Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

i used combofix in my computer need help with the log please


  • This topic is locked This topic is locked
2 replies to this topic

#1 djnando

djnando

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:07:09 PM

Posted 30 March 2013 - 11:03 PM

ComboFix 13-03-30.01 - DJ Nando PC 03/30/2013  22:33:53.1.4 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.8191.5233 [GMT -4:00]
Running from: c:\users\DJ Nando PC\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system\fltr106.dll
c:\windows\SysWow64\1a9ca328.dll
c:\windows\SysWow64\5f119ca3.dll
c:\windows\SysWow64\66ca4c14.dll
c:\windows\SysWow64\URTTemp
c:\windows\SysWow64\URTTemp\regtlib.exe
.
.
(((((((((((((((((((((((((   Files Created from 2013-02-28 to 2013-03-31  )))))))))))))))))))))))))))))))
.
.
2013-03-31 02:39 . 2013-03-31 02:39 -------- d-----w- c:\users\Owner\AppData\Local\temp
2013-03-31 02:39 . 2013-03-31 02:39 -------- d-----w- c:\users\DJ Nando PC\AppData\Local\temp
2013-03-31 02:39 . 2013-03-31 02:39 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-03-31 02:39 . 2013-03-31 02:39 -------- d-----w- c:\users\Classic .NET AppPool\AppData\Local\temp
2013-03-31 02:19 . 2013-03-31 02:19 -------- d-----w- c:\programdata\Malwarebytes
2013-03-31 00:59 . 2013-03-15 06:28 9311288 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{611EB395-150F-4C98-BF0C-26FB2C398567}\mpengine.dll
2013-03-30 19:02 . 2013-03-30 19:02 -------- d-----w- c:\windows\Panther
2013-03-30 06:56 . 2013-03-30 06:56 -------- d-----w- c:\programdata\ATI
2013-03-30 06:56 . 2013-03-30 06:56 -------- d-----w- c:\program files (x86)\AMD AVT
2013-03-30 06:56 . 2013-03-30 06:56 -------- d-----w- c:\program files (x86)\AMD APP
2013-03-30 06:55 . 2013-03-30 06:55 -------- d-----w- c:\program files\Common Files\ATI Technologies
2013-03-30 06:55 . 2013-03-30 06:55 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies
2013-03-30 06:54 . 2013-03-30 06:56 -------- d-----w- c:\programdata\AMD
2013-03-30 06:53 . 2013-03-30 06:53 -------- d-----w- c:\program files (x86)\ATI Technologies
2013-03-30 06:53 . 2013-03-30 06:53 -------- d-----w- c:\program files\ATI
2013-03-30 06:52 . 2013-03-30 06:55 -------- d-----w- c:\program files\ATI Technologies
2013-03-30 06:49 . 2013-03-30 06:49 -------- d-----w- C:\AMD
2013-03-30 04:18 . 2013-03-30 04:55 -------- d-----w- c:\users\DJ Nando PC\AppData\Roaming\hpqLog
2013-03-30 03:05 . 2013-03-30 03:05 310688 ----a-w- c:\windows\system32\javaws.exe
2013-03-30 03:05 . 2013-03-30 03:05 963488 ----a-w- c:\windows\system32\deployJava1.dll
2013-03-30 03:05 . 2013-03-30 03:05 1085344 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-03-30 03:05 . 2013-03-30 03:05 108448 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2013-03-30 03:05 . 2013-03-30 03:05 188832 ----a-w- c:\windows\system32\javaw.exe
2013-03-30 03:05 . 2013-03-30 03:05 188320 ----a-w- c:\windows\system32\java.exe
2013-03-30 03:01 . 2013-03-30 03:01 -------- d-----w- c:\program files (x86)\Common Files\Java
2013-03-30 03:00 . 2013-03-30 03:00 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-03-30 03:00 . 2013-03-30 03:00 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-03-30 03:00 . 2013-03-30 03:00 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-03-30 03:00 . 2013-03-30 03:00 -------- d-----w- c:\program files (x86)\Java
2013-03-29 22:49 . 2013-02-12 04:12 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-03-29 20:54 . 2013-03-29 20:54 -------- d-s---w- c:\windows\SysWow64\Microsoft
2013-03-29 20:34 . 2009-10-20 09:03 491520 ----a-w- c:\windows\system\cmau106.dll
2013-03-29 20:34 . 2009-10-20 09:03 200704 ----a-w- c:\windows\SysWow64\cmpa106.dll
2013-03-29 20:34 . 2009-10-20 09:03 143360 ----a-w- c:\windows\Vmix106.dll
2013-03-29 20:34 . 2009-10-20 09:03 8151040 ----a-w- c:\windows\SysWow64\CM106.dll
2013-03-29 20:34 . 2009-10-20 09:03 389120 ----a-w- c:\windows\system32\CM106.cpl
2013-03-29 20:34 . 2009-10-20 09:03 221184 ----a-w- c:\windows\system\cm106eye.exe
2013-03-29 20:34 . 2009-10-20 09:02 787456 ----a-w- c:\windows\system32\Cmeau106.exe
2013-03-29 20:34 . 2009-10-20 09:02 359424 ----a-w- c:\windows\system32\CmiInstallResAll64.dll
2013-03-29 20:34 . 2009-10-20 09:02 524768 ----a-w- c:\windows\difxapi.dll
2013-03-29 20:09 . 2013-03-29 20:09 -------- d-----w- c:\users\DJ Nando PC\AppData\Local\Diagnostics
2013-03-29 19:59 . 2013-03-29 19:59 918 ----a-w- c:\windows\system32\new reg.reg
2013-03-12 00:14 . 2011-04-20 06:05 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll
2013-03-11 21:20 . 2013-03-12 23:33 -------- d-----w- c:\users\DJ Nando PC\AppData\Local\VMware
2013-03-11 21:20 . 2013-03-12 23:33 -------- d-----w- c:\users\DJ Nando PC\AppData\Roaming\VMware
2013-03-11 19:48 . 2012-08-21 17:01 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2013-03-11 19:48 . 2013-03-11 19:48 -------- d-----w- c:\program files\iPod
2013-03-11 19:48 . 2013-03-11 19:48 -------- d-----w- c:\program files\iTunes
2013-03-11 19:09 . 2012-10-24 18:17 67224 ----a-w- c:\windows\system32\vsocklib.dll
2013-03-11 19:09 . 2012-10-24 18:17 63128 ----a-w- c:\windows\SysWow64\vsocklib.dll
2013-03-11 19:09 . 2012-10-24 18:17 70296 ----a-w- c:\windows\system32\drivers\vsock.sys
2013-03-11 19:08 . 2013-02-26 06:28 67664 ----a-w- c:\windows\system32\drivers\vmx86.sys
2013-03-11 19:08 . 2013-02-26 06:27 33360 ----a-w- c:\windows\system32\drivers\VMkbd.sys
2013-03-11 19:08 . 2013-02-26 06:28 357456 ----a-w- c:\windows\SysWow64\vmnetdhcp.exe
2013-03-11 19:08 . 2013-02-26 06:28 436304 ----a-w- c:\windows\SysWow64\vmnat.exe
2013-03-11 19:08 . 2013-02-26 06:28 30800 ----a-w- c:\windows\system32\drivers\vmnetuserif.sys
2013-03-11 19:08 . 2013-02-26 06:29 933968 ----a-w- c:\windows\system32\vnetlib64.dll
2013-03-11 19:08 . 2012-10-11 20:15 52376 ----a-w- c:\windows\system32\drivers\hcmon.sys
2013-03-11 19:07 . 2013-03-11 19:07 -------- d-----w- c:\program files\Common Files\VMware
2013-03-11 19:07 . 2013-03-30 06:45 -------- d-----w- c:\programdata\VMware
2013-03-11 19:07 . 2013-03-11 19:07 -------- d-----w- c:\program files (x86)\VMware
2013-03-11 19:07 . 2013-03-11 19:07 -------- d-----w- c:\program files (x86)\Common Files\VMware
2013-03-11 11:51 . 2013-03-11 11:51 -------- d-----w- c:\windows\Hewlett-Packard
2013-03-11 11:23 . 2013-03-11 11:23 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2013-03-11 11:23 . 2013-03-11 11:23 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2013-03-11 11:23 . 2013-03-11 11:23 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2013-03-11 11:23 . 2013-03-11 11:23 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2013-03-11 11:23 . 2013-03-11 11:23 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2013-03-11 11:23 . 2013-03-11 11:23 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2013-03-11 11:23 . 2013-03-11 11:23 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2013-03-11 11:22 . 2013-03-11 11:23 -------- d-----w- c:\program files (x86)\QuickTime
2013-03-11 11:19 . 2013-03-11 11:19 -------- d-----w- c:\program files (x86)\Bonjour
2013-03-11 10:48 . 2013-03-12 03:55 -------- d-----w- c:\users\Administrator.DJNandoPC-HP
2013-03-11 00:40 . 2013-03-11 00:40 -------- d-----w- c:\users\DJ Nando PC\AppData\Roaming\InstallShield
2013-03-10 22:59 . 2013-03-10 22:59 -------- d-----w- c:\program files\Java
2013-03-10 22:47 . 2013-03-11 19:48 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-03-10 21:06 . 2013-03-06 22:32 287840 ----a-w- c:\windows\system32\aswBoot.exe
2013-03-10 20:50 . 2012-07-06 20:07 552960 ----a-w- c:\windows\system32\drivers\bthport.sys
2013-03-10 20:50 . 2011-04-28 03:54 80384 ----a-w- c:\windows\system32\drivers\BTHUSB.SYS
2013-03-10 20:50 . 2011-03-25 03:29 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2013-03-10 20:50 . 2011-03-25 03:29 98816 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2013-03-10 20:50 . 2011-03-25 03:29 325120 ----a-w- c:\windows\system32\drivers\usbport.sys
2013-03-10 20:50 . 2011-03-25 03:29 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys
2013-03-10 20:50 . 2011-03-25 03:29 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2013-03-10 20:50 . 2011-03-25 03:28 7936 ----a-w- c:\windows\system32\drivers\usbd.sys
2013-03-10 20:49 . 2011-03-11 06:33 2565632 ----a-w- c:\windows\system32\esent.dll
2013-03-10 20:49 . 2011-03-11 06:30 96768 ----a-w- c:\windows\system32\fsutil.exe
2013-03-10 20:49 . 2011-03-11 06:41 189824 ----a-w- c:\windows\system32\drivers\storport.sys
2013-03-10 20:49 . 2011-03-11 06:41 166272 ----a-w- c:\windows\system32\drivers\nvstor.sys
2013-03-10 20:49 . 2011-03-11 06:41 148352 ----a-w- c:\windows\system32\drivers\nvraid.sys
2013-03-10 20:49 . 2011-03-11 06:41 410496 ----a-w- c:\windows\system32\drivers\iaStorV.sys
2013-03-10 20:49 . 2011-03-11 05:33 1699328 ----a-w- c:\windows\SysWow64\esent.dll
2013-03-10 20:49 . 2011-03-11 05:31 74240 ----a-w- c:\windows\SysWow64\fsutil.exe
2013-03-10 20:49 . 2011-03-11 04:37 91648 ----a-w- c:\windows\system32\drivers\USBSTOR.SYS
2013-03-10 17:23 . 2013-03-11 00:38 -------- d-----w- c:\users\DefaultAppPool
2013-03-10 14:40 . 2013-03-31 02:43 4194304 ----a-w- c:\windows\ServiceProfiles\NetworkService\msmqlog.bin
2013-03-10 14:39 . 2013-03-10 14:39 -------- d-----w- c:\windows\SysWow64\BestPractices
2013-03-10 14:39 . 2013-03-10 14:39 -------- d-----w- c:\windows\system32\msmq
2013-03-10 14:39 . 2013-03-10 14:39 -------- d-----w- c:\windows\system32\BestPractices
2013-03-10 14:34 . 2013-03-29 23:03 -------- d-----w- c:\program files\Microsoft Silverlight
2013-03-10 14:34 . 2013-03-29 23:03 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2013-03-10 14:07 . 2013-03-11 00:38 -------- d-----w- c:\program files\Microsoft Windows Performance Toolkit
2013-03-10 14:07 . 2013-03-10 14:07 -------- d-----w- c:\program files\Microsoft Help Viewer
2013-03-10 14:03 . 2013-03-11 00:38 -------- d-----w- c:\program files\Debugging Tools for Windows (x64)
2013-03-10 14:03 . 2013-03-10 14:03 -------- d-----w- c:\program files (x86)\Application Verifier
2013-03-10 14:03 . 2013-03-10 14:03 -------- d-----w- c:\program files\Application Verifier (x64)
2013-03-10 13:48 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2013-03-10 13:48 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2013-03-10 13:48 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2013-03-10 13:48 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
2013-03-10 13:37 . 2013-01-09 01:10 996352 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-03-10 13:37 . 2013-01-08 22:01 768000 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-03-10 13:19 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll
2013-03-10 13:19 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2013-03-10 13:19 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll
2013-03-10 13:19 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2013-03-10 13:18 . 2013-03-10 13:18 -------- d-----w- c:\program files\Microsoft SDKs
2013-03-10 13:18 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2013-03-10 13:18 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2013-03-10 13:17 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2013-03-10 13:17 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2013-03-10 13:17 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2013-03-10 13:17 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
2013-03-10 13:17 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2013-03-10 13:03 . 2013-03-10 13:04 -------- d-----w- c:\windows\SysWow64\Adobe
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-29 22:54 . 2011-03-07 01:17 72013344 ----a-w- c:\windows\system32\MRT.exe
2013-03-15 06:28 . 2011-03-07 00:11 9311288 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-02-26 06:27 . 2013-02-26 06:27 62104 ----a-w- c:\windows\system32\vmnetbridge.dll
2013-02-26 06:27 . 2013-02-26 06:27 48792 ----a-w- c:\windows\system32\vnetinst.dll
2013-02-26 06:27 . 2013-02-26 06:27 45720 ----a-w- c:\windows\system32\drivers\vmnetbridge.sys
2013-02-26 06:27 . 2013-02-26 06:27 24216 ----a-w- c:\windows\system32\drivers\vmnet.sys
2013-02-26 06:27 . 2013-02-26 06:27 20120 ----a-w- c:\windows\system32\drivers\vmnetadapter.sys
2013-02-26 04:59 . 2013-02-26 04:59 360528 ----a-w- c:\windows\SysWow64\vmnc.dll
2013-02-12 05:45 . 2013-03-29 22:49 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45 . 2013-03-29 22:49 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45 . 2013-03-29 22:49 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45 . 2013-03-29 22:49 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48 . 2013-03-29 22:49 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-29 22:49 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-01-30 10:53 . 2011-03-06 23:51 273840 ------w- c:\windows\system32\MpSigStub.exe
2013-01-04 04:43 . 2013-03-10 12:56 44032 ----a-w- c:\windows\apppatch\acwow64.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Desktop Disc Tool"="c:\program files (x86)\Roxio 2011\Roxio Burn\RoxioBurnLauncher.exe" [2010-06-30 477680]
"Media Codec Update Service"="c:\program files (x86)\Essentials Codec Pack\WECPUpdate.exe" [2009-01-25 196608]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-02-20 152392]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-12-19 642808]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableInstallerDetection"= 0 (0x0)
"EnableSecureUIAPaths"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableVirtualization"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"CPMonitor"="c:\program files (x86)\Roxio\CinePlayer\5.0\CPMonitor.exe"
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatch13.exe [2010-07-16 354288]
R3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
R3 AODDriver4.0;AODDriver4.0;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-04-09 57472]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-04-14 54824]
R3 HP8207_8307;HP-HP8207_8307;c:\windows\system32\DRIVERS\HP8207_8307.sys [2010-02-05 15360]
R3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [2009-10-07 30232]
R3 LVPrcS64;Process Monitor;c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2009-10-07 191000]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-10-25 40832]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-25 72064]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]
R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-01-22 77824]
R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-01-22 180224]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 RoxMediaDB13;RoxMediaDB13;c:\program files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxMediaDB13.exe [2010-07-16 1099248]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-04-21 471144]
R3 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-20 88960]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-20 117248]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-02-18 51712]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [2010-11-20 113536]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-03-07 1255736]
R4 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2010-09-28 1119768]
S0 ahcix64s;ahcix64s;c:\windows\system32\DRIVERS\ahcix64s.sys [2009-10-06 230456]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [2010-08-13 75904]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [2010-08-13 38016]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
S0 Sahdad64;HDD Filter Driver;c:\windows\System32\Drivers\Sahdad64.sys [2009-06-02 27120]
S0 Saibad64;Volume Filter Driver;c:\windows\System32\Drivers\Saibad64.sys [2009-06-02 19952]
S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys [2012-10-24 85104]
S0 vsock;vSockets Driver;c:\windows\system32\drivers\vsock.sys [2012-10-24 70296]
S1 archlp;archlp;c:\windows\system32\drivers\archlp.sys [2011-11-18 139840]
S1 SaibVdAd64;Virtual Disk Driver;c:\windows\system32\Drivers\SaibVdAd64.sys [2009-06-02 27632]
S2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269;Roxio SAIB Service;c:\program files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe [2009-06-03 457200]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-12-19 240640]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-12-19 361984]
S2 AODDriver4.2;AODDriver4.2;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-04-09 57472]
S2 BOT4Service;BOT4Service;c:\program files (x86)\Roxio\BackOnTrack\App\BService.exe [2010-09-13 39408]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-08-06 291896]
S2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-09-11 399344]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2012-10-11 918680]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-11-06 96256]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2009-10-07 327704]
S3 LVUVC64;Logitech QuickCam S7500(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2009-10-07 6379288]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2012-12-06 2350176]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-12-22 38456]
S3 USBMULCD;USB Multi-Channel Audio Device Interface;c:\windows\system32\drivers\CM10664.sys [2009-09-30 1307648]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ    w3svc was
apphost REG_MULTI_SZ    apphostsvc
.
Contents of the 'Scheduled Tasks' folder
.
2013-03-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-10 02:55]
.
2013-03-11 c:\windows\Tasks\HPCeeScheduleForAdministrator.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]
.
2013-03-10 c:\windows\Tasks\HPCeeScheduleForDJ Nando PC.job
- c:\program files (x86)\hewlett-packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]
.
2013-03-10 c:\windows\Tasks\HPCeeScheduleForDJNANDOPC-HP$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cm106Sound"="c:\windows\Syswow64\cm106.dll" [2009-10-20 8151040]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService
FontCache
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
uLocal Page = c:\windows\system32\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.0.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{7b13ec3e-999a-4b70-b9cb-2617b8323822} - (no file)
Wow6432Node-HKCU-Run-Sidebar - c:\program files (x86)\Windows Sidebar\Sidebar.exe
Wow6432Node-HKCU-Run-HPADVISOR - (no file)
AddRemove-dtsac3 - c:\windows\system32\undts.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1711144829-5549640-2036380566-500\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (Administrator)
"{8E5E2654-AD2D-48BF-AC2D-D17F00898D06}"=hex:51,66,7a,6c,4c,1d,3b,1b,44,39,4b,
   96,1b,ff,d4,01,b8,24,9a,3f,05,cf,cc,13
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,3b,1b,0c,17,ca,
   00,9b,ba,e8,0b,b1,9f,b1,17,89,68,fc,d6
.
[HKEY_USERS\S-1-5-21-1711144829-5549640-2036380566-500\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (Administrator)
"Timestamp"=hex:5a,10,c2,22,47,1e,ce,01
.
[HKEY_USERS\S-1-5-21-1711144829-5549640-2036380566-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e0,51,76,58,98,e4,73,49,b2,d6,56,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e0,51,76,58,98,e4,73,49,b2,d6,56,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWow64\perfhost.exe
c:\windows\SysWOW64\vmnat.exe
c:\program files (x86)\VMware\VMware Player\vmware-authd.exe
c:\windows\SysWOW64\vmnetdhcp.exe
c:\windows\SysWOW64\rundll32.exe
c:\windows\system\Cm106eye.exe
.
**************************************************************************
.
Completion time: 2013-03-30  22:47:39 - machine was rebooted
ComboFix-quarantined-files.txt  2013-03-31 02:47
.
Pre-Run: 542,195,884,032 bytes free
Post-Run: 542,816,628,736 bytes free
.
- - End Of File - - 8178DFF740EB6A906FF1BB213ED3C9BB
 


Edited by Orange Blossom, 30 March 2013 - 11:12 PM.
Moved to log forum. ~ OB


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,767 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:09 PM

Posted 31 March 2013 - 08:44 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===
Please download and run this DDS Scanning Tool. Nothing will be deleted. It will just give me some additional information about your system.

Download DDS by sUBs from one of the following links, if you no longer have it available. Save it to your desktop.

1: DDS.scr (Not recommended if you use Chrome to download this .scr file. Use the other options.)
2: DDS.pif
3: DDS.COM

Double click on the DDS icon, allow it to run.
A small box will open, with an explanation about the tool. No input is needed, the scan is running.
Notepad will open with the results.
Follow the instructions that pop up for posting the results.
Please note: You may have to disable any script protection running if the scan fails to run.

dds_scr.gif

Please just paste the contents of the DDS.txt log in your next post. DO NOT attach the log.
===

Third party programs if not up to date can be the cause of infiltration an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Search and delete the AdWare, PUP (Potentially Unwanted Program) installed on your computer.

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete tab follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Rn].txt (n is a number).
Please paste the logs in your next reply, DO NOT ATTACH THEM
Let me know what problem persists.

#3 nasdaq

nasdaq

  • Malware Response Team
  • 38,767 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:09 PM

Posted 05 April 2013 - 10:01 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users