Jump to content

J4211

Members
 View Profile  See their activity

  • Posts

    2

  • Joined

  • Last visited

 Content Type 

Posts posted by J4211

    Trojan horse Patched_c.LXT

    in Resolved Malware Removal Logs

    Posted

    Hi, I'm sorry I was unable to respond for the last few days. I have decided on doing a clean install of my pc. All of my files are backed up, and I was wondering what would be the best way to restore my pc. I have an HP recovery drive, but I don't know how to use it or if the virus is able to corrupt it in any way. I really appreciate any advice that you can give.

    Trojan horse Patched_c.LXT

    in Resolved Malware Removal Logs

    Posted

    Earlier my AVG popped up with:

    "Threat Detected!"

    File Name: c:\Windows\System32\services.exe

    Threat Name: Trojan Horse Patched_c.LXT

    Detected on Open

    Now I get multiple threats that keep building:

    Trojan horse Patched_c.LXT in C:\Windows\System32\services.exe.

    Process name: C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccsvchst.exe

    Process ID: 2100

    Detected on open.

    After scanning with AVG I recieved this:

    "";"C:\Windows\System32\services.exe";"Trojan horse Patched_c.LXT";"Object is white-listed (critical/system file that should not be removed)"

    "";"C:\Program Files (x86)\Mozilla Firefox\firefox.exe (4616):\memory_01160000";"Found Luhe.Sirefef.A";"Object is inaccessible."

    "";"C:\Program Files (x86)\Mozilla Firefox\firefox.exe (4616)";"Found Luhe.Sirefef.A";""

    I then ran a DDS log here:

    .

    DDS (Ver_2011-08-26.01) - NTFSAMD64

    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1

    Run by Justin at 12:01:08 on 2012-07-26

    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.6051.3174 [GMT -6:00]

    .

    AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

    AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

    SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

    FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

    .

    ============== Running Processes ===============

    .

    C:\PROGRA~2\AVG\AVG2012\avgrsa.exe

    C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe

    C:\Windows\system32\wininit.exe

    C:\Windows\system32\lsm.exe

    C:\Windows\system32\svchost.exe -k DcomLaunch

    C:\Windows\system32\svchost.exe -k RPCSS

    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

    C:\Windows\system32\svchost.exe -k netsvcs

    C:\Windows\system32\svchost.exe -k LocalService

    C:\Windows\system32\svchost.exe -k NetworkService

    C:\Windows\System32\spoolsv.exe

    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

    C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe

    C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe

    C:\Program Files\Bonjour\mDNSResponder.exe

    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

    C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe

    C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

    C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe

    C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe

    C:\Windows\system32\taskhost.exe

    C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe

    C:\Windows\system32\Dwm.exe

    C:\Program Files (x86)\PDF Complete\pdfsvc.exe

    C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe

    C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe

    C:\Windows\Explorer.EXE

    C:\Program Files (x86)\AVG\AVG2012\avgemca.exe

    C:\Windows\System32\igfxpers.exe

    C:\Windows\System32\igfxtray.exe

    C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe

    C:\Program Files\Windows Sidebar\sidebar.exe

    C:\Program Files (x86)\iTunes\iTunesHelper.exe

    C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe

    C:\Program Files (x86)\AVG\AVG2012\avgtray.exe

    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

    C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe

    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

    C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

    C:\Windows\system32\svchost.exe -k imgsvc

    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

    C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe

    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

    C:\Program Files\iPod\bin\iPodService.exe

    C:\Windows\system32\SearchIndexer.exe

    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

    C:\Windows\system32\WUDFHost.exe

    C:\Program Files\Windows Media Player\wmpnetwk.exe

    C:\Windows\System32\svchost.exe -k LocalServicePeerNet

    C:\Windows\system32\DllHost.exe

    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

    C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

    C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

    C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe

    C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe

    C:\Program Files (x86)\BitTorrent\BitTorrent.exe

    C:\Windows\system32\taskhost.exe

    C:\Program Files (x86)\Mozilla Firefox\firefox.exe

    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe

    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe

    C:\Program Files (x86)\AVG\AVG2012\avgscana.exe

    C:\Windows\system32\conhost.exe

    "C:\Windows\SysWOW64\svchost.exe" -k LocalServiceDns

    C:\Program Files (x86)\AVG\AVG2012\avgui.exe

    C:\Windows\system32\SearchProtocolHost.exe

    C:\Windows\system32\SearchFilterHost.exe

    C:\Windows\System32\svchost.exe -k WerSvcGroup

    C:\Windows\system32\wbem\wmiprvse.exe

    C:\Windows\system32\DllHost.exe

    C:\Windows\system32\DllHost.exe

    C:\Windows\system32\DllHost.exe

    C:\Windows\SysWOW64\cmd.exe

    C:\Windows\system32\conhost.exe

    C:\Windows\SysWOW64\cscript.exe

    .

    ============== Pseudo HJT Report ===============

    .

    uInternet Settings,ProxyOverride = *.local

    mWinlogon: Userinit=userinit.exe

    BHO: VideoFileDownload: {0931bd3f-547e-45c1-b133-d0e995645dba} - C:\Program Files (x86)\OApps\bho_project.dll

    BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll

    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll

    BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll

    BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\IPS\IPSBHO.DLL

    BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll

    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll

    BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll

    TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll

    TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll"

    uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

    uRun: [Google Update] "C:\Users\Justin\AppData\Local\Google\Update\GoogleUpdate.exe" /c

    uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun

    mRun: [<NO NAME>]

    mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

    mRun: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe

    mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe

    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

    mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

    mRun: [H2O] C:\Program Files (x86)\SyncroSoft\Pos\H2O\cledx.exe

    mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"

    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

    mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin

    mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~1.LNK - C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE

    mPolicies-explorer: NoActiveDesktop = 1 (0x1)

    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

    IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll

    LSP: mswsock.dll

    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

    DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

    TCP: DhcpNameServer = 172.16.1.254

    TCP: Interfaces\{C8973061-9740-48AC-AF78-10BF5F39CA46} : DhcpNameServer = 172.16.1.254

    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll

    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

    BHO-X64: VideoFileDownload: {0931BD3F-547E-45C1-B133-D0E995645DBA} - C:\Program Files (x86)\OApps\bho_project.dll

    BHO-X64: BHO_PROJECT - No File

    BHO-X64: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll

    BHO-X64: AVG Do Not Track - No File

    BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll

    BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File

    BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll

    BHO-X64: Symantec NCO BHO - No File

    BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\IPS\IPSBHO.DLL

    BHO-X64: Symantec Intrusion Prevention - No File

    BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll

    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll

    BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll

    TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll

    TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll"

    mRun-x64: [(Default)]

    mRun-x64: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

    mRun-x64: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe

    mRun-x64: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe

    mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

    mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

    mRun-x64: [H2O] C:\Program Files (x86)\SyncroSoft\Pos\H2O\cledx.exe

    mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"

    mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

    mRun-x64: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin

    mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

    .

    ================= FIREFOX ===================

    .

    FF - ProfilePath - C:\Users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\3uw66icu.default\

    FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll

    FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll

    FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

    FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll

    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

    FF - plugin: C:\Program Files\Dassault Systemes\3D XML Player\win_b64\code\bin32\NP3DXMLPlugin.dll

    FF - plugin: C:\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\nphdplg.dll

    FF - plugin: C:\Users\Justin\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll

    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll

    FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll

    FF - plugin: C:\Windows\SysWOW64\npmproxy.dll

    .

    ---- FIREFOX POLICIES ----

    user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);

    ============= SERVICES / DRIVERS ===============

    .

    R0 AVGIDSHA;AVGIDSHA;C:\Windows\system32\DRIVERS\avgidsha.sys --> C:\Windows\system32\DRIVERS\avgidsha.sys [?]

    R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]

    R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\NISx64\1207020.003\SYMDS64.SYS --> C:\Windows\system32\drivers\NISx64\1207020.003\SYMDS64.SYS [?]

    R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NISx64\1207020.003\SYMEFA64.SYS --> C:\Windows\system32\drivers\NISx64\1207020.003\SYMEFA64.SYS [?]

    R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]

    R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]

    R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]

    R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20100810.004\BHDrvx64.sys [2011-6-17 945200]

    R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20100706.002\IDSVia64.sys [2011-6-17 463408]

    R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS --> C:\Windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS [?]

    R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\NISx64\1207020.003\SYMNETS.SYS --> C:\Windows\system32\Drivers\NISx64\1207020.003\SYMNETS.SYS [?]

    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

    R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-4-30 5106744]

    R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288]

    R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]

    R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\avgidsdrivera.sys --> C:\Windows\system32\DRIVERS\avgidsdrivera.sys [?]

    R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\avgidsfiltera.sys --> C:\Windows\system32\DRIVERS\avgidsfiltera.sys [?]

    R3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE [2012-2-10 240408]

    R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]

    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-6-17 132656]

    R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\drivers\HECIx64.sys --> C:\Windows\system32\drivers\HECIx64.sys [?]

    R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?]

    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

    R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]

    R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]

    R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]

    R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]

    S2 Adobe Licensing Console;Adobe Licensing Console;C:\Windows\System32\msvfd32.exe [2012-6-12 818087]

    S2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE [2012-2-10 193816]

    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-5-19 250056]

    S3 Impcd;Impcd;C:\Windows\system32\drivers\Impcd.sys --> C:\Windows\system32\drivers\Impcd.sys [?]

    S3 lvpepf64;Volume Adapter;C:\Windows\system32\DRIVERS\lv302a64.sys --> C:\Windows\system32\DRIVERS\lv302a64.sys [?]

    S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]

    S3 LVUSBS64;Logitech USB Monitor Filter;C:\Windows\system32\drivers\LVUSBS64.sys --> C:\Windows\system32\drivers\LVUSBS64.sys [?]

    S3 SIVDRIVER;SIV Kernel Driver;\??\C:\Windows\system32\Drivers\SIVX64.sys --> C:\Windows\system32\Drivers\SIVX64.sys [?]

    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]

    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

    S3 YMIDUSBW;Yamaha USB-MIDI Driver (WDM);C:\Windows\system32\drivers\ymidusbx64.sys --> C:\Windows\system32\drivers\ymidusbx64.sys [?]

    S4 RsFx0103;RsFx0103 Driver;C:\Windows\system32\DRIVERS\RsFx0103.sys --> C:\Windows\system32\DRIVERS\RsFx0103.sys [?]

    .

    =============== File Associations ===============

    .

    regfile="regedit.exe" "%1"

    .

    =============== Created Last 30 ================

    .

    2012-07-26 17:49:07 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%

    2012-07-26 17:38:59 -------- d-----w- C:\Program Files (x86)\OApps

    2012-07-26 17:38:58 -------- d-----w- C:\Program Files (x86)\TorrentSearch

    2012-07-26 17:38:42 -------- d-----w- C:\Program Files (x86)\smartdl

    2012-07-26 04:24:58 -------- d-----w- C:\ProgramData\Activision

    2012-07-26 04:07:12 -------- d-----w- C:\Windows\SysWow64\xlive

    2012-07-24 19:00:31 -------- d-----w- C:\Program Files (x86)\Oracle

    2012-07-24 19:00:07 772544 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll

    2012-07-24 18:25:34 184872 ----a-w- C:\torrent.exe

    2012-07-18 04:20:38 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared

    2012-07-15 06:09:19 3148800 ----a-w- C:\Windows\System32\win32k.sys

    2012-07-15 02:22:09 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll

    2012-07-05 22:36:49 108032 ----a-w- C:\Windows\SysWow64\ff_vfw.dll

    2012-07-05 22:36:48 -------- d-----w- C:\Program Files (x86)\ffdshow

    2012-07-05 22:36:42 -------- d-----w- C:\Program Files (x86)\Haali

    2012-07-05 22:36:34 290816 ----a-w- C:\Windows\SysWow64\stFLVSource.ax

    2012-07-05 22:36:34 -------- d-----w- C:\Program Files (x86)\Common Files\SourceTec

    2012-07-05 22:36:33 70656 ----a-w- C:\Windows\SysWow64\RLAPEDec.ax

    2012-07-05 22:36:33 438272 ----a-w- C:\Windows\SysWow64\Mpeg2DecFilter.ax

    2012-07-05 22:36:33 217088 ----a-w- C:\Windows\SysWow64\CoreFLACDecoder.ax

    2012-07-05 22:36:33 1184984 ----a-w- C:\Windows\SysWow64\wvc1dmod.dll

    2012-07-05 22:36:33 -------- d-----w- C:\Program Files (x86)\Sothink Video Converter

    2012-07-05 22:18:30 -------- d-----w- C:\Program Files (x86)\MP3 Encoder

    2012-07-05 16:24:31 -------- d-----w- C:\Users\Justin\AppData\Roaming\Red Kawa

    2012-07-05 16:21:57 -------- d-----w- C:\Users\Justin\AppData\Roaming\AVS4YOU

    2012-07-05 16:21:13 11137024 ----a-w- C:\Windows\SysWow64\libmfxsw32.dll

    2012-07-05 16:21:07 -------- d-----w- C:\ProgramData\AVS4YOU

    2012-07-05 16:21:07 -------- d-----w- C:\Program Files (x86)\Common Files\AVSMedia

    2012-07-05 16:21:07 -------- d-----w- C:\Program Files (x86)\AVS4YOU

    2012-07-05 16:09:12 -------- d-----w- C:\Users\Justin\AppData\Local\Geckofx

    2012-07-05 16:08:59 -------- d-----w- C:\Program Files (x86)\Regensoft

    2012-07-05 16:08:57 -------- d-----w- C:\Program Files (x86)\AviSynth 2.5

    2012-07-05 16:08:54 -------- d-----w- C:\Program Files (x86)\Red Kawa

    2012-07-03 16:35:10 -------- d-----w- C:\Users\Justin\AppData\Roaming\iSkysoft Video Converter

    2012-07-03 16:35:03 157696 ----a-w- C:\Windows\SysWow64\IS_VideoConverterContextMenu.dll

    2012-07-03 16:35:01 892928 ----a-w- C:\Windows\SysWow64\iconv.dll

    2012-07-03 16:35:01 675840 ----a-w- C:\Windows\SysWow64\ac3filter.ax

    2012-07-03 16:35:01 496640 ----a-w- C:\Windows\SysWow64\xvid.ax

    2012-07-03 16:35:00 -------- d-----w- C:\Program Files (x86)\iSkysoft

    .

    ==================== Find3M ====================

    .

    2012-07-15 03:28:58 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

    2012-07-15 03:28:58 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

    2012-07-06 04:06:20 687544 ----a-w- C:\Windows\SysWow64\deployJava1.dll

    2012-06-12 23:07:45 818087 ----a-w- C:\Windows\SysWow64\msvfd32.exe

    2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll

    2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll

    2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll

    2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll

    2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll

    2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll

    2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll

    2012-06-02 21:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll

    2012-06-02 21:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe

    2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll

    2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll

    2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

    2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

    2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

    2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll

    2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

    2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

    2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

    2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

    2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys

    2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys

    2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys

    2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll

    2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll

    2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll

    2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll

    2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll

    2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll

    2012-05-17 16:28:59 1700352 ----a-w- C:\Windows\SysWow64\gdiplus.dll

    2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe

    2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

    2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

    2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll

    2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys

    .

    ============= FINISH: 12:06:07.25 ===============

    And a Malware Bites Quick Scan:

    Malwarebytes Anti-Malware (Trial) 1.62.0.1300

    www.malwarebytes.org

    Database version: v2012.07.27.01

    Windows 7 Service Pack 1 x64 NTFS

    Internet Explorer 9.0.8112.16421

    Justin :: JUSTIN-HP [administrator]

    Protection: Enabled

    26/07/2012 9:42:48 PM

    mbam-log-2012-07-26 (21-48-41).txt

    Scan type: Quick scan

    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

    Scan options disabled: P2P

    Objects scanned: 219939

    Time elapsed: 4 minute(s), 15 second(s)

    Any help getting rid of this is greatly appreciated!

    Is it safe to turn off and restart my pc? I also have a backup HP drive that I can use if that is suggested.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.