Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Audio in background. Unable to stop or find the source.


  • This topic is locked This topic is locked
19 replies to this topic

#1 NGreiner90

NGreiner90

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:39 PM

Posted 24 September 2013 - 01:36 PM

For a while now my laptop has been playing audio in the background. It sounds like advertisements from multiple web sites are all playing at once while there are no open browsers. I have AVG and scanned the computer. AVG found one threat, a hidden driver, but when I remove the threat, restart the computer and scan with AVG again the same single threat is reported again. I've run Combofix and Malwarebytes, but all I've been able to do is stall the audio for a couple of hours, and eventually the audio starts up again.

 

I appreciate any help and consideration.



BC AdBot (Login to Remove)

 


#2 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:39 AM

Posted 24 September 2013 - 01:55 PM

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 

 

 

Scan with aswMBR

Please download aswMBR ( 4.5MB ) to your desktop.

  • Double click the aswMBR.exe icon, and click Run.
  • There will be a short delay before the next dialog box comes up. Please just wait a minute or two.
  • When asked if you'd like to "download the latest Avast! virus definitions", click Yes.
  • Typically this is about a 100MB download so depending on your connection speed it can take a short while to download and become ready.
  • Click the Scan button to start the scan once the update has finished downloading
  • On completion of the scan, click the save log button, save it to your desktop, then copy and paste it in your next reply.

Note: There will also be a file on your desktop named MBR.dat do not delete this for now. It is an actual backup of the MBR (master boot record).

 

 

Also, post up the content of C:\combofix.txt


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#3 NGreiner90

NGreiner90
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:39 PM

Posted 25 September 2013 - 12:49 PM

Alright here's the aswMBR

 

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-09-25 13:31:15
-----------------------------
13:31:15.067    OS Version: Windows x64 6.1.7601 Service Pack 1
13:31:15.067    Number of processors: 2 586 0x301
13:31:15.067    ComputerName: MELISSAHYRE  UserName: Melissa
13:31:15.987    Initialize success
13:42:40.870    AVAST engine defs: 13092500
13:43:13.918    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
13:43:13.933    Disk 0 Vendor: ST9250315AS 0003DEM1 Size: 238475MB BusType: 3
13:43:13.933    Device \Driver\atapi -> MajorFunction fffffa8004c7d0a8
13:43:13.996    Disk 0 MBR read successfully
13:43:14.011    Disk 0 MBR scan
13:43:14.043    Disk 0 MBR:Olmarik-A [Rtk]
13:43:14.043    Disk 0 MBR:Olmarik-A [Rtk]@MBR code has been found
13:43:14.043    Disk 0 MBR hidden
13:43:14.043    Disk 0 Partition 1 00     DE Dell Utility Dell 8.0       39 MB offset 63
13:43:14.074    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS        15000 MB offset 81920
13:43:14.089    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       223434 MB offset 30801920
13:43:14.121    Disk 0 MBR [MBR:Olmarik-A [Rtk]]  **ROOTKIT**
13:43:14.136    Scan finished successfully
13:43:35.131    Disk 0 MBR has been saved successfully to "C:\Users\Melissa\Desktop\MBR.dat"
13:43:35.147    The log file has been saved successfully to "C:\Users\Melissa\Desktop\aswMBR.txt"

 

And here is the combofix.txt

 

ComboFix 13-09-19.01 - Melissa 09/19/2013  14:54:01.8.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.4094.1950 [GMT -4:00]
Running from: c:\users\Melissa\Downloads\ComboFix.exe
AV: AVG AntiVirus 2014 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG AntiVirus 2014 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2013-08-19 to 2013-09-19  )))))))))))))))))))))))))))))))
.
.
2013-09-19 19:08 . 2013-09-19 19:08 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2013-09-19 19:08 . 2013-09-19 19:08 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-09-19 00:07 . 2013-09-19 00:07 -------- d-----w- c:\program files (x86)\Google
2013-09-11 02:21 . 2013-08-10 05:20 15404544 ----a-w- c:\windows\system32\ieframe.dll
2013-09-11 02:21 . 2013-08-10 05:21 19246592 ----a-w- c:\windows\system32\mshtml.dll
2013-09-08 22:45 . 2013-07-09 05:51 1217024 ----a-w- c:\windows\system32\rpcrt4.dll
2013-09-08 22:45 . 2013-07-09 04:52 663552 ----a-w- c:\windows\SysWow64\rpcrt4.dll
2013-09-08 16:40 . 2013-09-08 16:40 -------- d-----w- c:\program files (x86)\Common Files\Java
2013-09-08 16:40 . 2013-09-08 16:39 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-09-08 16:40 . 2013-09-08 16:39 867240 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-09-08 16:40 . 2013-09-08 16:39 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-09-08 02:48 . 2013-04-17 06:24 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2013-09-08 02:48 . 2013-04-17 07:02 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2013-09-08 02:41 . 2013-05-27 05:50 1011712 ----a-w- c:\program files\Windows Defender\MpSvc.dll
2013-09-08 02:41 . 2013-05-27 05:50 571904 ----a-w- c:\program files\Windows Defender\MpClient.dll
2013-09-08 02:41 . 2013-05-27 05:50 314880 ----a-w- c:\program files\Windows Defender\MpCommu.dll
2013-09-08 02:41 . 2013-05-27 04:57 4608 ----a-w- c:\program files (x86)\Windows Defender\MsMpLics.dll
2013-09-08 02:41 . 2013-05-27 04:57 54784 ----a-w- c:\program files (x86)\Windows Defender\MpOAV.dll
2013-09-08 02:41 . 2013-05-27 04:57 392704 ----a-w- c:\program files (x86)\Windows Defender\MpClient.dll
2013-09-08 02:41 . 2013-05-27 03:15 9216 ----a-w- c:\program files (x86)\Windows Defender\MpAsDesc.dll
2013-09-08 02:41 . 2013-06-04 06:00 624128 ----a-w- c:\windows\system32\qedit.dll
2013-09-08 02:41 . 2013-06-04 04:53 509440 ----a-w- c:\windows\SysWow64\qedit.dll
2013-09-08 02:41 . 2013-06-15 04:32 39936 ----a-w- c:\windows\system32\drivers\tssecsrv.sys
2013-09-08 02:31 . 2013-04-10 05:48 1732608 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2013-09-08 02:31 . 2013-04-10 05:46 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2013-09-08 02:31 . 2013-04-10 05:46 1393152 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2013-09-08 02:31 . 2013-04-10 05:46 1367040 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2013-09-08 02:31 . 2013-04-10 05:03 936448 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2013-09-08 02:28 . 2013-07-06 06:03 1910208 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-09-08 01:41 . 2013-07-09 05:52 224256 ----a-w- c:\windows\system32\wintrust.dll
2013-09-08 01:41 . 2013-07-09 05:46 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2013-09-08 01:41 . 2013-07-09 05:46 1472512 ----a-w- c:\windows\system32\crypt32.dll
2013-09-08 01:41 . 2013-07-09 05:46 139776 ----a-w- c:\windows\system32\cryptnet.dll
2013-09-08 01:41 . 2013-07-09 04:52 175104 ----a-w- c:\windows\SysWow64\wintrust.dll
2013-09-08 01:41 . 2013-07-09 04:46 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2013-09-08 01:41 . 2013-07-09 04:46 1166848 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-09-08 01:41 . 2013-07-09 04:46 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2013-09-08 01:39 . 2013-07-25 08:57 1620992 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
2013-09-08 01:39 . 2013-07-19 01:58 2048 ----a-w- c:\windows\system32\tzres.dll
2013-09-08 01:39 . 2013-07-19 01:41 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2013-09-08 01:34 . 2013-04-09 23:34 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll
2013-09-08 01:34 . 2013-04-02 22:51 1643520 ----a-w- c:\windows\system32\DWrite.dll
2013-09-07 01:22 . 2013-07-02 08:34 9460976 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5F236457-5A33-4743-BCAA-184B9C73F25C}\mpengine.dll
2013-09-06 23:01 . 2013-09-06 23:01 -------- d-----w- C:\TEMP
2013-09-06 23:00 . 2013-09-06 23:01 -------- d-----w- C:\ea99f846286fa47804d32c
2013-09-05 02:04 . 2013-09-05 02:04 -------- d-----w- c:\users\Melissa\AppData\Roaming\AVG2014
2013-09-05 02:03 . 2013-09-05 02:03 -------- d-----w- c:\users\Melissa\AppData\Roaming\TuneUp Software
2013-09-05 02:01 . 2013-09-08 01:35 -------- d-----w- c:\programdata\AVG2014
2013-09-05 02:01 . 2013-09-05 02:01 -------- d-----w- C:\$AVG
2013-09-05 01:55 . 2013-09-08 01:38 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\Avg2014
2013-09-05 01:55 . 2013-09-05 01:55 -------- d-----w- c:\program files (x86)\AVG
2013-09-05 01:44 . 2013-09-19 16:50 -------- d-----w- c:\programdata\MFAData
2013-09-05 01:44 . 2013-09-05 02:14 -------- d-----w- c:\users\Melissa\AppData\Local\Avg2014
2013-09-05 01:44 . 2013-09-05 01:44 -------- d--h--w- c:\programdata\Common Files
2013-09-05 01:44 . 2013-09-05 01:44 -------- d-----w- c:\users\Melissa\AppData\Local\MFAData
2013-09-04 22:42 . 2013-09-04 22:42 -------- d-----w- c:\users\Melissa\AppData\Roaming\Malwarebytes
2013-09-04 22:42 . 2013-09-04 22:42 -------- d-----w- c:\programdata\Malwarebytes
2013-08-24 16:16 . 2013-09-07 01:45 -------- d-----w- C:\bea62cadfa0e5de266bab85f8e7e02
2013-08-24 15:58 . 2013-08-24 15:58 -------- d-----w- c:\windows\Sun
2013-08-23 03:25 . 2013-08-23 03:25 212280 ----a-w- c:\windows\system32\drivers\avgldx64.sys
2013-08-23 03:08 . 2013-08-23 03:08 294712 ----a-w- c:\windows\system32\drivers\avgloga.sys
2013-08-23 02:55 . 2013-08-23 02:55 241464 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys
2013-08-23 02:54 . 2013-08-23 02:54 192824 ----a-w- c:\windows\system32\drivers\avgidsha.sys
2013-08-22 00:57 . 2013-09-07 01:45 -------- d-----w- c:\program files (x86)\File Type Helper
2013-08-22 00:57 . 2013-09-05 01:30 -------- d-----w- c:\users\Melissa\AppData\Roaming\24x7 Help
2013-08-22 00:57 . 2013-09-07 01:45 -------- d-----w- c:\programdata\PCFixSpeed
2013-08-22 00:57 . 2013-08-22 00:57 -------- d-----w- c:\users\Melissa\AppData\Roaming\PCFixSpeed
2013-08-22 00:57 . 2013-09-07 01:45 -------- d-----w- c:\program files (x86)\PCFixSpeed
2013-08-22 00:56 . 2013-09-07 01:45 -------- d-----w- c:\users\Melissa\AppData\Local\DefineExt
2013-08-22 00:54 . 2013-08-22 00:55 -------- d-----w- c:\program files (x86)\Real
2013-08-21 02:53 . 2013-08-21 02:53 123704 ----a-w- c:\windows\system32\drivers\avgmfx64.sys
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-02 01:48 . 2013-09-11 00:34 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-08-01 20:07 . 2013-08-01 20:07 251192 ----a-w- c:\windows\system32\drivers\avgtdia.sys
2013-08-01 20:06 . 2013-08-01 20:06 147768 ----a-w- c:\windows\system32\drivers\avgdiska.sys
2013-08-01 20:04 . 2013-08-01 20:04 31544 ----a-w- c:\windows\system32\drivers\avgrkx64.sys
2013-07-25 09:25 . 2013-08-18 21:13 1888768 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-06-29 23:06 . 2013-06-29 23:06 226304 ----a-w- c:\windows\system32\elshyph.dll
2013-06-29 23:06 . 2013-06-29 23:06 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-06-29 23:06 . 2013-06-29 23:06 158720 ----a-w- c:\windows\SysWow64\msls31.dll
2013-06-29 23:06 . 2013-06-29 23:06 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-06-29 23:06 . 2013-06-29 23:06 97280 ----a-w- c:\windows\system32\mshtmled.dll
2013-06-29 23:06 . 2013-06-29 23:06 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-06-29 23:06 . 2013-06-29 23:06 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-06-29 23:06 . 2013-06-29 23:06 81408 ----a-w- c:\windows\system32\icardie.dll
2013-06-29 23:06 . 2013-06-29 23:06 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-06-29 23:06 . 2013-06-29 23:06 762368 ----a-w- c:\windows\system32\ieapfltr.dll
2013-06-29 23:06 . 2013-06-29 23:06 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-06-29 23:06 . 2013-06-29 23:06 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-06-29 23:06 . 2013-06-29 23:06 62976 ----a-w- c:\windows\system32\pngfilt.dll
2013-06-29 23:06 . 2013-06-29 23:06 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-06-29 23:06 . 2013-06-29 23:06 599552 ----a-w- c:\windows\system32\vbscript.dll
2013-06-29 23:06 . 2013-06-29 23:06 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-06-29 23:06 . 2013-06-29 23:06 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-06-29 23:06 . 2013-06-29 23:06 51200 ----a-w- c:\windows\system32\imgutil.dll
2013-06-29 23:06 . 2013-06-29 23:06 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-06-29 23:06 . 2013-06-29 23:06 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-06-29 23:06 . 2013-06-29 23:06 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2013-06-29 23:06 . 2013-06-29 23:06 441856 ----a-w- c:\windows\system32\html.iec
2013-06-29 23:06 . 2013-06-29 23:06 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-06-29 23:06 . 2013-06-29 23:06 361984 ----a-w- c:\windows\SysWow64\html.iec
2013-06-29 23:06 . 2013-06-29 23:06 281600 ----a-w- c:\windows\system32\dxtrans.dll
2013-06-29 23:06 . 2013-06-29 23:06 27648 ----a-w- c:\windows\system32\licmgr10.dll
2013-06-29 23:06 . 2013-06-29 23:06 270848 ----a-w- c:\windows\system32\iedkcs32.dll
2013-06-29 23:06 . 2013-06-29 23:06 247296 ----a-w- c:\windows\system32\webcheck.dll
2013-06-29 23:06 . 2013-06-29 23:06 235008 ----a-w- c:\windows\system32\url.dll
2013-06-29 23:06 . 2013-06-29 23:06 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-06-29 23:06 . 2013-06-29 23:06 216064 ----a-w- c:\windows\system32\msls31.dll
2013-06-29 23:06 . 2013-06-29 23:06 197120 ----a-w- c:\windows\system32\msrating.dll
2013-06-29 23:06 . 2013-06-29 23:06 173568 ----a-w- c:\windows\system32\ieUnatt.exe
2013-06-29 23:06 . 2013-06-29 23:06 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-06-29 23:06 . 2013-06-29 23:06 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
2013-06-29 23:06 . 2013-06-29 23:06 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-06-29 23:06 . 2013-06-29 23:06 149504 ----a-w- c:\windows\system32\occache.dll
2013-06-29 23:06 . 2013-06-29 23:06 144896 ----a-w- c:\windows\system32\wextract.exe
2013-06-29 23:06 . 2013-06-29 23:06 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-06-29 23:06 . 2013-06-29 23:06 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-06-29 23:06 . 2013-06-29 23:06 138752 ----a-w- c:\windows\SysWow64\wextract.exe
2013-06-29 23:06 . 2013-06-29 23:06 13824 ----a-w- c:\windows\system32\mshta.exe
2013-06-29 23:06 . 2013-06-29 23:06 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-06-29 23:06 . 2013-06-29 23:06 136192 ----a-w- c:\windows\system32\iepeers.dll
2013-06-29 23:06 . 2013-06-29 23:06 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-06-29 23:06 . 2013-06-29 23:06 12800 ----a-w- c:\windows\SysWow64\mshta.exe
2013-06-29 23:06 . 2013-06-29 23:06 12800 ----a-w- c:\windows\system32\msfeedssync.exe
2013-06-29 23:06 . 2013-06-29 23:06 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-06-29 23:06 . 2013-06-29 23:06 102912 ----a-w- c:\windows\system32\inseng.dll
2013-06-29 23:04 . 2013-06-29 23:04 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-06-29 23:04 . 2013-06-29 23:04 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-06-29 23:04 . 2013-06-29 23:04 648192 ----a-w- c:\windows\system32\d3d10level9.dll
2013-06-29 23:04 . 2013-06-29 23:04 604160 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2013-06-29 23:04 . 2013-06-29 23:04 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-06-29 23:04 . 2013-06-29 23:04 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-06-29 23:04 . 2013-06-29 23:04 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-06-29 23:04 . 2013-06-29 23:04 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-06-29 23:04 . 2013-06-29 23:04 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2013-06-29 23:04 . 2013-06-29 23:04 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2013-06-29 23:04 . 2013-06-29 23:04 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2013-06-29 23:04 . 2013-06-29 23:04 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-06-29 23:04 . 2013-06-29 23:04 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-06-29 23:04 . 2013-06-29 23:04 3928064 ----a-w- c:\windows\system32\d2d1.dll
2013-06-29 23:04 . 2013-06-29 23:04 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2013-06-29 23:04 . 2013-06-29 23:04 363008 ----a-w- c:\windows\system32\dxgi.dll
2013-06-29 23:04 . 2013-06-29 23:04 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-06-29 23:04 . 2013-06-29 23:04 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-06-29 23:04 . 2013-06-29 23:04 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll
2013-06-29 23:04 . 2013-06-29 23:04 333312 ----a-w- c:\windows\system32\d3d10_1core.dll
2013-06-29 23:04 . 2013-06-29 23:04 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-06-29 23:04 . 2013-06-29 23:04 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-06-29 23:04 . 2013-06-29 23:04 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-06-29 23:04 . 2013-06-29 23:04 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-06-29 23:04 . 2013-06-29 23:04 296960 ----a-w- c:\windows\system32\d3d10core.dll
2013-06-29 23:04 . 2013-06-29 23:04 293376 ----a-w- c:\windows\SysWow64\dxgi.dll
2013-06-29 23:04 . 2013-06-29 23:04 2776576 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2013-06-29 23:04 . 2013-06-29 23:04 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
2013-06-29 23:04 . 2013-06-29 23:04 2560 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-06-29 23:04 . 2013-06-29 23:04 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-06-29 23:04 . 2013-06-29 23:04 249856 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2013-06-29 23:04 . 2013-06-29 23:04 245248 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2013-06-29 23:04 . 2013-06-29 23:04 2284544 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll
2013-06-29 23:04 . 2013-06-29 23:04 221184 ----a-w- c:\windows\system32\UIAnimation.dll
2013-06-29 23:04 . 2013-06-29 23:04 220160 ----a-w- c:\windows\SysWow64\d3d10core.dll
2013-06-29 23:04 . 2013-06-29 23:04 207872 ----a-w- c:\windows\SysWow64\WindowsCodecsExt.dll
2013-06-29 23:04 . 2013-06-29 23:04 1988096 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2013-06-29 23:04 . 2013-06-29 23:04 194560 ----a-w- c:\windows\system32\d3d10_1.dll
2013-06-29 23:04 . 2013-06-29 23:04 187392 ----a-w- c:\windows\SysWow64\UIAnimation.dll
2013-06-29 23:04 . 2013-06-29 23:04 1682432 ----a-w- c:\windows\system32\XpsPrint.dll
2013-06-29 23:04 . 2013-06-29 23:04 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2013-06-29 23:04 . 2013-06-29 23:04 1238528 ----a-w- c:\windows\system32\d3d10.dll
2013-06-29 23:04 . 2013-06-29 23:04 1175552 ----a-w- c:\windows\system32\FntCache.dll
2013-06-29 23:04 . 2013-06-29 23:04 1158144 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2013-06-29 23:04 . 2013-06-29 23:04 1080832 ----a-w- c:\windows\SysWow64\d3d10.dll
2013-06-29 23:04 . 2013-06-29 23:04 10752 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-03-02 421160]
"dellsupportcenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"AVG_UI"="c:\program files (x86)\AVG\AVG2014\avgui.exe" [2013-08-26 4851248]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe" [2010-07-21 165184]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SPReview"="c:\windows\System32\SPReview\SPReview.exe" [BU]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe /firstrun [2009-9-21 1316192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys;c:\windows\SYSNATIVE\DRIVERS\MpNWMon.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 Avgdiska;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiska.sys;c:\windows\SYSNATIVE\DRIVERS\avgdiska.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMDFusionSVC;AMD Fusion Utility Service;c:\program files (x86)\AMD\Fusion Utility for Mobility\FusionSVC.exe;c:\program files (x86)\AMD\Fusion Utility for Mobility\FusionSVC.exe [x]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe [x]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe [x]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe;c:\program files\Dell\DellDock\DockLogin.exe [x]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.exe;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.exe [x]
S2 sprtsvc_DellComms;SupportSoft Sprocket Service (DellComms);c:\program files (x86)\Dell\DellComms\bin\sprtsvc.exe;c:\program files (x86)\Dell\DellComms\bin\sprtsvc.exe [x]
S3 AmdLLD64;AMD Low Level Device Driver;c:\windows\system32\DRIVERS\AmdLLD64.sys;c:\windows\SYSNATIVE\DRIVERS\AmdLLD64.sys [x]
S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
S3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
.
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-01-23 305664]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-06-29 444416]
"Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4968960]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.yahoo.com/?ilc=79
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 208.67.222.222 208.67.220.220 68.94.156.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-09-19  15:12:42
ComboFix-quarantined-files.txt  2013-09-19 19:12
ComboFix2.txt  2013-09-19 17:57
ComboFix3.txt  2013-09-19 17:27
ComboFix4.txt  2013-09-18 17:55
ComboFix5.txt  2013-09-19 18:29
.
Pre-Run: 160,798,777,344 bytes free
Post-Run: 160,735,973,376 bytes free
.
- - End Of File - - 56C224EF4F511A74985FF5DCC7BDBE52
CDB4DE4BBD714F152979DA2DCBEF57EB
 



#4 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:39 AM

Posted 26 September 2013 - 05:44 AM

Scan with Malwarebytes Anti-Rootkit

Please download Malwarebytes Anti-Rootkit from here Malwarebytes : Malwarebytes Anti-Rootkit and save it to your desktop.

Be sure to print out and follow the instructions provided on that same page.

Caution: This is a beta version so please be sure to read the disclaimer and back up any important data before using.

  • Double click the mbar.zip file to open it, then 'Extract all files'.
  • Double click the mbar folder to open it, then double click mbar.exe to start the tool.

Check for Updates, then Scan your system for malware

If malware is found, do NOT press the Cleanup button yet. Click EXIT.

I'd like to see the log first so I can see what it sees. You'll find the log in that mbar folder as MBAR-log-[date and time]***.txt . Please attach that to your next reply.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#5 NGreiner90

NGreiner90
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:39 PM

Posted 26 September 2013 - 11:17 AM

Alright I'm having trouble. I extracted the mbar folder to the desktop but every time I've tried to run mbar.exe my laptop blue screens.



#6 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:39 AM

Posted 26 September 2013 - 04:17 PM

uh oh...

let´s try something else...

 

Scan with FRST (Recovery Environment)


To run FRST on Vista and Windows7:



Plug the flashdrive into the infected PC.

Enter System Recovery Options.


To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.



To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.


On the System Recovery Options menu you will get the following options:

  • Startup Repair
  • System Restore
  • Windows Complete PC Restore
  • Windows Memory Diagnostic Tool
  • Command Prompt
  • Select Command Prompt


  • In the command window:
  • type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
  • Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.

It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#7 NGreiner90

NGreiner90
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:39 PM

Posted 26 September 2013 - 07:46 PM

Ok here you go

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-09-2013
Ran by SYSTEM on MININT-5D2KTEK on 26-09-2013 21:33:18
Running from E:\
Windows 7 Home Premium (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Apoint] - C:\Program Files\DellTPad\Apoint.exe [305664 2009-01-22] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [444416 2009-06-28] (IDT, Inc.)
HKLM\...\Run: [Broadcom Wireless Manager UI] - C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.exe [4968960 2009-07-16] (Dell Inc.)
HKLM-x32\...\RunOnce: [Launcher] - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe [165184 2010-07-21] (Softthinks)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [421160 2011-03-01] (Apple Inc.)
HKLM-x32\...\Run: [dellsupportcenter] - C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe [206064 2009-05-21] (SupportSoft, Inc.)
HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2014\avgui.exe [4851248 2013-08-26] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

==================== Services (Whitelisted) =================

S2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S2 AMDFusionSVC; c:\Program Files (x86)\AMD\Fusion Utility for Mobility\FusionSVC.exe [383544 2009-09-02] (Advanced Micro Devices)
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3534896 2013-08-27] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [300640 2013-08-20] (AVG Technologies CZ, s.r.o.)
S2 MsMpSvc; c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe [12784 2011-04-27] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [288272 2011-04-27] (Microsoft Corporation)
S4 RemoteAccess; C:\Windows\System32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe [240128 2009-06-28] (IDT, Inc.)
S2 wltrysvc; C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE [33280 2009-07-16] ()

==================== Drivers (Whitelisted) ====================

S1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [147768 2013-08-01] (AVG Technologies CZ, s.r.o.)
S1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [241464 2013-08-22] (AVG Technologies CZ, s.r.o.)
S0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [192824 2013-08-22] (AVG Technologies CZ, s.r.o.)
S1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [212280 2013-08-22] (AVG Technologies CZ, s.r.o.)
S0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [294712 2013-08-22] (AVG Technologies CZ, s.r.o.)
S0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123704 2013-08-20] (AVG Technologies CZ, s.r.o.)
S0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31544 2013-08-01] (AVG Technologies CZ, s.r.o.)
S1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [251192 2013-08-01] (AVG Technologies CZ, s.r.o.)
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [92376 2013-09-26] ()
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [92376 2013-09-26] ()
S1 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [189440 2011-04-18] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [84864 2011-04-27] (Microsoft Corporation)
S5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-09-26 21:32 - 2013-09-26 21:32 - 00000000 ____D C:\FRST
2013-09-26 14:31 - 2013-09-26 14:31 - 00274968 _____ C:\Windows\Minidump\092613-58781-01.dmp
2013-09-26 11:11 - 2013-09-26 11:11 - 00274968 _____ C:\Windows\Minidump\092613-52509-01.dmp
2013-09-26 11:07 - 2013-09-26 11:07 - 00274968 _____ C:\Windows\Minidump\092613-52650-01.dmp
2013-09-26 11:00 - 2013-09-26 11:00 - 00274968 _____ C:\Windows\Minidump\092613-54069-01.dmp
2013-09-26 10:57 - 2013-09-26 14:28 - 00000000 ____D C:\Users\Melissa\Desktop\mbar
2013-09-26 10:57 - 2013-09-26 10:57 - 00092376 _____ C:\Windows\System32\Drivers\mbamchameleon.sys
2013-09-26 10:52 - 2013-09-26 10:57 - 12907592 _____ (Malwarebytes Corp.) C:\Users\Melissa\Downloads\mbar-1.07.0.1005.exe
2013-09-26 10:44 - 2013-09-26 10:44 - 00262144 ____N C:\Windows\Minidump\092613-53289-01.dmp
2013-09-25 12:43 - 2013-09-25 12:43 - 00001426 _____ C:\Users\Melissa\Desktop\aswMBR.txt
2013-09-25 12:43 - 2013-09-25 12:43 - 00000512 _____ C:\Users\Melissa\Desktop\MBR.dat
2013-09-25 12:31 - 2013-09-25 12:31 - 04745728 _____ (AVAST Software) C:\Users\Melissa\Desktop\aswmbr.exe
2013-09-24 15:55 - 2013-09-24 15:55 - 00262144 ____N C:\Windows\Minidump\092413-61885-01.dmp
2013-09-19 14:12 - 2013-09-19 14:12 - 00026885 _____ C:\ComboFix.txt
2013-09-19 13:43 - 2013-09-19 13:43 - 00274968 _____ C:\Windows\Minidump\091913-55848-01.dmp
2013-09-18 19:44 - 2013-09-18 19:44 - 00274968 _____ C:\Windows\Minidump\091813-47424-01.dmp
2013-09-18 19:07 - 2013-09-18 19:07 - 00000000 ____D C:\Program Files (x86)\Google
2013-09-17 20:11 - 2013-09-26 14:30 - 537303763 _____ C:\Windows\MEMORY.DMP
2013-09-17 20:11 - 2013-09-17 20:11 - 00274968 _____ C:\Windows\Minidump\091713-54101-01.dmp
2013-09-17 14:55 - 2011-06-26 01:45 - 00256000 _____ C:\Windows\PEV.exe
2013-09-17 14:55 - 2010-11-07 12:20 - 00208896 _____ C:\Windows\MBR.exe
2013-09-17 14:55 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-09-17 14:55 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-09-17 14:55 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-09-17 14:55 - 2000-08-30 19:00 - 00098816 _____ C:\Windows\sed.exe
2013-09-17 14:55 - 2000-08-30 19:00 - 00080412 _____ C:\Windows\grep.exe
2013-09-17 14:55 - 2000-08-30 19:00 - 00068096 _____ C:\Windows\zip.exe
2013-09-17 14:53 - 2013-09-19 11:50 - 05128554 ____R (Swearware) C:\Users\Melissa\Downloads\ComboFix.exe
2013-09-10 21:22 - 2013-08-10 00:22 - 02241024 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-09-10 21:22 - 2013-08-10 00:22 - 01365504 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-09-10 21:22 - 2013-08-10 00:22 - 00051712 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-09-10 21:22 - 2013-08-10 00:21 - 00603136 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-09-10 21:22 - 2013-08-10 00:21 - 00053248 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-09-10 21:22 - 2013-08-10 00:20 - 03959296 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-09-10 21:22 - 2013-08-10 00:20 - 02647040 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-09-10 21:22 - 2013-08-10 00:20 - 00855552 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-09-10 21:22 - 2013-08-10 00:20 - 00526336 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-09-10 21:22 - 2013-08-10 00:20 - 00136704 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-09-10 21:22 - 2013-08-10 00:20 - 00067072 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-09-10 21:22 - 2013-08-10 00:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-09-10 21:22 - 2013-08-09 22:59 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-09-10 21:22 - 2013-08-09 22:59 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-09-10 21:22 - 2013-08-09 22:58 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-09-10 21:22 - 2013-08-09 22:58 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-09-10 21:22 - 2013-08-09 22:58 - 02048000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-09-10 21:22 - 2013-08-09 22:58 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-09-10 21:22 - 2013-08-09 22:58 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-09-10 21:22 - 2013-08-09 22:58 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-09-10 21:22 - 2013-08-09 22:58 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-09-10 21:22 - 2013-08-09 22:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-09-10 21:22 - 2013-08-09 22:58 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-09-10 21:22 - 2013-08-09 22:58 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-09-10 21:22 - 2013-08-09 22:17 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-09-10 21:22 - 2013-08-09 22:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-09-10 21:22 - 2013-08-09 21:27 - 00089600 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-09-10 21:22 - 2013-08-09 21:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-09-10 21:21 - 2013-08-10 00:21 - 19246592 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-09-10 21:21 - 2013-08-10 00:20 - 15404544 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-09-10 21:21 - 2013-08-09 22:58 - 14332928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-09-10 19:34 - 2013-08-07 20:20 - 03155456 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-09-10 19:34 - 2013-08-04 21:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ataport.sys
2013-09-10 19:34 - 2013-08-01 21:23 - 05550528 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-09-10 19:34 - 2013-08-01 21:15 - 01732032 _____ (Microsoft Corporation) C:\Windows\System32\ntdll.dll
2013-09-10 19:34 - 2013-08-01 21:15 - 00362496 _____ (Microsoft Corporation) C:\Windows\System32\wow64win.dll
2013-09-10 19:34 - 2013-08-01 21:15 - 00243712 _____ (Microsoft Corporation) C:\Windows\System32\wow64.dll
2013-09-10 19:34 - 2013-08-01 21:15 - 00013312 _____ (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
2013-09-10 19:34 - 2013-08-01 21:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2013-09-10 19:34 - 2013-08-01 21:14 - 00016384 _____ (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
2013-09-10 19:34 - 2013-08-01 21:13 - 01161216 _____ (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2013-09-10 19:34 - 2013-08-01 21:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2013-09-10 19:34 - 2013-08-01 21:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\System32\csrsrv.dll
2013-09-10 19:34 - 2013-08-01 21:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\System32\apisetschema.dll
2013-09-10 19:34 - 2013-08-01 21:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2013-09-10 19:34 - 2013-08-01 21:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2013-09-10 19:34 - 2013-08-01 21:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-10 19:34 - 2013-08-01 21:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-10 19:34 - 2013-08-01 21:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-10 19:34 - 2013-08-01 21:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2013-09-10 19:34 - 2013-08-01 21:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-10 19:34 - 2013-08-01 21:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2013-09-10 19:34 - 2013-08-01 21:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-10 19:34 - 2013-08-01 21:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-10 19:34 - 2013-08-01 21:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-10 19:34 - 2013-08-01 21:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2013-09-10 19:34 - 2013-08-01 21:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2013-09-10 19:34 - 2013-08-01 21:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-10 19:34 - 2013-08-01 21:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2013-09-10 19:34 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-10 19:34 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2013-09-10 19:34 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2013-09-10 19:34 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2013-09-10 19:34 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2013-09-10 19:34 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-10 19:34 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2013-09-10 19:34 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-10 19:34 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-10 19:34 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-10 19:34 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2013-09-10 19:34 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-10 19:34 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2013-09-10 19:34 - 2013-08-01 20:59 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-09-10 19:34 - 2013-08-01 20:59 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-09-10 19:34 - 2013-08-01 20:51 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-09-10 19:34 - 2013-08-01 20:50 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2013-09-10 19:34 - 2013-08-01 20:50 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2013-09-10 19:34 - 2013-08-01 20:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-09-10 19:34 - 2013-08-01 20:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2013-09-10 19:34 - 2013-08-01 20:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-09-10 19:34 - 2013-08-01 20:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-10 19:34 - 2013-08-01 20:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-10 19:34 - 2013-08-01 20:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-09-10 19:34 - 2013-08-01 20:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-09-10 19:34 - 2013-08-01 20:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-10 19:34 - 2013-08-01 20:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-09-10 19:34 - 2013-08-01 20:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-10 19:34 - 2013-08-01 20:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-10 19:34 - 2013-08-01 20:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-09-10 19:34 - 2013-08-01 20:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-10 19:34 - 2013-08-01 20:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-10 19:34 - 2013-08-01 20:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-09-10 19:34 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-09-10 19:34 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-10 19:34 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-09-10 19:34 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-09-10 19:34 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-09-10 19:34 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-09-10 19:34 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-10 19:34 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-09-10 19:34 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-09-10 19:34 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-09-10 19:34 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-09-10 19:34 - 2013-08-01 20:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\System32\conhost.exe
2013-09-10 19:34 - 2013-08-01 19:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\System32\smss.exe
2013-09-10 19:34 - 2013-08-01 19:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-09-10 19:34 - 2013-08-01 19:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-09-10 19:34 - 2013-08-01 19:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-09-10 19:34 - 2013-08-01 19:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-09-10 19:34 - 2013-08-01 19:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2013-09-10 19:34 - 2013-08-01 19:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-10 19:34 - 2013-08-01 19:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-09-10 19:34 - 2013-08-01 19:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-09-10 19:34 - 2013-07-25 21:24 - 14172672 _____ (Microsoft Corporation) C:\Windows\System32\shell32.dll
2013-09-10 19:34 - 2013-07-25 21:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\System32\shdocvw.dll
2013-09-10 19:34 - 2013-07-25 20:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-09-10 19:34 - 2013-07-25 20:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-09-10 18:04 - 2013-09-12 16:15 - 00031683 _____ C:\Users\Melissa\Desktop\avgrep.txt
2013-09-08 17:45 - 2013-07-09 00:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\System32\rpcrt4.dll
2013-09-08 17:45 - 2013-07-08 23:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-09-08 11:40 - 2013-09-08 11:40 - 00000000 ____D C:\ProgramData\Sun
2013-09-08 11:40 - 2013-09-08 11:39 - 00867240 _____ (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-09-08 11:40 - 2013-09-08 11:39 - 00789416 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-09-08 11:40 - 2013-09-08 11:39 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-09-08 11:40 - 2013-09-08 11:39 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-09-08 11:40 - 2013-09-08 11:39 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-09-08 11:40 - 2013-09-08 11:39 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-09-07 21:48 - 2013-04-17 02:02 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-09-07 21:48 - 2013-04-17 01:24 - 01424384 _____ (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-09-07 21:41 - 2013-06-14 23:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tssecsrv.sys
2013-09-07 21:41 - 2013-06-04 01:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\System32\qedit.dll
2013-09-07 21:41 - 2013-06-03 23:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-09-07 21:28 - 2013-07-06 01:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-09-07 20:53 - 2013-09-07 20:59 - 00000177 _____ C:\Windows\System32\avgrep.txt
2013-09-07 20:41 - 2013-07-09 00:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2013-09-07 20:41 - 2013-07-09 00:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-09-07 20:41 - 2013-07-09 00:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-09-07 20:41 - 2013-07-09 00:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-09-07 20:41 - 2013-07-08 23:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-09-07 20:41 - 2013-07-08 23:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-09-07 20:41 - 2013-07-08 23:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-09-07 20:41 - 2013-07-08 23:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-09-07 20:39 - 2013-07-25 03:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-09-07 20:39 - 2013-07-18 20:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\tzres.dll
2013-09-07 20:39 - 2013-07-18 20:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-09-07 20:36 - 2013-09-07 20:36 - 00000967 _____ C:\Users\Public\Desktop\AVG 2014.lnk
2013-09-07 20:36 - 2013-09-07 20:36 - 00000967 _____ C:\ProgramData\Desktop\AVG 2014.lnk
2013-09-07 20:34 - 2013-04-09 18:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-09-07 20:34 - 2013-04-02 17:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2013-09-06 18:00 - 2013-09-06 18:01 - 00000000 ____D C:\ea99f846286fa47804d32c
2013-09-06 15:52 - 2013-09-19 14:12 - 00000000 ____D C:\Qoobox
2013-09-06 15:49 - 2013-09-19 12:13 - 00000000 ____D C:\Windows\erdnt
2013-09-04 21:04 - 2013-09-04 21:04 - 00000000 ____D C:\Users\Melissa\AppData\Roaming\AVG2014
2013-09-04 21:03 - 2013-09-04 21:03 - 00000000 ____D C:\Users\Melissa\AppData\Roaming\TuneUp Software
2013-09-04 21:01 - 2013-09-07 20:35 - 00000000 ____D C:\ProgramData\AVG2014
2013-09-04 21:01 - 2013-09-04 21:01 - 00000000 ____D C:\$AVG
2013-09-04 20:55 - 2013-09-04 20:55 - 00000000 ____D C:\Program Files (x86)\AVG
2013-09-04 20:44 - 2013-09-26 18:39 - 00000000 ____D C:\ProgramData\MFAData
2013-09-04 20:44 - 2013-09-04 21:14 - 00000000 ____D C:\Users\Melissa\AppData\Local\Avg2014
2013-09-04 20:44 - 2013-09-04 20:44 - 00000000 ____D C:\Users\Melissa\AppData\Local\MFAData
2013-09-04 17:42 - 2013-09-04 17:42 - 00000000 ____D C:\Users\Melissa\AppData\Roaming\Malwarebytes
2013-09-04 17:42 - 2013-09-04 17:42 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-29 21:08 - 2013-08-29 21:08 - 00262144 ____N C:\Windows\Minidump\082913-29187-01.dmp

==================== One Month Modified Files and Folders =======

2013-09-26 21:32 - 2013-09-26 21:32 - 00000000 ____D C:\FRST
2013-09-26 19:29 - 2009-07-14 00:10 - 01840472 _____ C:\Windows\WindowsUpdate.log
2013-09-26 19:00 - 2010-01-16 21:57 - 00000000 ____D C:\dell
2013-09-26 18:42 - 2009-07-13 23:45 - 00014240 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-26 18:42 - 2009-07-13 23:45 - 00014240 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-26 18:39 - 2013-09-04 20:44 - 00000000 ____D C:\ProgramData\MFAData
2013-09-26 18:37 - 2009-07-14 00:13 - 00729452 _____ C:\Windows\System32\PerfStringBackup.INI
2013-09-26 18:35 - 2011-07-05 12:37 - 00014816 _____ C:\Windows\setupact.log
2013-09-26 18:35 - 2010-02-25 14:20 - 00000000 ____D C:\Users\Melissa\AppData\Local\SoftThinks
2013-09-26 18:34 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-26 14:31 - 2013-09-26 14:31 - 00274968 _____ C:\Windows\Minidump\092613-58781-01.dmp
2013-09-26 14:30 - 2013-09-17 20:11 - 537303763 _____ C:\Windows\MEMORY.DMP
2013-09-26 14:30 - 2010-01-16 22:40 - 01182054 _____ C:\Windows\PFRO.log
2013-09-26 14:28 - 2013-09-26 10:57 - 00000000 ____D C:\Users\Melissa\Desktop\mbar
2013-09-26 11:11 - 2013-09-26 11:11 - 00274968 _____ C:\Windows\Minidump\092613-52509-01.dmp
2013-09-26 11:11 - 2010-03-30 08:45 - 00000000 ____D C:\Windows\Minidump
2013-09-26 11:07 - 2013-09-26 11:07 - 00274968 _____ C:\Windows\Minidump\092613-52650-01.dmp
2013-09-26 11:00 - 2013-09-26 11:00 - 00274968 _____ C:\Windows\Minidump\092613-54069-01.dmp
2013-09-26 10:57 - 2013-09-26 10:57 - 00092376 _____ C:\Windows\System32\Drivers\mbamchameleon.sys
2013-09-26 10:57 - 2013-09-26 10:52 - 12907592 _____ (Malwarebytes Corp.) C:\Users\Melissa\Downloads\mbar-1.07.0.1005.exe
2013-09-26 10:44 - 2013-09-26 10:44 - 00262144 ____N C:\Windows\Minidump\092613-53289-01.dmp
2013-09-25 12:43 - 2013-09-25 12:43 - 00001426 _____ C:\Users\Melissa\Desktop\aswMBR.txt
2013-09-25 12:43 - 2013-09-25 12:43 - 00000512 _____ C:\Users\Melissa\Desktop\MBR.dat
2013-09-25 12:31 - 2013-09-25 12:31 - 04745728 _____ (AVAST Software) C:\Users\Melissa\Desktop\aswmbr.exe
2013-09-24 15:55 - 2013-09-24 15:55 - 00262144 ____N C:\Windows\Minidump\092413-61885-01.dmp
2013-09-19 16:05 - 2009-07-14 00:08 - 00032636 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-09-19 14:12 - 2013-09-19 14:12 - 00026885 _____ C:\ComboFix.txt
2013-09-19 14:12 - 2013-09-06 15:52 - 00000000 ____D C:\Qoobox
2013-09-19 14:08 - 2009-07-13 21:34 - 00000215 _____ C:\Windows\system.ini
2013-09-19 13:43 - 2013-09-19 13:43 - 00274968 _____ C:\Windows\Minidump\091913-55848-01.dmp
2013-09-19 12:13 - 2013-09-06 15:49 - 00000000 ____D C:\Windows\erdnt
2013-09-19 11:50 - 2013-09-17 14:53 - 05128554 ____R (Swearware) C:\Users\Melissa\Downloads\ComboFix.exe
2013-09-18 19:44 - 2013-09-18 19:44 - 00274968 _____ C:\Windows\Minidump\091813-47424-01.dmp
2013-09-18 19:07 - 2013-09-18 19:07 - 00000000 ____D C:\Program Files (x86)\Google
2013-09-18 17:32 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2013-09-17 20:11 - 2013-09-17 20:11 - 00274968 _____ C:\Windows\Minidump\091713-54101-01.dmp
2013-09-12 16:15 - 2013-09-10 18:04 - 00031683 _____ C:\Users\Melissa\Desktop\avgrep.txt
2013-09-12 14:44 - 2010-01-16 21:16 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-09-11 17:30 - 2009-07-13 23:45 - 00343552 _____ C:\Windows\System32\FNTCACHE.DAT
2013-09-08 20:01 - 2009-07-14 02:45 - 00000000 ____D C:\Program Files\Windows Journal
2013-09-08 20:01 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-09-08 20:01 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-09-08 19:20 - 2013-04-22 08:24 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-09-08 19:20 - 2013-04-22 08:24 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-09-08 11:40 - 2013-09-08 11:40 - 00000000 ____D C:\ProgramData\Sun
2013-09-08 11:39 - 2013-09-08 11:40 - 00867240 _____ (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-09-08 11:39 - 2013-09-08 11:40 - 00789416 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-09-08 11:39 - 2013-09-08 11:40 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-09-08 11:39 - 2013-09-08 11:40 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-09-08 11:39 - 2013-09-08 11:40 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-09-08 11:39 - 2013-09-08 11:40 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-09-08 11:39 - 2010-01-16 20:50 - 00000000 ____D C:\Program Files (x86)\Java
2013-09-08 11:33 - 2010-01-16 21:39 - 00000000 ____D C:\ProgramData\McAfee
2013-09-07 20:59 - 2013-09-07 20:53 - 00000177 _____ C:\Windows\System32\avgrep.txt
2013-09-07 20:36 - 2013-09-07 20:36 - 00000967 _____ C:\Users\Public\Desktop\AVG 2014.lnk
2013-09-07 20:36 - 2013-09-07 20:36 - 00000967 _____ C:\ProgramData\Desktop\AVG 2014.lnk
2013-09-07 20:35 - 2013-09-04 21:01 - 00000000 ____D C:\ProgramData\AVG2014
2013-09-06 21:12 - 2010-02-24 21:10 - 00000000 ____D C:\users\Melissa
2013-09-06 21:12 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\servicing
2013-09-06 21:09 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\sysprep
2013-09-06 21:09 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\NDF
2013-09-06 21:09 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\AppCompat
2013-09-06 21:08 - 2011-03-02 20:40 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-09-06 21:08 - 2011-03-02 20:36 - 00000000 ____D C:\Program Files\Bonjour
2013-09-06 21:08 - 2011-03-02 20:36 - 00000000 ____D C:\Program Files (x86)\Bonjour
2013-09-06 21:08 - 2010-09-14 19:07 - 00000000 ____D C:\ProgramData\ArcSoft
2013-09-06 21:08 - 2010-01-16 22:26 - 00000000 ____D C:\Program Files\DellTPad
2013-09-06 21:08 - 2010-01-16 21:11 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2013-09-06 21:08 - 2009-07-13 22:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-09-06 21:07 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\registration
2013-09-06 21:05 - 2013-06-16 22:23 - 00000000 ____D C:\Windows\System32\SPReview
2013-09-06 21:05 - 2012-03-17 20:06 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2013-09-06 21:05 - 2010-01-16 22:43 - 00000000 ____D C:\Windows\System32\SRSLabs
2013-09-06 21:05 - 2010-01-16 20:49 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2013-09-06 21:05 - 2009-07-14 00:37 - 00000000 ____D C:\Windows\SysWOW64\winrm
2013-09-06 21:05 - 2009-07-14 00:37 - 00000000 ____D C:\Windows\SysWOW64\WCN
2013-09-06 21:05 - 2009-07-14 00:37 - 00000000 ____D C:\Windows\SysWOW64\slmgr
2013-09-06 21:05 - 2009-07-14 00:37 - 00000000 ____D C:\Windows\SysWOW64\Printing_Admin_Scripts
2013-09-06 21:05 - 2009-07-14 00:37 - 00000000 ____D C:\Windows\System32\winrm
2013-09-06 21:05 - 2009-07-14 00:37 - 00000000 ____D C:\Windows\System32\WCN
2013-09-06 21:05 - 2009-07-14 00:37 - 00000000 ____D C:\Windows\System32\slmgr
2013-09-06 21:05 - 2009-07-14 00:37 - 00000000 ____D C:\Windows\System32\Printing_Admin_Scripts
2013-09-06 21:05 - 2009-07-14 00:32 - 00000000 ____D C:\Windows\SysWOW64\WindowsPowerShell
2013-09-06 21:05 - 2009-07-14 00:32 - 00000000 ____D C:\Windows\System32\WindowsPowerShell
2013-09-06 21:05 - 2009-07-14 00:32 - 00000000 ____D C:\Windows\System32\WinBioPlugIns
2013-09-06 21:05 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\Web
2013-09-06 21:05 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\Vss
2013-09-06 21:05 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\spp
2013-09-06 21:05 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\Speech
2013-09-06 21:05 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\MUI
2013-09-06 21:05 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\migwiz
2013-09-06 21:05 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\InstallShield
2013-09-06 21:05 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\IME
2013-09-06 21:05 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\Dism
2013-09-06 21:05 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\com
2013-09-06 21:05 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\spp
2013-09-06 21:05 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\spool
2013-09-06 21:05 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\Speech
2013-09-06 21:05 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\SMI
2013-09-06 21:05 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\oobe
2013-09-06 21:04 - 2013-06-16 22:22 - 00000000 ____D C:\Windows\System32\EventProviders
2013-09-06 21:04 - 2012-08-07 18:11 - 00000000 ____D C:\Windows\System32\Macromed
2013-09-06 21:04 - 2011-04-18 00:00 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2013-09-06 21:04 - 2009-07-14 00:32 - 00000000 ____D C:\Windows\Performance
2013-09-06 21:04 - 2009-07-13 23:45 - 00000000 ____D C:\Windows\Setup
2013-09-06 21:04 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\MUI
2013-09-06 21:04 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\migwiz
2013-09-06 21:04 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\IME
2013-09-06 21:04 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\Dism
2013-09-06 21:04 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\com
2013-09-06 21:04 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\Speech
2013-09-06 21:04 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\security
2013-09-06 21:04 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\schemas
2013-09-06 21:04 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\Resources
2013-09-06 21:04 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-09-06 21:04 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\PLA
2013-09-06 21:03 - 2009-07-13 22:20 - 00000000 __RSD C:\Windows\Media
2013-09-06 21:03 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\IME
2013-09-06 21:03 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\Help
2013-09-06 21:03 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\Globalization
2013-09-06 21:03 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\Branding
2013-09-06 21:01 - 2010-09-14 19:07 - 00000000 ____D C:\Users\Melissa\AppData\Roaming\Arcsoft
2013-09-06 21:01 - 2010-07-22 22:26 - 00000000 ____D C:\Users\Melissa\AppData\Roaming\Macrovision
2013-09-06 21:01 - 2010-03-08 23:27 - 00000000 ____D C:\Users\Melissa\AppData\Roaming\Absolute
2013-09-06 21:01 - 2010-02-24 21:31 - 00000000 ____D C:\Users\Melissa\AppData\Local\Yahoo
2013-09-06 21:01 - 2010-02-24 21:18 - 00000000 ____D C:\Users\Melissa\AppData\Roaming\Roxio
2013-09-06 21:01 - 2010-02-24 21:17 - 00000000 ____D C:\Users\Melissa\AppData\Local\VirtualStore
2013-09-06 21:00 - 2010-02-24 21:19 - 00000000 ____D C:\Users\Melissa\AppData\Local\Stardock_Corporation
2013-09-06 21:00 - 2010-02-24 21:18 - 00000000 ____D C:\Users\Melissa\AppData\Local\SupportSoft
2013-09-06 20:59 - 2011-07-05 14:13 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-09-06 20:59 - 2011-03-02 20:38 - 00000000 ____D C:\ProgramData\Apple Computer
2013-09-06 20:59 - 2011-03-02 20:36 - 00000000 ____D C:\ProgramData\Apple
2013-09-06 20:59 - 2010-12-05 18:50 - 00000000 ____D C:\Users\Melissa\AppData\Local\Adobe
2013-09-06 20:59 - 2010-09-14 18:59 - 00000000 ____D C:\ProgramData\Kodak
2013-09-06 20:59 - 2010-07-23 17:16 - 00000000 ____D C:\ProgramData\CyberLink
2013-09-06 20:59 - 2010-02-25 14:30 - 00000000 ____D C:\Users\Melissa\AppData\Local\Microsoft Games
2013-09-06 20:59 - 2010-02-24 21:29 - 00000000 ____D C:\ProgramData\Yahoo!
2013-09-06 20:59 - 2010-01-16 21:33 - 00000000 ____D C:\ProgramData\Uninstall
2013-09-06 20:59 - 2010-01-16 21:32 - 00000000 ____D C:\ProgramData\Macrovision
2013-09-06 20:59 - 2010-01-16 21:16 - 00000000 ____D C:\Program Files\Microsoft Office
2013-09-06 20:59 - 2010-01-16 21:04 - 00000000 ____D C:\ProgramData\WildTangent
2013-09-06 20:59 - 2010-01-16 21:02 - 00000000 ____D C:\ProgramData\SupportSoft
2013-09-06 20:59 - 2010-01-16 20:55 - 00000000 ____D C:\ProgramData\Dell
2013-09-06 20:59 - 2010-01-16 20:50 - 00000000 ____D C:\Program Files\Java
2013-09-06 20:59 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\Windows Sidebar
2013-09-06 20:59 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2013-09-06 20:59 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\Reference Assemblies
2013-09-06 20:59 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\MSBuild
2013-09-06 20:59 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\Microsoft Games
2013-09-06 20:59 - 2009-07-13 22:20 - 00000000 __RHD C:\users\Default
2013-09-06 20:59 - 2009-07-13 22:20 - 00000000 ____D C:\Program Files\Windows NT
2013-09-06 20:58 - 2011-07-05 14:13 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2013-09-06 20:58 - 2011-04-12 02:49 - 00000000 ____D C:\Program Files (x86)\Scholastic
2013-09-06 20:58 - 2011-03-02 20:40 - 00000000 ____D C:\Program Files\iTunes
2013-09-06 20:58 - 2011-03-02 20:40 - 00000000 ____D C:\Program Files\iPod
2013-09-06 20:58 - 2011-03-02 20:38 - 00000000 ____D C:\Program Files (x86)\QuickTime
2013-09-06 20:58 - 2011-03-02 20:36 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-09-06 20:58 - 2011-03-02 20:36 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2013-09-06 20:58 - 2010-09-14 19:06 - 00000000 ____D C:\Program Files (x86)\Kodak
2013-09-06 20:58 - 2010-09-14 19:06 - 00000000 ____D C:\Program Files (x86)\ArcSoft
2013-09-06 20:58 - 2010-09-14 19:04 - 00000000 ____D C:\Program Files (x86)\Koda
2013-09-06 20:58 - 2010-02-24 21:28 - 00000000 ____D C:\Program Files (x86)\Yahoo!
2013-09-06 20:58 - 2010-01-16 22:43 - 00000000 ____D C:\Program Files\IDT
2013-09-06 20:58 - 2010-01-16 21:32 - 00000000 ____D C:\Program Files (x86)\Roxio
2013-09-06 20:58 - 2010-01-16 21:29 - 00000000 ____D C:\Program Files (x86)\Creative
2013-09-06 20:58 - 2010-01-16 21:28 - 00000000 ____D C:\Program Files (x86)\Creative Live! Cam
2013-09-06 20:58 - 2010-01-16 21:26 - 00000000 ____D C:\Program Files (x86)\Microsoft Sync Framework
2013-09-06 20:58 - 2010-01-16 21:25 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2013-09-06 20:58 - 2010-01-16 21:23 - 00000000 ____D C:\Program Files (x86)\Windows Live
2013-09-06 20:58 - 2010-01-16 21:20 - 00000000 ____D C:\Program Files (x86)\CyberLink
2013-09-06 20:58 - 2010-01-16 21:13 - 00000000 ____D C:\Program Files (x86)\Dell Support Center
2013-09-06 20:58 - 2010-01-16 21:04 - 00000000 ____D C:\Program Files (x86)\WildTangent
2013-09-06 20:58 - 2010-01-16 21:04 - 00000000 ____D C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2
2013-09-06 20:58 - 2010-01-16 21:04 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Online
2013-09-06 20:58 - 2010-01-16 21:03 - 00000000 ____D C:\Program Files (x86)\LFLInstall
2013-09-06 20:58 - 2010-01-16 21:02 - 00000000 ____D C:\Program Files (x86)\Dell
2013-09-06 20:58 - 2010-01-16 21:00 - 00000000 ____D C:\Program Files (x86)\Citrix
2013-09-06 20:58 - 2010-01-16 20:59 - 00000000 ____D C:\Program Files (x86)\Microsoft Works
2013-09-06 20:58 - 2010-01-16 20:59 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2013-09-06 20:58 - 2010-01-16 20:57 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-09-06 20:58 - 2010-01-16 20:55 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-09-06 20:58 - 2010-01-16 20:55 - 00000000 ____D C:\Program Files (x86)\ATI Technologies
2013-09-06 20:58 - 2010-01-16 20:54 - 00000000 ____D C:\Program Files (x86)\AMD
2013-09-06 20:58 - 2010-01-16 20:53 - 00000000 ____D C:\Program Files (x86)\Cisco
2013-09-06 20:58 - 2010-01-16 20:51 - 00000000 ____D C:\Program Files\Dell
2013-09-06 20:58 - 2010-01-16 20:49 - 00000000 ____D C:\Program Files\Dell Inc
2013-09-06 20:58 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\DVD Maker
2013-09-06 20:58 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files (x86)\Windows Sidebar
2013-09-06 20:58 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2013-09-06 20:58 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2013-09-06 20:58 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files (x86)\MSBuild
2013-09-06 20:58 - 2009-07-13 22:20 - 00000000 ____D C:\Program Files\Common Files\System
2013-09-06 20:58 - 2009-07-13 22:20 - 00000000 ____D C:\Program Files\Common Files\SpeechEngines
2013-09-06 20:58 - 2009-07-13 22:20 - 00000000 ____D C:\Program Files (x86)\Windows NT
2013-09-06 20:45 - 2013-08-24 11:16 - 00000000 ____D C:\bea62cadfa0e5de266bab85f8e7e02
2013-09-06 20:45 - 2013-08-21 19:57 - 00000000 ____D C:\ProgramData\PCFixSpeed
2013-09-06 20:45 - 2013-08-21 19:57 - 00000000 ____D C:\Program Files (x86)\PCFixSpeed
2013-09-06 20:45 - 2013-08-21 19:57 - 00000000 ____D C:\Program Files (x86)\File Type Helper
2013-09-06 20:45 - 2013-08-21 19:56 - 00000000 ____D C:\Users\Melissa\AppData\Local\DefineExt
2013-09-06 20:45 - 2013-08-21 19:56 - 00000000 ____D C:\Program Files (x86)\RealNetworks
2013-09-06 20:45 - 2013-08-09 18:32 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-09-06 20:44 - 2013-08-21 19:54 - 00000000 ____D C:\Users\Melissa\AppData\Roaming\Real
2013-09-06 20:44 - 2009-07-14 02:44 - 00000000 ___RD C:\Users\Public\Recorded TV
2013-09-06 18:01 - 2013-09-06 18:00 - 00000000 ____D C:\ea99f846286fa47804d32c
2013-09-06 17:12 - 2009-07-13 21:34 - 72613888 _____ C:\Windows\System32\config\SOFTWARE.bak
2013-09-06 17:12 - 2009-07-13 21:34 - 14155776 _____ C:\Windows\System32\config\SYSTEM.bak
2013-09-06 17:12 - 2009-07-13 21:34 - 00524288 _____ C:\Windows\System32\config\DEFAULT.bak
2013-09-06 17:12 - 2009-07-13 21:34 - 00262144 _____ C:\Windows\System32\config\SECURITY.bak
2013-09-06 17:12 - 2009-07-13 21:34 - 00262144 _____ C:\Windows\System32\config\SAM.bak
2013-09-04 21:14 - 2013-09-04 20:44 - 00000000 ____D C:\Users\Melissa\AppData\Local\Avg2014
2013-09-04 21:04 - 2013-09-04 21:04 - 00000000 ____D C:\Users\Melissa\AppData\Roaming\AVG2014
2013-09-04 21:03 - 2013-09-04 21:03 - 00000000 ____D C:\Users\Melissa\AppData\Roaming\TuneUp Software
2013-09-04 21:01 - 2013-09-04 21:01 - 00000000 ____D C:\$AVG
2013-09-04 20:55 - 2013-09-04 20:55 - 00000000 ____D C:\Program Files (x86)\AVG
2013-09-04 20:44 - 2013-09-04 20:44 - 00000000 ____D C:\Users\Melissa\AppData\Local\MFAData
2013-09-04 20:34 - 2013-08-09 18:32 - 00000000 ____D C:\ProgramData\BrowserDefender
2013-09-04 20:30 - 2013-08-21 19:57 - 00000000 ____D C:\Users\Melissa\AppData\Roaming\24x7 Help
2013-09-04 17:42 - 2013-09-04 17:42 - 00000000 ____D C:\Users\Melissa\AppData\Roaming\Malwarebytes
2013-09-04 17:42 - 2013-09-04 17:42 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-04 16:13 - 2011-07-05 15:02 - 00007596 _____ C:\Users\Melissa\AppData\Local\Resmon.ResmonCfg
2013-08-29 21:08 - 2013-08-29 21:08 - 00262144 ____N C:\Windows\Minidump\082913-29187-01.dmp

Files to move or delete:
====================
ZeroAccess:
C:\Program Files (x86)\Google\Desktop\Install

==================== Known DLLs (Whitelisted) ================

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

7
Restore point made on: 2013-09-08 11:38:02
Restore point made on: 2013-09-08 11:39:31
Restore point made on: 2013-09-08 18:31:15
Restore point made on: 2013-09-10 21:15:04
Restore point made on: 2013-09-12 14:40:24
Restore point made on: 2013-09-17 14:56:40
Restore point made on: 2013-09-19 11:54:08

==================== Memory info ===========================

Percentage of memory in use: 14%
Total physical RAM: 4094.39 MB
Available physical RAM: 3498.69 MB
Total Pagefile: 4092.54 MB
Available Pagefile: 3486.31 MB
Total Virtual: 8192 MB
Available Virtual: 8191.88 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:218.2 GB) (Free:149.43 GB) NTFS
Drive e: () (Removable) (Total:7.45 GB) (Free:7.4 GB) FAT32
Drive f: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:8.24 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (ATTENTION: ===> MBR IS INFECTED. Use FixMbr command in Recovery Mode) (Size: 233 GB) (Disk ID: 983F7C98)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=218 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 7 GB) (Disk ID: 00000000)
Partition 1: (Not Active) - (Size=7 GB) - (Type=0B)

LastRegBack: 2013-09-18 17:24

==================== End Of Log ============================



#8 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:39 AM

Posted 27 September 2013 - 04:15 AM

Fix with FRST (Recovery Environment)


  • Open notepad (Start =>All Programs => Accessories => Notepad).
  • Please copy the entire contents of the code box below.
    (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

    C:\Program Files (x86)\Google\Desktop\Install
    
    cmd: bootrec /fixmbr

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Now please enter System Recovery Options again.

  • Run frst.exe (on 64bit, run frst64.exe) and press the Fix button just once and wait.
  • The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

 

 

Now boot into windows and run combofix.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#9 NGreiner90

NGreiner90
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:39 PM

Posted 27 September 2013 - 04:52 PM

Here's Fixlog

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 27-09-2013
Ran by SYSTEM at 2013-09-27 19:21:10 Run:1
Running from E:\
Boot Mode: Recovery
==============================================

Content of fixlist:
*****************
C:\Program Files (x86)\Google\Desktop\Install

cmd: bootrec /fixmbr
*****************

C:\Program Files (x86)\Google\Desktop\Install => Moved successfully.

=========  bootrec /fixmbr =========

??T h e   o p e r a t i o n   c o m p l e t e d   s u c c e s s f u l l y .
 
========= End of CMD: =========

==== End of Fixlog ====

 

and here's the new combofix log

 

ComboFix 13-09-26.03 - Melissa 09/27/2013  19:31:42.9.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.4094.2720 [GMT -4:00]
Running from: c:\users\Melissa\Downloads\ComboFix.exe
AV: AVG AntiVirus 2014 *Disabled/Outdated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG AntiVirus 2014 *Disabled/Outdated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2013-08-27 to 2013-09-27  )))))))))))))))))))))))))))))))
.
.
2013-09-27 23:44 . 2013-09-27 23:44 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2013-09-27 23:44 . 2013-09-27 23:44 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-09-27 02:32 . 2013-09-27 02:32 -------- d-----w- C:\FRST
2013-09-26 15:57 . 2013-09-26 15:57 92376 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2013-09-19 00:07 . 2013-09-19 00:07 -------- d-----w- c:\program files (x86)\Google
2013-09-11 02:21 . 2013-08-10 05:20 15404544 ----a-w- c:\windows\system32\ieframe.dll
2013-09-11 02:21 . 2013-08-10 05:21 19246592 ----a-w- c:\windows\system32\mshtml.dll
2013-09-08 22:45 . 2013-07-09 05:51 1217024 ----a-w- c:\windows\system32\rpcrt4.dll
2013-09-08 22:45 . 2013-07-09 04:52 663552 ----a-w- c:\windows\SysWow64\rpcrt4.dll
2013-09-08 16:40 . 2013-09-08 16:40 -------- d-----w- c:\program files (x86)\Common Files\Java
2013-09-08 16:40 . 2013-09-08 16:39 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-09-08 16:40 . 2013-09-08 16:39 867240 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-09-08 16:40 . 2013-09-08 16:39 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-09-08 02:48 . 2013-04-17 06:24 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2013-09-08 02:48 . 2013-04-17 07:02 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2013-09-08 02:41 . 2013-05-27 05:50 1011712 ----a-w- c:\program files\Windows Defender\MpSvc.dll
2013-09-08 02:41 . 2013-05-27 05:50 571904 ----a-w- c:\program files\Windows Defender\MpClient.dll
2013-09-08 02:41 . 2013-05-27 05:50 314880 ----a-w- c:\program files\Windows Defender\MpCommu.dll
2013-09-08 02:41 . 2013-05-27 04:57 4608 ----a-w- c:\program files (x86)\Windows Defender\MsMpLics.dll
2013-09-08 02:41 . 2013-05-27 04:57 54784 ----a-w- c:\program files (x86)\Windows Defender\MpOAV.dll
2013-09-08 02:41 . 2013-05-27 04:57 392704 ----a-w- c:\program files (x86)\Windows Defender\MpClient.dll
2013-09-08 02:41 . 2013-05-27 03:15 9216 ----a-w- c:\program files (x86)\Windows Defender\MpAsDesc.dll
2013-09-08 02:41 . 2013-06-04 06:00 624128 ----a-w- c:\windows\system32\qedit.dll
2013-09-08 02:41 . 2013-06-04 04:53 509440 ----a-w- c:\windows\SysWow64\qedit.dll
2013-09-08 02:41 . 2013-06-15 04:32 39936 ----a-w- c:\windows\system32\drivers\tssecsrv.sys
2013-09-08 02:31 . 2013-04-10 05:48 1732608 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2013-09-08 02:31 . 2013-04-10 05:46 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2013-09-08 02:31 . 2013-04-10 05:46 1393152 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2013-09-08 02:31 . 2013-04-10 05:46 1367040 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2013-09-08 02:31 . 2013-04-10 05:03 936448 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2013-09-08 02:28 . 2013-07-06 06:03 1910208 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-09-08 01:41 . 2013-07-09 05:52 224256 ----a-w- c:\windows\system32\wintrust.dll
2013-09-08 01:41 . 2013-07-09 05:46 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2013-09-08 01:41 . 2013-07-09 05:46 1472512 ----a-w- c:\windows\system32\crypt32.dll
2013-09-08 01:41 . 2013-07-09 05:46 139776 ----a-w- c:\windows\system32\cryptnet.dll
2013-09-08 01:41 . 2013-07-09 04:52 175104 ----a-w- c:\windows\SysWow64\wintrust.dll
2013-09-08 01:41 . 2013-07-09 04:46 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2013-09-08 01:41 . 2013-07-09 04:46 1166848 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-09-08 01:41 . 2013-07-09 04:46 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2013-09-08 01:39 . 2013-07-25 08:57 1620992 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
2013-09-08 01:39 . 2013-07-19 01:58 2048 ----a-w- c:\windows\system32\tzres.dll
2013-09-08 01:39 . 2013-07-19 01:41 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2013-09-08 01:34 . 2013-04-09 23:34 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll
2013-09-08 01:34 . 2013-04-02 22:51 1643520 ----a-w- c:\windows\system32\DWrite.dll
2013-09-07 01:22 . 2013-07-02 08:34 9460976 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5F236457-5A33-4743-BCAA-184B9C73F25C}\mpengine.dll
2013-09-06 23:01 . 2013-09-06 23:01 -------- d-----w- C:\TEMP
2013-09-06 23:00 . 2013-09-06 23:01 -------- d-----w- C:\ea99f846286fa47804d32c
2013-09-05 02:04 . 2013-09-05 02:04 -------- d-----w- c:\users\Melissa\AppData\Roaming\AVG2014
2013-09-05 02:03 . 2013-09-05 02:03 -------- d-----w- c:\users\Melissa\AppData\Roaming\TuneUp Software
2013-09-05 02:01 . 2013-09-08 01:35 -------- d-----w- c:\programdata\AVG2014
2013-09-05 02:01 . 2013-09-05 02:01 -------- d-----w- C:\$AVG
2013-09-05 01:55 . 2013-09-08 01:38 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\Avg2014
2013-09-05 01:55 . 2013-09-05 01:55 -------- d-----w- c:\program files (x86)\AVG
2013-09-05 01:44 . 2013-09-27 23:28 -------- d-----w- c:\programdata\MFAData
2013-09-05 01:44 . 2013-09-05 02:14 -------- d-----w- c:\users\Melissa\AppData\Local\Avg2014
2013-09-05 01:44 . 2013-09-05 01:44 -------- d--h--w- c:\programdata\Common Files
2013-09-05 01:44 . 2013-09-05 01:44 -------- d-----w- c:\users\Melissa\AppData\Local\MFAData
2013-09-04 22:42 . 2013-09-04 22:42 -------- d-----w- c:\users\Melissa\AppData\Roaming\Malwarebytes
2013-09-04 22:42 . 2013-09-04 22:42 -------- d-----w- c:\programdata\Malwarebytes
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-23 03:25 . 2013-08-23 03:25 212280 ----a-w- c:\windows\system32\drivers\avgldx64.sys
2013-08-23 03:08 . 2013-08-23 03:08 294712 ----a-w- c:\windows\system32\drivers\avgloga.sys
2013-08-23 02:55 . 2013-08-23 02:55 241464 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys
2013-08-23 02:54 . 2013-08-23 02:54 192824 ----a-w- c:\windows\system32\drivers\avgidsha.sys
2013-08-21 02:53 . 2013-08-21 02:53 123704 ----a-w- c:\windows\system32\drivers\avgmfx64.sys
2013-08-02 01:48 . 2013-09-11 00:34 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-08-01 20:07 . 2013-08-01 20:07 251192 ----a-w- c:\windows\system32\drivers\avgtdia.sys
2013-08-01 20:06 . 2013-08-01 20:06 147768 ----a-w- c:\windows\system32\drivers\avgdiska.sys
2013-08-01 20:04 . 2013-08-01 20:04 31544 ----a-w- c:\windows\system32\drivers\avgrkx64.sys
2013-07-25 09:25 . 2013-08-18 21:13 1888768 ----a-w- c:\windows\system32\WMVDECOD.DLL
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{1dad3af3-ef2f-4f64-ac4b-11789189fcb6}]
2013-07-23 06:46 1451680 ----a-w- c:\program files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-03-02 421160]
"dellsupportcenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"AVG_UI"="c:\program files (x86)\AVG\AVG2014\avgui.exe" [2013-08-26 4851248]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe" [2010-07-21 165184]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SPReview"="c:\windows\System32\SPReview\SPReview.exe" [BU]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe /firstrun [2009-9-21 1316192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.2.241.0\BBSvc.exe;c:\program files (x86)\Microsoft\BingBar\7.2.241.0\BBSvc.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys;c:\windows\SYSNATIVE\drivers\mbamchameleon.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 Avgdiska;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiska.sys;c:\windows\SYSNATIVE\DRIVERS\avgdiska.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMDFusionSVC;AMD Fusion Utility Service;c:\program files (x86)\AMD\Fusion Utility for Mobility\FusionSVC.exe;c:\program files (x86)\AMD\Fusion Utility for Mobility\FusionSVC.exe [x]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe [x]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe [x]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe;c:\program files\Dell\DellDock\DockLogin.exe [x]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.exe;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.exe [x]
S2 sprtsvc_DellComms;SupportSoft Sprocket Service (DellComms);c:\program files (x86)\Dell\DellComms\bin\sprtsvc.exe;c:\program files (x86)\Dell\DellComms\bin\sprtsvc.exe [x]
S3 AmdLLD64;AMD Low Level Device Driver;c:\windows\system32\DRIVERS\AmdLLD64.sys;c:\windows\SYSNATIVE\DRIVERS\AmdLLD64.sys [x]
S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.2.241.0\SeaPort.exe;c:\program files (x86)\Microsoft\BingBar\7.2.241.0\SeaPort.exe [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys;c:\windows\SYSNATIVE\DRIVERS\MpNWMon.sys [x]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
S3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
.
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-01-23 305664]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-06-29 444416]
"Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4968960]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 208.67.222.222 208.67.220.220 68.94.156.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-09-27  19:48:08
ComboFix-quarantined-files.txt  2013-09-27 23:48
ComboFix2.txt  2013-09-19 19:12
ComboFix3.txt  2013-09-19 17:57
ComboFix4.txt  2013-09-19 17:27
ComboFix5.txt  2013-09-27 23:27
.
Pre-Run: 160,359,837,696 bytes free
Post-Run: 160,256,925,696 bytes free
.
- - End Of File - - 922B5512D38F423E3CA0197F516A005A
CDB4DE4BBD714F152979DA2DCBEF57EB
 



#10 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:39 AM

Posted 28 September 2013 - 11:51 AM

Full System Scan with Malwarebytes Antimalware

  • If not existing, please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.


If the program is already installed:
  • Run Malwarebytes Antimalware
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform fullscan, place a checkmark on all hard drives, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location.
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Post that log back here.

 

 

 

 

Scan with ESET Online Scan

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#11 NGreiner90

NGreiner90
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:39 PM

Posted 28 September 2013 - 09:48 PM

Here's the malwarebytes log

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.09.28.09

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16686
Melissa :: MELISSAHYRE [administrator]

9/28/2013 4:07:11 PM
mbam-log-2013-09-28 (16-07-11).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 411336
Time elapsed: 1 hour(s), 43 minute(s), 54 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GOOGLEUPDATE.EXE (Trojan.Agent.EDAP) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 1
c:\windows\temp\cookies (Backdoor.Agent) -> Delete on reboot.

Files Detected: 23
C:\Qoobox\Quarantine\C\Program Files (x86)\Google\Desktop\Install\{22d0fbac-ef25-3a6a-fdd3-fdf005509cde}\9519~1\A535~1\E628~1\{22d0fbac-ef25-3a6a-fdd3-fdf005509cde}\GoogleUpdate.exe.vir (Trojan.Agent.EDAP) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Program Files (x86)\Google\Desktop\Install\{22d0fbac-ef25-3a6a-fdd3-fdf005509cde}\9519~1\A535~1\E628~1\{22d0fbac-ef25-3a6a-fdd3-fdf005509cde}\U\000000cb.@.vir (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Desktop\Install\{22d0fbac-ef25-3a6a-fdd3-fdf005509cde}\❤≸⋙\Ⱒ☠⍨\‮ﯹ๛\{22d0fbac-ef25-3a6a-fdd3-fdf005509cde}\GoogleUpdate.exe (Trojan.Agent.EDAP) -> Quarantined and deleted successfully.
c:\windows\temp\clientbar.exe (Trojan.Agent) -> Delete on reboot.
c:\windows\temp\minihook.dll (Trojan.Agent) -> Delete on reboot.
c:\windows\temp\windowsnw.exe (Trojan.Agent) -> Delete on reboot.
c:\windows\temp\history\firefox.ex (Backdoor.Zapchast) -> Delete on reboot.
c:\windows\temp\kdata (Malware.Trace) -> Delete on reboot.
c:\windows\temp\history\firefox.exe (Trojan.Downloader) -> Delete on reboot.
c:\windows\temp\managee.exe (Trojan.Agent) -> Delete on reboot.
c:\windows\temp\cookies\venton.exe (Backdoor.Agent) -> Delete on reboot.
c:\windows\temp\temporary\makeout.exe (Trojan.Agent) -> Delete on reboot.
c:\windows\temp\as.exe (Trojan.Agent) -> Delete on reboot.
c:\windows\temp\_ex-68.exe (Trojan.Agent) -> Delete on reboot.
c:\windows\temp\system32.exe (Backdoor.Agent) -> Delete on reboot.
c:\windows\temp\volume.exe (Backdoor.Agent) -> Delete on reboot.
c:\windows\temp\xregist.exe (Trojan.Agent) -> Delete on reboot.
c:\windows\temp\explorer.exe-min (Trojan.Agent) -> Delete on reboot.
c:\windows\temp\internt.exe (Trojan.Agent) -> Delete on reboot.
c:\windows\temp\adobe_update.exe (Trojan.Agent) -> Delete on reboot.
c:\windows\temp\loadqq.exe (Trojan.ChinAd) -> Delete on reboot.
c:\windows\temp\udpmon.txt (Backdoor.Trace) -> Delete on reboot.
c:\windows\temp\ahnlab.exe (Trojan.Banker) -> Delete on reboot.

(end)

 

and here's the ESET log

 

C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe a variant of Win32/HiddenStart.A application
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A application
C:\Program Files (x86)\GamingWonderland\bar\1.bin\AppIntegrator64.exe Win64/Toolbar.MyWebSearch.A application
C:\Qoobox\Quarantine\C\Program Files (x86)\Google\Desktop\Install\{22d0fbac-ef25-3a6a-fdd3-fdf005509cde}\9519~1\A535~1\E628~1\{22d0fbac-ef25-3a6a-fdd3-fdf005509cde}\U\00000004.@.vir Win64/Conedex.C trojan
C:\Qoobox\Quarantine\C\Program Files (x86)\Google\Desktop\Install\{22d0fbac-ef25-3a6a-fdd3-fdf005509cde}\9519~1\A535~1\E628~1\{22d0fbac-ef25-3a6a-fdd3-fdf005509cde}\U\00000008.@.vir Win64/Conedex.I trojan
C:\Qoobox\Quarantine\C\Program Files (x86)\Google\Desktop\Install\{22d0fbac-ef25-3a6a-fdd3-fdf005509cde}\9519~1\A535~1\E628~1\{22d0fbac-ef25-3a6a-fdd3-fdf005509cde}\U\80000000.@.vir a variant of Win64/Sirefef.AW trojan
C:\Qoobox\Quarantine\C\Program Files (x86)\Google\Desktop\Install\{22d0fbac-ef25-3a6a-fdd3-fdf005509cde}\9519~1\A535~1\E628~1\{22d0fbac-ef25-3a6a-fdd3-fdf005509cde}\U\80000032.@.vir probably a variant of Win32/Sirefef.FV trojan
C:\Qoobox\Quarantine\C\Program Files (x86)\Google\Desktop\Install\{22d0fbac-ef25-3a6a-fdd3-fdf005509cde}\9519~1\A535~1\E628~1\{22d0fbac-ef25-3a6a-fdd3-fdf005509cde}\U\80000064.@.vir a variant of Win64/Sirefef.AZ trojan
C:\Users\Melissa\Desktop\MBR.dat Win32/Olmarik.AYX trojan
 



#12 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:39 AM

Posted 30 September 2013 - 12:35 AM

OK, one last script to run. In this special case (your system was badly infected), I´ll want you to run MBAM and ESET again to ensure no more malware is present.

 

 

Combofix scripting

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Download the attached CFScript.txt and save it to the location where Combofix is.


CFScriptB-4.gif


Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

 

 

 

Full System Scan with Malwarebytes Antimalware

  • If not existing, please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.


If the program is already installed:
  • Run Malwarebytes Antimalware
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform fullscan, place a checkmark on all hard drives, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location.
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Post that log back here.

 

 

 

Scan with ESET Online Scan

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.

 

 

 

Scan with aswMBR

Please download aswMBR ( 4.5MB ) to your desktop.

  • Double click the aswMBR.exe icon, and click Run.
  • There will be a short delay before the next dialog box comes up. Please just wait a minute or two.
  • When asked if you'd like to "download the latest Avast! virus definitions", click Yes.
  • Typically this is about a 100MB download so depending on your connection speed it can take a short while to download and become ready.
  • Click the Scan button to start the scan once the update has finished downloading
  • On completion of the scan, click the save log button, save it to your desktop, then copy and paste it in your next reply.

Note: There will also be a file on your desktop named MBR.dat do not delete this for now. It is an actual backup of the MBR (master boot record).

 

 

 

Scan with Farbar´s Service Scanner

Please download Farbar Service Scanner and run it on the computer with the issue.

  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender

  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

Attached Files


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#13 NGreiner90

NGreiner90
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:39 PM

Posted 30 September 2013 - 07:10 PM

Here's combofix.txt

 

ComboFix 13-09-30.02 - Melissa 09/30/2013  14:21:47.10.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.4094.2578 [GMT -4:00]
Running from: c:\users\Melissa\Downloads\ComboFix.exe
Command switches used :: c:\users\Melissa\Downloads\CFScript.txt
AV: AVG AntiVirus 2014 *Disabled/Outdated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG AntiVirus 2014 *Disabled/Outdated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\PFRO.log
.
.
(((((((((((((((((((((((((   Files Created from 2013-08-28 to 2013-09-30  )))))))))))))))))))))))))))))))
.
.
2013-09-30 18:34 . 2013-09-30 18:34 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2013-09-30 18:34 . 2013-09-30 18:34 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-09-29 02:51 . 2013-09-29 02:51 -------- d-----w- c:\program files (x86)\ESET
2013-09-28 20:05 . 2013-09-28 20:05 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-09-28 20:05 . 2013-04-04 18:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-09-27 02:32 . 2013-09-27 02:32 -------- d-----w- C:\FRST
2013-09-26 15:57 . 2013-09-26 15:57 92376 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2013-09-19 00:07 . 2013-09-19 00:07 -------- d-----w- c:\program files (x86)\Google
2013-09-11 02:21 . 2013-08-10 05:20 15404544 ----a-w- c:\windows\system32\ieframe.dll
2013-09-11 02:21 . 2013-08-10 05:21 19246592 ----a-w- c:\windows\system32\mshtml.dll
2013-09-08 22:45 . 2013-07-09 05:51 1217024 ----a-w- c:\windows\system32\rpcrt4.dll
2013-09-08 22:45 . 2013-07-09 04:52 663552 ----a-w- c:\windows\SysWow64\rpcrt4.dll
2013-09-08 16:40 . 2013-09-08 16:40 -------- d-----w- c:\program files (x86)\Common Files\Java
2013-09-08 16:40 . 2013-09-08 16:39 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-09-08 16:40 . 2013-09-08 16:39 867240 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-09-08 16:40 . 2013-09-08 16:39 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-09-08 02:48 . 2013-04-17 06:24 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2013-09-08 02:48 . 2013-04-17 07:02 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2013-09-08 02:41 . 2013-05-27 05:50 1011712 ----a-w- c:\program files\Windows Defender\MpSvc.dll
2013-09-08 02:41 . 2013-05-27 05:50 571904 ----a-w- c:\program files\Windows Defender\MpClient.dll
2013-09-08 02:41 . 2013-05-27 05:50 314880 ----a-w- c:\program files\Windows Defender\MpCommu.dll
2013-09-08 02:41 . 2013-05-27 04:57 4608 ----a-w- c:\program files (x86)\Windows Defender\MsMpLics.dll
2013-09-08 02:41 . 2013-05-27 04:57 54784 ----a-w- c:\program files (x86)\Windows Defender\MpOAV.dll
2013-09-08 02:41 . 2013-05-27 04:57 392704 ----a-w- c:\program files (x86)\Windows Defender\MpClient.dll
2013-09-08 02:41 . 2013-05-27 03:15 9216 ----a-w- c:\program files (x86)\Windows Defender\MpAsDesc.dll
2013-09-08 02:41 . 2013-06-04 06:00 624128 ----a-w- c:\windows\system32\qedit.dll
2013-09-08 02:41 . 2013-06-04 04:53 509440 ----a-w- c:\windows\SysWow64\qedit.dll
2013-09-08 02:41 . 2013-06-15 04:32 39936 ----a-w- c:\windows\system32\drivers\tssecsrv.sys
2013-09-08 02:31 . 2013-04-10 05:48 1732608 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2013-09-08 02:31 . 2013-04-10 05:46 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2013-09-08 02:31 . 2013-04-10 05:46 1393152 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2013-09-08 02:31 . 2013-04-10 05:46 1367040 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2013-09-08 02:31 . 2013-04-10 05:03 936448 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2013-09-08 02:28 . 2013-07-06 06:03 1910208 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-09-08 01:41 . 2013-07-09 05:52 224256 ----a-w- c:\windows\system32\wintrust.dll
2013-09-08 01:41 . 2013-07-09 05:46 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2013-09-08 01:41 . 2013-07-09 05:46 1472512 ----a-w- c:\windows\system32\crypt32.dll
2013-09-08 01:41 . 2013-07-09 05:46 139776 ----a-w- c:\windows\system32\cryptnet.dll
2013-09-08 01:41 . 2013-07-09 04:52 175104 ----a-w- c:\windows\SysWow64\wintrust.dll
2013-09-08 01:41 . 2013-07-09 04:46 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2013-09-08 01:41 . 2013-07-09 04:46 1166848 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-09-08 01:41 . 2013-07-09 04:46 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2013-09-08 01:39 . 2013-07-25 08:57 1620992 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
2013-09-08 01:39 . 2013-07-19 01:58 2048 ----a-w- c:\windows\system32\tzres.dll
2013-09-08 01:39 . 2013-07-19 01:41 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2013-09-08 01:34 . 2013-04-09 23:34 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll
2013-09-08 01:34 . 2013-04-02 22:51 1643520 ----a-w- c:\windows\system32\DWrite.dll
2013-09-07 01:22 . 2013-07-02 08:34 9460976 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5F236457-5A33-4743-BCAA-184B9C73F25C}\mpengine.dll
2013-09-06 23:01 . 2013-09-06 23:01 -------- d-----w- C:\TEMP
2013-09-06 23:00 . 2013-09-06 23:01 -------- d-----w- C:\ea99f846286fa47804d32c
2013-09-05 02:04 . 2013-09-05 02:04 -------- d-----w- c:\users\Melissa\AppData\Roaming\AVG2014
2013-09-05 02:03 . 2013-09-05 02:03 -------- d-----w- c:\users\Melissa\AppData\Roaming\TuneUp Software
2013-09-05 02:01 . 2013-09-08 01:35 -------- d-----w- c:\programdata\AVG2014
2013-09-05 02:01 . 2013-09-05 02:01 -------- d-----w- C:\$AVG
2013-09-05 01:55 . 2013-09-08 01:38 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\Avg2014
2013-09-05 01:55 . 2013-09-05 01:55 -------- d-----w- c:\program files (x86)\AVG
2013-09-05 01:44 . 2013-09-30 18:11 -------- d-----w- c:\programdata\MFAData
2013-09-05 01:44 . 2013-09-05 02:14 -------- d-----w- c:\users\Melissa\AppData\Local\Avg2014
2013-09-05 01:44 . 2013-09-05 01:44 -------- d--h--w- c:\programdata\Common Files
2013-09-05 01:44 . 2013-09-05 01:44 -------- d-----w- c:\users\Melissa\AppData\Local\MFAData
2013-09-04 22:42 . 2013-09-04 22:42 -------- d-----w- c:\users\Melissa\AppData\Roaming\Malwarebytes
2013-09-04 22:42 . 2013-09-04 22:42 -------- d-----w- c:\programdata\Malwarebytes
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-23 03:25 . 2013-08-23 03:25 212280 ----a-w- c:\windows\system32\drivers\avgldx64.sys
2013-08-23 03:08 . 2013-08-23 03:08 294712 ----a-w- c:\windows\system32\drivers\avgloga.sys
2013-08-23 02:55 . 2013-08-23 02:55 241464 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys
2013-08-23 02:54 . 2013-08-23 02:54 192824 ----a-w- c:\windows\system32\drivers\avgidsha.sys
2013-08-21 02:53 . 2013-08-21 02:53 123704 ----a-w- c:\windows\system32\drivers\avgmfx64.sys
2013-08-02 01:48 . 2013-09-11 00:34 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-08-01 20:07 . 2013-08-01 20:07 251192 ----a-w- c:\windows\system32\drivers\avgtdia.sys
2013-08-01 20:06 . 2013-08-01 20:06 147768 ----a-w- c:\windows\system32\drivers\avgdiska.sys
2013-08-01 20:04 . 2013-08-01 20:04 31544 ----a-w- c:\windows\system32\drivers\avgrkx64.sys
2013-07-25 09:25 . 2013-08-18 21:13 1888768 ----a-w- c:\windows\system32\WMVDECOD.DLL
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{1dad3af3-ef2f-4f64-ac4b-11789189fcb6}]
2013-07-23 06:46 1451680 ----a-w- c:\program files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-03-02 421160]
"dellsupportcenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"AVG_UI"="c:\program files (x86)\AVG\AVG2014\avgui.exe" [2013-08-26 4851248]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe" [2010-07-21 165184]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SPReview"="c:\windows\System32\SPReview\SPReview.exe" [BU]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe /firstrun [2009-9-21 1316192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.2.241.0\BBSvc.exe;c:\program files (x86)\Microsoft\BingBar\7.2.241.0\BBSvc.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys;c:\windows\SYSNATIVE\drivers\mbamchameleon.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 Avgdiska;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiska.sys;c:\windows\SYSNATIVE\DRIVERS\avgdiska.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMDFusionSVC;AMD Fusion Utility Service;c:\program files (x86)\AMD\Fusion Utility for Mobility\FusionSVC.exe;c:\program files (x86)\AMD\Fusion Utility for Mobility\FusionSVC.exe [x]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe [x]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe [x]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe;c:\program files\Dell\DellDock\DockLogin.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.exe;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.exe [x]
S2 sprtsvc_DellComms;SupportSoft Sprocket Service (DellComms);c:\program files (x86)\Dell\DellComms\bin\sprtsvc.exe;c:\program files (x86)\Dell\DellComms\bin\sprtsvc.exe [x]
S3 AmdLLD64;AMD Low Level Device Driver;c:\windows\system32\DRIVERS\AmdLLD64.sys;c:\windows\SYSNATIVE\DRIVERS\AmdLLD64.sys [x]
S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.2.241.0\SeaPort.exe;c:\program files (x86)\Microsoft\BingBar\7.2.241.0\SeaPort.exe [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys;c:\windows\SYSNATIVE\DRIVERS\MpNWMon.sys [x]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
S3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMPROTECTOR
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-01-23 305664]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-06-29 444416]
"Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4968960]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.yahoo.com/?ilc=79
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 208.67.222.222 208.67.220.220 68.94.156.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-09-30  14:37:21
ComboFix-quarantined-files.txt  2013-09-30 18:37
ComboFix2.txt  2013-09-27 23:48
ComboFix3.txt  2013-09-19 19:12
ComboFix4.txt  2013-09-19 17:57
ComboFix5.txt  2013-09-30 18:18
.
Pre-Run: 163,337,863,168 bytes free
Post-Run: 163,182,841,856 bytes free
.
- - End Of File - - 4B1A6FD0F0DBF3DD2545F446D97BFDE2
CDB4DE4BBD714F152979DA2DCBEF57EB

 

mbam-log

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.09.28.09

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16686
Melissa :: MELISSAHYRE [administrator]

9/30/2013 2:40:15 PM
mbam-log-2013-09-30 (14-40-15).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 410231
Time elapsed: 1 hour(s), 36 minute(s), 57 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 1
c:\windows\temp\cookies (Backdoor.Agent) -> Delete on reboot.

Files Detected: 20
c:\windows\temp\clientbar.exe (Trojan.Agent) -> Delete on reboot.
c:\windows\temp\minihook.dll (Trojan.Agent) -> Delete on reboot.
c:\windows\temp\windowsnw.exe (Trojan.Agent) -> Delete on reboot.
c:\windows\temp\history\firefox.ex (Backdoor.Zapchast) -> Delete on reboot.
c:\windows\temp\kdata (Malware.Trace) -> Delete on reboot.
c:\windows\temp\history\firefox.exe (Trojan.Downloader) -> Delete on reboot.
c:\windows\temp\managee.exe (Trojan.Agent) -> Delete on reboot.
c:\windows\temp\cookies\venton.exe (Backdoor.Agent) -> Delete on reboot.
c:\windows\temp\temporary\makeout.exe (Trojan.Agent) -> Delete on reboot.
c:\windows\temp\as.exe (Trojan.Agent) -> Delete on reboot.
c:\windows\temp\_ex-68.exe (Trojan.Agent) -> Delete on reboot.
c:\windows\temp\system32.exe (Backdoor.Agent) -> Delete on reboot.
c:\windows\temp\volume.exe (Backdoor.Agent) -> Delete on reboot.
c:\windows\temp\xregist.exe (Trojan.Agent) -> Delete on reboot.
c:\windows\temp\explorer.exe-min (Trojan.Agent) -> Delete on reboot.
c:\windows\temp\internt.exe (Trojan.Agent) -> Delete on reboot.
c:\windows\temp\adobe_update.exe (Trojan.Agent) -> Delete on reboot.
c:\windows\temp\loadqq.exe (Trojan.ChinAd) -> Delete on reboot.
c:\windows\temp\udpmon.txt (Backdoor.Trace) -> Delete on reboot.
c:\windows\temp\ahnlab.exe (Trojan.Banker) -> Delete on reboot.

(end)

 

eset log

 

C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe a variant of Win32/HiddenStart.A application
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A application
C:\Program Files (x86)\GamingWonderland\bar\1.bin\AppIntegrator64.exe Win64/Toolbar.MyWebSearch.A application
C:\Qoobox\Quarantine\C\Program Files (x86)\Google\Desktop\Install\{22d0fbac-ef25-3a6a-fdd3-fdf005509cde}\9519~1\A535~1\E628~1\{22d0fbac-ef25-3a6a-fdd3-fdf005509cde}\U\00000004.@.vir Win64/Conedex.C trojan
C:\Qoobox\Quarantine\C\Program Files (x86)\Google\Desktop\Install\{22d0fbac-ef25-3a6a-fdd3-fdf005509cde}\9519~1\A535~1\E628~1\{22d0fbac-ef25-3a6a-fdd3-fdf005509cde}\U\00000008.@.vir Win64/Conedex.I trojan
C:\Qoobox\Quarantine\C\Program Files (x86)\Google\Desktop\Install\{22d0fbac-ef25-3a6a-fdd3-fdf005509cde}\9519~1\A535~1\E628~1\{22d0fbac-ef25-3a6a-fdd3-fdf005509cde}\U\80000000.@.vir a variant of Win64/Sirefef.AW trojan
C:\Qoobox\Quarantine\C\Program Files (x86)\Google\Desktop\Install\{22d0fbac-ef25-3a6a-fdd3-fdf005509cde}\9519~1\A535~1\E628~1\{22d0fbac-ef25-3a6a-fdd3-fdf005509cde}\U\80000032.@.vir probably a variant of Win32/Sirefef.FV trojan
C:\Qoobox\Quarantine\C\Program Files (x86)\Google\Desktop\Install\{22d0fbac-ef25-3a6a-fdd3-fdf005509cde}\9519~1\A535~1\E628~1\{22d0fbac-ef25-3a6a-fdd3-fdf005509cde}\U\80000064.@.vir a variant of Win64/Sirefef.AZ trojan
C:\Users\Melissa\Desktop\MBR.dat Win32/Olmarik.AYX Trojan

 

aswMBR

 

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-09-25 13:31:15
-----------------------------
13:31:15.067    OS Version: Windows x64 6.1.7601 Service Pack 1
13:31:15.067    Number of processors: 2 586 0x301
13:31:15.067    ComputerName: MELISSAHYRE  UserName: Melissa
13:31:15.987    Initialize success
13:42:40.870    AVAST engine defs: 13092500
13:43:13.918    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
13:43:13.933    Disk 0 Vendor: ST9250315AS 0003DEM1 Size: 238475MB BusType: 3
13:43:13.933    Device \Driver\atapi -> MajorFunction fffffa8004c7d0a8
13:43:13.996    Disk 0 MBR read successfully
13:43:14.011    Disk 0 MBR scan
13:43:14.043    Disk 0 MBR:Olmarik-A [Rtk]
13:43:14.043    Disk 0 MBR:Olmarik-A [Rtk]@MBR code has been found
13:43:14.043    Disk 0 MBR hidden
13:43:14.043    Disk 0 Partition 1 00     DE Dell Utility Dell 8.0       39 MB offset 63
13:43:14.074    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS        15000 MB offset 81920
13:43:14.089    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       223434 MB offset 30801920
13:43:14.121    Disk 0 MBR [MBR:Olmarik-A [Rtk]]  **ROOTKIT**
13:43:14.136    Scan finished successfully
13:43:35.131    Disk 0 MBR has been saved successfully to "C:\Users\Melissa\Desktop\MBR.dat"
13:43:35.147    The log file has been saved successfully to "C:\Users\Melissa\Desktop\aswMBR.txt"

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-09-30 19:23:01
-----------------------------
19:23:01.588    OS Version: Windows x64 6.1.7601 Service Pack 1
19:23:01.588    Number of processors: 2 586 0x301
19:23:01.588    ComputerName: MELISSAHYRE  UserName: Melissa
19:23:13.818    Initialize success
19:30:20.910    AVAST engine defs: 13093001
19:33:39.424    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
19:33:39.439    Disk 0 Vendor: ST9250315AS 0003DEM1 Size: 238475MB BusType: 3
19:33:39.595    Disk 0 MBR read successfully
19:33:39.595    Disk 0 MBR scan
19:33:39.611    Disk 0 Windows 7 default MBR code
19:33:39.611    Disk 0 Partition 1 00     DE Dell Utility Dell 8.0       39 MB offset 63
19:33:39.642    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS        15000 MB offset 81920
19:33:39.658    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       223434 MB offset 30801920
19:33:39.834    Disk 0 scanning C:\Windows\system32\drivers
19:33:57.159    Service scanning
19:34:37.981    Modules scanning
19:34:38.012    Disk 0 trace - called modules:
19:34:38.043    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
19:34:38.589    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004897410]
19:34:38.605    3 CLASSPNP.SYS[fffff8800185343f] -> nt!IofCallDriver -> [0xfffffa8004748520]
19:34:38.621    5 ACPI.sys[fffff88000fb37a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800474a060]
19:34:47.611    AVAST engine scan C:\Windows
19:34:53.226    AVAST engine scan C:\Windows\system32
19:40:12.723    AVAST engine scan C:\Windows\system32\drivers
19:40:39.764    AVAST engine scan C:\Users\Melissa
19:53:53.460    AVAST engine scan C:\ProgramData
19:57:14.186    Scan finished successfully
19:58:57.239    Disk 0 MBR has been saved successfully to "C:\Users\Melissa\Desktop\MBR.dat"
19:58:57.255    The log file has been saved successfully to "C:\Users\Melissa\Desktop\aswMBR.txt"

 

and fss

 

Farbar Service Scanner Version: 13-09-2013
Ran by Melissa (administrator) on 30-09-2013 at 20:00:17
Running from "C:\Users\Melissa\Downloads"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Disabled Policy:
========================

Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.

Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1

Other Services:
==============
Checking ServiceDll of RemoteAccess: ATTENTION!=====> Unable to open RemoteAccess registry key. The service key does not exist.

 

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****


 



#14 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:39 AM

Posted 01 October 2013 - 01:35 AM

Please delete the whole content of c:\windows\temp.

 

Then download and save the file linked below to your desktop:

 

http://download.bleepingcomputer.com/win-services/7/RemoteAccess.reg

 

Run the file by double click and follow the instructions to merge the information into your registry.

 

when finished, reboot and get a new fss log.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#15 NGreiner90

NGreiner90
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:39 PM

Posted 01 October 2013 - 10:12 AM

Here's the new FSS log

 

Farbar Service Scanner Version: 13-09-2013
Ran by Melissa (administrator) on 01-10-2013 at 11:10:28
Running from "C:\Users\Melissa\Downloads"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Disabled Policy:
========================

Action Center:
============

Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.

Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1

Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users