treetrunks

Members

View Profile See their activity

Posts
5
Joined
April 3, 2013
Last visited
April 6, 2013

Reputation

0 Neutral

help with ukash virus

treetrunks replied to treetrunks's topic in Resolved Malware Removal Logs

ok did the scan and came with this # AdwCleaner v2.200 - Logfile created 04/06/2013 at 11:35:27 # Updated 02/04/2013 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits) # User : dwayne - VAIO # Boot Mode : Normal # Running from : C:\Users\dwayne\Desktop\adwcleaner.exe # Option [search] ***** [services] ***** ***** [Files / Folders] ***** Folder Found : C:\Program Files (x86)\Conduit Folder Found : C:\Program Files (x86)\Delta Folder Found : C:\Program Files (x86)\iMesh Applications\Mediabar Folder Found : C:\Program Files (x86)\uTorrentControl_v2 Folder Found : C:\ProgramData\Babylon Folder Found : C:\ProgramData\boost_interprocess Folder Found : C:\ProgramData\Browser Manager Folder Found : C:\ProgramData\BrowserProtect Folder Found : C:\Users\dwayne\AppData\Local\Conduit Folder Found : C:\Users\dwayne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda Folder Found : C:\Users\dwayne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda Folder Found : C:\Users\dwayne\AppData\Local\PackageAware Folder Found : C:\Users\dwayne\AppData\LocalLow\Conduit Folder Found : C:\Users\dwayne\AppData\LocalLow\Delta Folder Found : C:\Users\dwayne\AppData\LocalLow\PriceGong Folder Found : C:\Users\dwayne\AppData\LocalLow\shareazatoolbarguid Folder Found : C:\Users\dwayne\AppData\LocalLow\uTorrentControl_v2 Folder Found : C:\Users\dwayne\AppData\Roaming\BabSolution Folder Found : C:\Users\dwayne\AppData\Roaming\Babylon Folder Found : C:\Users\dwayne\AppData\Roaming\Delta ***** [Registry] ***** Data Found : [x64] HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~2\IMESHA~1\Mediabar\Datamngr\x64\datamngr.dll Data Found : [x64] HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~2\IMESHA~1\Mediabar\Datamngr\x64\IEBHO.dll Key Found : HKCU\Software\APN DTX Key Found : HKCU\Software\AppDataLow\Software\Conduit Key Found : HKCU\Software\AppDataLow\Software\Crossrider Key Found : HKCU\Software\AppDataLow\Software\PriceGong Key Found : HKCU\Software\AppDataLow\Software\SmartBar Key Found : HKCU\Software\AppDataLow\Software\uTorrentControl_v2 Key Found : HKCU\Software\AppDataLow\Toolbar Key Found : HKCU\Software\BabylonToolbar Key Found : HKCU\Software\Conduit Key Found : HKCU\Software\DataMngr Key Found : HKCU\Software\DataMngr_Toolbar Key Found : HKCU\Software\Delta Key Found : HKCU\Software\Google\Chrome\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda Key Found : HKCU\Software\Google\Chrome\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda Key Found : HKCU\Software\InstalledBrowserExtensions Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110111271167} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7473B6BD-4691-4744-A82B-7854EB3D70B6} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{82E1477C-B154-48D3-9891-33D83C26BCD3} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{ADE92211-31DC-4775-85C0-75659B099DD3} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BE7A24F5-69CB-4708-B77B-B1EDA6043B95} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C1AF5FA5-852C-4C90-812E-A7F75E011D87} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110111271167} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{537F4F0B-3542-4C7D-A3E5-CF121482696C} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7473B6BD-4691-4744-A82B-7854EB3D70B6} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{82E1477C-B154-48D3-9891-33D83C26BCD3} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{ADE92211-31DC-4775-85C0-75659B099DD3} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BE7A24F5-69CB-4708-B77B-B1EDA6043B95} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1AF5FA5-852C-4C90-812E-A7F75E011D87} Key Found : HKCU\Software\shareazatoolbarguid Key Found : HKCU\Software\Softonic Key Found : HKCU\Software\dedb8fb53def10 Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21} Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Key Found : HKLM\Software\Babylon Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947} Key Found : HKLM\SOFTWARE\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D} Key Found : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} Key Found : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D} Key Found : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} Key Found : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} Key Found : HKLM\SOFTWARE\Classes\AppID\{D97A8234-F2A2-4AD4-91D5-FECDB2C553AF} Key Found : HKLM\SOFTWARE\Classes\AppID\BrowserConnection.dll Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL Key Found : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL Key Found : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL Key Found : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL Key Found : HKLM\SOFTWARE\Classes\AppID\esrv.EXE Key Found : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0012767.BHO Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0012767.Sandbox Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0012767.Sandbox.1 Key Found : HKLM\SOFTWARE\Classes\delta.deltaappCore Key Found : HKLM\SOFTWARE\Classes\delta.deltaappCore.1 Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane.1 Key Found : HKLM\SOFTWARE\Classes\esrv.deltaESrvc Key Found : HKLM\SOFTWARE\Classes\esrv.deltaESrvc.1 Key Found : HKLM\SOFTWARE\Classes\Prod.cap Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3220468 Key Found : HKLM\SOFTWARE\Classes\TypeLib\{39CB8175-E224-4446-8746-00566302DF8D} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4599D05A-D545-4069-BB42-5895B4EAE05B} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} Key Found : HKLM\Software\Conduit Key Found : HKLM\Software\DataMngr Key Found : HKLM\Software\Delta Key Found : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASAPI32 Key Found : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASMANCS Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110111271167} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{537F4F0B-3542-4C7D-A3E5-CF121482696C} Key Found : HKLM\Software\uTorrentControl_v2 Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{11111111-1111-1111-1111-110111271167} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{261DD098-8A3E-43D4-87AA-63324FA897D8} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{474597C5-AB09-49D6-A4D5-2E8D7341384E} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4FCB4630-2A1C-4AA1-B422-345E8DC8A6DE} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{537F4F0B-3542-4C7D-A3E5-CF121482696C} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7473B6BD-4691-4744-A82B-7854EB3D70B6} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{82E1477C-B154-48D3-9891-33D83C26BCD3} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{86838207-681D-469D-9511-D0DCC6F19F9B} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{950F80EF-32C2-47DD-9C35-9576E21EE66E} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{ADE92211-31DC-4775-85C0-75659B099DD3} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{BE7A24F5-69CB-4708-B77B-B1EDA6043B95} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C1AF5FA5-852C-4C90-812E-A7F75E011D87} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E97A663B-81A6-49C5-A6D3-BCB05BA1DE26} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7D86A08B-0A8F-4BE0-B693-F05E6947E780} Key Found : HKLM\SOFTWARE\Wow6432Node\dedb8fb53def10 Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\eooncjejnppfjjklapaamhcdmjbilmde Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110111271167} Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21111111-1111-1111-1111-110111271167} Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{348C2DF3-1191-4C3E-92A6-B3A89A9D9C85} Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{62D72C3F-4906-4593-AEB1-A1873C10E8A5} Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A8A91FE5-376A-43E9-89FC-BFA5B89595C4} Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ADE92211-31DC-4775-85C0-75659B099DD3} Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21} Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110111271167} Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7473B6BD-4691-4744-A82B-7854EB3D70B6} Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ADE92211-31DC-4775-85C0-75659B099DD3} Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BE7A24F5-69CB-4708-B77B-B1EDA6043B95} Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87} Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Delta Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Delta Chrome Toolbar Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Search Results Toolbar Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\shareazatoolbarguid Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentControl_v2 Toolbar Key Found : HKLM\SOFTWARE\Classes\CLSID\{474597C5-AB09-49D6-A4D5-2E8D7341384E} Key Found : HKLM\SOFTWARE\Classes\CLSID\{950F80EF-32C2-47DD-9C35-9576E21EE66E} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21} Key Found : HKU\S-1-5-21-3810083538-1385749972-3859568590-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Key Found : HKU\S-1-5-21-3810083538-1385749972-3859568590-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21} Key Found : HKU\S-1-5-21-3810083538-1385749972-3859568590-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} Key Found : HKU\S-1-5-21-3810083538-1385749972-3859568590-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Value Found : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page] Value Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope] Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{7473B6BD-4691-4744-A82B-7854EB3D70B6}] Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{7473B6BD-4691-4744-A82B-7854EB3D70B6}] Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{7473B6BD-4691-4744-A82B-7854EB3D70B6}] Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [DataMngr] Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{7473B6BD-4691-4744-A82B-7854EB3D70B6}] Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{82E1477C-B154-48D3-9891-33D83C26BCD3}] Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{ADE92211-31DC-4775-85C0-75659B099DD3}] Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [10] ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16470 [HKCU\Software\Microsoft\Internet Explorer\Main - bProtector Start Page] = hxxp://www.delta-search.com/?affID=119556&babsrc=HP_ss&mntrId=F85FC0F8DAF75632 -\\ Google Chrome v26.0.1410.43 File : C:\Users\dwayne\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[R1].txt - [13361 octets] - [06/04/2013 11:35:27] ########## EOF - C:\AdwCleaner[R1].txt - [13422 octets] ##########
- April 6, 2013
- 11 replies
help with ukash virus

treetrunks replied to treetrunks's topic in Resolved Malware Removal Logs

ok that gave me this report log ComboFix 13-04-02.01 - dwayne 03/04/2013 20:54:27.1.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.6125.4656 [GMT -3:00] Running from: c:\users\dwayne\Desktop\ComboFix.exe AV: Norton AntiVirus *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF} SP: Norton AntiVirus *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Public\sdelevURL.tmp . . ((((((((((((((((((((((((( Files Created from 2013-03-03 to 2013-04-03 ))))))))))))))))))))))))))))))) . . 2013-04-03 23:59 . 2013-04-03 23:59 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-04-03 23:52 . 2013-04-03 23:52 -------- d-----w- c:\windows\system32\drivers\NSTx64\7DD03030.013 2013-04-03 23:51 . 2013-04-03 23:51 -------- d-----w- c:\users\dwayne\AppData\Local\Tiger Savings 2013-04-03 23:51 . 2013-04-03 23:51 -------- d-----w- c:\users\dwayne\AppData\Local\Updater12767 2013-04-03 23:51 . 2013-04-03 23:51 -------- d-----w- c:\program files (x86)\Tiger Savings 2013-04-03 23:51 . 2013-04-03 23:51 -------- d-----w- c:\programdata\BrowserProtect 2013-04-03 23:51 . 2013-04-03 23:51 -------- d-----w- c:\users\dwayne\AppData\Roaming\BabSolution 2013-04-03 23:51 . 2013-04-03 23:51 -------- d-----w- c:\program files (x86)\Delta 2013-04-03 23:51 . 2013-04-03 23:51 -------- d-----w- c:\users\dwayne\AppData\Roaming\Delta 2013-04-03 23:51 . 2013-04-03 23:51 -------- d-----w- c:\users\dwayne\AppData\Roaming\Babylon 2013-04-03 23:51 . 2013-04-03 23:51 -------- d-----w- c:\programdata\Babylon 2013-04-03 23:34 . 2013-04-03 23:34 -------- d-----w- C:\FRST 2013-04-03 22:41 . 2013-04-03 22:41 -------- d-----w- c:\program files (x86)\Symantec 2013-04-03 22:41 . 2013-04-03 22:41 -------- d-----w- c:\programdata\Symantec 2013-04-03 22:41 . 2013-04-03 22:41 -------- d-----w- c:\users\dwayne\AppData\Roaming\Product_NU16 2013-04-03 22:38 . 2013-04-03 22:38 -------- d-----w- c:\users\dwayne\CD95F661A5C444F5A6AAECDD91C240D9.TMP 2013-03-17 19:31 . 2013-02-12 04:12 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys 2013-03-13 12:32 . 2013-03-13 12:32 -------- d-----w- c:\program files\Microsoft Silverlight 2013-03-13 12:32 . 2013-03-13 12:32 -------- d-----w- c:\program files (x86)\Microsoft Silverlight 2013-03-07 02:02 . 2013-03-07 02:02 -------- d-----w- c:\users\dwayne\AppData\Local\Sony Corporation . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-03-13 12:33 . 2013-02-08 12:51 72013344 ----a-w- c:\windows\system32\MRT.exe 2013-03-13 00:01 . 2013-01-10 13:33 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-03-13 00:01 . 2013-01-10 13:33 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-02-12 05:45 . 2013-03-13 11:22 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll 2013-02-12 05:45 . 2013-03-13 11:22 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll 2013-02-12 05:45 . 2013-03-13 11:22 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll 2013-02-12 05:45 . 2013-03-13 11:22 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll 2013-02-12 04:48 . 2013-03-13 11:22 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll 2013-02-12 04:48 . 2013-03-13 11:22 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll 2013-02-05 00:28 . 2013-02-05 00:28 177312 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS 2013-01-31 03:18 . 2013-02-27 12:15 432800 ----a-w- c:\windows\system32\drivers\NAVx64\1403000.024\symnets.sys 2013-01-31 03:18 . 2013-02-27 12:15 1139800 ----a-w- c:\windows\system32\drivers\NAVx64\1403000.024\symefa64.sys 2013-01-29 01:45 . 2013-02-27 12:15 796248 ----a-w- c:\windows\system32\drivers\NAVx64\1403000.024\srtsp64.sys 2013-01-29 01:45 . 2013-02-27 12:15 36952 ----a-w- c:\windows\system32\drivers\NAVx64\1403000.024\srtspx64.sys 2013-01-22 02:15 . 2013-02-27 12:15 493656 ----a-w- c:\windows\system32\drivers\NAVx64\1403000.024\symds64.sys 2013-01-17 05:28 . 2010-11-21 03:27 273840 ------w- c:\windows\system32\MpSigStub.exe 2013-01-13 21:17 . 2013-02-27 13:44 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll 2013-01-13 21:17 . 2013-02-27 13:44 2560 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll 2013-01-13 21:16 . 2013-02-27 13:44 10752 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll 2013-01-13 21:12 . 2013-02-27 13:44 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll 2013-01-13 21:11 . 2013-02-27 13:44 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll 2013-01-13 21:11 . 2013-02-27 13:44 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll 2013-01-13 21:11 . 2013-02-27 13:44 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll 2013-01-13 21:11 . 2013-02-27 13:44 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll 2013-01-13 21:11 . 2013-02-27 13:44 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll 2013-01-13 20:35 . 2013-02-27 13:44 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll 2013-01-13 20:35 . 2013-02-27 13:44 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll 2013-01-13 20:35 . 2013-02-27 13:44 10752 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll 2013-01-13 20:32 . 2013-02-27 13:44 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll 2013-01-13 20:31 . 2013-02-27 13:44 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll 2013-01-13 20:31 . 2013-02-27 13:44 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll 2013-01-13 20:31 . 2013-02-27 13:44 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll 2013-01-13 20:31 . 2013-02-27 13:44 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll 2013-01-13 20:31 . 2013-02-27 13:44 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll 2013-01-13 20:31 . 2013-02-27 13:44 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll 2013-01-13 20:22 . 2013-02-27 13:44 1988096 ----a-w- c:\windows\SysWow64\d3d10warp.dll 2013-01-13 20:20 . 2013-02-27 13:44 293376 ----a-w- c:\windows\SysWow64\dxgi.dll 2013-01-13 20:09 . 2013-02-27 13:44 249856 ----a-w- c:\windows\SysWow64\d3d10_1core.dll 2013-01-13 20:08 . 2013-02-27 13:44 220160 ----a-w- c:\windows\SysWow64\d3d10core.dll 2013-01-13 20:08 . 2013-02-27 13:44 1504768 ----a-w- c:\windows\SysWow64\d3d11.dll 2013-01-13 19:59 . 2013-02-27 13:44 1643520 ----a-w- c:\windows\system32\DWrite.dll 2013-01-13 19:58 . 2013-02-27 13:44 1175552 ----a-w- c:\windows\system32\FntCache.dll 2013-01-13 19:54 . 2013-02-27 13:44 604160 ----a-w- c:\windows\SysWow64\d3d10level9.dll 2013-01-13 19:53 . 2013-02-27 13:44 207872 ----a-w- c:\windows\SysWow64\WindowsCodecsExt.dll 2013-01-13 19:53 . 2013-02-27 13:44 187392 ----a-w- c:\windows\SysWow64\UIAnimation.dll 2013-01-13 19:51 . 2013-02-27 13:44 2565120 ----a-w- c:\windows\system32\d3d10warp.dll 2013-01-13 19:49 . 2013-02-27 13:44 363008 ----a-w- c:\windows\system32\dxgi.dll 2013-01-13 19:48 . 2013-02-27 13:44 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll 2013-01-13 19:46 . 2013-02-27 13:44 1080832 ----a-w- c:\windows\SysWow64\d3d10.dll 2013-01-13 19:43 . 2013-02-27 13:44 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll 2013-01-13 19:38 . 2013-02-27 13:44 333312 ----a-w- c:\windows\system32\d3d10_1core.dll 2013-01-13 19:38 . 2013-02-27 13:44 1887232 ----a-w- c:\windows\system32\d3d11.dll 2013-01-13 19:38 . 2013-02-27 13:44 296960 ----a-w- c:\windows\system32\d3d10core.dll 2013-01-13 19:37 . 2013-02-27 13:44 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll 2013-01-13 19:25 . 2013-02-27 13:44 245248 ----a-w- c:\windows\system32\WindowsCodecsExt.dll 2013-01-13 19:24 . 2013-02-27 13:44 648192 ----a-w- c:\windows\system32\d3d10level9.dll 2013-01-13 19:24 . 2013-02-27 13:44 221184 ----a-w- c:\windows\system32\UIAnimation.dll 2013-01-13 19:20 . 2013-02-27 13:44 194560 ----a-w- c:\windows\system32\d3d10_1.dll 2013-01-13 19:20 . 2013-02-27 13:44 1238528 ----a-w- c:\windows\system32\d3d10.dll 2013-01-13 19:15 . 2013-02-27 13:44 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll 2013-01-13 19:10 . 2013-02-27 13:44 3928064 ----a-w- c:\windows\system32\d2d1.dll 2013-01-13 19:02 . 2013-02-27 13:44 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll 2013-01-13 18:34 . 2013-02-27 13:44 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll 2013-01-13 18:32 . 2013-02-27 13:44 465920 ----a-w- c:\windows\system32\WMPhoto.dll 2013-01-13 18:09 . 2013-02-27 13:44 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll 2013-01-13 17:26 . 2013-02-27 13:44 1158144 ----a-w- c:\windows\SysWow64\XpsPrint.dll 2013-01-13 17:05 . 2013-02-27 13:44 1682432 ----a-w- c:\windows\system32\XpsPrint.dll 2013-01-08 05:32 . 2013-02-02 03:17 9161176 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8ED63553-8A27-47D4-9F6A-851D66C35D61}\mpengine.dll 2013-01-06 18:36 . 2013-01-06 18:36 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll 2013-01-06 18:36 . 2013-01-06 18:36 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe 2013-01-06 18:36 . 2013-01-06 18:36 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe 2013-01-06 18:36 . 2013-01-06 18:36 74752 ----a-w- c:\windows\SysWow64\iesetup.dll 2013-01-06 18:36 . 2013-01-06 18:36 63488 ----a-w- c:\windows\SysWow64\tdc.ocx 2013-01-06 18:36 . 2013-01-06 18:36 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll 2013-01-06 18:36 . 2013-01-06 18:36 367104 ----a-w- c:\windows\SysWow64\html.iec 2013-01-06 18:36 . 2013-01-06 18:36 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll 2013-01-06 18:36 . 2013-01-06 18:36 161792 ----a-w- c:\windows\SysWow64\msls31.dll 2013-01-06 18:36 . 2013-01-06 18:36 152064 ----a-w- c:\windows\SysWow64\wextract.exe 2013-01-06 18:36 . 2013-01-06 18:36 150528 ----a-w- c:\windows\SysWow64\iexpress.exe 2013-01-06 18:36 . 2013-01-06 18:36 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll 2013-01-06 18:36 . 2013-01-06 18:36 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2013-01-06 18:36 . 2013-01-06 18:36 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe 2013-01-06 18:36 . 2013-01-06 18:36 89088 ----a-w- c:\windows\system32\ie4uinit.exe 2013-01-06 18:36 . 2013-01-06 18:36 85504 ----a-w- c:\windows\system32\iesetup.dll 2013-01-06 18:36 . 2013-01-06 18:36 82432 ----a-w- c:\windows\system32\icardie.dll 2013-01-06 18:36 . 2013-01-06 18:36 76800 ----a-w- c:\windows\system32\tdc.ocx 2013-01-06 18:36 . 2013-01-06 18:36 65024 ----a-w- c:\windows\system32\pngfilt.dll 2013-01-06 18:36 . 2013-01-06 18:36 55296 ----a-w- c:\windows\system32\msfeedsbs.dll 2013-01-06 18:36 . 2013-01-06 18:36 534528 ----a-w- c:\windows\system32\ieapfltr.dll 2013-01-06 18:36 . 2013-01-06 18:36 49664 ----a-w- c:\windows\system32\imgutil.dll 2013-01-06 18:36 . 2013-01-06 18:36 48640 ----a-w- c:\windows\system32\mshtmler.dll 2013-01-06 18:36 . 2013-01-06 18:36 452608 ----a-w- c:\windows\system32\dxtmsft.dll 2013-01-06 18:36 . 2013-01-06 18:36 448512 ----a-w- c:\windows\system32\html.iec 2013-01-06 18:36 . 2013-01-06 18:36 403248 ----a-w- c:\windows\system32\iedkcs32.dll 2013-01-06 18:36 . 2013-01-06 18:36 39936 ----a-w- c:\windows\system32\iernonce.dll 2013-01-06 18:36 . 2013-01-06 18:36 3695416 ----a-w- c:\windows\system32\ieapfltr.dat 2013-01-06 18:36 . 2013-01-06 18:36 35840 ----a-w- c:\windows\SysWow64\imgutil.dll 2013-01-06 18:36 . 2013-01-06 18:36 30720 ----a-w- c:\windows\system32\licmgr10.dll 2013-01-06 18:36 . 2013-01-06 18:36 282112 ----a-w- c:\windows\system32\dxtrans.dll 2013-01-06 18:36 . 2013-01-06 18:36 267776 ----a-w- c:\windows\system32\ieaksie.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{7473b6bd-4691-4744-a82b-7854eb3d70b6}"= "c:\program files (x86)\uTorrentControl_v2\prxtbuTor.dll" [2011-05-09 176936] . [HKEY_CLASSES_ROOT\clsid\{7473b6bd-4691-4744-a82b-7854eb3d70b6}] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{11111111-1111-1111-1111-110111271167}] 2013-04-03 23:51 704392 ----a-w- c:\program files (x86)\Tiger Savings\Tiger Savings.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{7473b6bd-4691-4744-a82b-7854eb3d70b6}] 2011-05-09 09:49 176936 ----a-w- c:\program files (x86)\uTorrentControl_v2\prxtbuTor.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{ade92211-31dc-4775-85c0-75659b099dd3}] 2012-10-04 23:41 89288 ----a-w- c:\progra~2\IMESHA~1\Mediabar\Datamngr\SRTOOL~1\searchresultsDx.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{BE7A24F5-69CB-4708-B77B-B1EDA6043B95}] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}] 2013-01-23 12:24 247704 ----a-w- c:\program files (x86)\Delta\delta\1.8.10.0\bh\delta.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{7473b6bd-4691-4744-a82b-7854eb3d70b6}"= "c:\program files (x86)\uTorrentControl_v2\prxtbuTor.dll" [2011-05-09 176936] "{ade92211-31dc-4775-85c0-75659b099dd3}"= "c:\progra~2\IMESHA~1\Mediabar\Datamngr\SRTOOL~1\searchresultsDx.dll" [2012-10-04 89288] "{82E1477C-B154-48D3-9891-33D83C26BCD3}"= "c:\program files (x86)\Delta\delta\1.8.10.0\deltaTlbr.dll" [2013-01-23 321944] . [HKEY_CLASSES_ROOT\clsid\{7473b6bd-4691-4744-a82b-7854eb3d70b6}] . [HKEY_CLASSES_ROOT\clsid\{ade92211-31dc-4775-85c0-75659b099dd3}] . [HKEY_CLASSES_ROOT\clsid\{82e1477c-b154-48d3-9891-33d83c26bcd3}] [HKEY_CLASSES_ROOT\delta.deltadskBnd.1] [HKEY_CLASSES_ROOT\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}] [HKEY_CLASSES_ROOT\delta.deltadskBnd] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-01-12 283160] "ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2011-02-15 2757312] "PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2010-11-27 648032] "RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-11-02 90448] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2011-3-24 1219360] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) "AppInit_DLLs"=c:\progra~3\BROWSE~2\261125~1.80\{C16C1~1\BrowserProtect.dll . R1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.0.24\Definitions\BASHDefs\20130301.001\BHDrvx64.sys [2013-01-16 1388120] R1 ccSet_NAV;Norton AntiVirus Settings Manager;c:\windows\system32\drivers\NAVx64\1403000.024\ccSetx64.sys [2012-11-16 168096] R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAVx64\1403000.024\Ironx64.SYS [2012-11-16 224416] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-02 183560] R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys [2009-06-10 281088] R3 SOHCImp;VAIO Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2011-02-21 113824] R3 SOHDs;VAIO Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2011-02-21 67232] R3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2011-01-20 286936] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760] R3 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2011-01-20 887000] R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2011-05-24 652016] R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2011-02-19 385336] R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2011-02-19 99104] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2013-01-06 1255736] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184] S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAVx64\1403000.024\SYMDS64.SYS [2013-01-22 493656] S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAVx64\1403000.024\SYMEFA64.SYS [2013-01-31 1139800] S1 ccSet_NST;Norton Identity Safe Settings Manager;c:\windows\system32\drivers\NSTx64\7DD01000.020\ccSetx64.sys [2012-08-07 168096] S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.0.24\Definitions\IPSDefs\20130306.001\IDSvia64.sys [2013-02-02 513184] S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NAVx64\1403000.024\SYMNETS.SYS [2013-01-31 432800] S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-01-12 13336] S2 NAV;Norton AntiVirus;c:\program files (x86)\Norton AntiVirus\Engine\20.3.0.36\ccSvcHst.exe [2012-12-24 144520] S2 NCO;Norton Identity Safe;c:\program files (x86)\Norton Identity Safe\Engine\2013.1.0.32\ccSvcHst.exe [2012-08-19 143928] S2 Oasis2Service;Oasis2Service;c:\program files (x86)\DDNi\Oasis2Service\Oasis2Service.exe [2012-02-09 53248] S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2010-11-27 398176] S2 rimspci;rimspci;c:\windows\system32\drivers\rimssne64.sys [2011-03-01 102400] S2 risdsnpe;risdsnpe;c:\windows\system32\drivers\risdsnxc64.sys [2011-03-01 98816] S2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe [2011-01-29 259192] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-03-20 378472] S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2011-02-23 105024] S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-03-07 2656280] S2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2011-02-14 550080] S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe [2011-02-28 852160] S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2009-05-26 19968] S3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [2011-04-01 436776] S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2011-04-01 39976] S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [2010-12-10 80384] S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [2010-12-10 181248] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-03-07 413800] S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2010-04-26 12032] S3 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe [2011-02-14 44736] S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update\VUAgent.exe [2012-10-26 1286784] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-03-31 22:24 1642448 ----a-w- c:\program files (x86)\Google\Chrome\Application\26.0.1410.43\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2013-04-02 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-10 00:01] . 2013-04-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-10 13:34] . 2013-04-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-10 13:34] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-03-07 11776104] "RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-03-07 2188904] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=c:\progra~2\IMESHA~1\Mediabar\Datamngr\x64\datamngr.dll c:\progra~2\IMESHA~1\Mediabar\Datamngr\x64\IEBHO.dll . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService FontCache . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.delta-search.com/?affID=119556&babsrc=HP_ss&mntrId=F85FC0F8DAF75632 mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local TCP: DhcpNameServer = 192.168.2.1 192.168.2.1 . - - - - ORPHANS REMOVED - - - - . Toolbar-10 - (no file) Toolbar-10 - (no file) WebBrowser-{7473B6BD-4691-4744-A82B-7854EB3D70B6} - (no file) HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe . . . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\NAV] "ImagePath"="\"c:\program files (x86)\Norton AntiVirus\Engine\20.3.0.36\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files (x86)\Norton AntiVirus\Engine\20.3.0.36\diMaster.dll\" /prefetch:1" -- . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\NCO] "ImagePath"="\"c:\program files (x86)\Norton Identity Safe\Engine\2013.1.0.32\ccSvcHst.exe\" /s \"NCO\" /m \"c:\program files (x86)\Norton Identity Safe\Engine\2013.1.0.32\diMaster.dll\" /prefetch:1" -- . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\SampleCollector] "ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=5000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\% C3 Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=c:\programdata\Sony Corporation\VAIO Care\inteldata\"" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Nico Mak Computing\WinZip] "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2013-04-03 21:01:19 ComboFix-quarantined-files.txt 2013-04-04 00:01 . Pre-Run: 577,311,510,528 bytes free Post-Run: 577,813,364,736 bytes free . - - End Of File - - B7051718636E97A6BFA9559E1D14959E
- April 4, 2013
- 11 replies
help with ukash virus

treetrunks replied to treetrunks's topic in Resolved Malware Removal Logs

ok got this perating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : dwayne [Admin rights] Mode : Scan -- Date : 04/03/2013 20:36:02 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 2 ¤¤¤ [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: WDC WD6400BPVT-55HXZT1 +++++ --- User --- [MBR] 84fc735209abb60365e3824c73a8f433 [bSP] a70b5b3bd7bc456d67bf1fd32a74f94e : Windows 7/8 MBR Code Partition table: 0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 10958 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 22444032 | Size: 100 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 22648832 | Size: 599420 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1]_S_04032013_02d2036.txt >> RKreport[1]_S_04032013_02d2036.txt
- April 3, 2013
- 11 replies
help with ukash virus

treetrunks replied to treetrunks's topic in Resolved Malware Removal Logs

yes it works great! many thanks, Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2013 Ran by SYSTEM at 2013-04-03 19:19:16 Run:1 Running from G:\ ============================================== HKEY_USERS\dwayne\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell Value deleted successfully. C:\Users\dwayne\1856000.exe moved successfully. C:\Users\dwayne\AppData\Roaming\skype.dat moved successfully. ==== End of Fixlog ====
- April 3, 2013
- 11 replies
help with ukash virus

treetrunks posted a topic in Resolved Malware Removal Logs

just recently got this virus and wondering if anyone can help please!! i ran the farbar recovery and have this file now, any help is apricated thanks Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 13-03-2013 (ATTENTION: FRST version is 21 days old) Ran by SYSTEM at 03-04-2013 18:47:08 Running from G:\ Windows 7 Home Premium (X64) OS Language: English(US) The current controlset is ControlSet002 ==================== Registry (Whitelisted) =================== HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [11776104 2011-03-07] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3 [2188904 2011-03-07] (Realtek Semiconductor) HKLM\...\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2531624 2011-03-07] (Synaptics Incorporated) HKLM\...\Run: [Logitech Download Assistant] C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch [1832760 2012-09-20] (Logitech, Inc.) HKLM-x32\...\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2011-01-12] (Intel Corporation) HKLM-x32\...\Run: [iSBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe" [2757312 2011-02-15] (Sony Corporation) HKLM-x32\...\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe [648032 2010-11-26] (Sony Corporation) HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [90448 2011-11-02] (Research In Motion Limited) HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-11-28] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [152544 2012-12-12] (Apple Inc.) HKLM-x32\...\Run: [DATAMNGR] C:\PROGRA~2\IMESHA~1\Mediabar\Datamngr\DATAMN~1.EXE [1684696 2012-12-29] (iMesh, Inc) HKU\dwayne\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [4240760 2010-09-22] (Microsoft Corporation) HKU\dwayne\...\Winlogon: [shell] explorer.exe,C:\Users\dwayne\AppData\Roaming\skype.dat [87040 2011-11-17] () Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1 AppInit_DLLs: C:\PROGRA~3\Wincert\WIN64C~1.DLL C:\PROGRA~2\IMESHA~1\Mediabar\Datamngr\x64\datamngr.dll C:\PROGRA~2\IMESHA~1\Mediabar\Datamngr\x64\IEBHO.dll Startup: C:\ProgramData\Start Menu\Programs\Startup\Bluetooth.lnk ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) ==================== Services (Whitelisted) =================== 3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.) 2 NAV; "C:\Program Files (x86)\Norton AntiVirus\Engine\20.3.0.36\ccSvcHst.exe" /s "NAV" /m "C:\Program Files (x86)\Norton AntiVirus\Engine\20.3.0.36\diMaster.dll" /prefetch:1 [551728 2013-02-06] (Symantec Corporation) 2 NCO; "C:\Program Files (x86)\Norton Identity Safe\Engine\2013.1.0.32\ccSvcHst.exe" /s "NCO" /m "C:\Program Files (x86)\Norton Identity Safe\Engine\2013.1.0.32\diMaster.dll" /prefetch:1 [531864 2012-08-21] (Symantec Corporation) 2 SampleCollector; "C:\Program Files\Sony\VAIO Care\VCPerfService.exe" "/service" "/sstates" "/sampleinterval=5000" "/procinterval=5" "/dllinterval=120" "/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1" "/counter=\Network Interface(*)\Bytes Total/sec:1" "/expandcounter=\Processor Information(*)\Processor Frequency:1" "/expandcounter=\Processor(*)\% Idle Time:1" "/expandcounter=\Processor(*)\% C1 Time:1" "/expandcounter=\Processor(*)\% C2 Time:1" "/expandcounter=\Processor(*)\% C3 Time:1" "/expandcounter=\Processor(*)\% Processor Time:1" "/directory=C:\ProgramData\Sony Corporation\VAIO Care\inteldata" [259192 2011-01-29] (Sony Corporation) 2 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [105024 2011-02-23] (ArcSoft, Inc.) 3 VUAgent; "C:\Program Files\Sony\VAIO Update\VUAgent.exe" [1286784 2012-10-26] (Sony Corporation) ==================== Drivers (Whitelisted) ===================== 3 ArcSoftKsUFilter; C:\Windows\System32\Drivers\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.) 1 BHDrvx64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.0.24\Definitions\BASHDefs\20130301.001\BHDrvx64.sys [1388120 2013-01-16] (Symantec Corporation) 1 ccSet_NAV; C:\Windows\system32\drivers\NAVx64\1403000.024\ccSetx64.sys [168096 2012-11-15] (Symantec Corporation) 1 ccSet_NST; C:\Windows\system32\drivers\NSTx64\7DD01000.020\ccSetx64.sys [168096 2012-08-06] (Symantec Corporation) 1 eeCtrl; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-08-18] (Symantec Corporation) 3 EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2012-08-18] (Symantec Corporation) 1 IDSVia64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.0.24\Definitions\IPSDefs\20130306.001\IDSvia64.sys [513184 2013-02-02] (Symantec Corporation) 3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.0.24\Definitions\VirusDefs\20130306.035\ENG64.SYS [126192 2013-02-04] (Symantec Corporation) 3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.0.24\Definitions\VirusDefs\20130306.035\EX64.SYS [2087664 2013-02-04] (Symantec Corporation) 2 risdsnpe; C:\Windows\system32\drivers\risdsnxc64.sys [98816 2011-03-01] (REDC) 3 SRTSP; C:\Windows\System32\Drivers\NAVx64\1403000.024\SRTSP64.SYS [796248 2013-01-28] (Symantec Corporation) 1 SRTSPX; C:\Windows\system32\drivers\NAVx64\1403000.024\SRTSPX64.SYS [36952 2013-01-28] (Symantec Corporation) 0 SymDS; C:\Windows\System32\drivers\NAVx64\1403000.024\SYMDS64.SYS [493656 2013-01-21] (Symantec Corporation) 0 SymEFA; C:\Windows\System32\drivers\NAVx64\1403000.024\SYMEFA64.SYS [1139800 2013-01-30] (Symantec Corporation) 3 SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-02-04] (Symantec Corporation) 1 SymIRON; C:\Windows\system32\drivers\NAVx64\1403000.024\Ironx64.SYS [224416 2012-11-15] (Symantec Corporation) 1 SymNetS; C:\Windows\System32\Drivers\NAVx64\1403000.024\SYMNETS.SYS [432800 2013-01-30] (Symantec Corporation) ==================== NetSvcs (Whitelisted) ==================== ==================== One Month Created Files and Folders ======== 2013-04-03 18:34 - 2013-04-03 18:34 - 00000000 ____D C:\FRST 2013-04-03 16:02 - 2013-04-03 16:38 - 00000004 ____A C:\Users\dwayne\AppData\Roaming\skype.ini 2013-04-03 16:01 - 2013-04-03 16:01 - 00087040 ____A C:\Users\dwayne\1856000.exe 2013-04-01 17:12 - 2013-04-01 17:12 - 00393040 ____A (Softonic ) C:\Users\dwayne\Downloads\SoftonicDownloader_for_bberry-theme.exe 2013-04-01 17:12 - 2013-04-01 17:12 - 00000117 ____A C:\Users\Public\sdelevURL.tmp 2013-03-28 13:08 - 2013-03-28 13:08 - 00281288 ____A C:\Windows\Minidump\032813-23228-01.dmp 2013-03-24 11:57 - 2013-03-24 11:57 - 00281096 ____A C:\Windows\Minidump\032413-33119-01.dmp 2013-03-21 12:38 - 2013-03-21 12:39 - 00281192 ____A C:\Windows\Minidump\032113-31902-01.dmp 2013-03-17 14:31 - 2013-02-11 23:12 - 00019968 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usb8023.sys 2013-03-15 06:33 - 2013-03-15 06:34 - 00302824 ____A C:\Windows\Minidump\031513-22542-01.dmp 2013-03-14 07:20 - 2013-03-14 07:20 - 00281288 ____A C:\Windows\Minidump\031413-22822-01.dmp 2013-03-13 07:33 - 2013-02-02 02:31 - 17815040 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2013-03-13 07:33 - 2013-02-02 01:58 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2013-03-13 07:33 - 2013-02-02 01:57 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2013-03-13 07:33 - 2013-02-02 01:48 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2013-03-13 07:33 - 2013-02-02 01:47 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2013-03-13 07:33 - 2013-02-02 01:47 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2013-03-13 07:33 - 2013-02-02 01:46 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll 2013-03-13 07:33 - 2013-02-02 01:43 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2013-03-13 07:33 - 2013-02-02 01:42 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2013-03-13 07:33 - 2013-02-02 01:42 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2013-03-13 07:33 - 2013-02-02 01:41 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll 2013-03-13 07:33 - 2013-02-02 01:40 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2013-03-13 07:33 - 2013-02-02 01:39 - 02147840 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2013-03-13 07:33 - 2013-02-02 01:38 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2013-03-13 07:33 - 2013-02-02 01:38 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2013-03-13 07:33 - 2013-02-02 01:34 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2013-03-13 07:33 - 2013-02-01 23:09 - 12321792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-03-13 07:33 - 2013-02-01 22:42 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-03-13 07:33 - 2013-02-01 22:38 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-03-13 07:33 - 2013-02-01 22:31 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-03-13 07:33 - 2013-02-01 22:30 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2013-03-13 07:33 - 2013-02-01 22:30 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-03-13 07:33 - 2013-02-01 22:29 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2013-03-13 07:33 - 2013-02-01 22:27 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-03-13 07:33 - 2013-02-01 22:26 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-03-13 07:33 - 2013-02-01 22:26 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2013-03-13 07:33 - 2013-02-01 22:26 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2013-03-13 07:33 - 2013-02-01 22:25 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-03-13 07:33 - 2013-02-01 22:23 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-03-13 07:33 - 2013-02-01 22:23 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-03-13 07:33 - 2013-02-01 22:23 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2013-03-13 07:33 - 2013-02-01 22:20 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-03-13 07:32 - 2013-03-13 07:32 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2013-03-13 07:32 - 2013-03-13 07:32 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight 2013-03-06 21:02 - 2013-03-06 21:02 - 00000000 ____D C:\Users\dwayne\AppData\Local\Sony Corporation ==================== One Month Modified Files and Folders ======= 2013-04-03 18:34 - 2013-04-03 18:34 - 00000000 ____D C:\FRST 2013-04-03 16:38 - 2013-04-03 16:02 - 00000004 ____A C:\Users\dwayne\AppData\Roaming\skype.ini 2013-04-03 16:38 - 2013-01-13 11:15 - 00000000 ____D C:\Users\dwayne\AppData\Local\CrashDumps 2013-04-03 16:38 - 2013-01-05 18:15 - 00000000 ____D C:\Users\dwayne\Tracing 2013-04-03 16:38 - 2011-05-03 19:50 - 00000000 ____D C:\ProgramData\NVIDIA 2013-04-03 16:38 - 2009-07-14 00:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2013-04-03 16:38 - 2009-07-13 23:51 - 00069041 ____A C:\Windows\setupact.log 2013-04-03 16:24 - 2009-07-13 23:45 - 00020928 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-04-03 16:24 - 2009-07-13 23:45 - 00020928 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-04-03 16:20 - 2011-05-16 14:38 - 01210697 ____A C:\Windows\WindowsUpdate.log 2013-04-03 16:17 - 2013-01-10 08:34 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-04-03 16:01 - 2013-04-03 16:01 - 00087040 ____A C:\Users\dwayne\1856000.exe 2013-04-03 16:01 - 2013-01-10 08:33 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-04-03 16:01 - 2013-01-05 02:09 - 00000000 ____D C:\users\dwayne 2013-04-03 07:49 - 2013-01-10 08:34 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-04-03 06:29 - 2013-01-05 18:15 - 00000000 ____D C:\Users\dwayne\AppData\Local\Windows Live 2013-04-02 12:43 - 2013-01-05 14:24 - 00000000 ____D C:\Users\dwayne\AppData\Roaming\uTorrent 2013-04-01 17:12 - 2013-04-01 17:12 - 00393040 ____A (Softonic ) C:\Users\dwayne\Downloads\SoftonicDownloader_for_bberry-theme.exe 2013-04-01 17:12 - 2013-04-01 17:12 - 00000117 ____A C:\Users\Public\sdelevURL.tmp 2013-03-31 17:27 - 2013-02-04 19:21 - 00000000 ____D C:\Users\dwayne\AppData\Local\WinZip 2013-03-31 17:27 - 2009-07-14 00:13 - 00778834 ____A C:\Windows\System32\PerfStringBackup.INI 2013-03-31 17:24 - 2013-01-10 08:34 - 00002183 ____A C:\Users\Public\Desktop\Google Chrome.lnk 2013-03-28 13:08 - 2013-03-28 13:08 - 00281288 ____A C:\Windows\Minidump\032813-23228-01.dmp 2013-03-28 13:08 - 2013-01-22 07:38 - 358365062 ____A C:\Windows\MEMORY.DMP 2013-03-28 13:08 - 2013-01-22 07:38 - 00000000 ____D C:\Windows\Minidump 2013-03-24 11:57 - 2013-03-24 11:57 - 00281096 ____A C:\Windows\Minidump\032413-33119-01.dmp 2013-03-21 12:39 - 2013-03-21 12:38 - 00281192 ____A C:\Windows\Minidump\032113-31902-01.dmp 2013-03-15 06:34 - 2013-03-15 06:33 - 00302824 ____A C:\Windows\Minidump\031513-22542-01.dmp 2013-03-15 06:33 - 2009-07-14 00:08 - 00032540 ____A C:\Windows\Tasks\SCHEDLGU.TXT 2013-03-14 20:41 - 2013-01-05 14:23 - 00000203 ____A C:\Users\dwayne\Desktop\Netflix.url 2013-03-14 14:41 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache 2013-03-14 07:20 - 2013-03-14 07:20 - 00281288 ____A C:\Windows\Minidump\031413-22822-01.dmp 2013-03-13 07:33 - 2013-02-08 07:51 - 72013344 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe 2013-03-13 07:32 - 2013-03-13 07:32 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2013-03-13 07:32 - 2013-03-13 07:32 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight 2013-03-12 19:01 - 2013-01-10 08:33 - 00693976 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-03-12 19:01 - 2013-01-10 08:33 - 00073432 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-03-06 21:02 - 2013-03-06 21:02 - 00000000 ____D C:\Users\dwayne\AppData\Local\Sony Corporation ==================== Known DLLs (Whitelisted) ================= ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= Restore point made on: 2013-02-18 19:33:15 Restore point made on: 2013-02-19 15:15:12 Restore point made on: 2013-02-19 15:15:31 Restore point made on: 2013-02-20 18:32:40 Restore point made on: 2013-02-27 08:44:40 Restore point made on: 2013-03-07 09:05:51 Restore point made on: 2013-03-13 07:31:34 Restore point made on: 2013-03-17 21:03:46 Restore point made on: 2013-03-25 07:32:50 Restore point made on: 2013-04-02 07:09:01 ==================== Memory info =========================== Percentage of memory in use: 11% Total physical RAM: 6125.22 MB Available physical RAM: 5411.68 MB Total Pagefile: 6123.37 MB Available Pagefile: 5401.36 MB Total Virtual: 8192 MB Available Virtual: 8191.91 MB ==================== Partitions ============================= 1 Drive c: () (Fixed) (Total:585.37 GB) (Free:538.3 GB) NTFS 2 Drive e: (Recovery) (Fixed) (Total:10.7 GB) (Free:1.15 GB) NTFS ==>[system with boot components (obtained from reading drive)] 4 Drive g: (LaCie) (Fixed) (Total:931.51 GB) (Free:286.31 GB) NTFS 5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS 6 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from reading drive)] Disk ### Status Size Free Dyn Gpt -------- ------------- ------- ------- --- --- Disk 0 Online 596 GB 0 B Disk 1 Online 931 GB 0 B Partitions of Disk 0: =============== Disk ID: CE1FCFF5 Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Recovery 10 GB 1024 KB Partition 2 Primary 100 MB 10 GB Partition 3 Primary 585 GB 10 GB ================================================================================== Disk: 0 Partition 1 Type : 27 Hidden: Yes Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 3 E Recovery NTFS Partition 10 GB Healthy Hidden ========================================================= Disk: 0 Partition 2 Type : 07 Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 1 Y System Rese NTFS Partition 100 MB Healthy ========================================================= Disk: 0 Partition 3 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 2 C NTFS Partition 585 GB Healthy ========================================================= Partitions of Disk 1: =============== Disk ID: 37BC0554 Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 931 GB 31 KB ================================================================================== Disk: 1 Partition 1 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 4 G LaCie NTFS Partition 931 GB Healthy ========================================================= ============================== MBR Partition Table ================== ============================== Partitions of Disk 0: =============== Disk ID: CE1FCFF5 Partition 1: ========= Hex: 0020210027FEFFFF0008000000705601 Active: NO Type: 27 Size: 11 GB Partition 2: ========= Hex: 80FEFFFF07FEFFFF0078560100200300 Active: YES Type: 07 (NTFS) Size: 100 MB Partition 3: ========= Hex: 00FEFFFF07FEFFFF00985901B0E22B49 Active: NO Type: 07 (NTFS) Size: 585 GB ============================== Partitions of Disk 1: =============== Disk ID: 37BC0554 Partition 1: ========= Hex: 0001010007FEFFFF3F00000082597074 Active: NO Type: 07 (NTFS) Size: 932 GB Last Boot: 2013-03-25 07:25 ==================== End Of Log =============================
- April 3, 2013
- 11 replies

Sign In

treetrunks

Posts

Joined

Last visited

Reputation

help with ukash virus

help with ukash virus

help with ukash virus

help with ukash virus

help with ukash virus

Browse

Activity

Personal

Business

Business Modules

Partners

Learn

Start here

Type of malware/attacks

How does it get on my computer?

Scams and grifts

Support

Important Information