NT"="c:\program files (x86)\AVG Secure Search\ROC_ROC_NT.exe" [2012-09-29 856160]
.
c:\users\pinetree\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2009-07-14 15:15 98304 ----a-w- c:\windows\System32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2013\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [2009-06-26 362992]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-09 250808]
R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-11-10 167264]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-04-14 54824]
R3 dump_wmimmc;dump_wmimmc;c:\netmarble\GV Online Kr\GameGuard\dump_wmimmc.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 JRSKD24;JRSKD24;c:\windows\system32\JRSKD24.SYS [2010-07-18 12824]
R3 Mkd2Bthf;Mkd2Bthf;c:\windows\system32\drivers\Mkd2Bthf.sys [2012-03-07 98040]
R3 Mkd2Nadr;Mkd2Nadr;c:\windows\system32\drivers\Mkd2Nadr.sys [2012-03-07 107768]
R3 Mkd3kfNt;Mkd3kfNt;c:\windows\system32\drivers\Mkd3kfNt.sys [2012-03-07 183544]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 npkcft64;npkcft64;c:\windows\SysWOW64\npkcft64.sys [2010-11-13 48160]
R3 ProDefense;ProDefense;c:\windows\system32\drivers\ProDefense.sys [x]
R3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2009-06-26 313840]
R3 scsk5;SCSK5 Driver Service;syswow64\drivers\scsk5.sys [x]
R3 SOHCImp;VAIO Media plus Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2009-07-17 120104]
R3 SOHDBSvr;VAIO Media plus Database Manager;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [2009-07-17 70952]
R3 SOHDms;VAIO Media plus Digital Media Server;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2009-07-17 427304]
R3 SOHDs;VAIO Media plus Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2009-07-17 75048]
R3 SOHPlMgr;VAIO Media plus Playlist Manager;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [2009-07-17 91432]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys [2012-10-17 15712]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-05-10 51712]
R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2009-06-26 468264]
R3 vzandnetadb;ADB Interface DriverNet for VZW;c:\windows\system32\Drivers\lgvzandnetadb.sys [2011-10-10 31744]
R3 vzandnetdiag;LGE AndroidNet for VZW USB Serial Port;c:\windows\system32\DRIVERS\lgvzandnetdiag64.sys [2011-10-10 29696]
R3 vzandnetmodem;LGE AndroidNet for VZW USB Modem;c:\windows\system32\DRIVERS\lgvzandnetmdm64.sys [2011-10-10 36352]
R3 vzandnetndis;LGE AndroidNet for VZW NDIS Ethernet Adapter;c:\windows\system32\DRIVERS\lgvzandnetndis64.sys [2011-10-21 94208]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-25 1255736]
R3 x64kdss;x64kdss;syswow64\Drivers\x64kdss.sys [x]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2011-03-30 503352]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-09-21 61792]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys [2012-09-21 225120]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2012-10-05 111456]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-09-14 40800]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-05-20 55280]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2012-09-13 151904]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-10-02 185696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-09-21 200032]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2012-09-04 31080]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2011-06-25 335288]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-09-01 203264]
S2 AntiSpywareService;Comcast AntiSpyware;c:\program files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe [2009-06-17 616408]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [2012-10-02 5783672]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-02 193568]
S2 RtkAudioService;Realtek Audio Service;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe [2009-09-03 189984]
S2 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2009-07-22 642920]
S2 vToolbarUpdater12.2.6;vToolbarUpdater12.2.6;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe [2012-09-04 722528]
S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [2009-08-05 300032]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-09-09 5435904]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [2009-07-30 11392]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-21 05:23]
.
2012-10-17 c:\windows\Tasks\DriverUpdate Startup.job
- c:\program files (x86)\DriverUpdate\DriverUpdate.exe [2012-08-10 13:08]
.
2012-10-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-261678624-3990034550-554439448-1000Core.job
- c:\users\pinetree\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-28 06:28]
.
2012-10-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-261678624-3990034550-554439448-1000UA.job
- c:\users\pinetree\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-28 06:28]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2009-07-13 152576]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-09-03 7938080]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-09-03 1833504]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = http=127.0.0.1:5050
uInternet Settings,ProxyOverride = *.local
IE: Microsoft Excel로 내보내기(&X) - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
Trusted Zone: wedisk.co.kr
Trusted Zone: wedisk.net
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll
DPF: {00001026-A15C-11D4-97A4-0050BF0FBE67} - hxxp://download.netmarble.net/web/nmstarter/NMStarter26_20091109.cab
DPF: {24F6E6A8-852C-45A8-ADD3-C4AB0D6FD231} - hxxps://plugin.inicis.com/wallet61/INIwallet61_vista.cab
DPF: {270EC7A6-4096-469B-865C-F9678A2C742B} - hxxp://www.payzone.co.kr/EasyPayX/EasyPayX.cab
DPF: {33EAE546-128F-41C3-BAD4-7624EB5E3730} - hxxp://s.nx.com/s2/game/maplestory/FileDownLoad/AddOn.cab
DPF: {37122E24-7327-4326-9AC1-430F5081CA3B} - hxxp://tomfile.com/app/TomfileWebControl.cab
DPF: {4AA897C5-56EB-434C-8516-EC9005CE5BA1} - hxxp://launch.kr.gameclub.com/Activex/GameClubCOM.cab
DPF: {5267557D-D090-44EA-BCAA-8576A24810C5} - hxxp://download.netmarble.net/web/6N/pccheck/SystemInformerCJI1009.cab
DPF: {5547DED5-E6A9-469A-90F0-5BFE5CD33FF1} - hxxps://pay.kcp.co.kr/plugin_new/file/KCPPaymentUX.cab
DPF: {5C1B293E-DA77-4AFF-8B52-63DEF8C8A071} - hxxp://nmweb.cdn.global.netmarble.com/Messaging/NMAutoUpdateX.cab
DPF: {7E9FDB80-5316-11D4-B02C-00C04F0CD404} - hxxps://vbv.samsungcard.co.kr/XecureObject/xw_install.cab
DPF: {811576B0-FD69-4414-8C43-AB30546C102D} - hxxp://down.speeddownload.kr/info/SpeedDownAxProj.cab
DPF: {871B7F45-1A71-4A2F-9E21-4E89C347784E} - hxxp://gl.wedisk.co.kr/app/WeShortCut.cab
DPF: {89F434A7-4A49-4394-AC02-007480331AE2} - hxxp://download.netmarble.net/ActiveX/NMAutoUpdateX/SystemIDInfo/NMSystemIDInfo_1.0.0.1.cab
DPF: {92E82FBB-DA00-41E0-ABFE-95482E21A4F6} - hxxp://download.netmarble.net/NMChatX/NMTransX.cab
DPF: {9709739B-4909-489B-A1F7-148C74F16EEE} - hxxp://s.nx.com/ActiveX/ocx/nxsysinfo.cab
DPF: {A047BE6C-A1CE-41C7-A6EC-85FC184D16F1} - hxxp://download.netmarble.net/web/NMGameCheck/nmDownloadActiveX1001.cab
DPF: {A1B83F7D-05D8-42F8-9C29-99ED06CD528C} - hxxp://speed.nia.or.kr/login/SysNIAforHuman.cab
DPF: {A4508A45-F1C4-40F3-99B4-0CA08AC77E3B} - hxxp://download.netmarble.net/kdefense/kdfense8.cab
DPF: {BCBE34D4-BCCD-4326-9957-C809324D15DD} - hxxp://nmweb.cdn.global.netmarble.com/Messaging/GlbNMWebMessenger.cab
DPF: {C044CD87-DFB0-4130-A5E4-49361106FBC8} - hxxp://www.hangame.com/common/HanSetup1030.cab
DPF: {C1143E84-B2B1-473B-9F20-E62DD754FCAF} - hxxps://vbv.samsungcard.co.kr/ubikey/VineTransfer.cab
DPF: {C193DE20-29F4-4B4F-963B-EB20CB3186C0} - hxxp://speed.nia.or.kr/login/SpeedTest.cab
DPF: {C32E5F6F-078D-461A-AB16-A56D55F35BEA} - hxxp://download.netmarble.net/web/nmshortcut/nmshortcut_1.0.0.1.cab
DPF: {C634DAF9-AC32-475C-9D66-81B7210E8EE4} - hxxp://gl.wedisk.co.kr/app/WeDiskUpdate.cab
DPF: {DB962ED5-C4A1-4B50-8CEB-D6F9CD70A6F8} - hxxp://download.netmarble.net/web/NMGameCheck/NMGameCheck.cab
DPF: {DBF3954F-8AF4-4E8C-AFC8-32916D13B6AD} - hxxp://kamuse.zcdn.co.kr/kamuse/kcsdownload/activex/KCSActiveXv3-1000.cab
DPF: {E78928A6-3D2A-4BF7-A100-F3FBAA351B49} - hxxps://www.vpay.co.kr/kvpfiles_new/KVPISPCTLD_VISTA64.cab
DPF: {FE342FC7-4374-4EBE-86DB-D73AE861F779} - hxxp://file.naver.com/activex/NaverAXGuide.cab
FF - ProfilePath - c:\users\pinetree\AppData\Roaming\Mozilla\Firefox\Profiles\tmxkkm4c.default\
FF - prefs.js: browser.search.selectedEngine - XFINITY
FF - prefs.js: browser.startup.homepage - hxxp://xfinity.comcast.net/?cid=insDate07202012
FF - prefs.js: keyword.URL - hxxps://isearch.avg.com/search?cid={A3C5DB37-740A-4EBD-8FC9-A24DF3C3242E}&mid=94b23337078447d68f66d16809248aeb-3a7529fff43154dc31904055d7e8f6e7f4dc2067&lang=en&ds=AVG&pr=fr&d=2012-05-02 13:48&v=12.2.5.32&sap=ku&q=
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{2c1e21b5-5666-4cd5-8152-96b690b7216e} - (no file)
URLSearchHooks-{88c7f2aa-f93f-432c-8f0e-b7d85967a527} - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Wow6432Node-HKCU-Run-MRDaemon.exe - c:\program files (x86)\Naver\QuickManager2\MRDaemon.exe
Wow6432Node-HKCU-Run-BitTorrent - c:\program files (x86)\BitTorrent\BitTorrent.exe
Wow6432Node-HKCU-Run-AIM Toolbar - c:\users\pinetree\AppData\Local\AirportMania2\AIM Toolbar\kbkbfsimx.dll
Wow6432Node-HKLM-Run-hamUp.exe - c:\program files (x86)\FileHam.com\FileHam(normal)\hamUp.exe
Wow6432Node-HKLM-Run-ROC_roc_dec12 - c:\program files (x86)\AVG Secure Search\ROC_roc_dec12.exe
Wow6432Node-HKLM-Run-ROC_ROC_JULY_P1 - c:\program files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe
SafeBoot-02206257.sys
SafeBoot-66728053.sys
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{2C1E21B5-5666-4CD5-8152-96B690B7216E} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
WebBrowser-{88C7F2AA-F93F-432C-8F0E-B7D85967A527} - (no file)
AddRemove-Cool's_Codec_pack_4.12 - c:\windows\iun6002.exe
AddRemove-Exit Pro - c:\program files (x86)\Exit Pro\Uninstall.exe
AddRemove-INFovine - c:\windows\system32\UbiKeyUninstall.exe
AddRemove-kdefense - c:\windows\system32\uninstallkdf8.exe
AddRemove-LADSPA_plugins-win_is1 - c:\ati\Plug-Ins\unins000.exe
AddRemove-SoftcampSCSK - c:\windows\system32\UnSCSK.exe
AddRemove-XecureCK - c:\windows\system32\CKSetup32.exe
AddRemove-{CA6C4F90-F1C1-4CE9-AF2E-B09CD2939671}_is1 - c:\program files (x86)\NAT Service\unins000.exe
AddRemove-비주얼 고도리 2000 - c:\windows\IsUn0412.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-261678624-3990034550-554439448-1000\Software\Microsoft\Office\11.0\Common\Open Find\Microsoft Office PowerPoint\Settings\ ???*x픔?
"PositionInfo-Monitor1"=hex:95,02,00,00,60,01,00,00,00,00,00,00,00,00,00,00
.
[HKEY_USERS\S-1-5-21-261678624-3990034550-554439448-1000\Software\Microsoft\Office\11.0\Common\Open Find\Microsoft Office PowerPoint\Settings\ ???*x픔?File Name MRU]
"Value"=multi:"\00\00"
"Maximum Entries"=dword:0000000a
.
[HKEY_USERS\S-1-5-21-261678624-3990034550-554439448-1000\Software\Microsoft\Office\11.0\Common\Open Find\Microsoft Office PowerPoint\Settings\ ???*x픔?View]
"Data"=hex:04,16,00,47,28,14,14,14,0d,01,02,01,00,18,41,00,0d,00,fa,08,00,00,
90,90,0d,00,fa,08,00,00,90,90,0d,00,fa,08,00,00,90,90,0d,00,fa,08,00,00,90,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\CA\PPRT\bin\ITMRTSVC.exe
c:\windows\SysWOW64\npkcmsvc.exe
c:\windows\SysWOW64\PnkBstrB.exe
c:\program files (x86)\Sony\VAIO Event Service\VESMgr.exe
c:\windows\SysWOW64\DllHost.exe
c:\program files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.bin
.
**************************************************************************
.
Completion time: 2012-10-17 19:40:00 - machine was rebooted
ComboFix-quarantined-files.txt 2012-10-17 23:40
.
Pre-Run: 41,902,714,880 bytes free
Post-Run: 42,323,144,704 bytes free
.
- - End Of File - - 8360BBEA1CF708C75F3EB488FD04B17D

#7 KarstenHansen

KarstenHansen

    The Dane


  • Members
  • 1,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:23 AM

Posted 18 October 2012 - 08:53 AM

Hi kd011143 :)

Let's clean up what I found in the combofix log, please do the following:

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the codebox below into it:

DDS::
uInternet Settings,ProxyServer = http=127.0.0.1:5050

Driver::
ProDefense

File::
c:\windows\system32\drivers\ProDefense.sys

Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

#8 kd011143

kd011143
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:23 PM

Posted 18 October 2012 - 05:34 PM

After running the combofix with that setting, the internet on the normal mode is back! But it keeps asking me saying that I'm going into a secured connection and out of it frequently. I'll come off internet quickly once I post this again. Here is the log for the combofix.

ComboFix 12-10-17.05 - pinetree 8/2012 Thu 18:09:41.2.2 - x64
Microsoft Windows 7 Professional 6.1.7600.0.949.82.1033.18.4063.2639 [GMT -4:00]
Running from: c:\users\pinetree\Desktop\ComboFix.exe
Command switches used :: c:\users\pinetree\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\system32\drivers\ProDefense.sys"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_ProDefense
.
.
((((((((((((((((((((((((( Files Created from 2012-09-18 to 2012-10-18 )))))))))))))))))))))))))))))))
.
.
2012-10-18 22:18 . 2012-10-18 22:18 -------- d-----w- c:\users\hedev\AppData\Local\temp
2012-10-15 04:05 . 2012-10-17 22:37 -------- d-----w- C:\TDSSKiller_Quarantine
2012-10-14 18:31 . 2012-10-14 18:31 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-10-13 13:58 . 2012-10-13 13:58 -------- d-----w- c:\users\Default\AppData\Roaming\TuneUp Software
2012-10-11 22:16 . 2012-10-11 22:16 -------- d-----w- c:\program files (x86)\Carpe Fulgur
2012-10-07 05:58 . 2012-10-07 05:58 -------- d--h--r- c:\users\pinetree\AppData\Roaming\SecuROM
2012-10-07 05:48 . 2012-10-07 05:48 -------- d-----w- c:\program files (x86)\EA Sports
2012-10-05 07:26 . 2012-10-05 07:26 111456 ----a-w- c:\windows\system32\drivers\avgmfx64.sys
2012-10-02 07:30 . 2012-10-02 07:30 185696 ----a-w- c:\windows\system32\drivers\avgldx64.sys
2012-09-29 17:21 . 2012-09-29 17:21 -------- d-----w- c:\users\pinetree\AppData\Roaming\AVG2013
2012-09-29 17:18 . 2012-09-29 17:18 -------- d-----w- c:\users\pinetree\AppData\Roaming\TuneUp Software
2012-09-29 17:18 . 2012-09-29 17:18 -------- d-----w- c:\program files (x86)\AVG Secure Search
2012-09-29 17:13 . 2012-10-14 23:11 -------- d-----w- c:\programdata\AVG2013
2012-09-29 17:02 . 2012-10-14 17:06 -------- d-----w- c:\users\pinetree\AppData\Local\Avg2013
2012-09-29 17:02 . 2012-09-29 17:02 -------- d-----w- c:\users\pinetree\AppData\Local\MFAData
2012-09-24 05:41 . 2012-09-24 05:41 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-09-21 07:46 . 2012-09-21 07:46 200032 ----a-w- c:\windows\system32\drivers\avgtdia.sys
2012-09-21 07:46 . 2012-09-21 07:46 225120 ----a-w- c:\windows\system32\drivers\avgloga.sys
2012-09-21 07:45 . 2012-09-21 07:45 61792 ----a-w- c:\windows\system32\drivers\avgidsha.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-18 22:20 . 2012-08-16 21:04 15712 ----a-w- c:\windows\system32\drivers\SWDUMon.sys
2012-10-09 05:23 . 2012-07-21 07:12 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-09 05:23 . 2011-06-16 04:47 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-24 05:41 . 2011-04-26 01:44 64462936 ----a-w- c:\windows\system32\MRT.exe
2012-09-14 07:05 . 2012-09-14 07:05 40800 ----a-w- c:\windows\system32\drivers\avgrkx64.sys
2012-09-13 07:11 . 2012-09-13 07:11 151904 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys
2012-09-11 23:08 . 2012-09-11 23:08 1320952 ----a-w- c:\program files (x86)\svc_setup.exe
2012-09-07 21:04 . 2011-01-22 18:36 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-06 02:14 . 2011-12-15 05:51 65536 ----a-w- c:\windows\IFinst27.exe
2012-09-04 04:35 . 2012-09-04 04:35 31080 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2012-08-02 17:55 . 2012-09-12 00:30 574464 ----a-w- c:\windows\system32\d3d10level9.dll
2012-08-02 17:05 . 2012-09-12 00:30 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2012-07-25 02:24 . 2011-10-03 23:51 466456 ----a-w- c:\windows\system32\wrap_oal.dll
2012-07-25 02:24 . 2011-10-03 23:51 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2012-07-25 02:24 . 2011-10-03 23:51 122904 ----a-w- c:\windows\system32\OpenAL32.dll
2012-07-25 02:24 . 2011-10-03 23:51 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-09-29 17:18 1734240 ----a-w- c:\program files (x86)\AVG Secure Search\12.2.5.34\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-02-08 21:40 1362320 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2010-02-08 1362320]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\12.2.5.34\AVG Secure Search_toolbar.dll" [2012-09-29 1734240]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-08-13 1353080]
"Desktop Software"="c:\program files (x86)\Common Files\SupportSoft\bin\bcont.exe" [2009-04-24 1025320]
"ComcastAntispyClient"="c:\program files (x86)\comcasttb\ComcastSpywareScan\ComcastAntispy.exe" [2009-08-19 1589208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2009-05-26 317288]
"AML"="c:\program files (x86)\Sony\VAIO Launcher\AML.exe" [2009-07-15 1101824]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-08-05 98304]
"MAAgent"="c:\program files (x86)\MarkAny\ContentSAFER\MAAgent.exe" [2008-09-19 61440]
"BYRUA_AGENT"="c:\programdata\LGMOBILEAX\BYR_Client\VZWUAAgent.exe" [2011-06-14 392280]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-11-13 421736]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-09-29 947808]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2012-10-10 3116152]
"ROC_ROC_NT"="c:\program files (x86)\AVG Secure Search\ROC_ROC_NT.exe" [2012-09-29 856160]
.
c:\users\pinetree\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2009-07-14 15:15 98304 ----a-w- c:\windows\System32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2013\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [2009-06-26 362992]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-09 250808]
R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-11-10 167264]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-04-14 54824]
R3 dump_wmimmc;dump_wmimmc;c:\netmarble\GV Online Kr\GameGuard\dump_wmimmc.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 JRSKD24;JRSKD24;c:\windows\system32\JRSKD24.SYS [2010-07-18 12824]
R3 Mkd2Bthf;Mkd2Bthf;c:\windows\system32\drivers\Mkd2Bthf.sys [2012-03-07 98040]
R3 Mkd2Nadr;Mkd2Nadr;c:\windows\system32\drivers\Mkd2Nadr.sys [2012-03-07 107768]
R3 Mkd3kfNt;Mkd3kfNt;c:\windows\system32\drivers\Mkd3kfNt.sys [2012-03-07 183544]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 npkcft64;npkcft64;c:\windows\SysWOW64\npkcft64.sys [2010-11-13 48160]
R3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2009-06-26 313840]
R3 scsk5;SCSK5 Driver Service;syswow64\drivers\scsk5.sys [x]
R3 SOHCImp;VAIO Media plus Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2009-07-17 120104]
R3 SOHDBSvr;VAIO Media plus Database Manager;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [2009-07-17 70952]
R3 SOHDms;VAIO Media plus Digital Media Server;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2009-07-17 427304]
R3 SOHDs;VAIO Media plus Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2009-07-17 75048]
R3 SOHPlMgr;VAIO Media plus Playlist Manager;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [2009-07-17 91432]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys [2012-10-18 15712]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-05-10 51712]
R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2009-06-26 468264]
R3 vzandnetadb;ADB Interface DriverNet for VZW;c:\windows\system32\Drivers\lgvzandnetadb.sys [2011-10-10 31744]
R3 vzandnetdiag;LGE AndroidNet for VZW USB Serial Port;c:\windows\system32\DRIVERS\lgvzandnetdiag64.sys [2011-10-10 29696]
R3 vzandnetmodem;LGE AndroidNet for VZW USB Modem;c:\windows\system32\DRIVERS\lgvzandnetmdm64.sys [2011-10-10 36352]
R3 vzandnetndis;LGE AndroidNet for VZW NDIS Ethernet Adapter;c:\windows\system32\DRIVERS\lgvzandnetndis64.sys [2011-10-21 94208]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-25 1255736]
R3 x64kdss;x64kdss;syswow64\Drivers\x64kdss.sys [x]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2011-03-30 503352]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-09-21 61792]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys [2012-09-21 225120]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2012-10-05 111456]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-09-14 40800]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-05-20 55280]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2012-09-13 151904]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-10-02 185696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-09-21 200032]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2012-09-04 31080]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2011-06-25 335288]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-09-01 203264]
S2 AntiSpywareService;Comcast AntiSpyware;c:\program files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe [2009-06-17 616408]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [2012-10-02 5783672]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-02 193568]
S2 RtkAudioService;Realtek Audio Service;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe [2009-09-03 189984]
S2 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2009-07-22 642920]
S2 vToolbarUpdater12.2.6;vToolbarUpdater12.2.6;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe [2012-09-04 722528]
S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [2009-08-05 300032]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-09-09 5435904]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [2009-07-30 11392]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-21 05:23]
.
2012-10-18 c:\windows\Tasks\DriverUpdate Startup.job
- c:\program files (x86)\DriverUpdate\DriverUpdate.exe [2012-08-10 13:08]
.
2012-10-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-261678624-3990034550-554439448-1000Core.job
- c:\users\pinetree\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-28 06:28]
.
2012-10-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-261678624-3990034550-554439448-1000UA.job
- c:\users\pinetree\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-28 06:28]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2009-07-13 152576]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-09-03 7938080]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-09-03 1833504]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Microsoft Excel로 내보내기(&X) - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
Trusted Zone: wedisk.co.kr
Trusted Zone: wedisk.net
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll
DPF: {00001026-A15C-11D4-97A4-0050BF0FBE67} - hxxp://download.netmarble.net/web/nmstarter/NMStarter26_20091109.cab
DPF: {24F6E6A8-852C-45A8-ADD3-C4AB0D6FD231} - hxxps://plugin.inicis.com/wallet61/INIwallet61_vista.cab
DPF: {270EC7A6-4096-469B-865C-F9678A2C742B} - hxxp://www.payzone.co.kr/EasyPayX/EasyPayX.cab
DPF: {33EAE546-128F-41C3-BAD4-7624EB5E3730} - hxxp://s.nx.com/s2/game/maplestory/FileDownLoad/AddOn.cab
DPF: {37122E24-7327-4326-9AC1-430F5081CA3B} - hxxp://tomfile.com/app/TomfileWebControl.cab
DPF: {4AA897C5-56EB-434C-8516-EC9005CE5BA1} - hxxp://launch.kr.gameclub.com/Activex/GameClubCOM.cab
DPF: {5267557D-D090-44EA-BCAA-8576A24810C5} - hxxp://download.netmarble.net/web/6N/pccheck/SystemInformerCJI1009.cab
DPF: {5547DED5-E6A9-469A-90F0-5BFE5CD33FF1} - hxxps://pay.kcp.co.kr/plugin_new/file/KCPPaymentUX.cab
DPF: {5C1B293E-DA77-4AFF-8B52-63DEF8C8A071} - hxxp://nmweb.cdn.global.netmarble.com/Messaging/NMAutoUpdateX.cab
DPF: {7E9FDB80-5316-11D4-B02C-00C04F0CD404} - hxxps://vbv.samsungcard.co.kr/XecureObject/xw_install.cab
DPF: {811576B0-FD69-4414-8C43-AB30546C102D} - hxxp://down.speeddownload.kr/info/SpeedDownAxProj.cab
DPF: {871B7F45-1A71-4A2F-9E21-4E89C347784E} - hxxp://gl.wedisk.co.kr/app/WeShortCut.cab
DPF: {89F434A7-4A49-4394-AC02-007480331AE2} - hxxp://download.netmarble.net/ActiveX/NMAutoUpdateX/SystemIDInfo/NMSystemIDInfo_1.0.0.1.cab
DPF: {92E82FBB-DA00-41E0-ABFE-95482E21A4F6} - hxxp://download.netmarble.net/NMChatX/NMTransX.cab
DPF: {9709739B-4909-489B-A1F7-148C74F16EEE} - hxxp://s.nx.com/ActiveX/ocx/nxsysinfo.cab
DPF: {A047BE6C-A1CE-41C7-A6EC-85FC184D16F1} - hxxp://download.netmarble.net/web/NMGameCheck/nmDownloadActiveX1001.cab
DPF: {A1B83F7D-05D8-42F8-9C29-99ED06CD528C} - hxxp://speed.nia.or.kr/login/SysNIAforHuman.cab
DPF: {A4508A45-F1C4-40F3-99B4-0CA08AC77E3B} - hxxp://download.netmarble.net/kdefense/kdfense8.cab
DPF: {BCBE34D4-BCCD-4326-9957-C809324D15DD} - hxxp://nmweb.cdn.global.netmarble.com/Messaging/GlbNMWebMessenger.cab
DPF: {C044CD87-DFB0-4130-A5E4-49361106FBC8} - hxxp://www.hangame.com/common/HanSetup1030.cab
DPF: {C1143E84-B2B1-473B-9F20-E62DD754FCAF} - hxxps://vbv.samsungcard.co.kr/ubikey/VineTransfer.cab
DPF: {C193DE20-29F4-4B4F-963B-EB20CB3186C0} - hxxp://speed.nia.or.kr/login/SpeedTest.cab
DPF: {C32E5F6F-078D-461A-AB16-A56D55F35BEA} - hxxp://download.netmarble.net/web/nmshortcut/nmshortcut_1.0.0.1.cab
DPF: {C634DAF9-AC32-475C-9D66-81B7210E8EE4} - hxxp://gl.wedisk.co.kr/app/WeDiskUpdate.cab
DPF: {DB962ED5-C4A1-4B50-8CEB-D6F9CD70A6F8} - hxxp://download.netmarble.net/web/NMGameCheck/NMGameCheck.cab
DPF: {DBF3954F-8AF4-4E8C-AFC8-32916D13B6AD} - hxxp://kamuse.zcdn.co.kr/kamuse/kcsdownload/activex/KCSActiveXv3-1000.cab
DPF: {E78928A6-3D2A-4BF7-A100-F3FBAA351B49} - hxxps://www.vpay.co.kr/kvpfiles_new/KVPISPCTLD_VISTA64.cab
DPF: {FE342FC7-4374-4EBE-86DB-D73AE861F779} - hxxp://file.naver.com/activex/NaverAXGuide.cab
FF - ProfilePath - c:\users\pinetree\AppData\Roaming\Mozilla\Firefox\Profiles\tmxkkm4c.default\
FF - prefs.js: browser.search.selectedEngine - XFINITY
FF - prefs.js: browser.startup.homepage - hxxp://xfinity.comcast.net/?cid=insDate07202012
FF - prefs.js: keyword.URL - hxxps://isearch.avg.com/search?cid={A3C5DB37-740A-4EBD-8FC9-A24DF3C3242E}&mid=94b23337078447d68f66d16809248aeb-3a7529fff43154dc31904055d7e8f6e7f4dc2067&lang=en&ds=AVG&pr=fr&d=2012-05-02 13:48&v=12.2.5.32&sap=ku&q=
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
AddRemove-Cool's_Codec_pack_4.12 - c:\windows\iun6002.exe
AddRemove-Exit Pro - c:\program files (x86)\Exit Pro\Uninstall.exe
AddRemove-INFovine - c:\windows\system32\UbiKeyUninstall.exe
AddRemove-kdefense - c:\windows\system32\uninstallkdf8.exe
AddRemove-LADSPA_plugins-win_is1 - c:\ati\Plug-Ins\unins000.exe
AddRemove-SoftcampSCSK - c:\windows\system32\UnSCSK.exe
AddRemove-XecureCK - c:\windows\system32\CKSetup32.exe
AddRemove-{CA6C4F90-F1C1-4CE9-AF2E-B09CD2939671}_is1 - c:\program files (x86)\NAT Service\unins000.exe
AddRemove-비주얼 고도리 2000 - c:\windows\IsUn0412.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-261678624-3990034550-554439448-1000\Software\Microsoft\Office\11.0\Common\Open Find\Microsoft Office PowerPoint\Settings\ ???*x픔?
"PositionInfo-Monitor1"=hex:95,02,00,00,60,01,00,00,00,00,00,00,00,00,00,00
.
[HKEY_USERS\S-1-5-21-261678624-3990034550-554439448-1000\Software\Microsoft\Office\11.0\Common\Open Find\Microsoft Office PowerPoint\Settings\ ???*x픔?File Name MRU]
"Value"=multi:"\00\00"
"Maximum Entries"=dword:0000000a
.
[HKEY_USERS\S-1-5-21-261678624-3990034550-554439448-1000\Software\Microsoft\Office\11.0\Common\Open Find\Microsoft Office PowerPoint\Settings\ ???*x픔?View]
"Data"=hex:04,16,00,47,28,14,14,14,0d,01,02,01,00,18,41,00,0d,00,fa,08,00,00,
90,90,0d,00,fa,08,00,00,90,90,0d,00,fa,08,00,00,90,90,0d,00,fa,08,00,00,90,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\CA\PPRT\bin\ITMRTSVC.exe
c:\windows\SysWOW64\npkcmsvc.exe
c:\windows\SysWOW64\PnkBstrB.exe
c:\program files (x86)\Sony\VAIO Event Service\VESMgr.exe
c:\windows\SysWOW64\DllHost.exe
c:\program files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.bin
c:\program files (x86)\AVG\AVG2013\avgcfgex.exe
.
**************************************************************************
.
Completion time: 2012-10-18 18:28:40 - machine was rebooted
ComboFix-quarantined-files.txt 2012-10-18 22:28
ComboFix2.txt 2012-10-17 23:40
.
Pre-Run: 42,401,144,832 bytes free
Post-Run: 42,086,080,512 bytes free
.
- - End Of File - - 1C270E9A48F0FCA3ACAB65885E501180

#9 KarstenHansen

KarstenHansen

    The Dane


  • Members
  • 1,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:23 AM

Posted 19 October 2012 - 02:15 PM

Hi kd011143 :)
I will need you to install a program so the main system will not get reinfected by the external drives, please do this:

Please download Panda USB Vaccine and save it to your desktop.
  • Double-click USBVaccine.zip to open the zip file, and then double-click USBVaccineSetup.exe to install the program.
  • Now install and launch the program as it suggests. When program window opens click Vaccinate computer.
  • Your main system is safe now from infection by USB or external drives.
NEXT

Please connect the external drives you want to check. Then follow this:

Please rerun Malwarebytes Anti-Malware Posted Image
  • Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.
Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • Make sure you are connected to the Internet and double-click on the renamed file to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • If you cannot update Malwarebytes or use the Internet to download any files to the infected computer, manually update the database by following the instructions in FAQ Section A: 4. Issues.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When the scan is complete, click OK, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.
Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.

-- Some types of malware will target Malwarebytes and other security tools to keep them from running properly. If that's the case, use Malwarebytes Chameleon and follow the onscreen instructions. The Chameleon folder can be accessed by opening the program folder for Malwarebytes Anti-Malware (normally C:\Program Files\Malwarebytes' Anti-Malware or C:\Program Files (x86)\Malwarebytes' Anti-Malware).

Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup:
  • Malwarebytes Anti-Malware log


#10 kd011143

kd011143
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:23 PM

Posted 19 October 2012 - 05:06 PM

I installed the panda usb and just ran the malwarebytes in quick scan. I'm not really sure it ran the external hard drive though. This is the log. There wasn't any detection.

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.10.19.14

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
pinetree :: PINETREE-PC [administrator]

10/19/2012 6:00:01 PM
mbam-log-2012-10-19 (18-00-01).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 218266
Time elapsed: 5 minute(s), 12 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#11 KarstenHansen

KarstenHansen

    The Dane


  • Members
  • 1,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:23 AM

Posted 20 October 2012 - 01:31 PM

Hi kd011143 :)
Make sure all external drives are selected and select the Full scan. Be sure to check all drives except for C (that one was already scanned during the quick scan). Please rerun Malwarebytes Anti-Malware and do the full scans of your external drives, so MBAM can look at all drives.

Edited by KarstenHansen, 20 October 2012 - 01:32 PM.


#12 kd011143

kd011143
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:23 PM

Posted 20 October 2012 - 06:51 PM

I ran the full scan on the external hard drive. No infection was detected. So out of curiousity, how safe is my computer now? Can I use internet or run programs without internet? Thanks for your help so much! :)

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.10.19.14

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
pinetree :: PINETREE-PC [administrator]

10/20/2012 2:42:49 PM
mbam-log-2012-10-20 (14-42-49).txt

Scan type: Full scan (G:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 323733
Time elapsed: 23 minute(s), 9 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#13 KarstenHansen

KarstenHansen

    The Dane


  • Members
  • 1,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:23 AM

Posted 21 October 2012 - 12:39 PM

Hi kd011143 :)
First off, let me answer your question.

So out of curiousity, how safe is my computer now? Can I use internet or run programs without internet?

It is safe to use the internet, in fact, use it and report to me if something out of the ordinary happens.

There are some things I will need to update if you would like to keep this OS, though if you prefer a reinstall you can skip this.

Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 7 and save it to your desktop.
  • Look for "Java Platform, Standard Edition".
  • Click the "Download JRE" button to the right.
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • From the list, select your OS and Platform (32-bit or 64-bit).
    64-bit OS users, should read: Which Java download should I choose for my 64-bit Windows operating system?
  • If a download for an Offline Installation is available, it is recommended to choose that and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Posted Image > Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7 and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-7u9-windows-i586.exe (or jre-7u9-windows-x64.exe for 64-bit) to install the newest version.
  • If using Windows 7 or Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered any unwanted software or toolbars during installation, just uncheck the box before continuing unless you want it.
  • The McAfee Security Scan Plus tool is installed by default unless you uncheck the McAfee installation box when updating Java.
Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary.
To disable the JQS service if you don't want to use it:
  • Go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
  • Click Ok and reboot your computer.
NEXT

Important Note: Your version of Adobe Flash is out of date.

Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.

Please follow these steps to update Adobe flash:
  • Please download the latest version of Adobe Flash from http://get.adobe.com/flashplayer/otherversions/ to your Desktop
  • Double click the file to start the installation process
  • Repeat 1. and 2. for every other browser you have installed (eg Internet Explorer / Firefox / Chrome / Safari / Opera..) as applicable.
NEXT

Your version of Adobe Reader is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Adobe components and update:
  • Download the latest version of Adobe Reader Version X. and save it to your desktop.
  • Uncheck the "Free McAfee Security plan Plus" option or any other Toolbar you are offered
  • Click the download button at the bottom.
  • If you use Internet Explorer and do not wish to install the ActiveX element, simply click on the click here to download link on the next page.
  • Remove all older version of Adobe Reader: Go to Add/remove and uninstall all versions of Adobe Reader, Acrobat Reader and Adobe Acrobat.
    If you are unsure of how to use Add or Remove Programs, the please see this tutorial:How To Remove An Installed Program From Your Computer
  • Then from your desktop double-click on Adobe Reader to install the newest version.
    If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the "Adobe Setup - Welcome" window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
Your Adobe Reader is now up to date!

NEXT

Please remember to have your external drive connected while running this and choose to scan through them too. Now to be safe and doublecheck everything with Eset Online Scanner, please do the following:

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image
      icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup:
  • How did the updating of Adobe Reader and Flash Player + the Java go?
  • Eset Online Scanner log
  • How was the PC working when using the internet, was everything as it should be?


#14 kd011143

kd011143
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:23 PM

Posted 21 October 2012 - 11:43 PM

The updating of Java and Adobe went fine. The internet was very slow, but I'm not sure whether that's from running the ESET scan or not, so that's TBD. The scan took more than 9 hours. I was worried that the number of files detected was really high, but it looks like most of them are quarantined files and trainers for the game, which I won't need them anymore anyway. Should I delete the files that are quarantined or not? I haven't any noticeable problem on my computer yet. It seems it's running a little slower but I'm not sure whether that's just psychological or the scanning process. Oh, every time I try to open up something in microsoft office, it shows the windows installer and I have to cancel it to make it do anything. That's been going on for a while, but I'm not sure why that's happening. And in your opinion, should I format my computer once we are certain that the backup files are clean as well? I'll add on if I notice anything weird on my computer.

C:\Qoobox\Quarantine\C\Users\pinetree\AppData\Local\AirportMania2\AIM Toolbar\kbkbfsimx.dll.vir Win32/TrojanDownloader.Tracur.P.Gen trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Windows\assembly\GAC_32\Desktop.ini.vir Win32/Sirefef.EZ trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Windows\assembly\GAC_64\Desktop.ini.vir Win64/Sirefef.W trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Windows\Installer\{636557e1-9a3f-88ab-c676-23e0df88a7f7}\U\00000008.@.vir Win64/Agent.BA trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Windows\Installer\{636557e1-9a3f-88ab-c676-23e0df88a7f7}\U\000000cb.@.vir Win64/Conedex.B trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Windows\Installer\{636557e1-9a3f-88ab-c676-23e0df88a7f7}\U\80000064.@.vir Win64/Sirefef.AN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Windows\System32\Services.exe.vir Win64/Patched.A.Gen trojan deleted - quarantined
C:\TDSSKiller_Quarantine\15.10.2012_00.04.15\zasubsys0000\file0000\tsk0000.dta Win64/Patched.A.Gen trojan deleted - quarantined
C:\TDSSKiller_Quarantine\15.10.2012_00.04.15\zasubsys0000\zafs0000\tsk0000.dta Win32/Sirefef.EZ trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\15.10.2012_00.04.15\zasubsys0000\zafs0000\tsk0001.dta Win64/Sirefef.W trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\15.10.2012_00.04.15\zasubsys0000\zafs0000\tsk0005.dta Win64/Conedex.C trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\15.10.2012_00.04.15\zasubsys0000\zafs0000\tsk0006.dta probably a variant of Win32/Sirefef.FD trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\15.10.2012_00.04.15\zasubsys0000\zafs0000\tsk0007.dta Win64/Sirefef.AN trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\15.10.2012_00.04.15\zasubsys0001\file0000\tsk0000.dta Win64/Patched.A.Gen trojan deleted - quarantined
C:\TDSSKiller_Quarantine\15.10.2012_00.04.15\zasubsys0001\zafs0000\tsk0000.dta Win32/Sirefef.EZ trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\15.10.2012_00.04.15\zasubsys0001\zafs0000\tsk0001.dta Win64/Sirefef.W trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\15.10.2012_00.04.15\zasubsys0001\zafs0000\tsk0005.dta Win64/Conedex.C trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\15.10.2012_00.04.15\zasubsys0001\zafs0000\tsk0006.dta probably a variant of Win32/Sirefef.FD trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\15.10.2012_00.04.15\zasubsys0001\zafs0000\tsk0007.dta Win64/Sirefef.AN trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\15.10.2012_00.04.15\zasubsys0002\file0000\tsk0000.dta Win64/Patched.A.Gen trojan deleted - quarantined
C:\TDSSKiller_Quarantine\15.10.2012_00.04.15\zasubsys0002\zafs0000\tsk0000.dta Win32/Sirefef.EZ trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\15.10.2012_00.04.15\zasubsys0002\zafs0000\tsk0001.dta Win64/Sirefef.W trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\15.10.2012_00.04.15\zasubsys0002\zafs0000\tsk0005.dta Win64/Conedex.C trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\15.10.2012_00.04.15\zasubsys0002\zafs0000\tsk0006.dta Win64/Agent.BA trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\15.10.2012_00.04.15\zasubsys0002\zafs0000\tsk0007.dta Win64/Conedex.B trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\15.10.2012_00.04.15\zasubsys0002\zafs0000\tsk0008.dta Win64/Sirefef.AP trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\15.10.2012_00.04.15\zasubsys0002\zafs0000\tsk0009.dta probably a variant of Win32/Sirefef.FD trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\15.10.2012_00.04.15\zasubsys0002\zafs0000\tsk0010.dta Win64/Sirefef.AN trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\15.10.2012_00.18.58\zasubsys0000\file0000\tsk0000.dta Win64/Patched.A.Gen trojan deleted - quarantined
C:\TDSSKiller_Quarantine\15.10.2012_00.18.58\zasubsys0000\zafs0000\tsk0000.dta Win32/Sirefef.EZ trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\15.10.2012_00.18.58\zasubsys0000\zafs0000\tsk0001.dta Win64/Sirefef.W trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\15.10.2012_00.18.58\zasubsys0000\zafs0000\tsk0005.dta Win64/Conedex.C trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\15.10.2012_00.18.58\zasubsys0000\zafs0000\tsk0006.dta Win64/Agent.BA trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\15.10.2012_00.18.58\zasubsys0000\zafs0000\tsk0007.dta Win64/Conedex.B trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\15.10.2012_00.18.58\zasubsys0000\zafs0000\tsk0008.dta Win64/Sirefef.AP trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\15.10.2012_00.18.58\zasubsys0000\zafs0000\tsk0009.dta probably a variant of Win32/Sirefef.FD trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\15.10.2012_00.18.58\zasubsys0000\zafs0000\tsk0010.dta Win64/Sirefef.AN trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\15.10.2012_00.26.10\zasubsys0000\file0000\tsk0000.dta Win64/Patched.A.Gen trojan deleted - quarantined
C:\TDSSKiller_Quarantine\15.10.2012_00.26.10\zasubsys0000\zafs0000\tsk0000.dta Win32/Sirefef.EZ trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\15.10.2012_00.26.10\zasubsys0000\zafs0000\tsk0001.dta Win64/Sirefef.W trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\15.10.2012_00.26.10\zasubsys0000\zafs0000\tsk0005.dta Win64/Conedex.C trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\15.10.2012_00.26.10\zasubsys0000\zafs0000\tsk0006.dta Win64/Agent.BA trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\15.10.2012_00.26.10\zasubsys0000\zafs0000\tsk0007.dta Win64/Conedex.B trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\15.10.2012_00.26.10\zasubsys0000\zafs0000\tsk0008.dta Win64/Sirefef.AP trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\15.10.2012_00.26.10\zasubsys0000\zafs0000\tsk0009.dta probably a variant of Win32/Sirefef.FD trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\15.10.2012_00.26.10\zasubsys0000\zafs0000\tsk0010.dta Win64/Sirefef.AN trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\17.10.2012_18.35.13\zasubsys0000\file0000\tsk0000.dta Win64/Patched.A.Gen trojan deleted - quarantined
C:\TDSSKiller_Quarantine\17.10.2012_18.35.13\zasubsys0000\zafs0000\tsk0003.dta Win64/Conedex.C trojan cleaned by deleting - quarantined
C:\Users\pinetree\AppData\Local\Google\Chrome\User Data\Default\Default\aadfdgdidhdidagfdagbdjdededagfdd\background.html Win32/BHO.OEI trojan cleaned by deleting - quarantined
C:\Users\pinetree\AppData\Roaming\Mozilla\Firefox\Profiles\tmxkkm4c.default\extensions\bskcuetqly@bskcuetqly.org.xpi JS/Redirector.NCA trojan deleted - quarantined
C:\Users\pinetree\Desktop\Documents\My Completed Download\Util\NOD32 Smart Security 3.0.zip Win32/RiskWare.HackAV.BG application deleted - quarantined
C:\Windows\System32\sysprep\CRYPTSP.dll_ a variant of Win32/Kryptik.ANDT trojan cleaned by deleting - quarantined
G:\Game\포트로얄(토르투가).zip a variant of Win32/GameHack.AD application deleted - quarantined
G:\Game\Fable 3\cheat+engine5.5\Cheat Engine.exe a variant of Win32/HackTool.CheatEngine.AA application cleaned by deleting - quarantined
G:\Game\o[롤플레잉]Titan Quest\타퀘120용+13트레이너.zip a variant of Win32/GameHack.D application deleted - quarantined
G:\Game\The.Witcher.2.Assassins.of.Kings-SKIDROW\DVD2\sr-tw2b.iso a variant of Win32/Packed.VMProtect.AAA trojan deleted - quarantined
G:\Game\[페르시아 왕자 3] Prince of Persia:The Two Thrones\트레이너\Prince_of_Persia___The_Two_Thrones_+4_Trainer.zip a variant of Win32/GameHack.S application deleted - quarantined
G:\Game\더위치\enlargementswith-ch.zip a variant of Win32/GameHack.F application deleted - quarantined
G:\Game\더위치\Witcher Enhanced Trainer.exe a variant of Win32/GameHack.F application cleaned by deleting - quarantined
G:\Game\스타크래프트2 5.5\Starcraft II Beta +2 Trainer - C3NTURiO.rar Win32/HackTool.CheatEngine.AB application deleted - quarantined
G:\Game\스타크래프트2 5.5\Starcraft II Beta +2 Trainer - C3NTURiO\Starcraft II Beta +2 Trainer - C3NTURiO\Starcraft II Beta +2 Trainer - C3NTURiO.exe Win32/HackTool.CheatEngine.AB application cleaned by deleting - quarantined
G:\Game\어쌔신크리드2\sr-acii.iso a variant of Win32/Packed.VMProtect.AAA trojan deleted - quarantined

#15 kd011143

kd011143
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:23 PM

Posted 22 October 2012 - 12:27 AM

One of the problem that keeps happening. I tried to close the internet explorer down, but even when I press x or alt-f4, it just stays open for a few minutes until it just disappears later. It's just unresponsive. I can still see everything on the page, but it doesn't let me move to a different site or anything but it just stays there. I'm not really explaining myself well... So, the internet explorer refuses to close, in a nut shell. Oh, and can I allow virtual driver again or should I wait?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users