Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

infected with Zeroaccess rootkit & audio ads playing


  • This topic is locked This topic is locked
23 replies to this topic

#1 anothereternity

anothereternity

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:01 AM

Posted 07 July 2013 - 10:41 PM

Issue identified by audio ads playing randomly. Tried finding program to shut down in processes without luck. Issue is still going (just checked). Also was getting several blue screens (when accessing internet browser) which I never had before, but don't know if the two are connected.

 

Had avast. Downloaded malware bytes anti-malware and neither have solved. Worked with an advisor in the following thread who sent me to follow guide here. Original thread:

 

http://www.bleepingcomputer.com/forums/t/500061/ads-playing-randomly-virus/

 

 

DDS logs:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16611
Run by Twyggs at 20:28:41 on 2013-07-07
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3893.1103 [GMT -7:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Puppy Tweets Middleware\Puppy Tweets.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Windows\System32\MsSpellCheckingFacility.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [Adobe Reader Speed Launcher] "c:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Dell Registration] C:\Program Files (x86)\System Registration\prodreg.exe /boot
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [PuppyTweet] C:\Program Files (x86)\Puppy Tweets Middleware\Puppy Tweets.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{6D92B4B2-9812-4E2E-893D-90393EEBFEFB} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{6D92B4B2-9812-4E2E-893D-90393EEBFEFB}\7596C6C6F6770274C656E6 : DHCPNameServer = 10.255.255.33 10.255.255.32
TCP: Interfaces\{6D92B4B2-9812-4E2E-893D-90393EEBFEFB}\86F6D656E6564777F627B6 : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [DellStage] "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup
x64-Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe
x64-Run: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [EKIJ5000StatusMonitor] C:\Windows\System32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - <orphaned>
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: GoToAssist - C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Twyggs\AppData\Roaming\Mozilla\Firefox\Profiles\a2xle1ax.default\
FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Common Files\Motive\npMotive.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\3\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;aswRvrt;C:\Windows\System32\drivers\aswRvrt.sys [2013-4-28 65336]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2011-6-19 55856]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2013-4-28 1025808]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2013-4-28 377920]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2011-6-19 98208]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2013-4-28 33400]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2013-4-28 80816]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-4-28 45248]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2012-8-23 13672]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-7-4 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-7-4 701512]
R2 McciCMService64;McciCMService64;C:\Program Files\Common Files\Motive\McciCMService.exe [2012-5-25 517632]
R2 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-25 2823000]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2011-6-19 689472]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-6-19

2533400]
R3 btusbflt;Bluetooth USB Filter;C:\Windows\System32\drivers\btusbflt.sys [2011-6-19 53800]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2011-6-19 35104]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2011-6-19 56344]
R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2011-6-19 158976]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-6-19 287232]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2011-6-19 74280]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-7-4 25928]
R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers\NETw5s64.sys [2011-6-19 7680512]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S3 aswVmm;aswVmm;C:\Windows\System32\drivers\aswVmm.sys [2013-4-28 178624]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2011-6-19 175168]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-3-5 340240]
S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2011-6-19 245792]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-8-18 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2013-07-08 01:38:59 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8C8E8B53-DACA-40BE-8582-ACABF37F431B}\offreg.dll
2013-07-08 01:30:20 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-07-08 00:50:53 9552976 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8C8E8B53-DACA-40BE-8582-ACABF37F431B}\mpengine.dll
2013-07-04 11:02:30 -------- d-----w- C:\Users\Twyggs\AppData\Roaming\Malwarebytes
2013-07-04 11:02:21 -------- d-----w- C:\ProgramData\Malwarebytes
2013-07-04 11:02:20 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-07-04 11:02:20 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-04 03:30:56 57 ----a-w- C:\ProgramData\eof4oc.bat
2013-07-04 03:30:56 152 ----a-w- C:\ProgramData\eof4oc.reg
2013-07-02 15:25:44 -------- d-----w- C:\Users\Twyggs\AppData\Local\Diagnostics
2013-06-22 21:08:25 -------- d-----w- C:\Users\Twyggs\AppData\Local\ElevatedDiagnostics
2013-06-16 14:41:33 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-06-14 01:58:50 903168 ----a-w- C:\Windows\SysWow64\certutil.exe
2013-06-14 01:58:50 1192448 ----a-w- C:\Windows\System32\certutil.exe
2013-06-14 01:58:49 52224 ----a-w- C:\Windows\System32\certenc.dll
2013-06-14 01:58:49 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2013-06-14 01:58:49 1464320 ----a-w- C:\Windows\System32\crypt32.dll
2013-06-14 01:58:49 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2013-06-14 01:58:49 139776 ----a-w- C:\Windows\System32\cryptnet.dll
2013-06-14 01:58:49 1160192 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-06-14 01:58:49 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2013-06-14 01:58:48 43008 ----a-w- C:\Windows\SysWow64\certenc.dll
2013-06-12 03:35:14 1910632 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-06-12 03:35:13 751104 ----a-w- C:\Windows\System32\win32spl.dll
2013-06-12 03:35:13 492544 ----a-w- C:\Windows\SysWow64\win32spl.dll
2013-06-12 03:35:10 30720 ----a-w- C:\Windows\System32\cryptdlg.dll
2013-06-12 03:35:10 24576 ----a-w- C:\Windows\SysWow64\cryptdlg.dll
2013-06-12 03:35:07 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2013-06-12 03:35:07 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2013-06-12 03:34:49 1887232 ----a-w- C:\Windows\System32\d3d11.dll
2013-06-12 03:34:48 1505280 ----a-w- C:\Windows\SysWow64\d3d11.dll
.
==================== Find3M  ====================
.
2013-06-15 02:11:37 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-15 02:11:37 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-06-08 12:28:46 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-05-17 01:25:57 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-05-17 01:25:27 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-05-17 01:25:26 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-05-17 01:25:26 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-05-17 00:59:03 2241024 ----a-w- C:\Windows\System32\wininet.dll
2013-05-17 00:58:10 3958784 ----a-w- C:\Windows\System32\jscript9.dll
2013-05-17 00:58:08 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-05-17 00:58:08 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-05-14 12:23:25 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-05-14 08:40:13 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-05-02 09:06:08 278800 ------w- C:\Windows\System32\MpSigStub.exe
2013-04-13 05:49:23 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49:19 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49:19 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49:19 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45:16 474624 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
2013-04-13 04:45:15 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll
2013-04-12 14:45:08 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2013-04-10 06:01:54 265064 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
2013-04-10 06:01:53 983400 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2013-04-10 03:30:50 3153920 ----a-w- C:\Windows\System32\win32k.sys
.
============= FINISH: 20:29:46.31 ===============

 

 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:01 AM

Posted 08 July 2013 - 04:09 AM

Hi there,
my name is Marius and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 

 

 

 

Please download Malwarebytes Anti-Rootkit from here Malwarebytes : Malwarebytes Anti-Rootkit and save it to your desktop.

Be sure to print out and follow the instructions provided on that same page.

Caution: This is a beta version so please be sure to read the disclaimer and back up any important data before using.

  • Double click the mbar.zip file to open it, then 'Extract all files'.
  • Double click the mbar folder to open it, then double click mbar.exe to start the tool.

Check for Updates, then Scan your system for malware

If malware is found, do NOT press the Cleanup button yet. Click EXIT.

I'd like to see the log first so I can see what it sees. You'll find the log in that mbar folder as MBAR-log-***.txt . Please attach that to your next reply.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#3 anothereternity

anothereternity
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:01 AM

Posted 08 July 2013 - 09:10 PM

Malwarebytes Anti-Rootkit BETA 1.06.0.1004
www.malwarebytes.org

Database version: v2013.07.09.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16618
Twyggs :: PINKONE [administrator]

7/8/2013 6:10:33 PM
mbar-log-2013-07-08 (18-10-33).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P
Scan options disabled: PUP
Kernel memory modifications detected. Deep Anti-Rootkit Scan engaged.
Objects scanned: 320738
Time elapsed: 51 minute(s), 48 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 2
HKCU\SOFTWARE\CLASSES\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9} (Hijack.Trojan.Siredef.C) -> No action taken.
HKCU\SOFTWARE\CLASSES\CLSID\{FBEB8A05-BEEE-4442-804E-409D6C4515E9}\INPROCSERVER32 (Trojan.Zaccess) -> No action taken.

Registry Values Detected: 1
HKCU\SOFTWARE\CLASSES\CLSID\{FBEB8A05-BEEE-4442-804E-409D6C4515E9}\INPROCSERVER32| (Trojan.Zaccess) -> Data: C:\$Recycle.Bin\S-1-5-21-3659427652-1916372697-559431921-1005\$c614d3bf243a3fd7a4fd36cd3756874b\n. -> No action taken.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 3
c:\$Recycle.Bin\S-1-5-21-3659427652-1916372697-559431921-1001\$c614d3bf243a3fd7a4fd36cd3756874b\U (Trojan.Siredef.C) -> No action taken.
c:\$Recycle.Bin\S-1-5-21-3659427652-1916372697-559431921-1001\$c614d3bf243a3fd7a4fd36cd3756874b\L (Trojan.Siredef.C) -> No action taken.
c:\$Recycle.Bin\S-1-5-21-3659427652-1916372697-559431921-1001\$c614d3bf243a3fd7a4fd36cd3756874b (Trojan.Siredef.C) -> No action taken.

Files Detected: 3
c:\$Recycle.Bin\S-1-5-21-3659427652-1916372697-559431921-1001\$c614d3bf243a3fd7a4fd36cd3756874b\@ (Trojan.Siredef.C) -> No action taken.
c:\$Recycle.Bin\S-1-5-21-3659427652-1916372697-559431921-1001\$c614d3bf243a3fd7a4fd36cd3756874b\U\00000008.@ (Trojan.Siredef.C) -> No action taken.
c:\$Recycle.Bin\S-1-5-21-3659427652-1916372697-559431921-1001\$c614d3bf243a3fd7a4fd36cd3756874b\L\00000004.@ (Trojan.Siredef.C) -> No action taken.

Physical Sectors Detected: 2
Master Boot Record on Drive #0 (Unknown.Rootkit.MBR) -> No action taken.
Physical Sector #976772901 on Drive #0 (Forged physical sector) -> No action taken.

(end)

 

 

Please let me know if you would like the log attached instead. As instructed, I existed without selecting Cleanup.



#4 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:01 AM

Posted 09 July 2013 - 01:11 AM

Run another scan with mbar.exe and click the CleanUp button. It will require a reboot.

When it has rebooted, run another scan with mbar.exe and click CleanUp again if necessary.

Send the mbar-log.txt along with an update on machine behavior.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#5 anothereternity

anothereternity
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:01 AM

Posted 10 July 2013 - 08:41 PM

Ran MBAR, it crashed (blue screen) part way through scan, ran again successfully and did Cleanup.

 

Rebooted and ran MBAR again, said no cleanup required. Log as follows:

 

 

Malwarebytes Anti-Rootkit BETA 1.06.0.1004
www.malwarebytes.org

Database version: v2013.07.10.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16618
Twyggs :: PINKONE [administrator]

7/10/2013 6:38:31 AM
mbar-log-2013-07-10 (06-38-31).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P
Scan options disabled: PUP
Objects scanned: 320596
Time elapsed: 27 minute(s), 12 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

 

 

So far, no audio ads have played. Computer is acting normal. Is there anything else I need to do to make sure its clean or should that be it?



#6 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:01 AM

Posted 11 July 2013 - 12:06 AM

We´re not finished yet - you had several nasty malwares running and we have to ensure they´re gone.

 

 

 

Combofix

Combofix should only be run when adviced by a team member!

Link


Important - Save the file to your desktop!


  • Deactivate any and all of your antivirus programs /spyware scanners - they can prevent CF from doing its work.
  • Run Combofix.exe


When finished, Combofix creates a log file named C:\Combofix.txt. Please post its content in your next reply.

Note: When receiving an error message containing ""Illegal operation attempted on a registry key that has been marked for deletion" simply restart your computer to fix this.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#7 anothereternity

anothereternity
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:01 AM

Posted 11 July 2013 - 12:24 AM

Combo fix ran many seconds, then just closed. I can't find the log file anywhere...

 

Is that normal?



#8 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:01 AM

Posted 11 July 2013 - 12:26 AM

Reboot into safe mode and try again - this is not normal!


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#9 anothereternity

anothereternity
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:01 AM

Posted 11 July 2013 - 12:30 AM

Woah, now like a couple minutes later, a blue prompt style screen showed up with administrator listed at the top. It says "Please wait. ComboFix is preparing to run. Attempting to create a new System Restore point."

 

Is this normal, or do I need to x out and reboot in safe mode?



#10 anothereternity

anothereternity
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:01 AM

Posted 11 July 2013 - 12:36 AM

Ok, looked up combo fix. This screen looks like it is correct. I guess there was just a little delay between windows

#11 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:01 AM

Posted 11 July 2013 - 12:37 AM

ok, then let Combofix do its work


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#12 anothereternity

anothereternity
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:01 AM

Posted 11 July 2013 - 12:47 AM

OK, it looks like it ran successfully:

 

ComboFix 13-07-09.01 - Twyggs 07/10/2013  22:32:58.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3893.1649 [GMT -7:00]
Running from: c:\users\Twyggs\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\eof4oc.bat
c:\programdata\l476n7a8.exe.b
c:\programdata\l476n7a8.exe_.b
c:\programdata\Microsoft\Windows\DRM\26B3.tmp
c:\users\Main\AppData\Local\Microsoft\Windows\Temporary Internet Files\{3EBF8E04-C069-401C-BBE2-81FE9EF0EE80}.xps
c:\users\Main\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc1495.tmp
c:\users\Sharon\AppData\Local\Microsoft\Windows\Temporary Internet Files\{3EBF8E04-C069-401C-BBE2-81FE9EF0EE80}.xps
c:\users\Sharon\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc1495.tmp
.
.
(((((((((((((((((((((((((   Files Created from 2013-06-11 to 2013-07-11  )))))))))))))))))))))))))))))))
.
.
2013-07-11 05:42 . 2013-07-11 05:42 -------- d-----w- c:\users\Sharon\AppData\Local\temp
2013-07-11 05:26 . 2013-07-11 05:26 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{726ADC8D-C19F-44E4-86A9-B0ED981F8F3B}\offreg.dll
2013-07-11 01:51 . 2013-07-11 01:54 -------- d-----w- C:\AntiVir
2013-07-10 12:43 . 2013-06-12 03:08 9552976 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{726ADC8D-C19F-44E4-86A9-B0ED981F8F3B}\mpengine.dll
2013-07-08 01:30 . 2013-07-11 01:36 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-07-04 11:02 . 2013-07-04 11:02 -------- d-----w- c:\users\Twyggs\AppData\Roaming\Malwarebytes
2013-07-04 11:02 . 2013-07-04 11:02 -------- d-----w- c:\programdata\Malwarebytes
2013-07-04 11:02 . 2013-07-04 11:02 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-07-04 11:02 . 2013-04-04 21:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-07-04 03:30 . 2013-07-04 03:30 152 ----a-w- c:\programdata\eof4oc.reg
2013-07-02 15:25 . 2013-07-02 15:25 -------- d-----w- c:\users\Twyggs\AppData\Local\Diagnostics
2013-06-29 16:30 . 2013-06-29 16:30 -------- d-----w- c:\program files (x86)\7-Zip
2013-06-22 21:08 . 2013-06-22 21:08 -------- d-----w- c:\users\Twyggs\AppData\Local\ElevatedDiagnostics
2013-06-21 20:30 . 2013-06-21 20:30 -------- d-----w- c:\users\Default\AppData\Local\Google
2013-06-16 14:41 . 2013-06-08 12:28 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-06-14 01:58 . 2013-05-13 03:43 1192448 ----a-w- c:\windows\system32\certutil.exe
2013-06-14 01:58 . 2013-05-13 03:08 903168 ----a-w- c:\windows\SysWow64\certutil.exe
2013-06-14 01:58 . 2013-05-13 05:51 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2013-06-14 01:58 . 2013-05-13 05:51 1464320 ----a-w- c:\windows\system32\crypt32.dll
2013-06-14 01:58 . 2013-05-13 05:51 139776 ----a-w- c:\windows\system32\cryptnet.dll
2013-06-14 01:58 . 2013-05-13 05:50 52224 ----a-w- c:\windows\system32\certenc.dll
2013-06-14 01:58 . 2013-05-13 04:45 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2013-06-14 01:58 . 2013-05-13 04:45 1160192 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-06-14 01:58 . 2013-05-13 04:45 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2013-06-14 01:58 . 2013-05-13 03:08 43008 ----a-w- c:\windows\SysWow64\certenc.dll
2013-06-12 03:35 . 2013-05-08 06:39 1910632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-06-12 03:35 . 2013-04-26 05:51 751104 ----a-w- c:\windows\system32\win32spl.dll
2013-06-12 03:35 . 2013-04-26 04:55 492544 ----a-w- c:\windows\SysWow64\win32spl.dll
2013-06-12 03:35 . 2013-05-10 05:49 30720 ----a-w- c:\windows\system32\cryptdlg.dll
2013-06-12 03:35 . 2013-05-10 03:20 24576 ----a-w- c:\windows\SysWow64\cryptdlg.dll
2013-06-12 03:35 . 2013-04-17 07:02 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2013-06-12 03:35 . 2013-04-17 06:24 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2013-06-12 03:34 . 2013-03-31 22:52 1887232 ----a-w- c:\windows\system32\d3d11.dll
2013-06-12 03:34 . 2013-04-25 23:30 1505280 ----a-w- c:\windows\SysWow64\d3d11.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-16 14:43 . 2012-05-26 14:00 75825640 ----a-w- c:\windows\system32\MRT.exe
2013-06-15 02:11 . 2013-02-09 00:02 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-15 02:11 . 2013-02-09 00:02 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-10 02:19 . 2010-06-24 16:33 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-02 09:06 . 2010-11-21 03:27 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-04-13 05:49 . 2013-05-15 10:08 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-15 10:08 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-15 10:08 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-15 10:08 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-15 10:08 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-15 10:08 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-04-12 14:45 . 2013-04-27 13:54 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2010-08-19 487562]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-16 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-16 932288]
"Dell Registration"="c:\program files (x86)\System Registration\prodreg.exe" [2010-11-10 4144448]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"PuppyTweet"="c:\program files (x86)\Puppy Tweets Middleware\Puppy Tweets.exe" [2010-09-28 988408]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-03-06 4767304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe" [2010-08-11 163040]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-12-29 1082656]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 aswVmm;aswVmm; [x]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 aswRvrt;aswRvrt; [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 McciCMService64;McciCMService64;c:\program files\Common Files\Motive\McciCMService.exe;c:\program files\Common Files\Motive\McciCMService.exe [x]
S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [x]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys;c:\windows\SYSNATIVE\drivers\btusbflt.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys;c:\windows\SYSNATIVE\DRIVERS\NETw5s64.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-07-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-09 02:11]
.
2013-07-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-02-09 00:02]
.
2013-07-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-02-09 00:02]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-03-06 22:32 133840 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-06-07 06:57 778192 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-06-07 06:57 778192 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-06-07 06:57 778192 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2013-06-07 06:57 778192 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-06-07 06:57 778192 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-06-07 06:57 778192 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-04-14 10144288]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-07-29 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-07-29 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-07-29 415256]
"DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2011-01-25 1802472]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-03-05 1928976]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"EKIJ5000StatusMonitor"="c:\windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe" [2010-09-02 2045440]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~4\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Twyggs\AppData\Roaming\Mozilla\Firefox\Profiles\a2xle1ax.default\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-WT089446 - c:\program files (x86)\WildTangent\Dell Games\Wedding Dash - Ready
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3659427652-1916372697-559431921-1005_Classes\CLSID\{075C8EF1-4A0D-BB4E-8B73-25F5F292B509}]
@Denied: (A 4) (Everyone)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-07-10  22:43:35
ComboFix-quarantined-files.txt  2013-07-11 05:43
.
Pre-Run: 329,737,138,176 bytes free
Post-Run: 333,424,054,272 bytes free
.
- - End Of File - - 8E6CFBFCE0986B6E3E97ECC8D3D28BB6
D41D8CD98F00B204E9800998ECF8427E



#13 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:01 AM

Posted 11 July 2013 - 12:54 AM

Combofix scripting

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Download the attached CFScript.txt and save it to the location where Combofix is.


CFScriptB-4.gif


Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

 

 

Quick Scan with Malwarebytes Antimalware

  • If not existing, please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.


If the program is already installed:
  • Run Malwarebytes Antimalware
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location.
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Post that log back here.

 

Attached Files


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#14 anothereternity

anothereternity
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:01 AM

Posted 11 July 2013 - 01:22 AM

Here's the Combofix log. Will get started on the second part- the malware bytes scan next

 

ComboFix 13-07-09.01 - Twyggs 07/10/2013  23:01:02.2.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3893.1634 [GMT -7:00]
Running from: c:\users\Twyggs\Desktop\ComboFix.exe
Command switches used :: c:\users\Twyggs\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\programdata\eof4oc.reg"
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\eof4oc.reg
.
Infected copy of c:\windows\SysWow64\userinit.exe was found and disinfected
Restored copy from - c:\windows\erdnt\cache86\userinit.exe
.
.
(((((((((((((((((((((((((   Files Created from 2013-06-11 to 2013-07-11  )))))))))))))))))))))))))))))))
.
.
2013-07-11 06:08 . 2013-07-11 06:08 -------- d-----w- c:\users\Sharon\AppData\Local\temp
2013-07-11 06:08 . 2013-07-11 06:08 -------- d-----w- c:\users\Main\AppData\Local\temp
2013-07-11 06:08 . 2013-07-11 06:08 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-07-11 06:08 . 2013-07-11 06:08 -------- d-----w- c:\users\Ano\AppData\Local\temp
2013-07-11 01:51 . 2013-07-11 01:54 -------- d-----w- C:\AntiVir
2013-07-10 12:43 . 2013-06-12 03:08 9552976 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{726ADC8D-C19F-44E4-86A9-B0ED981F8F3B}\mpengine.dll
2013-07-04 11:02 . 2013-07-04 11:02 -------- d-----w- c:\users\Twyggs\AppData\Roaming\Malwarebytes
2013-07-04 11:02 . 2013-07-04 11:02 -------- d-----w- c:\programdata\Malwarebytes
2013-07-04 11:02 . 2013-07-04 11:02 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-07-04 11:02 . 2013-04-04 21:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-07-02 15:25 . 2013-07-02 15:25 -------- d-----w- c:\users\Twyggs\AppData\Local\Diagnostics
2013-06-29 16:30 . 2013-06-29 16:30 -------- d-----w- c:\program files (x86)\7-Zip
2013-06-22 21:08 . 2013-06-22 21:08 -------- d-----w- c:\users\Twyggs\AppData\Local\ElevatedDiagnostics
2013-06-21 20:30 . 2013-06-21 20:30 -------- d-----w- c:\users\Default\AppData\Local\Google
2013-06-16 14:41 . 2013-06-08 12:28 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-06-14 01:58 . 2013-05-13 03:43 1192448 ----a-w- c:\windows\system32\certutil.exe
2013-06-14 01:58 . 2013-05-13 03:08 903168 ----a-w- c:\windows\SysWow64\certutil.exe
2013-06-14 01:58 . 2013-05-13 05:51 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2013-06-14 01:58 . 2013-05-13 05:51 1464320 ----a-w- c:\windows\system32\crypt32.dll
2013-06-14 01:58 . 2013-05-13 05:51 139776 ----a-w- c:\windows\system32\cryptnet.dll
2013-06-14 01:58 . 2013-05-13 05:50 52224 ----a-w- c:\windows\system32\certenc.dll
2013-06-14 01:58 . 2013-05-13 04:45 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2013-06-14 01:58 . 2013-05-13 04:45 1160192 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-06-14 01:58 . 2013-05-13 04:45 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2013-06-14 01:58 . 2013-05-13 03:08 43008 ----a-w- c:\windows\SysWow64\certenc.dll
2013-06-12 03:35 . 2013-05-08 06:39 1910632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-06-12 03:35 . 2013-04-26 05:51 751104 ----a-w- c:\windows\system32\win32spl.dll
2013-06-12 03:35 . 2013-04-26 04:55 492544 ----a-w- c:\windows\SysWow64\win32spl.dll
2013-06-12 03:35 . 2013-05-10 05:49 30720 ----a-w- c:\windows\system32\cryptdlg.dll
2013-06-12 03:35 . 2013-05-10 03:20 24576 ----a-w- c:\windows\SysWow64\cryptdlg.dll
2013-06-12 03:35 . 2013-04-17 07:02 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2013-06-12 03:35 . 2013-04-17 06:24 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2013-06-12 03:34 . 2013-03-31 22:52 1887232 ----a-w- c:\windows\system32\d3d11.dll
2013-06-12 03:34 . 2013-04-25 23:30 1505280 ----a-w- c:\windows\SysWow64\d3d11.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-16 14:43 . 2012-05-26 14:00 75825640 ----a-w- c:\windows\system32\MRT.exe
2013-06-15 02:11 . 2013-02-09 00:02 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-15 02:11 . 2013-02-09 00:02 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-10 02:19 . 2010-06-24 16:33 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-02 09:06 . 2010-11-21 03:27 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-04-13 05:49 . 2013-05-15 10:08 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-15 10:08 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-15 10:08 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-15 10:08 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-15 10:08 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-15 10:08 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-04-12 14:45 . 2013-04-27 13:54 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
.
.
((((((((((((((((((((((((((((((((((((((((((((   Look   )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of C:\AntiVir ----
.
2013-07-08 03:30 . 2013-07-08 03:30 22570 ----a-w- c:\antivir\DDSsave.txt
2013-07-08 03:30 . 2013-07-08 03:30 30899 ----a-w- c:\antivir\Attachsave.txt
2013-07-08 03:30 . 2013-07-08 03:30 30899 ----a-w- c:\antivir\attach.txt
2013-07-08 03:30 . 2013-07-08 03:29 22570 ----a-w- c:\antivir\dds.txt
2013-07-08 02:56 . 2013-07-08 02:56 137 ----a-w- c:\antivir\rkill\rkill-07-07-2013-07-56-05.reg
2013-07-08 02:55 . 2013-07-08 03:20 3808 ----a-w- c:\antivir\Rkill.txt
2013-07-08 01:26 . 2013-07-08 01:26 1920 ----a-w- c:\antivir\mbam-log-2013-07-07 (18-06-21)save.txt
2013-07-08 01:04 . 2013-07-08 01:04 1016 ----a-w- c:\antivir\checkupsave.txt
2013-07-08 00:53 . 2013-07-08 00:53 40544 ----a-w- c:\antivir\Resultsave.txt
2013-07-08 00:51 . 2013-07-08 00:52 40544 ----a-w- c:\antivir\Result.txt
2013-07-08 00:46 . 2013-07-08 00:46 2240 ----a-w- c:\antivir\FSSsave.txt
2013-07-08 00:45 . 2013-07-08 00:45 2240 ----a-w- c:\antivir\FSS.txt
2013-07-04 12:00 . 2013-07-04 12:00 1918 ----a-w- c:\antivir\mbam-log-2013-07-04 (04-40-00).txt
2013-07-04 11:38 . 2013-07-04 11:38 3878 ----a-w- c:\antivir\AdwCleaner[S1].txt
2013-07-04 11:27 . 2013-07-04 11:27 650027 ----a-w- c:\antivir\adwcleaner.exe
2013-07-04 11:15 . 2013-07-04 11:15 2450 ----a-w- c:\antivir\mbam-log-2013-07-04 (04-03-20).txt
2013-07-04 11:02 . 2013-07-04 11:02 1111 ----a-w- c:\antivir\Malwarebytes Anti-Malware.lnk
2013-04-28 21:08 . 2013-06-14 01:42 2077 ----a-w- c:\antivir\avast! Free Antivirus.lnk
2013-02-08 19:04 . 2012-06-05 16:57 6754 ----a-w- c:\antivir\~ESETUninstaller.log
2013-02-08 19:04 . 2012-06-05 16:50 638976 ----a-w- c:\antivir\ESETUninstaller.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2010-08-19 487562]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-16 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-16 932288]
"Dell Registration"="c:\program files (x86)\System Registration\prodreg.exe" [2010-11-10 4144448]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"PuppyTweet"="c:\program files (x86)\Puppy Tweets Middleware\Puppy Tweets.exe" [2010-09-28 988408]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-03-06 4767304]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-12-29 1082656]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 aswVmm;aswVmm; [x]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 aswRvrt;aswRvrt; [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 McciCMService64;McciCMService64;c:\program files\Common Files\Motive\McciCMService.exe;c:\program files\Common Files\Motive\McciCMService.exe [x]
S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [x]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys;c:\windows\SYSNATIVE\drivers\btusbflt.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys;c:\windows\SYSNATIVE\DRIVERS\NETw5s64.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2013-07-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-09 02:11]
.
2013-07-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-02-09 00:02]
.
2013-07-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-02-09 00:02]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-03-06 22:32 133840 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-06-07 06:57 778192 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-06-07 06:57 778192 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-06-07 06:57 778192 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2013-06-07 06:57 778192 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-06-07 06:57 778192 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-06-07 06:57 778192 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-04-14 10144288]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-07-29 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-07-29 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-07-29 415256]
"DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2011-01-25 1802472]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-03-05 1928976]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"EKIJ5000StatusMonitor"="c:\windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe" [2010-09-02 2045440]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~4\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Twyggs\AppData\Roaming\Mozilla\Firefox\Profiles\a2xle1ax.default\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
AddRemove-WT089446 - c:\program files (x86)\WildTangent\Dell Games\Wedding Dash - Ready
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3659427652-1916372697-559431921-1005_Classes\CLSID\{075C8EF1-4A0D-BB4E-8B73-25F5F292B509}]
@Denied: (A 4) (Everyone)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\Motive\McciCMService.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2013-07-10  23:15:41 - machine was rebooted
ComboFix-quarantined-files.txt  2013-07-11 06:15
ComboFix2.txt  2013-07-11 05:43
.
Pre-Run: 333,493,714,944 bytes free
Post-Run: 333,325,430,784 bytes free
.
- - End Of File - - 338BB007B7989775B2ADA9358AED1F22
D41D8CD98F00B204E9800998ECF8427E
 



#15 anothereternity

anothereternity
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:01 AM

Posted 11 July 2013 - 01:38 AM

Malware Bytes finished. It said no malicious items were detected, so didn't give me an option to show results/remove anything.

 

Log:

 

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.07.11.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16618
Twyggs :: PINKONE [administrator]

Protection: Disabled

7/10/2013 11:23:29 PM
mbam-log-2013-07-10 (23-23-29).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 300150
Time elapsed: 9 minute(s), 5 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users