Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Am i still hacked? Strange network changes


  • This topic is locked This topic is locked
5 replies to this topic

#1 Aardopotamus

Aardopotamus

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:14 AM

Posted 18 January 2013 - 05:19 PM

I suspect my machine and network have been exploited to allow unauthorized access.. but i'm not sure where to start with this, i was previously infected with a very nasty rootkit of some type that i could not remove myself. here is a quote from my post in 'Am I infected'

Question: Am i still hacked?

Details:

I previously had a bootkit i believe to be max++ or some zeroaccess variant.. TDSS Killer came up with positive results.. in the beginning and i tried running aswMBR and one of those times it closed and caused a BSOD.. i tried many methods of removing it.. but every time i tried to get rid of it .. it came right back.. the giveaway was a folder called DRM with an alternate data stream containing arabic wording(DRM:احتضان)..so i decided to do a low level format on the drive and then reinstalled Windows 7 Ultimate x64 on January 1st 2013

Last night 1/17/2013 i decided to restore parts of my old firefox profile into my new firefox profile.. the files i restored were formhistory.sqlite and places.sqlite, and about an hour later i think it was.. firefox for no reason i can think of.. had high memory usage..at about the same time this happened.. my girlfriend who i was talking with on Skype lost her internet connection and i noticed my Skype connection was disconnecting and reconnecting as well. I then checked my Norton Internet Security History logs.. and strangely.. the history for Networks and Connections was completely empty.. all other logs were still there.. the girlfriend is still most definitely infected and will be visiting this forum soon.. but i'd like to make sure i am not infected again.. thank you

Possibly relevant.. i also restored my skype profile.. but that was on 1/1/2013



DDS log

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16457
Run by Aardo at 16:40:33 on 2013-01-18
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4095.1758 [GMT -5:00]
.
AV: Norton Security Suite *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Security Suite *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Security Suite *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files (x86)\Norton Security Suite\Engine\20.2.0.19\ccSvcHst.exe
C:\Program Files (x86)\Secunia\PSI\PSIA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Norton Security Suite\Engine\20.2.0.19\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe
C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files (x86)\Camfrog\Camfrog Video Chat\Camfrog Video Chat.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Everything\Everything.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\atieclxx.exe
C:\Program Files (x86)\Norton Security Suite\Engine\20.2.0.19\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Everything\Everything.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\20.2.0.19\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\20.2.0.19\ips\ipsbho.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\20.2.0.19\coieplg.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\20.2.0.19\coieplg.dll
mRun: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
mRun: [Everything] "C:\Program Files (x86)\Everything\Everything.exe" -startup
StartupFolder: C:\Users\Aardo\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files (x86)\Logitech\Ereg\eReg.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SECUNI~1.LNK - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{66C21F12-2DB3-466B-86AA-7C82C08258F6} : DHCPNameServer = 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Aardo\AppData\Roaming\Mozilla\Firefox\Profiles\69hjep9k.default\
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll
FF - ExtSQL: 2013-01-08 23:09; {BBDA0591-3099-440a-AA10-41764D9DB4DB}; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\IPSFFPlgn
FF - ExtSQL: 2013-01-09 15:36; {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\coFFPlgn
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\N360x64\1402000.013\symds64.sys [2013-1-7 493216]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\N360x64\1402000.013\symefa64.sys [2013-1-7 1133216]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20130111.001\BHDrvx64.sys [2013-1-15 1384608]
R1 ccSet_N360;Norton Security Suite Settings Manager;C:\Windows\System32\drivers\N360x64\1402000.013\ccsetx64.sys [2013-1-7 168096]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20130117.001\IDSviA64.sys [2013-1-18 513184]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\N360x64\1402000.013\ironx64.sys [2013-1-7 224416]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\N360x64\1402000.013\symnets.sys [2013-1-7 432800]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-12-2 240640]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-12-2 361984]
R2 AODDriver4.2;AODDriver4.2;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-4-9 57472]
R2 N360;Norton Security Suite;C:\Program Files (x86)\Norton Security Suite\Engine\20.2.0.19\ccsvchst.exe [2013-1-7 143928]
R2 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2012-11-26 1225312]
R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-12-15 450848]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-5-14 96896]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-1-8 138912]
R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2011-12-15 351392]
R3 LVUVC64;Logitech HD Pro Webcam C920(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2011-12-15 4862368]
R3 ManyCam;ManyCam Virtual Webcam;C:\Windows\System32\drivers\mcvidrv_x64.sys [2012-10-10 44928]
R3 mcaudrv_simple;ManyCam Virtual Microphone;C:\Windows\System32\drivers\mcaudrv_x64.sys [2012-10-10 29696]
R3 PSI;PSI;C:\Windows\System32\drivers\psi_mf.sys [2010-9-1 17976]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\System32\drivers\viahduaa.sys [2013-1-9 1342064]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2012-11-26 659040]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-11-9 160944]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-1-7 19456]
S3 Synth3dVsc;Synth3dVsc;C:\Windows\System32\drivers\Synth3dVsc.sys [2010-11-21 88960]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys [2013-1-7 29696]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-1-7 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-1-7 30208]
S3 tsusbhub;tsusbhub;C:\Windows\System32\drivers\tsusbhub.sys [2010-11-21 117248]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-1-7 1255736]
.
=============== File Associations ===============
.
FileExt: .txt: Notepad++_file="C:\Program Files (x86)\Notepad++\notepad++.exe" "%1"
FileExt: .ini: Notepad++_file="C:\Program Files (x86)\Notepad++\notepad++.exe" "%1"
FileExt: .js: Notepad++_file="C:\Program Files (x86)\Notepad++\notepad++.exe" "%1"
.
=============== Created Last 30 ================
.
2013-01-16 06:07:49 -------- d-----w- C:\Users\Aardo\AppData\Local\ElevatedDiagnostics
2013-01-15 21:42:07 -------- d-----w- C:\Program Files (x86)\Everything
2013-01-15 02:08:12 -------- d-----w- C:\Users\Aardo\AppData\Local\ManyCam
2013-01-15 02:08:12 -------- d-----w- C:\ProgramData\ManyCam
2013-01-15 02:07:31 -------- d-----w- C:\Program Files (x86)\ManyCam
2013-01-14 02:34:22 -------- d-----w- C:\Users\Aardo\AppData\Local\NPE
2013-01-13 04:11:11 -------- d-----w- C:\Users\Aardo\AppData\Local\Macromedia
2013-01-12 17:59:05 -------- d-----w- C:\ProgramData\Package Cache
2013-01-12 01:32:23 -------- d-----w- C:\Program Files (x86)\WinDirStat
2013-01-11 22:58:30 -------- d-----w- C:\Users\Aardo\AppData\Local\Google
2013-01-11 02:29:29 -------- d-----w- C:\Program Files (x86)\uTorrent
2013-01-11 02:27:46 -------- d-----w- C:\Users\Aardo\AppData\Roaming\uTorrent
2013-01-10 23:20:13 -------- d-sh--w- C:\$RECYCLE.BIN
2013-01-10 02:31:37 992368 ----a-w- C:\Windows\System32\VIAPropPageExt.dll
2013-01-10 02:31:37 91760 ----a-w- C:\Windows\System32\Dts2PropPageExt.dll
2013-01-10 02:31:37 86016 ----a-w- C:\Windows\System32\nQPropPageExt.dll
2013-01-10 02:31:37 83056 ----a-w- C:\Windows\System32\ViaMicArrayPropPageExt.dll
2013-01-10 02:31:37 82432 ----a-w- C:\Windows\System32\nQAPO.dll
2013-01-10 02:31:37 549488 ----a-w- C:\Windows\System32\VIASysFx.dll
2013-01-10 02:31:37 248944 ----a-w- C:\Windows\System32\Dts2APO.dll
2013-01-10 02:31:37 199280 ----a-w- C:\Windows\System32\ViaMicArrayAPO.dll
2013-01-10 02:31:37 1342064 ----a-w- C:\Windows\System32\drivers\viahduaa.sys
2013-01-10 02:28:44 414632 ------w- C:\Windows\difxapi.dll
2013-01-10 02:28:44 -------- d-----w- C:\Program Files (x86)\VIA
2013-01-10 01:03:01 -------- d-----w- C:\Users\Aardo\AppData\Roaming\Boredom Software
2013-01-10 00:41:22 -------- d-----w- C:\Users\Aardo\AppData\Local\Mozilla
2013-01-09 16:55:25 -------- d-----w- C:\Program Files (x86)\CrystalDiskInfo
2013-01-09 16:47:33 -------- d-----w- C:\Program Files\CrystalDiskMark
2013-01-09 14:38:17 74248 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-01-09 14:38:17 697864 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-01-09 09:06:07 -------- d-----w- C:\Program Files (x86)\FreeAlarmClock
2013-01-09 05:39:25 -------- d-----w- C:\Program Files (x86)\AMD APP
2013-01-09 04:14:46 -------- d-----w- C:\Program Files\ATI Technologies
2013-01-08 06:28:13 -------- d-----w- C:\Users\Aardo\AppData\Roaming\Mael
2013-01-08 05:36:37 -------- d-----w- C:\Program Files (x86)\HxD
2013-01-08 02:01:49 -------- d-----w- C:\Program Files (x86)\Boredom Software
2013-01-07 21:18:19 -------- d-----w- C:\Program Files\HashTab Shell Extension
2013-01-07 20:31:34 -------- d-----w- C:\Program Files (x86)\foobar2000
2013-01-07 19:54:11 -------- d-----w- C:\Users\Aardo\AppData\Roaming\Malwarebytes
2013-01-07 19:54:00 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-01-07 19:54:00 -------- d-----w- C:\ProgramData\Malwarebytes
2013-01-07 19:54:00 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-01-07 19:53:49 -------- d-----w- C:\Users\Aardo\AppData\Local\Programs
2013-01-07 11:29:41 -------- d-----w- C:\Users\Aardo\AppData\Roaming\Camfrog
2013-01-07 11:29:41 -------- d-----w- C:\Users\Aardo\AppData\Local\CrashRpt
2013-01-07 11:29:34 -------- d-----w- C:\Program Files (x86)\Camfrog
2013-01-07 11:26:57 -------- d-----w- C:\Users\Aardo\AppData\Local\AMD
2013-01-07 11:26:49 -------- d-----w- C:\Users\Aardo\AppData\Local\ATI
2013-01-07 11:26:25 -------- d-----w- C:\ProgramData\AMD
2013-01-07 11:26:01 -------- d-----w- C:\Program Files (x86)\ATI Technologies
2013-01-07 11:26:00 -------- d-----w- C:\Program Files\ATI
2013-01-07 11:23:04 -------- d-----w- C:\AMD
2013-01-07 11:20:07 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared
2013-01-07 11:02:35 -------- d-----r- C:\Program Files (x86)\Skype
2013-01-07 10:53:53 902656 ----a-w- C:\Windows\System32\d2d1.dll
2013-01-07 10:53:53 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2013-01-07 10:53:53 1139200 ----a-w- C:\Windows\System32\FntCache.dll
2013-01-07 10:33:38 -------- d-----w- C:\Users\Aardo\AppData\Local\Secunia PSI
2013-01-07 10:33:31 -------- d-----w- C:\Program Files (x86)\Secunia
2013-01-07 10:20:18 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2013-01-07 10:20:18 366592 ----a-w- C:\Windows\System32\qdvd.dll
2013-01-07 10:20:17 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2013-01-07 10:20:17 458712 ----a-w- C:\Windows\System32\drivers\cng.sys
2013-01-07 10:20:17 340992 ----a-w- C:\Windows\System32\schannel.dll
2013-01-07 10:20:17 247808 ----a-w- C:\Windows\SysWow64\schannel.dll
2013-01-07 10:20:17 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2013-01-07 10:20:17 154480 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2013-01-07 10:20:17 1448448 ----a-w- C:\Windows\System32\lsasrv.dll
2013-01-07 10:14:08 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service
2013-01-07 10:13:06 -------- d-----w- C:\Users\Aardo\AppData\Local\WindowsUpdate
2013-01-07 10:05:19 0 ----a-w- C:\Windows\ativpsrm.bin
2013-01-07 10:04:10 -------- d-----w- C:\Windows\SysWow64\Wat
2013-01-07 10:04:10 -------- d-----w- C:\Windows\System32\Wat
2013-01-07 09:51:22 9728 ----a-w- C:\Windows\System32\Wdfres.dll
2013-01-07 09:51:22 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys
2013-01-07 09:51:22 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys
2013-01-07 09:51:22 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
2013-01-07 09:48:36 -------- d-----w- C:\Users\Aardo\AppData\Local\Logitech® Webcam Software
2013-01-07 09:46:37 -------- d-----w- C:\Users\Aardo\AppData\Local\LogiShrd
2013-01-07 09:45:54 53248 ----a-r- C:\Users\Aardo\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2013-01-07 09:45:46 -------- d-----w- C:\Program Files (x86)\Common Files\LWS
2013-01-07 09:45:35 -------- d-sh--w- C:\Windows\Installer
2013-01-07 09:40:04 70656 ----a-w- C:\Windows\SysWow64\fontsub.dll
2013-01-07 09:40:04 46080 ----a-w- C:\Windows\System32\atmlib.dll
2013-01-07 09:40:04 367616 ----a-w- C:\Windows\System32\atmfd.dll
2013-01-07 09:40:04 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2013-01-07 09:40:04 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
2013-01-07 09:40:04 100864 ----a-w- C:\Windows\System32\fontsub.dll
2013-01-07 09:39:50 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys
2013-01-07 09:39:50 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll
2013-01-07 09:39:50 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys
2013-01-07 09:39:50 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll
2013-01-07 09:39:49 744448 ----a-w- C:\Windows\System32\WUDFx.dll
2013-01-07 09:39:49 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll
2013-01-07 09:39:49 229888 ----a-w- C:\Windows\System32\WUDFHost.exe
2013-01-07 09:38:59 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2013-01-07 09:38:59 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2013-01-07 09:38:59 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2013-01-07 09:38:58 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2013-01-07 09:38:58 5120 ----a-w- C:\Windows\System32\wmi.dll
2013-01-07 09:29:17 -------- d-----w- C:\Users\Aardo\AppData\Local\Diagnostics
2013-01-07 09:17:03 776864 ----a-w- C:\Windows\System32\drivers\N360x64\1402000.013\srtsp64.sys
2013-01-07 09:17:03 493216 ----a-w- C:\Windows\System32\drivers\N360x64\1402000.013\symds64.sys
2013-01-07 09:17:03 432800 ----a-r- C:\Windows\System32\drivers\N360x64\1402000.013\symnets.sys
2013-01-07 09:17:03 37496 ----a-r- C:\Windows\System32\drivers\N360x64\1402000.013\srtspx64.sys
2013-01-07 09:17:03 23448 ----a-r- C:\Windows\System32\drivers\N360x64\1402000.013\symelam.sys
2013-01-07 09:17:03 224416 ----a-r- C:\Windows\System32\drivers\N360x64\1402000.013\ironx64.sys
2013-01-07 09:17:03 168096 ----a-w- C:\Windows\System32\drivers\N360x64\1402000.013\ccsetx64.sys
2013-01-07 09:17:03 1133216 ----a-w- C:\Windows\System32\drivers\N360x64\1402000.013\symefa64.sys
2013-01-07 09:16:58 -------- d-----w- C:\Windows\System32\drivers\N360x64\1402000.013
2013-01-07 09:04:51 478208 ----a-w- C:\Windows\System32\dpnet.dll
2013-01-07 09:00:54 8199504 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2013-01-07 09:00:51 9125352 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{4E78F5E6-52BF-478C-A891-FA9D71A71800}\mpengine.dll
2013-01-07 09:00:46 177312 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2013-01-07 09:00:46 -------- d-----w- C:\Program Files\Symantec
2013-01-07 09:00:46 -------- d-----w- C:\Program Files\Common Files\Symantec Shared
2013-01-07 09:00:35 -------- d-----w- C:\Windows\System32\drivers\N360x64
2013-01-07 09:00:34 -------- d-----w- C:\Program Files (x86)\Norton Security Suite
2013-01-07 09:00:28 -------- d-----w- C:\ProgramData\NortonInstaller
2013-01-07 09:00:28 -------- d-----w- C:\Program Files (x86)\NortonInstaller
2013-01-07 08:58:43 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2013-01-07 08:58:43 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2013-01-07 08:58:43 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2013-01-07 08:58:41 -------- d-----w- C:\ProgramData\Norton
2013-01-07 08:56:44 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2013-01-07 08:56:42 99840 ----a-w- C:\Windows\System32\wudriver.dll
2013-01-07 08:56:41 36864 ----a-w- C:\Windows\System32\wuapp.exe
2013-01-07 08:56:41 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2013-01-07 08:35:45 -------- d-----w- C:\Windows\Panther
2013-01-07 07:46:48 231376 ----a-w- C:\Windows\System32\drivers\truecrypt.sys
2013-01-07 05:52:59 -------- d-----w- C:\Recovery
.
==================== Find3M ====================
.
2012-12-07 13:20:16 441856 ----a-w- C:\Windows\System32\Wpc.dll
2012-12-07 13:15:31 2746368 ----a-w- C:\Windows\System32\gameux.dll
2012-12-07 12:26:17 308736 ----a-w- C:\Windows\SysWow64\Wpc.dll
2012-12-07 12:20:43 2576384 ----a-w- C:\Windows\SysWow64\gameux.dll
2012-12-07 11:20:04 30720 ----a-w- C:\Windows\System32\usk.rs
2012-12-07 11:20:03 43520 ----a-w- C:\Windows\System32\csrr.rs
2012-12-07 11:20:03 23552 ----a-w- C:\Windows\System32\oflc.rs
2012-12-07 11:20:01 45568 ----a-w- C:\Windows\System32\oflc-nz.rs
2012-12-07 11:20:01 44544 ----a-w- C:\Windows\System32\pegibbfc.rs
2012-12-07 11:20:01 20480 ----a-w- C:\Windows\System32\pegi-fi.rs
2012-12-07 11:20:00 20480 ----a-w- C:\Windows\System32\pegi-pt.rs
2012-12-07 11:19:59 20480 ----a-w- C:\Windows\System32\pegi.rs
2012-12-07 11:19:58 46592 ----a-w- C:\Windows\System32\fpb.rs
2012-12-07 11:19:57 40960 ----a-w- C:\Windows\System32\cob-au.rs
2012-12-07 11:19:57 21504 ----a-w- C:\Windows\System32\grb.rs
2012-12-07 11:19:57 15360 ----a-w- C:\Windows\System32\djctq.rs
2012-12-07 11:19:56 55296 ----a-w- C:\Windows\System32\cero.rs
2012-12-07 11:19:55 51712 ----a-w- C:\Windows\System32\esrb.rs
2012-12-02 08:31:34 5626536 ----a-w- C:\Windows\SysWow64\atiumdag.dll
2012-12-02 08:29:48 11270656 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2012-12-02 08:26:50 222720 ----a-w- C:\Windows\System32\clinfo.exe
2012-12-02 08:26:32 76288 ----a-w- C:\Windows\System32\OpenVideo64.dll
2012-12-02 08:26:28 65536 ----a-w- C:\Windows\SysWow64\OpenVideo.dll
2012-12-02 08:26:24 64512 ----a-w- C:\Windows\System32\OVDecode64.dll
2012-12-02 08:26:20 56320 ----a-w- C:\Windows\SysWow64\OVDecode.dll
2012-12-02 08:26:10 34523136 ----a-w- C:\Windows\System32\amdocl64.dll
2012-12-02 08:21:22 28738048 ----a-w- C:\Windows\SysWow64\amdocl.dll
2012-12-02 08:17:12 23455744 ----a-w- C:\Windows\System32\atio6axx.dll
2012-12-02 08:17:02 54784 ----a-w- C:\Windows\System32\OpenCL.dll
2012-12-02 08:16:58 50176 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2012-12-02 08:00:18 163840 ----a-w- C:\Windows\System32\atiapfxx.exe
2012-12-02 07:59:56 70144 ----a-w- C:\Windows\System32\coinst_9.01.8.dll
2012-12-02 07:58:44 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
2012-12-02 07:58:42 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
2012-12-02 07:58:36 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
2012-12-02 07:58:34 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
2012-12-02 07:58:24 16082944 ----a-w- C:\Windows\System32\aticaldd64.dll
2012-12-02 07:57:54 18979328 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2012-12-02 07:54:08 13703168 ----a-w- C:\Windows\SysWow64\aticaldd.dll
2012-12-02 07:50:46 949248 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2012-12-02 07:48:52 1137664 ----a-w- C:\Windows\System32\aticfx64.dll
2012-12-02 07:46:46 6684672 ----a-w- C:\Windows\SysWow64\atidxx32.dll
2012-12-02 07:41:44 4674048 ----a-w- C:\Windows\System32\atiumd6a.dll
2012-12-02 07:37:46 442368 ----a-w- C:\Windows\System32\atidemgy.dll
2012-12-02 07:37:36 548864 ----a-w- C:\Windows\System32\atieclxx.exe
2012-12-02 07:36:50 240640 ----a-w- C:\Windows\System32\atiesrxx.exe
2012-12-02 07:35:26 120320 ----a-w- C:\Windows\System32\atitmm64.dll
2012-12-02 07:35:10 21504 ----a-w- C:\Windows\System32\atimuixx.dll
2012-12-02 07:35:04 59392 ----a-w- C:\Windows\System32\atiedu64.dll
2012-12-02 07:35:00 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
2012-12-02 07:29:30 3862528 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2012-12-02 07:29:04 7378944 ----a-w- C:\Windows\System32\atidxx64.dll
2012-12-02 07:24:50 6781440 ----a-w- C:\Windows\System32\atiumd64.dll
2012-12-02 07:17:54 56320 ----a-w- C:\Windows\System32\atimpc64.dll
2012-12-02 07:17:54 56320 ----a-w- C:\Windows\System32\amdpcom64.dll
2012-12-02 07:17:44 56832 ----a-w- C:\Windows\SysWow64\atimpc32.dll
2012-12-02 07:17:44 56832 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
2012-12-02 07:14:28 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
2012-12-02 07:14:10 619008 ----a-w- C:\Windows\System32\atiadlxx.dll
2012-12-02 07:14:00 421888 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
2012-12-02 07:13:44 17920 ----a-w- C:\Windows\System32\atig6pxx.dll
2012-12-02 07:13:42 14848 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
2012-12-02 07:13:42 14848 ----a-w- C:\Windows\System32\atiglpxx.dll
2012-12-02 07:13:38 41984 ----a-w- C:\Windows\System32\atig6txx.dll
2012-12-02 07:13:30 33280 ----a-w- C:\Windows\SysWow64\atigktxx.dll
2012-12-02 07:13:20 546816 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
2012-12-02 07:11:28 130048 ----a-w- C:\Windows\System32\atiuxp64.dll
2012-12-02 07:11:20 109568 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
2012-12-02 07:11:14 104448 ----a-w- C:\Windows\System32\atiu9p64.dll
2012-12-02 07:11:04 83968 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
2012-11-30 05:45:35 362496 ----a-w- C:\Windows\System32\wow64win.dll
2012-11-30 05:45:35 243200 ----a-w- C:\Windows\System32\wow64.dll
2012-11-30 05:45:35 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2012-11-30 05:45:14 215040 ----a-w- C:\Windows\System32\winsrv.dll
2012-11-30 05:43:12 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2012-11-30 05:41:07 424448 ----a-w- C:\Windows\System32\KernelBase.dll
2012-11-30 04:54:00 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2012-11-30 04:53:59 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2012-11-30 03:23:48 338432 ----a-w- C:\Windows\System32\conhost.exe
2012-11-30 02:44:06 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2012-11-30 02:44:04 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2012-11-30 02:44:04 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2012-11-30 02:44:03 2048 ----a-w- C:\Windows\SysWow64\user.exe
2012-11-30 02:38:59 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-11-30 02:38:59 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-11-30 02:38:59 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-11-30 02:38:59 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2012-11-23 03:26:31 3149824 ----a-w- C:\Windows\System32\win32k.sys
2012-11-23 03:13:57 68608 ----a-w- C:\Windows\System32\taskhost.exe
2012-11-22 05:44:23 800768 ----a-w- C:\Windows\System32\usp10.dll
2012-11-22 04:45:03 626688 ----a-w- C:\Windows\SysWow64\usp10.dll
2012-11-20 05:48:49 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-11-20 04:51:09 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-11-09 05:45:32 750592 ----a-w- C:\Windows\System32\win32spl.dll
2012-11-09 05:45:09 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-11-09 04:43:04 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll
2012-11-09 04:42:49 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-11-02 05:11:31 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll
2012-11-01 05:43:42 2002432 ----a-w- C:\Windows\System32\msxml6.dll
2012-11-01 05:43:42 1882624 ----a-w- C:\Windows\System32\msxml3.dll
.
============= FINISH: 16:40:44.37 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,476 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:14 AM

Posted 22 January 2013 - 09:21 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT....

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note:
Do not mouse click ComboFix's window while it's running. That may cause it to stall


Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html


Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
===

Third party programs if not up to date can be the cause infiltration of an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Rn].txt (n is a number).

Please post the logs for my review.

#3 Aardopotamus

Aardopotamus
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:14 AM

Posted 22 January 2013 - 10:07 AM

ComboFix 13-01-21.04 - Aardo 01/22/2013 9:49.2.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4095.2724 [GMT -5:00]
Running from: c:\users\Aardo\Desktop\ComboFix.exe
AV: Norton Security Suite *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Security Suite *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Security Suite *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-12-22 to 2013-01-22 )))))))))))))))))))))))))))))))
.
.
2013-01-22 14:52 . 2013-01-22 14:52 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-01-20 05:23 . 2013-01-20 05:23 -------- d-----w- c:\program files\Windows Updates Downloader
2013-01-20 04:36 . 2013-01-20 04:36 -------- d-----w- c:\windows\system32\RT 7 Lite
2013-01-20 04:36 . 2013-01-20 04:36 -------- d-----w- c:\program files\Rockers Team
2013-01-20 04:34 . 2013-01-20 04:34 -------- d-----w- c:\program files (x86)\Reference Assemblies
2013-01-20 04:34 . 2013-01-20 04:34 -------- d-----w- c:\program files (x86)\MSBuild
2013-01-20 04:34 . 2013-01-20 04:34 -------- d-----w- c:\program files\Reference Assemblies
2013-01-20 04:34 . 2013-01-20 04:34 -------- d-----w- c:\program files\MSBuild
2013-01-20 04:15 . 2013-01-20 04:15 -------- d-----w- c:\program files (x86)\Auslogics
2013-01-15 21:42 . 2013-01-20 04:18 -------- d-----w- c:\program files (x86)\Everything
2013-01-15 02:08 . 2013-01-15 02:08 -------- d-----w- c:\programdata\ManyCam
2013-01-15 02:07 . 2013-01-15 02:08 -------- d-----w- c:\program files (x86)\ManyCam
2013-01-12 17:59 . 2013-01-12 17:59 -------- d-----w- c:\programdata\Package Cache
2013-01-12 01:32 . 2013-01-12 01:32 -------- d-----w- c:\program files (x86)\WinDirStat
2013-01-11 02:29 . 2013-01-11 02:29 -------- d-----w- c:\program files (x86)\uTorrent
2013-01-10 10:06 . 2013-01-10 10:06 -------- d-----w- c:\program files (x86)\ImgBurn
2013-01-10 02:32 . 2013-01-10 02:32 -------- d-----w- c:\program files (x86)\InstallShield Installation Information
2013-01-10 02:31 . 2010-08-05 02:17 549488 ----a-w- c:\windows\system32\VIASysFx.dll
2013-01-10 02:31 . 2010-08-05 02:17 992368 ----a-w- c:\windows\system32\VIAPropPageExt.dll
2013-01-10 02:31 . 2010-08-05 02:17 83056 ----a-w- c:\windows\system32\ViaMicArrayPropPageExt.dll
2013-01-10 02:31 . 2010-08-05 02:17 199280 ----a-w- c:\windows\system32\ViaMicArrayAPO.dll
2013-01-10 02:31 . 2010-08-05 02:17 1342064 ----a-w- c:\windows\system32\drivers\viahduaa.sys
2013-01-10 02:31 . 2010-08-05 02:17 91760 ----a-w- c:\windows\system32\Dts2PropPageExt.dll
2013-01-10 02:31 . 2010-08-05 02:17 248944 ----a-w- c:\windows\system32\Dts2APO.dll
2013-01-10 02:31 . 2007-12-04 16:28 86016 ----a-w- c:\windows\system32\nQPropPageExt.dll
2013-01-10 02:31 . 2007-12-04 16:28 82432 ----a-w- c:\windows\system32\nQAPO.dll
2013-01-10 02:28 . 2013-01-10 02:31 -------- d-----w- c:\program files (x86)\VIA
2013-01-10 02:28 . 2007-04-11 20:35 414632 ------w- c:\windows\difxapi.dll
2013-01-10 02:28 . 2013-01-10 02:28 -------- d-----w- c:\program files (x86)\Common Files\InstallShield
2013-01-09 18:52 . 2013-01-09 18:52 -------- d-----w- c:\program files (x86)\Google
2013-01-09 16:55 . 2013-01-09 17:02 -------- d-----w- c:\program files (x86)\CrystalDiskInfo
2013-01-09 16:47 . 2013-01-09 23:56 -------- d-----w- c:\program files\CrystalDiskMark
2013-01-09 14:38 . 2013-01-09 14:38 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-01-09 14:38 . 2013-01-09 14:38 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-01-09 14:38 . 2013-01-09 14:38 -------- d-----w- c:\windows\SysWow64\Macromed
2013-01-09 14:38 . 2013-01-09 14:38 -------- d-----w- c:\windows\system32\Macromed
2013-01-09 09:06 . 2013-01-09 09:06 -------- d-----w- c:\program files (x86)\FreeAlarmClock
2013-01-09 05:39 . 2013-01-09 05:39 -------- d-----w- c:\programdata\ATI
2013-01-09 05:39 . 2013-01-09 05:39 -------- d-----w- c:\program files (x86)\AMD APP
2013-01-09 04:14 . 2013-01-09 05:39 -------- d-----w- c:\program files\ATI Technologies
2013-01-08 05:36 . 2013-01-08 05:36 -------- d-----w- c:\program files (x86)\HxD
2013-01-08 04:38 . 2013-01-08 04:38 -------- d-----w- c:\program files (x86)\Notepad++
2013-01-08 02:01 . 2013-01-08 02:01 -------- d-----w- c:\program files (x86)\Boredom Software
2013-01-08 02:00 . 2013-01-08 02:00 -------- d-----w- c:\program files\7-Zip
2013-01-07 21:18 . 2013-01-07 21:18 -------- d-----w- c:\program files\HashTab Shell Extension
2013-01-07 20:31 . 2013-01-09 21:44 -------- d-----w- c:\program files (x86)\foobar2000
2013-01-07 19:54 . 2013-01-07 19:54 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-01-07 19:54 . 2013-01-07 19:54 -------- d-----w- c:\programdata\Malwarebytes
2013-01-07 19:54 . 2012-12-14 21:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-01-07 11:29 . 2013-01-07 11:29 -------- d-----w- c:\program files (x86)\Camfrog
2013-01-07 11:26 . 2013-01-09 05:38 -------- d-----w- c:\programdata\AMD
2013-01-07 11:26 . 2013-01-07 11:26 -------- d-----w- c:\program files (x86)\ATI Technologies
2013-01-07 11:26 . 2013-01-07 11:26 -------- d-----w- c:\program files\ATI
2013-01-07 11:23 . 2013-01-09 05:36 -------- d-----w- C:\AMD
2013-01-07 11:20 . 2013-01-07 11:20 -------- d-----w- c:\program files (x86)\Common Files\Symantec Shared
2013-01-07 11:02 . 2013-01-07 11:02 -------- d-----w- c:\program files (x86)\Common Files\Skype
2013-01-07 11:02 . 2013-01-07 11:02 -------- d-----r- c:\program files (x86)\Skype
2013-01-07 10:53 . 2011-02-19 12:05 1139200 ----a-w- c:\windows\system32\FntCache.dll
2013-01-07 10:53 . 2011-02-19 12:04 902656 ----a-w- c:\windows\system32\d2d1.dll
2013-01-07 10:53 . 2011-02-19 06:30 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2013-01-07 10:48 . 2013-01-07 10:48 -------- d-----w- c:\program files\Microsoft Silverlight
2013-01-07 10:48 . 2013-01-07 10:48 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2013-01-07 10:33 . 2013-01-07 10:33 -------- d-----w- c:\program files (x86)\Secunia
2013-01-07 10:25 . 2013-01-07 11:05 -------- d-----w- c:\programdata\Skype
2013-01-07 10:20 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
2013-01-07 10:20 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2013-01-07 10:20 . 2012-08-24 18:13 154480 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2013-01-07 10:20 . 2012-08-24 18:09 458712 ----a-w- c:\windows\system32\drivers\cng.sys
2013-01-07 10:20 . 2012-08-24 18:05 340992 ----a-w- c:\windows\system32\schannel.dll
2013-01-07 10:20 . 2012-08-24 18:03 1448448 ----a-w- c:\windows\system32\lsasrv.dll
2013-01-07 10:20 . 2012-08-24 16:57 247808 ----a-w- c:\windows\SysWow64\schannel.dll
2013-01-07 10:20 . 2012-08-24 16:57 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2013-01-07 10:20 . 2012-08-24 16:53 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2013-01-07 10:14 . 2013-01-20 03:17 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2013-01-07 10:11 . 2013-01-07 10:11 -------- d-----w- c:\program files (x86)\Microsoft.NET
2013-01-07 10:05 . 2013-01-07 10:05 0 ----a-w- c:\windows\ativpsrm.bin
2013-01-07 10:04 . 2013-01-07 10:04 -------- d-----w- c:\windows\SysWow64\Wat
2013-01-07 10:04 . 2013-01-07 10:04 -------- d-----w- c:\windows\system32\Wat
2013-01-07 09:51 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2013-01-07 09:51 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2013-01-07 09:51 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2013-01-07 09:51 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
2013-01-07 09:48 . 2013-01-07 09:48 -------- d-----w- c:\programdata\LogiShrd
2013-01-07 09:47 . 2013-01-08 22:47 67599240 ----a-w- c:\windows\system32\MRT.exe
2013-01-07 09:45 . 2013-01-07 09:45 -------- d-----w- c:\programdata\Logitech
2013-01-07 09:45 . 2013-01-07 09:45 -------- d-----w- c:\program files (x86)\Common Files\LWS
2013-01-07 09:45 . 2013-01-07 09:46 -------- d-----w- c:\program files (x86)\Logitech
2013-01-07 09:45 . 2013-01-21 00:39 -------- d-sh--w- c:\windows\Installer
2013-01-07 09:40 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll
2013-01-07 09:40 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll
2013-01-07 09:40 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2013-01-07 09:40 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2013-01-07 09:40 . 2010-09-30 10:41 100864 ----a-w- c:\windows\system32\fontsub.dll
2013-01-07 09:40 . 2010-09-30 06:47 70656 ----a-w- c:\windows\SysWow64\fontsub.dll
2013-01-07 09:39 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2013-01-07 09:39 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2013-01-07 09:39 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2013-01-07 09:39 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2013-01-07 09:39 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2013-01-07 09:39 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
2013-01-07 09:39 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2013-01-07 09:38 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2013-01-07 09:38 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2013-01-07 09:38 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2013-01-07 09:38 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2013-01-07 09:38 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2013-01-07 09:38 . 2013-01-20 03:18 -------- d-----w- c:\program files (x86)\Common Files\logishrd
2013-01-07 09:38 . 2013-01-20 03:18 -------- d-----w- c:\program files\Common Files\logishrd
2013-01-07 09:04 . 2012-11-02 05:59 478208 ----a-w- c:\windows\system32\dpnet.dll
2013-01-07 09:00 . 2012-11-19 06:01 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4E78F5E6-52BF-478C-A891-FA9D71A71800}\mpengine.dll
2013-01-07 09:00 . 2013-01-07 09:00 177312 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2013-01-07 09:00 . 2013-01-07 09:00 -------- d-----w- c:\program files\Symantec
2013-01-07 09:00 . 2013-01-07 09:00 -------- d-----w- c:\program files\Common Files\Symantec Shared
2013-01-07 09:00 . 2013-01-07 09:18 -------- d-----w- c:\windows\system32\drivers\N360x64
2013-01-07 09:00 . 2013-01-07 09:00 -------- d-----w- c:\program files (x86)\Norton Security Suite
2013-01-07 09:00 . 2013-01-07 09:00 -------- d-----w- c:\program files (x86)\NortonInstaller
2013-01-07 08:58 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2013-01-07 08:58 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2013-01-07 08:58 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2013-01-07 08:58 . 2013-01-07 09:01 -------- d-----w- c:\programdata\Norton
2013-01-07 08:56 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2013-01-07 08:56 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2013-01-07 08:56 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2013-01-07 08:56 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2013-01-07 08:56 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-02 08:31 . 2011-04-20 06:38 5626536 ----a-w- c:\windows\SysWow64\atiumdag.dll
2012-12-02 08:29 . 2012-12-02 08:29 11270656 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2012-12-02 08:26 . 2012-12-02 08:26 222720 ----a-w- c:\windows\system32\clinfo.exe
2012-12-02 08:26 . 2012-12-02 08:26 76288 ----a-w- c:\windows\system32\OpenVideo64.dll
2012-12-02 08:26 . 2012-12-02 08:26 65536 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2012-12-02 08:26 . 2012-12-02 08:26 64512 ----a-w- c:\windows\system32\OVDecode64.dll
2012-12-02 08:26 . 2012-12-02 08:26 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll
2012-12-02 08:26 . 2012-12-02 08:26 34523136 ----a-w- c:\windows\system32\amdocl64.dll
2012-12-02 08:21 . 2012-12-02 08:21 28738048 ----a-w- c:\windows\SysWow64\amdocl.dll
2012-12-02 08:17 . 2012-12-02 08:17 23455744 ----a-w- c:\windows\system32\atio6axx.dll
2012-12-02 08:17 . 2012-12-02 08:17 54784 ----a-w- c:\windows\system32\OpenCL.dll
2012-12-02 08:16 . 2012-12-02 08:16 50176 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-12-02 08:00 . 2012-12-02 08:00 163840 ----a-w- c:\windows\system32\atiapfxx.exe
2012-12-02 07:59 . 2012-12-02 07:59 70144 ----a-w- c:\windows\system32\coinst_9.01.8.dll
2012-12-02 07:58 . 2012-12-02 07:58 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2012-12-02 07:58 . 2012-12-02 07:58 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2012-12-02 07:58 . 2012-12-02 07:58 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2012-12-02 07:58 . 2012-12-02 07:58 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2012-12-02 07:58 . 2012-12-02 07:58 16082944 ----a-w- c:\windows\system32\aticaldd64.dll
2012-12-02 07:57 . 2012-12-02 07:57 18979328 ----a-w- c:\windows\SysWow64\atioglxx.dll
2012-12-02 07:54 . 2012-12-02 07:54 13703168 ----a-w- c:\windows\SysWow64\aticaldd.dll
2012-12-02 07:50 . 2011-04-20 07:09 949248 ----a-w- c:\windows\SysWow64\aticfx32.dll
2012-12-02 07:48 . 2012-12-02 07:48 1137664 ----a-w- c:\windows\system32\aticfx64.dll
2012-12-02 07:46 . 2012-09-28 01:39 6684672 ----a-w- c:\windows\SysWow64\atidxx32.dll
2012-12-02 07:41 . 2012-12-02 07:41 4674048 ----a-w- c:\windows\system32\atiumd6a.dll
2012-12-02 07:37 . 2012-12-02 07:37 442368 ----a-w- c:\windows\system32\atidemgy.dll
2012-12-02 07:37 . 2012-12-02 07:37 548864 ----a-w- c:\windows\system32\atieclxx.exe
2012-12-02 07:36 . 2012-12-02 07:36 240640 ----a-w- c:\windows\system32\atiesrxx.exe
2012-12-02 07:35 . 2012-12-02 07:35 120320 ----a-w- c:\windows\system32\atitmm64.dll
2012-12-02 07:35 . 2012-12-02 07:35 21504 ----a-w- c:\windows\system32\atimuixx.dll
2012-12-02 07:35 . 2012-12-02 07:35 59392 ----a-w- c:\windows\system32\atiedu64.dll
2012-12-02 07:35 . 2012-12-02 07:35 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2012-12-02 07:29 . 2011-04-20 06:30 3862528 ----a-w- c:\windows\SysWow64\atiumdva.dll
2012-12-02 07:29 . 2012-12-02 07:29 7378944 ----a-w- c:\windows\system32\atidxx64.dll
2012-12-02 07:24 . 2012-12-02 07:24 6781440 ----a-w- c:\windows\system32\atiumd64.dll
2012-12-02 07:17 . 2012-12-02 07:17 56320 ----a-w- c:\windows\system32\atimpc64.dll
2012-12-02 07:17 . 2012-12-02 07:17 56320 ----a-w- c:\windows\system32\amdpcom64.dll
2012-12-02 07:17 . 2012-12-02 07:17 56832 ----a-w- c:\windows\SysWow64\atimpc32.dll
2012-12-02 07:17 . 2012-12-02 07:17 56832 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2012-12-02 07:14 . 2012-12-02 07:14 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2012-12-02 07:14 . 2012-12-02 07:14 619008 ----a-w- c:\windows\system32\atiadlxx.dll
2012-12-02 07:14 . 2012-12-02 07:14 421888 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2012-12-02 07:13 . 2012-12-02 07:13 17920 ----a-w- c:\windows\system32\atig6pxx.dll
2012-12-02 07:13 . 2012-12-02 07:13 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2012-12-02 07:13 . 2012-12-02 07:13 14848 ----a-w- c:\windows\system32\atiglpxx.dll
2012-12-02 07:13 . 2012-12-02 07:13 41984 ----a-w- c:\windows\system32\atig6txx.dll
2012-12-02 07:13 . 2012-12-02 07:13 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll
2012-12-02 07:13 . 2012-12-02 07:13 546816 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2012-12-02 07:11 . 2012-12-02 07:11 130048 ----a-w- c:\windows\system32\atiuxp64.dll
2012-12-02 07:11 . 2011-04-20 06:21 109568 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2012-12-02 07:11 . 2012-12-02 07:11 104448 ----a-w- c:\windows\system32\atiu9p64.dll
2012-12-02 07:11 . 2011-04-20 06:21 83968 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2012-11-30 04:45 . 2013-01-08 22:46 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-11-06 03:26 . 2012-11-06 03:26 849360 ----a-w- c:\windows\system32\msvcr110.dll
2012-11-06 03:26 . 2012-11-06 03:26 74704 ----a-w- c:\windows\system32\mfc110fra.dll
2012-11-06 03:26 . 2012-11-06 03:26 74704 ----a-w- c:\windows\system32\mfc110deu.dll
2012-11-06 03:26 . 2012-11-06 03:26 73680 ----a-w- c:\windows\system32\mfc110esn.dll
2012-11-06 03:26 . 2012-11-06 03:26 72656 ----a-w- c:\windows\system32\mfc110ita.dll
2012-11-06 03:26 . 2012-11-06 03:26 70608 ----a-w- c:\windows\system32\mfc110rus.dll
2012-11-06 03:26 . 2012-11-06 03:26 661456 ----a-w- c:\windows\system32\msvcp110.dll
2012-11-06 03:26 . 2012-11-06 03:26 64976 ----a-w- c:\windows\system32\mfc110enu.dll
2012-11-06 03:26 . 2012-11-06 03:26 5620192 ----a-w- c:\windows\system32\mfc110u.dll
2012-11-06 03:26 . 2012-11-06 03:26 5592520 ----a-w- c:\windows\system32\mfc110.dll
2012-11-06 03:26 . 2012-11-06 03:26 53712 ----a-w- c:\windows\system32\mfc110jpn.dll
2012-11-06 03:26 . 2012-11-06 03:26 53200 ----a-w- c:\windows\system32\mfc110kor.dll
2012-11-06 03:26 . 2012-11-06 03:26 46032 ----a-w- c:\windows\system32\mfc110cht.dll
2012-11-06 03:26 . 2012-11-06 03:26 46032 ----a-w- c:\windows\system32\mfc110chs.dll
2012-11-06 03:26 . 2012-11-06 03:26 385488 ----a-w- c:\windows\system32\vcamp110.dll
2012-11-06 03:26 . 2012-11-06 03:26 354264 ----a-w- c:\windows\system32\vccorlib110.dll
2012-11-06 03:26 . 2012-11-06 03:26 200136 ----a-w- c:\windows\system32\atl110.dll
2012-11-06 03:26 . 2012-11-06 03:26 138208 ----a-w- c:\windows\system32\vcomp110.dll
2012-11-06 03:26 . 2012-11-06 03:26 104400 ----a-w- c:\windows\system32\mfcm110u.dll
2012-11-06 03:26 . 2012-11-06 03:26 104392 ----a-w- c:\windows\system32\mfcm110.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-11-11 205336]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-12-02 642216]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2010-08-11 2472048]
"Everything"="c:\program files (x86)\Everything\Everything.exe" [2009-03-13 602624]
.
c:\users\Aardo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech . Product Registration.lnk - c:\program files (x86)\Logitech\Ereg\eReg.exe [2009-11-16 517384]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2012-11-26 573024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2012-11-26 659040]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-21 88960]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2012-08-23 29696]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 117248]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2013-01-07 1255736]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\1402000.013\SYMDS64.SYS [2012-10-04 493216]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\1402000.013\SYMEFA64.SYS [2012-10-04 1133216]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20130111.001\BHDrvx64.sys [2012-11-30 1384608]
S1 ccSet_N360;Norton Security Suite Settings Manager;c:\windows\system32\drivers\N360x64\1402000.013\ccSetx64.sys [2012-10-04 168096]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20130118.001\IDSvia64.sys [2013-01-04 513184]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\1402000.013\Ironx64.SYS [2012-07-28 224416]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\1402000.013\SYMNETS.SYS [2012-07-23 432800]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-12-02 240640]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-12-02 361984]
S2 AODDriver4.2;AODDriver4.2;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-04-09 57472]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-07-09 123856]
S2 N360;Norton Security Suite;c:\program files (x86)\Norton Security Suite\Engine\20.2.0.19\ccSvcHst.exe [2012-10-11 143928]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2012-11-26 1225312]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-12-15 450848]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-05-14 96896]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-01-07 138912]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2011-12-15 351392]
S3 LVUVC64;Logitech HD Webcam C270(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2011-12-15 4862368]
S3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\DRIVERS\mcvidrv_x64.sys [2012-10-11 44928]
S3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv_x64.sys [2012-10-11 29696]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 17976]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2010-08-05 1342064]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-01-11 22:58 1606760 ----a-w- c:\program files (x86)\Google\Chrome\Application\24.0.1312.52\Installer\setup.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-09 14:38]
.
2013-01-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-09 18:52]
.
2013-01-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-09 18:52]
.
.
--------- X64 Entries -----------
.
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: Interfaces\{66C21F12-2DB3-466B-86AA-7C82C08258F6}: NameServer = 129.250.35.250,216.52.161.33
FF - ProfilePath - c:\users\Aardo\AppData\Roaming\Mozilla\Firefox\Profiles\69hjep9k.default\
FF - ExtSQL: 2013-01-08 23:09; {BBDA0591-3099-440a-AA10-41764D9DB4DB}; c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\IPSFFPlgn
FF - ExtSQL: 2013-01-09 15:36; {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}; c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\coFFPlgn
.
.
------- File Associations -------
.
.txt=Notepad++_file
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton Security Suite\Engine\20.2.0.19\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton Security Suite\Engine\20.2.0.19\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-01-22 09:53:57
ComboFix-quarantined-files.txt 2013-01-22 14:53
.
Pre-Run: 10,760,892,416 bytes free
Post-Run: 10,507,096,064 bytes free
.
- - End Of File - - E4B49E0E6077CFAC8B00D8026A2E187C



Results of screen317's Security Check version 0.99.57
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Norton Security Suite
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Secunia PSI (3.0.0.6001)
Malwarebytes Anti-Malware version 1.70.0.1100
Adobe Flash Player 11.5.502.146
Mozilla Firefox (18.0.1)
Google Chrome 23.0.1271.97
Google Chrome 24.0.1312.52
````````Process Check: objlist.exe by Laurent````````
Norton ccSvcHst.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 11% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````



# AdwCleaner v2.107 - Logfile created 01/22/2013 at 09:56:59
# Updated 21/01/2013 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)
# User : Aardo - AARDO-PC
# Boot Mode : Normal
# Running from : C:\Users\Aardo\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****

Key Found : HKCU\Software\APN PIP
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Found : HKLM\Software\PIP
Key Found : HKU\S-1-5-21-3726105352-1405534227-4146810077-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registry is clean.

-\\ Mozilla Firefox v18.0.1 (en-US)

File : C:\Users\Aardo\AppData\Roaming\Mozilla\Firefox\Profiles\69hjep9k.default\prefs.js

[OK] File is clean.

File : C:\Users\AardoBoss\AppData\Roaming\Mozilla\Firefox\Profiles\l2rkp1jt.default\prefs.js

[OK] File is clean.

File : C:\Users\AardoBoss\AppData\Roaming\Mozilla\Firefox\Profiles\l2rkp1jt.default - Copy\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1238 octets] - [22/01/2013 09:56:59]

########## EOF - C:\AdwCleaner[R1].txt - [1298 octets] ##########

#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,476 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:14 AM

Posted 22 January 2013 - 10:31 AM

All I can suggest at this time.

Remove the AdWare, PUP (Potentially Unwanted Program) installed on your computer.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Everything that was found will be deleted.
  • Follow the prompts to reboot the computer. A text file will open after the restart.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number)..

Please post the log and let me know what problem persists.

#5 Aardopotamus

Aardopotamus
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:14 AM

Posted 22 January 2013 - 10:51 AM

If something is wrong at this point.. it's nothing i can tell

thank you for the help

# AdwCleaner v2.107 - Logfile created 01/22/2013 at 10:40:50
# Updated 21/01/2013 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)
# User : Aardo - AARDO-PC
# Boot Mode : Normal
# Running from : C:\Users\Aardo\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****

Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Deleted : HKLM\Software\PIP

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registry is clean.

-\\ Mozilla Firefox v18.0.1 (en-US)

File : C:\Users\Aardo\AppData\Roaming\Mozilla\Firefox\Profiles\69hjep9k.default\prefs.js

[OK] File is clean.

File : C:\Users\AardoBoss\AppData\Roaming\Mozilla\Firefox\Profiles\l2rkp1jt.default\prefs.js

[OK] File is clean.

File : C:\Users\AardoBoss\AppData\Roaming\Mozilla\Firefox\Profiles\l2rkp1jt.default - Copy\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1365 octets] - [22/01/2013 09:56:59]
AdwCleaner[R2].txt - [1425 octets] - [22/01/2013 10:40:35]
AdwCleaner[S1].txt - [1211 octets] - [22/01/2013 10:40:50]

########## EOF - C:\AdwCleaner[S1].txt - [1271 octets] ##########

#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,476 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:14 AM

Posted 22 January 2013 - 11:12 AM

Wait a day or tow and if all is well:

Time for some housekeeping

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bold text into the Run box and click OK:

ComboFix /Uninstall
===

To remove AdwCleaner.

Please double click on AdwCleaner.exe to run the tool.
Click on Uninstall.
Confirm with Yes.

If you decide to keep the AdwCleaner tool make sure delete your version and download the latest before running it.

Delete the other tools we used.
You can Keep the DDS tool as most forum will ask to see a log before suggesting a fix.

Surf Safely, and Think Prevention!
===




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users