Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Please Help me with two year old hacking problem


  • This topic is locked This topic is locked
2 replies to this topic

#1 Rich W

Rich W

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Northport,NY
  • Local time:04:57 AM

Posted 26 October 2012 - 07:41 PM

Please help for over two years someone has been hacking my PC and now it is out of control. It started originally with my Mac Mini where they turned the Finder into Samba and was coming in through the ARDA client. I got a good quality Linksys modem and connected on top of Verizon's FIOS internet connection here in NY which as some of you may know you have to use their ACTIONTEC router. I tried Intego Virus Barrier X and the F-Secure's Mac Anti Virus. Virus Barrier had no protection on the Mac at all. It was beaten within four days. My evidence of this is that Network home drives would always mount on the mac despite disabling ALL remote connections what so over. Then F-Secure works but, on the reboot of the computer it's protection components get knocked out. Complained to FIOS nothing happened at all. They were deaf went to Cablevision no help at all when problems continued. Now, that is where I am. I keep locking down the router and someone keeps enabling SSH and Telnet no matter how many times I change the passwords. I was using Avast antivirus and then I read reviews that Kapersky is the best and purchased PURE 2.0 and it worked great. It seemed like someone finally was leaving me alone. Then today I have password protection on and either someone somehow was able to change it or all the times I wrote it down. I called Kaspersky and they sent me instructions on how to uninstall it with the Kaspersky removal tool and in safe mode. I have tried this over 12 times each time making sure I follow the directions Verbatim. I ran combofix can someone just please take a look and see what I am dealing at here. I please need your help this my School laptop. I do not want to reformat the machine or anything. Please help and Thank You So Very Much In Advance. Thank You, Rich Walston

ComboFix 12-10-26.05 - RATCHETT 10/26/2012 20:00:44.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.7659.5875 [GMT -4:00]
Running from: c:\users\RATCHETT\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BQ7B1T9B\ComboFix.exe
AV: Kaspersky PURE 2.0 *Disabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
FW: Kaspersky PURE 2.0 *Enabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
SP: Kaspersky PURE 2.0 *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-09-27 to 2012-10-27 )))))))))))))))))))))))))))))))
.
.
2012-10-27 00:07 . 2012-10-27 00:07 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-26 23:37 . 2012-10-26 23:37 -------- d-----w- c:\programdata\ATI
2012-10-26 22:43 . 2012-10-26 22:44 -------- d-----w- c:\program files (x86)\Google
2012-10-26 18:01 . 2012-10-26 18:01 -------- d-----w- c:\windows\system32\Macromed
2012-10-26 17:09 . 2012-10-26 17:09 -------- d-----w- c:\programdata\Malwarebytes
2012-10-26 17:09 . 2012-10-27 03:34 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-10-26 17:08 . 2012-10-26 17:08 -------- d-----w- C:\Tweaking.com_Windows_Repair_Logs
2012-10-26 16:31 . 2012-10-17 06:31 9291768 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4592BF95-585A-4A48-96DE-D65A418F534D}\mpengine.dll
2012-10-26 15:56 . 2012-10-26 15:56 -------- d-----w- C:\SkyDriveTemp
2012-10-26 15:54 . 2012-10-26 15:54 -------- d-----w- c:\program files (x86)\Microsoft SkyDrive
2012-10-26 15:53 . 2012-10-26 15:53 -------- d-----w- c:\programdata\Microsoft SkyDrive
2012-10-26 05:03 . 2012-10-26 05:03 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-10-26 02:41 . 2012-10-27 03:34 -------- d-----r- C:\Backup
2012-10-26 02:39 . 2009-12-14 16:44 85048 ----a-w- c:\windows\system32\drivers\CSCrySec.sys
2012-10-26 02:39 . 2009-12-14 16:44 66104 ----a-w- c:\windows\system32\drivers\CSVirtualDiskDrv.sys
2012-10-26 02:39 . 2012-10-26 16:59 -------- d-----w- c:\program files (x86)\Common Files\InfoWatch
2012-10-26 02:39 . 2012-10-26 23:48 -------- d-----w- c:\programdata\Kaspersky Lab
2012-10-26 02:39 . 2012-10-26 02:39 -------- d-----w- c:\program files (x86)\Kaspersky Lab
2012-10-26 02:38 . 2012-10-26 02:38 636760 ----a-w- c:\windows\system32\drivers\klif.sys
2012-10-26 02:27 . 2012-10-26 02:27 -------- d-----w- c:\windows\SysWow64\Wat
2012-10-26 02:27 . 2012-10-26 02:27 -------- d-----w- c:\windows\system32\Wat
2012-10-26 01:27 . 2012-10-26 01:27 -------- d-----w- c:\programdata\F-Secure
2012-10-25 23:00 . 2009-12-30 15:21 31800 ----a-w- c:\windows\system32\drivers\revoflt.sys
2012-10-25 23:00 . 2012-10-25 23:00 -------- d-----w- c:\program files\VS Revo Group
2012-10-25 22:58 . 2012-10-25 22:58 -------- d-----w- c:\program files\CCleaner
2012-10-25 22:34 . 2012-09-28 04:18 65309168 ----a-w- c:\windows\system32\MRT.exe
2012-10-25 21:29 . 2012-08-24 10:09 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-10-25 21:13 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-10-25 21:13 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-10-25 21:13 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-10-25 21:13 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-10-25 21:13 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-10-25 21:03 . 2012-01-04 10:44 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-10-25 21:01 . 2012-06-02 05:41 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-10-25 21:01 . 2012-06-02 05:41 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-10-25 21:01 . 2012-06-02 05:41 1464320 ----a-w- c:\windows\system32\crypt32.dll
2012-10-25 21:01 . 2012-06-02 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-10-25 21:01 . 2012-06-02 04:36 1159680 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-10-25 21:01 . 2012-06-02 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-10-25 21:01 . 2012-02-11 06:43 751104 ----a-w- c:\windows\system32\win32spl.dll
2012-10-25 21:01 . 2012-02-11 06:36 559104 ----a-w- c:\windows\system32\spoolsv.exe
2012-10-25 21:01 . 2012-02-11 06:36 67072 ----a-w- c:\windows\splwow64.exe
2012-10-25 21:01 . 2012-02-11 05:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll
2012-10-25 20:57 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
2012-10-25 20:57 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-10-25 20:30 . 2012-10-25 20:30 75776 ----a-w- c:\windows\SysWow64\psisrndr.ax
2012-10-25 20:30 . 2012-10-25 20:30 613888 ----a-w- c:\windows\system32\psisdecd.dll
2012-10-25 20:30 . 2012-10-25 20:30 465408 ----a-w- c:\windows\SysWow64\psisdecd.dll
2012-10-25 20:30 . 2012-10-25 20:30 108032 ----a-w- c:\windows\system32\psisrndr.ax
2012-10-25 20:29 . 2012-10-25 20:29 861696 ----a-w- c:\windows\system32\oleaut32.dll
2012-10-25 20:29 . 2012-10-25 20:29 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2012-10-25 20:29 . 2012-10-25 20:29 331776 ----a-w- c:\windows\system32\oleacc.dll
2012-10-25 20:29 . 2012-10-25 20:29 233472 ----a-w- c:\windows\SysWow64\oleacc.dll
2012-10-25 20:24 . 2012-10-25 20:24 425345024 ----a-w- c:\programdata\Microsoft\OEMOffice14\Office14\Updates\OFFICESUITEWWSP1-X-NONE.MSP
2012-10-25 20:22 . 2012-10-26 02:20 -------- d-----w- c:\windows\ehome
2012-10-25 20:22 . 2012-10-25 20:22 -------- d-----w- c:\users\Default\AppData\Roaming\Media Center Programs
2012-10-25 20:22 . 2012-10-25 20:22 -------- d-----r- c:\users\Public\Recorded TV
2012-10-25 20:05 . 2012-10-25 20:05 -------- d-----w- c:\programdata\Synaptics
2012-10-25 19:59 . 2012-10-25 19:59 -------- d-----w- c:\users\Public\Symantec
2012-10-25 19:59 . 2012-10-25 19:59 -------- d-----w- c:\program files (x86)\SymSilent
2012-10-25 19:58 . 2012-10-26 04:48 -------- d-----w- c:\program files (x86)\Microsoft
2012-10-25 19:55 . 2012-10-26 04:56 -------- d-----w- c:\programdata\Norton
2012-10-25 19:51 . 2012-10-25 17:52 -------- d-----r- c:\program files\Online Services
2012-10-25 19:50 . 2012-10-25 19:50 0 ----a-w- c:\windows\ativpsrm.bin
2012-10-25 19:47 . 2011-08-29 18:02 9888360 ----a-w- c:\windows\SysWow64\RtsPStorIcon.dll
2012-10-25 19:47 . 2011-08-29 18:02 339048 ----a-w- c:\windows\system32\drivers\RtsPStor.sys
2012-10-25 19:47 . 2011-06-10 22:34 74272 ----a-w- c:\windows\system32\RtNicProp64.dll
2012-10-25 19:47 . 2011-06-10 22:34 539240 ----a-w- c:\windows\system32\drivers\Rt64win7.sys
2012-10-25 19:47 . 2011-06-10 22:34 107552 ----a-w- c:\windows\system32\RTNUninst64.dll
2012-10-25 19:47 . 2012-10-25 19:47 -------- d-----w- c:\program files (x86)\Realtek
2012-10-25 19:46 . 2012-10-25 19:46 -------- d-----w- c:\program files\Synaptics
2012-10-25 19:46 . 2012-10-25 19:46 -------- d-----w- c:\windows\Hewlett-Packard
2012-10-25 19:45 . 2011-09-21 01:36 620584 ----a-w- c:\windows\system32\drivers\btwampfl.sys
2012-10-25 19:44 . 2011-09-21 01:36 22056 ----a-w- c:\windows\system32\btwcoins.dll
2012-10-25 19:44 . 2011-09-21 01:36 89640 ----a-w- c:\windows\system32\drivers\btwdpan.sys
2012-10-25 19:44 . 2011-09-21 01:36 133672 ----a-w- c:\windows\system32\drivers\bcbtums.sys
2012-10-25 19:44 . 2011-09-21 01:36 39976 ----a-w- c:\windows\system32\drivers\btwl2cap.sys
2012-10-25 19:44 . 2011-09-21 01:36 21544 ----a-w- c:\windows\system32\drivers\btwrchid.sys
2012-10-25 19:44 . 2011-09-21 01:36 178728 ----a-w- c:\windows\system32\drivers\btwavdt.sys
2012-10-25 19:44 . 2011-09-21 01:36 167976 ----a-w- c:\windows\system32\drivers\btwaudio.sys
2012-10-25 19:42 . 2012-10-25 19:42 -------- d-----w- c:\program files\WIDCOMM
2012-10-25 19:41 . 2012-10-25 19:41 95544 ----a-w- c:\windows\system32\bcmwlcoi.dll
2012-10-25 19:41 . 2012-10-25 19:41 6656 ----a-w- c:\windows\system32\bcmwlrc.dll
2012-10-25 19:41 . 2012-10-25 19:41 3952128 ----a-w- c:\windows\system32\bcmihvsrv64.dll
2012-10-25 19:41 . 2012-10-25 19:41 3617280 ----a-w- c:\windows\system32\bcmihvui64.dll
2012-10-25 19:41 . 2012-10-25 19:46 -------- d-----w- c:\program files\Broadcom
2012-10-25 19:41 . 2012-10-25 19:41 4729408 ----a-w- c:\windows\system32\drivers\BCMWL664.SYS
2012-10-25 19:41 . 2012-10-25 19:41 -------- d-----w- c:\program files\AMD
2012-10-25 19:41 . 2012-10-25 19:41 -------- d-----w- c:\program files (x86)\AMD
2012-10-25 19:41 . 2012-10-25 19:41 -------- d-----w- c:\program files (x86)\AMD APP
2012-10-25 19:41 . 2012-10-25 19:41 -------- d-----w- c:\program files\Common Files\ATI Technologies
2012-10-25 19:41 . 2012-10-25 19:41 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies
2012-10-25 19:39 . 2012-10-25 19:39 -------- d-----w- c:\programdata\AMD
2012-10-25 19:39 . 2010-02-18 16:18 46136 ----a-w- c:\windows\system32\drivers\amdiox64.sys
2012-10-25 19:39 . 2012-10-25 19:39 -------- d-----w- c:\program files\ATI Technologies
2012-10-25 19:39 . 2012-10-26 02:39 -------- dc----w- c:\windows\system32\DRVSTORE
2012-10-25 19:39 . 2011-08-18 12:44 53376 ----a-w- c:\windows\system32\drivers\usbfilter.sys
2012-10-25 19:39 . 2012-10-26 23:54 -------- d-----w- c:\program files (x86)\Common Files\Nuance
2012-10-25 19:38 . 2012-10-25 19:38 -------- d-----w- c:\program files\ATI
2012-10-25 19:38 . 2012-10-25 19:40 -------- d-----w- c:\program files (x86)\ATI Technologies
2012-10-25 19:38 . 2012-10-26 23:54 -------- d-----w- c:\programdata\Nuance
2012-10-25 19:38 . 2012-10-26 23:54 -------- d-----w- c:\program files (x86)\Common Files\InstallShield
2012-10-25 19:38 . 2012-10-25 19:38 -------- d-----w- c:\programdata\FLEXnet
2012-10-25 19:38 . 2012-10-25 19:38 -------- d-----w- c:\program files (x86)\Nuance
2012-10-25 18:57 . 2012-10-25 18:57 -------- d-----w- c:\program files\Microsoft Office
2012-10-25 18:57 . 2012-10-25 18:57 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services
2012-10-25 18:57 . 2012-10-25 18:57 -------- d-----w- c:\windows\SHELLNEW
2012-10-25 18:56 . 2012-10-25 22:22 -------- d-----w- c:\programdata\Microsoft Help
2012-10-25 18:56 . 2012-10-25 18:56 -------- d-----r- C:\MSOCache
2012-10-25 18:42 . 2012-10-25 18:42 -------- d-----w- c:\windows\SysWow64\N360_BACKUP
2012-10-25 18:33 . 2012-10-26 02:29 -------- d-----w- c:\program files (x86)\Common Files\Symantec Shared
2012-10-25 18:16 . 2012-10-25 18:16 -------- d-----w- c:\programdata\PCSettings
2012-10-25 18:06 . 2012-10-25 18:06 255352 ----a-w- c:\windows\SysWow64\awrdscdc.ax
2012-10-25 18:06 . 2001-08-18 02:43 24576 ------w- c:\windows\SysWow64\msxml3a.dll
2012-10-25 18:06 . 2012-10-25 18:06 -------- d-----w- c:\program files (x86)\Audible
2012-10-25 17:54 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-10-25 17:54 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-10-25 17:54 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-10-25 17:51 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-10-25 17:51 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-10-25 17:51 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-10-25 17:51 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-10-25 17:51 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-10-25 17:51 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-10-25 17:51 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-25 17:52 . 2011-03-29 01:36 19720 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-08-31 02:26 . 2012-08-31 02:26 235960 ----a-w- c:\windows\system32\klogon.dll
2012-08-20 17:38 . 2012-10-25 21:04 44032 ----a-w- c:\windows\apppatch\acwow64.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-10-26 15:54 220632 ----a-w- c:\users\RATCHETT\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-10-26 15:54 220632 ----a-w- c:\users\RATCHETT\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-10-26 15:54 220632 ----a-w- c:\users\RATCHETT\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SkyDrive"="c:\users\RATCHETT\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" [2012-10-26 238552]
"OfficeSyncProcess"="c:\program files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [2012-01-21 719672]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-09-15 343168]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe" [2012-08-31 202328]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\program files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 bcbtums;Bluetooth RAM Firmware Download USB Filter;c:\windows\system32\drivers\bcbtums.sys [2011-09-21 133672]
R3 btwampfl;btwampfl Bluetooth filter driver;c:\windows\system32\drivers\btwampfl.sys [2011-09-21 620584]
R3 BTWDPAN;Bluetooth Personal Area Network;c:\windows\system32\DRIVERS\btwdpan.sys [2011-09-21 89640]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2011-09-21 39976]
R3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [2011-06-17 79488]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [2011-06-17 40064]
S0 CSCrySec;InfoWatch Encrypt Sector Library driver;c:\windows\system32\DRIVERS\CSCrySec.sys [2009-12-14 85048]
S1 CSVirtualDiskDrv;InfoWatch Virtual Disk driver;c:\windows\system32\DRIVERS\CSVirtualDiskDrv.sys [2009-12-14 66104]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-09-16 204288]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-09-15 361984]
S2 BingDesktopUpdate;Bing Desktop Update service;c:\program files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [2012-03-30 151656]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-09-16 10206208]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-09-16 317952]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-03-30 114704]
.
.
Contents of the 'Scheduled Tasks' folder
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-10-26 15:54 244696 ----a-w- c:\users\RATCHETT\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-10-26 15:54 244696 ----a-w- c:\users\RATCHETT\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-10-26 15:54 244696 ----a-w- c:\users\RATCHETT\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\KAVOverlayIcon]
@="{dd230880-495a-11d1-b064-008048ec2fc5}"
[HKEY_CLASSES_ROOT\CLSID\{dd230880-495a-11d1-b064-008048ec2fc5}]
2012-08-31 02:26 566712 ----a-w- c:\program files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\x64\shellex.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-09-08 1424896]
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uLocal Page = c:\windows\system32\blank.htm
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Add to Anti-Banner - c:\program files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\ie_banner_deny.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Kaspersky PURE - c:\progra~2\KASPER~1\KASPER~1.0\KASPER~2\MODULE~1\spIEBho.dll/616
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\RATCHETT\AppData\Roaming\Mozilla\Firefox\Profiles\th75ti6p.default\
FF - ExtSQL: 2012-10-25 22:39; KavAntiBanner@Kaspersky.ru; c:\program files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\KavAntiBanner@Kaspersky.ru
FF - ExtSQL: 2012-10-25 22:39; virtualKeyboard@kaspersky.ru; c:\program files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\virtualKeyboard@kaspersky.ru
FF - ExtSQL: 2012-10-25 22:39; linkfilter@kaspersky.ru; c:\program files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\linkfilter@kaspersky.ru
FF - ExtSQL: 2012-10-26 11:21; {72CA2996-F580-47DF-98FF-0B853D09CEC8}; c:\users\RATCHETT\AppData\Roaming\Kaspersky Lab\Password Manager\kpmAutofill
.
- - - - ORPHANS REMOVED - - - -
.
ShellIconOverlayIdentifiers-{dd230880-495a-11d1-b064-008048ec2fc5} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-10-26 20:17:20
ComboFix-quarantined-files.txt 2012-10-27 00:17
.
Pre-Run: 205,164,703,744 bytes free
Post-Run: 206,993,362,944 bytes free
.
- - End Of File - - EBF0A03B992E8A1F0DAE15D4991B350E


*** Mod Edit: Moved topic from Windows7 to the Virus, Trojan, Spyware, and Malware Removal Logs where it will stay due to the logs you have posted. ~ bloopie ***


Edited by bloopie, 26 October 2012 - 08:22 PM.


BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:57 AM

Posted 30 October 2012 - 05:45 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#3 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:57 AM

Posted 04 November 2012 - 11:28 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users