Jump to content

MrBiz

Honorary Members
  • Posts

    200
  • Joined

  • Last visited

Everything posted by MrBiz

  1. DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.11.2 Run by PatricK at 19:37:37 on 2013-01-17 Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3005.1959 [GMT -5:00] . AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes ================ . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Program Files\Alwil Software\Avast5\AvastSvc.exe C:\Windows\System32\spoolsv.exe C:\Program Files\SUPERAntiSpyware\SASCORE.EXE C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Windows\system32\Dwm.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\system32\taskhost.exe C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files\XFastUSB\XFastUsb.exe C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Alwil Software\Avast5\AvastUI.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\taskhost.exe C:\Windows\Explorer.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\vssvc.exe C:\Windows\system32\wuauclt.exe C:\Windows\system32\conhost.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\system32\svchost.exe -k SDRSVC C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\System32\svchost.exe -k swprv . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com.jm/ mStart Page = hxxp://www.bigseekpro.com/pivotstickfigure/{4347DCB7-9513-4CF3-98B3-8FEC4486AE4D} uProxyOverride = 127.0.0.1:9421;*.local uURLSearchHooks: YTNavAssistPlugin Class: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL BHO: UrlHelper Class: {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - c:\program files\bearshare applications\mediabar\datamngr\IEBHO.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - c:\program files\windows live\companion\companioncore.dll BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll TB: DAEMON Tools Toolbar: {32099AAC-C132-4136-9E9A-4E364A424E17} - c:\program files\daemon tools toolbar\DTToolbar.dll TB: DAEMON Tools Toolbar: {32099AAC-C132-4136-9E9A-4E364A424E17} - c:\program files\daemon tools toolbar\DTToolbar.dll TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll uRun: [steam] "c:\program files\steam\steam.exe" -silent uRun: [ares] "c:\program files\ares\Ares.exe" -h uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messen~1\YahooMessenger.exe" -quiet uRun: [cdloader] "c:\users\patrick\appdata\roaming\mjusbsp\cdloader2.exe" MAGICJACK uRun: [sony Ericsson PC Companion] "c:\program files\sony ericsson\sony ericsson pc companion\PCCompanion.exe" /Background uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe mRun: [bCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe" mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [VX3000] c:\windows\vVX3000.exe mRun: [XFastUSB] "c:\program files\xfastusb\XFastUsb.exe" mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [avast] "c:\program files\alwil software\avast5\avastUI.exe" /nogui mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" uPolicies-Explorer: NoDrives = dword:0 mPolicies-Explorer: NoDrives = dword:0 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000 IE: Free YouTube Download - c:\users\patrick\appdata\roaming\dvdvideosoftiehelpers\freeytvdownloader.htm IE: Free YouTube to MP3 Converter - c:\users\patrick\appdata\roaming\dvdvideosoftiehelpers\freeyoutubetomp3converter.htm IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105 IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} - hxxp://d1ylr6sba64qi3.cloudfront.net/global/bin/srldetect_cyri_4.1.71.0.cab DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab DPF: {CAFEEFAC-0017-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: NameServer = 65.183.0.76 65.183.0.86 TCP: Interfaces\{0435F5E3-43DB-4C52-8185-6D99D3535292} : DHCPNameServer = 65.183.0.76 65.183.0.86 TCP: Interfaces\{A26A9372-B038-402C-8714-4D2F321830A7} : DHCPNameServer = 65.183.0.76 65.183.0.86 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll Notify: igfxcui - igfxdev.dll SSODL: WebCheck - <orphaned> SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL . ============= SERVICES / DRIVERS =============== . R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-9-14 738504] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-8-2 361032] R1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNETURPX.SYS [2012-3-13 14656] R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880] R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664] R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2012-7-11 116608] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-8-2 21256] R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-8-2 58680] R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2012-12-4 44808] R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [2011-8-26 21992] R2 TeamViewer8;TeamViewer 8;c:\program files\teamviewer\version8\TeamViewer_Service.exe [2012-12-13 3467768] R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [2010-10-14 27632] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 KMService;KMService;c:\windows\system32\srvany.exe [2010-8-2 8192] S2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-1-4 398184] S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-1-4 682344] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888] S3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y6032.sys [2009-7-13 214016] S3 FNETTBOH_305;FNETTBOH_305;c:\windows\system32\drivers\FNETTBOH_305.SYS [2012-3-14 29760] S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2011-12-18 39272] S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2011-5-13 1492840] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-1-4 21104] S3 SndTAudio;SndTAudio;c:\windows\system32\drivers\SndTAudio.sys [2011-12-12 23096] S3 SndTVideo;SndTVideo;c:\windows\system32\drivers\SndTVideo.sys [2011-12-12 3768] S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\sony ericsson\sony ericsson pc companion\PCCService.exe [2011-5-8 155344] S3 SRS_AE_Service;SRS Audio Essentials;c:\windows\system32\drivers\SRS_AE_i386.sys [2012-3-13 404256] S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-3-11 1343400] S3 wmamp3DriverV32;wmamp3DriverV32;c:\windows\system32\drivers\wmamp3DriverV32.sys [2011-12-12 23608] S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [2011-12-12 25704] S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [2011-12-12 25704] S3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [2011-12-12 25704] S3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [2011-12-12 25704] S3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [2011-12-12 25704] S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040] . =============== Created Last 30 ================ . 2013-01-18 00:37:07 -------- d-s---w- C:\Uninstall.exe 2013-01-18 00:15:08 98816 ----a-w- c:\windows\sed.exe 2013-01-18 00:15:08 256000 ----a-w- c:\windows\PEV.exe 2013-01-18 00:15:08 208896 ----a-w- c:\windows\MBR.exe 2013-01-17 22:33:57 -------- d-----w- C:\TDSSKiller_Quarantine 2013-01-17 22:10:48 60872 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{72a318ee-dc7f-4d16-b0c5-6ba6dc07e4f6}\offreg.dll 2013-01-16 02:18:21 -------- d-----w- C:\FRST 2013-01-15 07:37:33 6812136 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{72a318ee-dc7f-4d16-b0c5-6ba6dc07e4f6}\mpengine.dll 2013-01-14 19:59:28 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2013-01-09 20:15:14 627712 ----a-w- c:\windows\system32\usp10.dll 2013-01-09 20:14:37 492032 ----a-w- c:\windows\system32\win32spl.dll 2013-01-09 20:14:32 2344960 ----a-w- c:\windows\system32\win32k.sys 2013-01-09 20:14:24 1388544 ----a-w- c:\windows\system32\msxml6.dll 2013-01-09 20:14:06 293376 ----a-w- c:\windows\system32\KernelBase.dll 2013-01-09 20:14:01 271360 ----a-w- c:\windows\system32\conhost.exe 2013-01-09 20:14:01 169984 ----a-w- c:\windows\system32\winsrv.dll 2013-01-09 20:14:00 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll 2013-01-09 20:12:53 45568 ----a-w- c:\windows\system32\oflc-nz.rs 2013-01-04 11:48:46 -------- d-----w- c:\users\patrick\appdata\roaming\SUPERAntiSpyware.com 2013-01-04 11:48:28 -------- d-----w- c:\programdata\SUPERAntiSpyware.com 2013-01-04 11:48:28 -------- d-----w- c:\program files\SUPERAntiSpyware 2013-01-04 10:50:53 21104 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-01-04 10:50:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2013-01-04 10:50:30 -------- d-----w- c:\users\patrick\appdata\local\Programs 2013-01-04 09:13:43 -------- d-----w- c:\users\patrick\appdata\roaming\LockHunter 2013-01-04 09:13:05 -------- d-----w- c:\program files\LockHunter 2012-12-21 08:01:37 295424 ----a-w- c:\windows\system32\atmfd.dll 2012-12-21 08:01:34 34304 ----a-w- c:\windows\system32\atmlib.dll 2012-12-19 19:13:02 -------- d-----w- c:\users\patrick\appdata\local\temp . ==================== Find3M ==================== . 2012-12-08 20:57:07 29760 ----a-w- c:\windows\system32\drivers\FNETTBOH_305.SYS 2012-12-07 05:04:20 308736 ----a-w- c:\windows\system32\Wpc.dll 2012-12-07 04:57:38 2576384 ----a-w- c:\windows\system32\gameux.dll 2012-12-06 16:50:48 821736 ----a-w- c:\windows\system32\npDeployJava1.dll 2012-12-06 16:50:48 746984 ----a-w- c:\windows\system32\deployJava1.dll 2012-11-30 02:51:41 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll 2012-11-30 02:51:41 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2012-11-30 02:51:41 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2012-11-30 02:51:41 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll 2012-11-29 07:02:36 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-11-29 07:02:36 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-11-20 05:10:07 219136 ----a-w- c:\windows\system32\ncrypt.dll 2012-11-14 02:09:22 1800704 ----a-w- c:\windows\system32\jscript9.dll 2012-11-14 01:58:15 1427968 ----a-w- c:\windows\system32\inetcpl.cpl 2012-11-14 01:57:37 1129472 ----a-w- c:\windows\system32\wininet.dll 2012-11-14 01:49:25 142848 ----a-w- c:\windows\system32\ieUnatt.exe 2012-11-14 01:48:27 420864 ----a-w- c:\windows\system32\vbscript.dll 2012-11-14 01:44:42 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-11-09 04:49:37 2048 ----a-w- c:\windows\system32\tzres.dll 2012-11-02 04:48:28 376832 ----a-w- c:\windows\system32\dpnet.dll 2012-10-30 22:51:58 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2012-10-30 22:51:57 58680 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2012-10-30 22:51:07 41224 ----a-w- c:\windows\avastSS.scr . ============= FINISH: 19:38:21.69 ===============
  2. ComboFix 13-01-17.03 - PatricK 01/17/2013 19:17:19.3.2 - x86 Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3005.2155 [GMT -5:00] Running from: c:\users\PatricK\Desktop\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((( Files Created from 2012-12-18 to 2013-01-18 ))))))))))))))))))))))))))))))) . . 2013-01-18 00:27 . 2013-01-18 00:27 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp 2013-01-18 00:27 . 2013-01-18 00:27 -------- d-----w- c:\users\HomeGroupUser$\AppData\Local\temp 2013-01-18 00:27 . 2013-01-18 00:27 -------- d-----w- c:\users\Guest\AppData\Local\temp 2013-01-18 00:27 . 2013-01-18 00:27 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-01-18 00:27 . 2013-01-18 00:27 -------- d-----w- c:\users\Administrator\AppData\Local\temp 2013-01-17 22:33 . 2013-01-17 22:33 -------- d-----w- C:\TDSSKiller_Quarantine 2013-01-17 22:10 . 2013-01-18 00:11 60872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{72A318EE-DC7F-4D16-B0C5-6BA6DC07E4F6}\offreg.dll 2013-01-16 02:18 . 2013-01-16 02:18 -------- d-----w- C:\FRST 2013-01-15 07:37 . 2012-11-08 18:00 6812136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{72A318EE-DC7F-4D16-B0C5-6BA6DC07E4F6}\mpengine.dll 2013-01-14 19:59 . 2013-01-12 08:30 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2013-01-09 20:15 . 2012-11-22 09:33 627712 ----a-w- c:\windows\system32\usp10.dll 2013-01-09 20:14 . 2012-11-09 04:49 492032 ----a-w- c:\windows\system32\win32spl.dll 2013-01-09 20:14 . 2012-11-23 03:06 2344960 ----a-w- c:\windows\system32\win32k.sys 2013-01-09 20:14 . 2012-11-02 04:50 1388544 ----a-w- c:\windows\system32\msxml6.dll 2013-01-09 20:14 . 2012-11-30 05:00 293376 ----a-w- c:\windows\system32\KernelBase.dll 2013-01-09 20:14 . 2012-11-30 05:06 169984 ----a-w- c:\windows\system32\winsrv.dll 2013-01-09 20:14 . 2012-11-30 03:07 271360 ----a-w- c:\windows\system32\conhost.exe 2013-01-09 20:14 . 2012-11-30 04:56 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll 2013-01-09 20:12 . 2012-12-07 03:21 45568 ----a-w- c:\windows\system32\oflc-nz.rs 2013-01-04 11:48 . 2013-01-04 11:48 -------- d-----w- c:\users\PatricK\AppData\Roaming\SUPERAntiSpyware.com 2013-01-04 11:48 . 2013-01-04 11:48 -------- d-----w- c:\program files\SUPERAntiSpyware 2013-01-04 11:48 . 2013-01-04 11:48 -------- d-----w- c:\programdata\SUPERAntiSpyware.com 2013-01-04 10:50 . 2013-01-04 10:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2013-01-04 10:50 . 2012-12-14 21:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-01-04 10:50 . 2013-01-04 10:50 -------- d-----w- c:\users\PatricK\AppData\Local\Programs 2013-01-04 09:13 . 2013-01-04 09:13 -------- d-----w- c:\users\PatricK\AppData\Roaming\LockHunter 2013-01-04 09:13 . 2013-01-04 09:17 -------- d-----w- c:\program files\LockHunter 2012-12-21 08:01 . 2012-12-16 14:25 295424 ----a-w- c:\windows\system32\atmfd.dll 2012-12-21 08:01 . 2012-12-16 14:25 34304 ----a-w- c:\windows\system32\atmlib.dll 2012-12-19 19:13 . 2013-01-18 00:27 -------- d-----w- c:\users\PatricK\AppData\Local\temp . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-12-08 20:57 . 2012-03-15 01:34 29760 ----a-w- c:\windows\system32\drivers\FNETTBOH_305.SYS 2012-12-06 16:50 . 2012-06-14 09:48 821736 ----a-w- c:\windows\system32\npDeployJava1.dll 2012-12-06 16:50 . 2010-09-02 00:48 746984 ----a-w- c:\windows\system32\deployJava1.dll 2012-11-29 07:02 . 2012-04-08 22:04 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-11-29 07:02 . 2011-08-02 03:26 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-11-14 02:09 . 2012-12-13 08:04 1800704 ----a-w- c:\windows\system32\jscript9.dll 2012-11-14 01:58 . 2012-12-13 08:04 1427968 ----a-w- c:\windows\system32\inetcpl.cpl 2012-11-14 01:57 . 2012-12-13 08:04 1129472 ----a-w- c:\windows\system32\wininet.dll 2012-11-14 01:49 . 2012-12-13 08:04 142848 ----a-w- c:\windows\system32\ieUnatt.exe 2012-11-14 01:48 . 2012-12-13 08:04 420864 ----a-w- c:\windows\system32\vbscript.dll 2012-11-14 01:44 . 2012-12-13 08:04 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-11-09 04:49 . 2012-12-13 03:59 2048 ----a-w- c:\windows\system32\tzres.dll 2012-11-02 04:48 . 2012-12-13 03:59 376832 ----a-w- c:\windows\system32\dpnet.dll 2012-10-30 22:51 . 2011-09-14 10:11 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2012-10-30 22:51 . 2010-08-03 01:28 361032 ----a-w- c:\windows\system32\drivers\aswSP.sys 2012-10-30 22:51 . 2010-08-03 01:28 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2012-10-30 22:51 . 2010-08-03 01:27 58680 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2012-10-30 22:51 . 2010-08-03 01:28 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2012-10-30 22:51 . 2010-08-03 01:26 41224 ----a-w- c:\windows\avastSS.scr 2012-10-30 22:50 . 2010-08-03 01:26 227648 ----a-w- c:\windows\system32\aswBoot.exe . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files\Yahoo!\Companion\Installs\cpn2\yt.dll" [2012-03-21 1523512] . [HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}] [HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1] [HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}] [HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin] . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}] 2010-10-19 12:53 585136 ----a-w- c:\progra~1\BEARSH~1\MediaBar\Datamngr\IEBHO.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2012-10-30 22:50 121528 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Steam"="c:\program files\steam\steam.exe" [2012-12-05 1354736] "ares"="c:\program files\Ares\Ares.exe" [2012-02-02 3209216] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696] "Messenger (Yahoo!)"="c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe" [2012-05-25 6595928] "cdloader"="c:\users\PatricK\AppData\Roaming\mjusbsp\cdloader2.exe" [2012-02-01 50592] "Sony Ericsson PC Companion"="c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" [2011-10-21 433872] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-11-01 4763008] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888] "VX3000"="c:\windows\vVX3000.exe" [2010-05-20 762736] "XFastUSB"="c:\program files\XFastUSB\XFastUsb.exe" [2012-03-13 5019360] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-08-19 7711264] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-12 137752] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-12 171032] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-12 172568] "avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2012-10-30 4297136] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-08 421776] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares] 2012-02-02 15:55 3209216 ----a-w- c:\program files\Ares\Ares.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2012-06-08 00:33 421776 ----a-w- c:\program files\iTunes\iTunesHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)] 2012-05-25 09:25 6595928 ----a-w- c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE] 2010-04-12 08:40 180224 ----a-w- c:\program files\PowerISO\PWRISOVM.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2011-10-24 19:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . R2 KMService;KMService;c:\windows\system32\srvany.exe [x] R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x] R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y6032.sys [x] R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x] R3 FNETTBOH_305;FNETTBOH_305;c:\windows\system32\drivers\FNETTBOH_305.SYS [x] R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x86.sys [x] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x] R3 SndTAudio;SndTAudio;c:\windows\system32\drivers\SndTAudio.sys [x] R3 SndTVideo;SndTVideo;c:\windows\system32\DRIVERS\SndTVideo.sys [x] R3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [x] R3 SRS_AE_Service;SRS Audio Essentials;c:\windows\system32\drivers\SRS_AE_i386.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R3 wmamp3DriverV32;wmamp3DriverV32;c:\windows\system32\drivers\wmamp3DriverV32.sys [x] R3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [x] R3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [x] R3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [x] R3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [x] R3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [x] R3 XDva359;XDva359;c:\windows\system32\XDva359.sys [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNETURPX.SYS [x] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [x] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [x] S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x] S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [x] S2 TeamViewer8;TeamViewer 8;c:\program files\TeamViewer\Version8\TeamViewer_Service.exe [x] S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [x] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - 04548676 *NewlyCreated* - 11894996 *NewlyCreated* - 83753466 *Deregistered* - 04548676 *Deregistered* - 11894996 *Deregistered* - 83753466 . Contents of the 'Scheduled Tasks' folder . 2013-01-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-07-29 05:45] . 2013-01-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-07-29 05:45] . 2013-01-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1260953176-3201969857-2580422920-1001Core.job - c:\users\PatricK\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-27 13:25] . 2013-01-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1260953176-3201969857-2580422920-1001UA.job - c:\users\PatricK\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-27 13:25] . 2013-01-04 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 7b2b8afb-34c0-441d-b86a-3a094700fa20.job - c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52] . 2013-01-04 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task da11de66-f5ca-41ef-9136-00d77d575775.job - c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com.jm/ mStart Page = hxxp://www.bigseekpro.com/pivotstickfigure/{4347DCB7-9513-4CF3-98B3-8FEC4486AE4D} uInternet Settings,ProxyOverride = 127.0.0.1:9421;*.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000 IE: Free YouTube Download - c:\users\PatricK\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm IE: Free YouTube to MP3 Converter - c:\users\PatricK\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105 TCP: DhcpNameServer = 65.183.0.76 65.183.0.86 . - - - - ORPHANS REMOVED - - - - . BHO-{0974BA1E-64EC-11DE-B2A5-E43756D89593} - c:\progra~1\BEARSH~1\MediaBar\ToolBar\BearshareMediabarDx.dll Toolbar-{0974BA1E-64EC-11DE-B2A5-E43756D89593} - c:\progra~1\BEARSH~1\MediaBar\ToolBar\BearshareMediabarDx.dll SafeBoot-04548676.sys . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security] @Denied: (Full) (Everyone) . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'Explorer.exe'(7312) c:\program files\K-Lite Codec Pack\Filters\LAV\avcodec-lav-53.dll c:\windows\system32\WINHTTP.dll c:\windows\system32\webio.dll c:\windows\System32\ieframe.dll . Completion time: 2013-01-17 19:29:33 ComboFix-quarantined-files.txt 2013-01-18 00:29 ComboFix2.txt 2013-01-04 10:43 . Pre-Run: 4,749,938,688 bytes free Post-Run: 5,061,500,928 bytes free . - - End Of File - - 14F48C8B89C149D56502B8BC7DC89C4E
  3. DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.11.2 Run by PatricK at 19:57:32 on 2013-01-15 Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3005.866 [GMT -5:00] . AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes ================ . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Program Files\Alwil Software\Avast5\AvastSvc.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\System32\spoolsv.exe C:\Program Files\SUPERAntiSpyware\SASCORE.EXE C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Windows\system32\taskhost.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\vVX3000.exe C:\Program Files\XFastUSB\XFastUsb.exe C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Alwil Software\Avast5\AvastUI.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\wuauclt.exe C:\Windows\system32\taskhost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE C:\Users\PatricK\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\PatricK\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\PatricK\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\PatricK\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\PatricK\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\PatricK\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\PatricK\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\PatricK\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\PatricK\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\PatricK\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\PatricK\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\PatricK\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\PatricK\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\PatricK\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\PatricK\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\PatricK\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\PatricK\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\PatricK\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\PatricK\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\PatricK\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\PatricK\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\PatricK\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\PatricK\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\PatricK\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\PatricK\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\system32\svchost.exe -k SDRSVC . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com.jm/ mStart Page = hxxp://www.bigseekpro.com/pivotstickfigure/{4347DCB7-9513-4CF3-98B3-8FEC4486AE4D} uProxyOverride = 127.0.0.1:9421;*.local uURLSearchHooks: YTNavAssistPlugin Class: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll BHO: MediaBar: {0974BA1E-64EC-11DE-B2A5-E43756D89593} - BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL BHO: UrlHelper Class: {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - c:\program files\bearshare applications\mediabar\datamngr\IEBHO.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - c:\program files\windows live\companion\companioncore.dll BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll TB: DAEMON Tools Toolbar: {32099AAC-C132-4136-9E9A-4E364A424E17} - c:\program files\daemon tools toolbar\DTToolbar.dll TB: MediaBar: {0974BA1E-64EC-11DE-B2A5-E43756D89593} - TB: DAEMON Tools Toolbar: {32099AAC-C132-4136-9E9A-4E364A424E17} - c:\program files\daemon tools toolbar\DTToolbar.dll TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll uRun: [steam] "c:\program files\steam\steam.exe" -silent uRun: [ares] "c:\program files\ares\Ares.exe" -h uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messen~1\YahooMessenger.exe" -quiet uRun: [cdloader] "c:\users\patrick\appdata\roaming\mjusbsp\cdloader2.exe" MAGICJACK uRun: [sony Ericsson PC Companion] "c:\program files\sony ericsson\sony ericsson pc companion\PCCompanion.exe" /Background uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe mRun: [bCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe" mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [VX3000] c:\windows\vVX3000.exe mRun: [XFastUSB] "c:\program files\xfastusb\XFastUsb.exe" mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [avast] "c:\program files\alwil software\avast5\avastUI.exe" /nogui mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" uPolicies-Explorer: NoDrives = dword:0 mPolicies-Explorer: NoDrives = dword:0 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000 IE: Free YouTube Download - c:\users\patrick\appdata\roaming\dvdvideosoftiehelpers\freeytvdownloader.htm IE: Free YouTube to MP3 Converter - c:\users\patrick\appdata\roaming\dvdvideosoftiehelpers\freeyoutubetomp3converter.htm IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105 IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} - hxxp://d1ylr6sba64qi3.cloudfront.net/global/bin/srldetect_cyri_4.1.71.0.cab DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab DPF: {CAFEEFAC-0017-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: NameServer = 65.183.0.76 65.183.0.86 TCP: Interfaces\{0435F5E3-43DB-4C52-8185-6D99D3535292} : DHCPNameServer = 65.183.0.76 65.183.0.86 TCP: Interfaces\{A26A9372-B038-402C-8714-4D2F321830A7} : DHCPNameServer = 65.183.0.76 65.183.0.86 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll Notify: igfxcui - igfxdev.dll SSODL: WebCheck - <orphaned> SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL . ============= SERVICES / DRIVERS =============== . R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-9-14 738504] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-8-2 361032] R1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNETURPX.SYS [2012-3-13 14656] R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880] R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664] R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2012-7-11 116608] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-8-2 21256] R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-8-2 58680] R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2012-12-4 44808] R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [2011-8-26 21992] R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [2010-10-14 27632] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 KMService;KMService;c:\windows\system32\srvany.exe [2010-8-2 8192] S2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-1-4 398184] S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-1-4 682344] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888] S3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y6032.sys [2009-7-13 214016] S3 FNETTBOH_305;FNETTBOH_305;c:\windows\system32\drivers\FNETTBOH_305.SYS [2012-3-14 29760] S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2011-12-18 39272] S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2011-5-13 1492840] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-1-4 21104] S3 SndTAudio;SndTAudio;c:\windows\system32\drivers\SndTAudio.sys [2011-12-12 23096] S3 SndTVideo;SndTVideo;c:\windows\system32\drivers\SndTVideo.sys [2011-12-12 3768] S3 SRS_AE_Service;SRS Audio Essentials;c:\windows\system32\drivers\SRS_AE_i386.sys [2012-3-13 404256] S3 wmamp3DriverV32;wmamp3DriverV32;c:\windows\system32\drivers\wmamp3DriverV32.sys [2011-12-12 23608] S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [2011-12-12 25704] S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [2011-12-12 25704] S3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [2011-12-12 25704] S3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [2011-12-12 25704] S3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [2011-12-12 25704] . =============== Created Last 30 ================ . 2013-01-15 07:41:12 60872 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{72a318ee-dc7f-4d16-b0c5-6ba6dc07e4f6}\offreg.dll 2013-01-15 07:37:33 6812136 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{72a318ee-dc7f-4d16-b0c5-6ba6dc07e4f6}\mpengine.dll 2013-01-14 19:59:28 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2013-01-09 20:15:14 627712 ----a-w- c:\windows\system32\usp10.dll 2013-01-09 20:14:37 492032 ----a-w- c:\windows\system32\win32spl.dll 2013-01-09 20:14:32 2344960 ----a-w- c:\windows\system32\win32k.sys 2013-01-09 20:14:24 1388544 ----a-w- c:\windows\system32\msxml6.dll 2013-01-09 20:14:06 293376 ----a-w- c:\windows\system32\KernelBase.dll 2013-01-09 20:14:01 271360 ----a-w- c:\windows\system32\conhost.exe 2013-01-09 20:14:01 169984 ----a-w- c:\windows\system32\winsrv.dll 2013-01-09 20:14:00 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll 2013-01-09 20:12:53 45568 ----a-w- c:\windows\system32\oflc-nz.rs 2013-01-04 11:48:46 -------- d-----w- c:\users\patrick\appdata\roaming\SUPERAntiSpyware.com 2013-01-04 11:48:28 -------- d-----w- c:\programdata\SUPERAntiSpyware.com 2013-01-04 11:48:28 -------- d-----w- c:\program files\SUPERAntiSpyware 2013-01-04 10:50:53 21104 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-01-04 10:50:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2013-01-04 10:50:30 -------- d-----w- c:\users\patrick\appdata\local\Programs 2013-01-04 10:42:33 -------- d-sh--w- C:\$RECYCLE.BIN 2013-01-04 09:13:43 -------- d-----w- c:\users\patrick\appdata\roaming\LockHunter 2013-01-04 09:13:05 -------- d-----w- c:\program files\LockHunter 2012-12-21 08:01:37 295424 ----a-w- c:\windows\system32\atmfd.dll 2012-12-21 08:01:34 34304 ----a-w- c:\windows\system32\atmlib.dll 2012-12-19 19:13:02 -------- d-----w- c:\users\patrick\appdata\local\temp 2012-12-19 18:55:49 98816 ----a-w- c:\windows\sed.exe 2012-12-19 18:55:49 256000 ----a-w- c:\windows\PEV.exe 2012-12-19 18:55:49 208896 ----a-w- c:\windows\MBR.exe 2012-12-17 20:20:08 -------- d-----w- c:\users\patrick\appdata\local\{9D37C5C5-8C29-46D7-8C84-AEBE0CF8EF2F} . ==================== Find3M ==================== . 2012-12-08 20:57:07 29760 ----a-w- c:\windows\system32\drivers\FNETTBOH_305.SYS 2012-12-07 05:04:20 308736 ----a-w- c:\windows\system32\Wpc.dll 2012-12-07 04:57:38 2576384 ----a-w- c:\windows\system32\gameux.dll 2012-12-06 16:50:48 821736 ----a-w- c:\windows\system32\npDeployJava1.dll 2012-12-06 16:50:48 746984 ----a-w- c:\windows\system32\deployJava1.dll 2012-11-30 02:51:41 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll 2012-11-30 02:51:41 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2012-11-30 02:51:41 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2012-11-30 02:51:41 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll 2012-11-29 07:02:36 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-11-29 07:02:36 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-11-20 05:10:07 219136 ----a-w- c:\windows\system32\ncrypt.dll 2012-11-14 02:09:22 1800704 ----a-w- c:\windows\system32\jscript9.dll 2012-11-14 01:58:15 1427968 ----a-w- c:\windows\system32\inetcpl.cpl 2012-11-14 01:57:37 1129472 ----a-w- c:\windows\system32\wininet.dll 2012-11-14 01:49:25 142848 ----a-w- c:\windows\system32\ieUnatt.exe 2012-11-14 01:48:27 420864 ----a-w- c:\windows\system32\vbscript.dll 2012-11-14 01:44:42 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-11-09 04:49:37 2048 ----a-w- c:\windows\system32\tzres.dll 2012-11-02 04:48:28 376832 ----a-w- c:\windows\system32\dpnet.dll 2012-10-30 22:51:58 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2012-10-30 22:51:57 58680 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2012-10-30 22:51:07 41224 ----a-w- c:\windows\avastSS.scr . ============= FINISH: 20:05:25.08 ===============
  4. Malwarebytes Anti-Malware (PRO) 1.70.0.1100 www.malwarebytes.org Database version: v2013.01.04.04 Windows 7 x86 NTFS (Safe Mode/Networking) Internet Explorer 9.0.8112.16421 PatricK :: PATRICK-PC [administrator] Protection: Disabled 1/4/2013 5:51:30 AM mbam-log-2013-01-04 (05-51-30).txt Scan type: Full scan (C:\|F:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 446332 Time elapsed: 50 minute(s), 37 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
  5. I couldnt check my email recently and realised that 1clickdownload installed an extension in my browser (even though i dealt with it months ago, i used combfix and here is the log: ComboFix 12-12-19.02 - PatricK 12/19/2012 13:58:55.1.2 - x86 Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3005.2206 [GMT -5:00] Running from: c:\users\PatricK\Desktop\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files\BrowserCompanion c:\program files\BrowserCompanion\jsloader.dll c:\program files\BrowserCompanion\logo.ico c:\program files\BrowserCompanion\terms.lnk.url c:\program files\DealPly c:\program files\DealPly\DealPlyTune.dll c:\users\PatricK\AppData\Roaming\dvdae c:\users\PatricK\AppData\Roaming\dvdae\dvdae.config c:\users\PatricK\AppData\Roaming\dvdae\dvdae.lic c:\users\PatricK\AppData\Roaming\Microsoft\~DFKacbe986.tmp c:\users\PatricK\AppData\Roaming\Microsoft\1eaadjc.dll c:\users\PatricK\AppData\Roaming\Microsoft\bass.dll c:\users\PatricK\AppData\Roaming\Microsoft\engine_vx.dll c:\users\PatricK\AppData\Roaming\Microsoft\kfgresk.dll c:\users\PatricK\AppData\Roaming\Microsoft\mjcriu.dll c:\users\PatricK\AppData\Roaming\Microsoft\peaadje.dll c:\users\PatricK\AppData\Roaming\Microsoft\qwadjb.dll c:\users\PatricK\AppData\Roaming\Microsoft\rsaadjd.dll c:\users\PatricK\Documents\~WRL0300.tmp c:\users\PatricK\Documents\~WRL3888.tmp . . ((((((((((((((((((((((((( Files Created from 2012-11-19 to 2012-12-19 ))))))))))))))))))))))))))))))) . . 2012-12-19 19:10 . 2012-12-19 19:10 -------- d-----w- c:\users\PatricK\AppData\Local\temp 2012-12-19 19:10 . 2012-12-19 19:10 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-12-19 06:31 . 2012-12-19 06:31 54016 ----a-w- c:\windows\system32\drivers\toio.sys 2012-12-18 10:13 . 2012-12-18 10:13 60872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DC3BE443-D406-4219-A791-4A11E417C13D}\offreg.dll 2012-12-18 10:10 . 2012-11-08 18:00 6812136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DC3BE443-D406-4219-A791-4A11E417C13D}\mpengine.dll 2012-12-13 04:00 . 2012-11-22 07:43 2344960 ----a-w- c:\windows\system32\win32k.sys 2012-12-06 16:51 . 2012-12-06 16:51 -------- d-----w- c:\program files\Common Files\Java 2012-12-06 16:50 . 2012-12-06 16:50 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-12-08 20:57 . 2012-03-15 01:34 29760 ----a-w- c:\windows\system32\drivers\FNETTBOH_305.SYS 2012-12-06 16:50 . 2012-06-14 09:48 821736 ----a-w- c:\windows\system32\npDeployJava1.dll 2012-12-06 16:50 . 2010-09-02 00:48 746984 ----a-w- c:\windows\system32\deployJava1.dll 2012-11-29 07:02 . 2012-04-08 22:04 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-11-29 07:02 . 2011-08-02 03:26 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-10-30 22:51 . 2011-09-14 10:11 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2012-10-30 22:51 . 2010-08-03 01:28 361032 ----a-w- c:\windows\system32\drivers\aswSP.sys 2012-10-30 22:51 . 2010-08-03 01:28 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2012-10-30 22:51 . 2010-08-03 01:27 58680 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2012-10-30 22:51 . 2010-08-03 01:28 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2012-10-30 22:51 . 2010-08-03 01:26 41224 ----a-w- c:\windows\avastSS.scr 2012-10-30 22:50 . 2010-08-03 01:26 227648 ----a-w- c:\windows\system32\aswBoot.exe 2012-10-16 20:34 . 2012-11-28 12:13 559104 ----a-w- c:\windows\apppatch\AcLayers.dll 2012-10-15 15:59 . 2012-02-24 19:00 44784 ----a-w- c:\windows\system32\drivers\aswRdr2.sys 2012-09-25 21:55 . 2012-11-14 12:40 78336 ----a-w- c:\windows\system32\synceng.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files\Yahoo!\Companion\Installs\cpn2\yt.dll" [2012-03-21 1523512] . [HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}] [HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1] [HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}] [HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin] . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0974BA1E-64EC-11DE-B2A5-E43756D89593}] 2009-12-20 09:51 87480 ----a-w- c:\progra~1\BEARSH~1\MediaBar\ToolBar\BearshareMediabarDx.dll . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}] 2010-10-19 12:53 585136 ----a-w- c:\progra~1\BEARSH~1\MediaBar\Datamngr\IEBHO.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{0974BA1E-64EC-11DE-B2A5-E43756D89593}"= "c:\progra~1\BEARSH~1\MediaBar\ToolBar\BearshareMediabarDx.dll" [2009-12-20 87480] . [HKEY_CLASSES_ROOT\clsid\{0974ba1e-64ec-11de-b2a5-e43756d89593}] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2012-10-30 22:50 121528 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Steam"="c:\program files\steam\steam.exe" [2012-12-05 1354736] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696] "Messenger (Yahoo!)"="c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe" [2012-05-25 6595928] "cdloader"="c:\users\PatricK\AppData\Roaming\mjusbsp\cdloader2.exe" [2012-02-01 50592] "Sony Ericsson PC Companion"="c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" [2011-10-21 433872] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888] "VX3000"="c:\windows\vVX3000.exe" [2010-05-20 762736] "XFastUSB"="c:\program files\XFastUSB\XFastUsb.exe" [2012-03-13 5019360] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-08-19 7711264] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-12 137752] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-12 171032] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-12 172568] "avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2012-10-30 4297136] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-08 421776] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "Malwarebytes Anti-Malware (cleanup)"="c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll" [2011-12-24 1080904] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2012-06-08 00:33 421776 ----a-w- c:\program files\iTunes\iTunesHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)] 2012-05-25 09:25 6595928 ----a-w- c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE] 2010-04-12 08:40 180224 ----a-w- c:\program files\PowerISO\PWRISOVM.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2011-10-24 19:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . R2 KMService;KMService;c:\windows\system32\srvany.exe [x] R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y6032.sys [x] R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x] R3 FNETTBOH_305;FNETTBOH_305;c:\windows\system32\drivers\FNETTBOH_305.SYS [x] R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x86.sys [x] R3 SndTAudio;SndTAudio;c:\windows\system32\drivers\SndTAudio.sys [x] R3 SndTVideo;SndTVideo;c:\windows\system32\DRIVERS\SndTVideo.sys [x] R3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [x] R3 SRS_AE_Service;SRS Audio Essentials;c:\windows\system32\drivers\SRS_AE_i386.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R3 wmamp3DriverV32;wmamp3DriverV32;c:\windows\system32\drivers\wmamp3DriverV32.sys [x] R3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [x] R3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [x] R3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [x] R3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [x] R3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [x] R3 XDva359;XDva359;c:\windows\system32\XDva359.sys [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x] S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNETURPX.SYS [x] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x] S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [x] S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x] S2 TeamViewer8;TeamViewer 8;c:\program files\TeamViewer\Version8\TeamViewer_Service.exe [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x] S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [x] . . Contents of the 'Scheduled Tasks' folder . 2012-12-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-07-29 05:45] . 2012-12-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-07-29 05:45] . 2012-12-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1260953176-3201969857-2580422920-1001Core.job - c:\users\PatricK\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-27 13:25] . 2012-12-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1260953176-3201969857-2580422920-1001UA.job - c:\users\PatricK\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-27 13:25] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com.jm/ mStart Page = hxxp://www.bigseekpro.com/pivotstickfigure/{4347DCB7-9513-4CF3-98B3-8FEC4486AE4D} uInternet Settings,ProxyOverride = 127.0.0.1:9421;*.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000 IE: Free YouTube Download - c:\users\PatricK\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm IE: Free YouTube to MP3 Converter - c:\users\PatricK\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105 TCP: DhcpNameServer = 65.183.0.76 65.183.0.86 . - - - - ORPHANS REMOVED - - - - . URLSearchHooks-{90b49673-5506-483e-b92b-ca0265bd9ca8} - (no file) URLSearchHooks-{687578b9-7132-4a7a-80e4-30ee31099e03} - (no file) Toolbar-10 - (no file) WebBrowser-{687578B9-7132-4A7A-80E4-30EE31099E03} - (no file) HKCU-Run-Akamai NetSession Interface - c:\users\PatricK\AppData\Local\Akamai\netsession_win.exe HKCU-Run-SRSHDAudioLab - c:\program files\SRS Labs\SRS Audio Essentials\AudioEssentials.exe HKCU-Run-SRS Audio Sandbox - c:\program files\SRS Labs\Audio Sandbox\SRSSSC.exe AddRemove-1ClickDownloader - c:\program files\1ClickDownload\uninstall.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2012-12-19 14:13:00 ComboFix-quarantined-files.txt 2012-12-19 19:12 . Pre-Run: 4,757,700,608 bytes free Post-Run: 7,739,662,336 bytes free . - - End Of File - - 316F2C4F9A6C8D9C7B3A7A8F24029C0F
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.