Madhurry

Members

View Profile See their activity

Posts
1
Joined
May 15, 2013
Last visited
May 17, 2013

Reputation

0 Neutral

Madhurry

Madhurry posted a topic in Resolved Malware Removal Logs

Post Merged We look for post with 0 replies, so when you reply to your own topic, we assume you're being helped. Please be patient, someone will assist you as soon as possible. Greetings all, I am new to this forum and recently uncovered nearly the same thing roses did, but the file MB found was quarantined: VENDOR = Stolen.data - item = C:\WILLYESUN\Appdata\Roaming\SMRBbackup.25. I have changed my all my email and banking passwords and working on the rest of my password file now. I have run DDS and I will paste and attach (don't know which is better here) the results. I am requesting help on this, it would appear based on other sites that a lot of people have been hit through their firewalls by this mess. I run free avast as primary and MB as secondary. MB was the one that found it!!!! I have downloaded combo fix but I want to wait until instructed to run it till I here from someone who thinks its necessary Request HELP asap!!!! Thank you Madhurry Greetings to all again, I decided to run combofix after all and got the results, however I am unable to attach the document as I did with the others. Word or Notepad will not open this, I used Notepad++ to open it??? So i am pasting the results here instead. Thank you for help in advance. Madhurry ComboFix 13-05-14.01 - WILLYESUN 05/15/2013 2:44.1.2 - x64 Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8191.5923 [GMT -7:00] Running from: c:\users\WILLYESUN\Downloads\ComboFix.exe AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Jacob Smith\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk c:\users\Jacob Smith\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk\rasphone.pbk c:\users\WILLYESUN\AppData\Local\Microsoft\Windows\Temporary Internet Files\{6D20AA1A-87BC-45DF-89CF-A9109336E762}.xps c:\users\WILLYESUN\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk c:\users\WILLYESUN\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk\rasphone.pbk c:\users\WILLYESUN\Documents\~WRL1898.tmp c:\users\WILLYESUN\Documents\ShopToWin c:\windows\SysWow64\logs c:\windows\SysWow64\logs\launcher_20130130.log c:\windows\SysWow64\Packet.dll c:\windows\SysWow64\pthreadVC.dll c:\windows\SysWow64\wpcap.dll . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_NPF -------\Service_NPF . . ((((((((((((((((((((((((( Files Created from 2013-04-15 to 2013-05-15 ))))))))))))))))))))))))))))))) . . 2013-05-15 09:48 . 2013-05-15 09:48 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2013-05-15 09:48 . 2013-05-15 09:48 -------- d-----w- c:\users\UpdatusUser.WILLYESUN-PC\AppData\Local\temp 2013-05-15 07:02 . 2013-05-13 06:37 9460464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7144AB3E-19A2-4B4C-B4BA-A290CD4FBA6A}\mpengine.dll 2013-05-14 17:30 . 2013-05-14 17:30 -------- d-----w- c:\program files (x86)\SlimDrivers 2013-05-11 10:37 . 2013-05-11 10:37 209472 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll 2013-05-06 20:34 . 2013-05-06 20:35 -------- d-----w- C:\Data 2013-05-06 20:09 . 2013-05-06 20:09 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69 2013-05-06 20:08 . 2013-05-06 20:08 -------- d-----w- c:\users\Jacob Smith 2013-05-06 19:59 . 2013-05-06 20:13 -------- d-----w- C:\TESTGROUP 2013-05-05 21:12 . 2012-08-21 20:01 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys 2013-05-05 21:11 . 2013-05-05 21:11 -------- d-----w- c:\program files\iPod 2013-05-05 21:11 . 2013-05-05 21:12 -------- d-----w- c:\program files\iTunes 2013-04-29 17:40 . 2013-04-29 17:40 -------- d-----w- c:\program files (x86)\Apple Software Update 2013-04-29 17:39 . 2013-04-29 17:39 -------- d-----w- c:\program files\Bonjour 2013-04-29 17:39 . 2013-04-29 17:39 -------- d-----w- c:\program files (x86)\Bonjour 2013-04-29 01:34 . 2013-04-29 01:45 -------- d-----w- C:\CIS227 2013-04-29 00:21 . 2013-04-29 00:21 -------- d-----w- C:\MarketingDocuments 2013-04-28 06:57 . 2013-04-28 06:57 -------- d-----w- c:\program files (x86)\Common Files\Java 2013-04-28 06:57 . 2013-04-04 12:35 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2013-04-23 17:04 . 2013-04-12 14:45 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys 2013-04-22 21:56 . 2013-04-22 22:01 -------- d-----w- C:\VHD Storage 2013-04-21 20:33 . 2013-04-21 20:33 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll 2013-04-21 20:33 . 2013-04-21 20:33 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll 2013-04-21 20:33 . 2013-04-21 20:33 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll 2013-04-21 20:33 . 2013-04-21 20:33 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll 2013-04-21 20:33 . 2013-04-21 20:33 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll 2013-04-21 20:33 . 2013-04-21 20:33 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll 2013-04-21 20:33 . 2013-04-21 20:33 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll 2013-04-21 20:33 . 2013-04-21 20:33 -------- d-----w- c:\program files (x86)\QuickTime . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-05-14 19:14 . 2012-07-01 00:47 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-05-14 19:14 . 2012-06-17 05:29 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-05-09 08:59 . 2013-03-07 06:50 378432 ----a-w- c:\windows\system32\drivers\aswSP.sys 2013-05-09 08:59 . 2013-03-07 06:50 72016 ----a-w- c:\windows\system32\drivers\aswRdr2.sys 2013-05-09 08:59 . 2013-03-07 06:50 64288 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2013-05-09 08:59 . 2013-03-07 06:50 1025808 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2013-05-09 08:59 . 2013-03-07 06:50 189936 ----a-w- c:\windows\system32\drivers\aswVmm.sys 2013-05-09 08:59 . 2013-03-07 06:50 65336 ----a-w- c:\windows\system32\drivers\aswRvrt.sys 2013-05-09 08:59 . 2013-03-07 06:50 33400 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2013-05-09 08:59 . 2013-03-07 06:50 80816 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2013-05-09 08:58 . 2013-03-07 06:49 41664 ----a-w- c:\windows\avastSS.scr 2013-05-09 08:58 . 2013-03-01 09:57 287840 ----a-w- c:\windows\system32\aswBoot.exe 2013-05-02 09:06 . 2012-01-14 19:16 278800 ------w- c:\windows\system32\MpSigStub.exe 2013-04-10 17:27 . 2013-04-10 17:27 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll 2013-04-10 17:27 . 2012-02-02 21:42 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll 2013-04-10 17:27 . 2012-02-02 21:42 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll 2013-04-10 06:51 . 2012-01-15 19:12 72702784 ----a-w- c:\windows\system32\MRT.exe 2013-04-04 21:50 . 2013-03-07 07:00 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-04-01 06:59 . 2013-04-01 06:59 119808 ----a-r- c:\users\WILLYESUN\AppData\Roaming\Microsoft\Installer\{CCF298AF-9CE1-4B26-B251-486E98A34789}\icons.exe 2013-03-30 04:39 . 2013-03-30 04:39 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe 2013-03-30 04:39 . 2013-03-30 04:39 97280 ----a-w- c:\windows\system32\mshtmled.dll 2013-03-30 04:39 . 2013-03-30 04:39 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2013-03-30 04:39 . 2013-03-30 04:39 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll 2013-03-30 04:39 . 2013-03-30 04:39 81408 ----a-w- c:\windows\system32\icardie.dll 2013-03-30 04:39 . 2013-03-30 04:39 77312 ----a-w- c:\windows\system32\tdc.ocx 2013-03-30 04:39 . 2013-03-30 04:39 762368 ----a-w- c:\windows\system32\ieapfltr.dll 2013-03-30 04:39 . 2013-03-30 04:39 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe 2013-03-30 04:39 . 2013-03-30 04:39 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll 2013-03-30 04:39 . 2013-03-30 04:39 62976 ----a-w- c:\windows\system32\pngfilt.dll 2013-03-30 04:39 . 2013-03-30 04:39 61952 ----a-w- c:\windows\SysWow64\tdc.ocx 2013-03-30 04:39 . 2013-03-30 04:39 599552 ----a-w- c:\windows\system32\vbscript.dll 2013-03-30 04:39 . 2013-03-30 04:39 523264 ----a-w- c:\windows\SysWow64\vbscript.dll 2013-03-30 04:39 . 2013-03-30 04:39 52224 ----a-w- c:\windows\system32\msfeedsbs.dll 2013-03-30 04:39 . 2013-03-30 04:39 51200 ----a-w- c:\windows\system32\imgutil.dll 2013-03-30 04:39 . 2013-03-30 04:39 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll 2013-03-30 04:39 . 2013-03-30 04:39 48640 ----a-w- c:\windows\system32\mshtmler.dll 2013-03-30 04:39 . 2013-03-30 04:39 452096 ----a-w- c:\windows\system32\dxtmsft.dll 2013-03-30 04:39 . 2013-03-30 04:39 441856 ----a-w- c:\windows\system32\html.iec 2013-03-30 04:39 . 2013-03-30 04:39 38400 ----a-w- c:\windows\SysWow64\imgutil.dll 2013-03-30 04:39 . 2013-03-30 04:39 361984 ----a-w- c:\windows\SysWow64\html.iec 2013-03-30 04:39 . 2013-03-30 04:39 281600 ----a-w- c:\windows\system32\dxtrans.dll 2013-03-30 04:39 . 2013-03-30 04:39 27648 ----a-w- c:\windows\system32\licmgr10.dll 2013-03-30 04:39 . 2013-03-30 04:39 270848 ----a-w- c:\windows\system32\iedkcs32.dll 2013-03-30 04:39 . 2013-03-30 04:39 247296 ----a-w- c:\windows\system32\webcheck.dll 2013-03-30 04:39 . 2013-03-30 04:39 235008 ----a-w- c:\windows\system32\url.dll 2013-03-30 04:39 . 2013-03-30 04:39 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll 2013-03-30 04:39 . 2013-03-30 04:39 226304 ----a-w- c:\windows\system32\elshyph.dll 2013-03-30 04:39 . 2013-03-30 04:39 216064 ----a-w- c:\windows\system32\msls31.dll 2013-03-30 04:39 . 2013-03-30 04:39 197120 ----a-w- c:\windows\system32\msrating.dll 2013-03-30 04:39 . 2013-03-30 04:39 185344 ----a-w- c:\windows\SysWow64\elshyph.dll 2013-03-30 04:39 . 2013-03-30 04:39 173568 ----a-w- c:\windows\system32\ieUnatt.exe 2013-03-30 04:39 . 2013-03-30 04:39 167424 ----a-w- c:\windows\system32\iexpress.exe 2013-03-30 04:39 . 2013-03-30 04:39 158720 ----a-w- c:\windows\SysWow64\msls31.dll 2013-03-30 04:39 . 2013-03-30 04:39 1509376 ----a-w- c:\windows\system32\inetcpl.cpl 2013-03-30 04:39 . 2013-03-30 04:39 150528 ----a-w- c:\windows\SysWow64\iexpress.exe 2013-03-30 04:39 . 2013-03-30 04:39 149504 ----a-w- c:\windows\system32\occache.dll 2013-03-30 04:39 . 2013-03-30 04:39 144896 ----a-w- c:\windows\system32\wextract.exe 2013-03-30 04:39 . 2013-03-30 04:39 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2013-03-30 04:39 . 2013-03-30 04:39 1400416 ----a-w- c:\windows\system32\ieapfltr.dat 2013-03-30 04:39 . 2013-03-30 04:39 138752 ----a-w- c:\windows\SysWow64\wextract.exe 2013-03-30 04:39 . 2013-03-30 04:39 13824 ----a-w- c:\windows\system32\mshta.exe 2013-03-30 04:39 . 2013-03-30 04:39 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2013-03-30 04:39 . 2013-03-30 04:39 136192 ----a-w- c:\windows\system32\iepeers.dll 2013-03-30 04:39 . 2013-03-30 04:39 135680 ----a-w- c:\windows\system32\IEAdvpack.dll 2013-03-30 04:39 . 2013-03-30 04:39 12800 ----a-w- c:\windows\SysWow64\mshta.exe 2013-03-30 04:39 . 2013-03-30 04:39 12800 ----a-w- c:\windows\system32\msfeedssync.exe 2013-03-30 04:39 . 2013-03-30 04:39 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll 2013-03-30 04:39 . 2013-03-30 04:39 102912 ----a-w- c:\windows\system32\inseng.dll 2013-03-28 05:13 . 2013-03-28 05:13 369168 ----a-w- c:\windows\system32\wpcap.dll 2013-03-28 05:13 . 2013-03-28 05:13 35344 ----a-w- c:\windows\system32\drivers\npf.sys 2013-03-28 05:13 . 2013-03-28 05:13 106000 ----a-w- c:\windows\system32\packet.dll 2013-03-25 10:20 . 2012-07-02 03:27 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll 2013-03-25 10:20 . 2012-01-22 08:53 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll 2013-03-25 10:00 . 2013-03-25 01:00 141 ----a-w- c:\users\WILLYESUN\Network_Meter_Data.js 2013-03-24 06:27 . 2013-03-24 06:27 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll 2013-03-24 06:27 . 2013-03-24 06:27 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll 2013-03-19 06:04 . 2013-04-10 06:48 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-03-19 05:46 . 2013-04-10 06:48 43520 ----a-w- c:\windows\system32\csrsrv.dll 2013-03-19 05:04 . 2013-04-10 06:48 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2013-03-19 05:04 . 2013-04-10 06:48 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2013-03-19 04:47 . 2013-04-10 06:48 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll 2013-03-19 03:06 . 2013-04-10 06:48 112640 ----a-w- c:\windows\system32\smss.exe 2013-03-01 17:56 . 2012-11-19 23:20 963488 ----a-w- c:\windows\system32\deployJava1.dll 2013-03-01 17:56 . 2012-11-19 23:20 1085344 ----a-w- c:\windows\system32\npDeployJava1.dll 2013-03-01 03:36 . 2013-04-10 03:17 3153408 ----a-w- c:\windows\system32\win32k.sys 2013-02-21 10:30 . 2013-04-10 06:49 1766912 ----a-w- c:\windows\SysWow64\wininet.dll 2013-02-21 10:29 . 2013-04-10 06:49 2877440 ----a-w- c:\windows\SysWow64\jscript9.dll 2013-02-21 10:29 . 2013-04-10 06:49 61440 ----a-w- c:\windows\SysWow64\iesetup.dll 2013-02-21 10:29 . 2013-04-10 06:49 109056 ----a-w- c:\windows\SysWow64\iesysprep.dll 2013-02-21 10:15 . 2013-04-10 06:49 51712 ----a-w- c:\windows\system32\ie4uinit.exe 2013-02-21 10:15 . 2013-04-10 06:49 2240512 ----a-w- c:\windows\system32\wininet.dll 2013-02-21 10:14 . 2013-04-10 06:49 1365504 ----a-w- c:\windows\system32\urlmon.dll 2013-02-21 10:14 . 2013-04-10 06:49 19230208 ----a-w- c:\windows\system32\mshtml.dll 2013-02-21 10:14 . 2013-04-10 06:49 603136 ----a-w- c:\windows\system32\msfeeds.dll 2013-02-21 10:14 . 2013-04-10 06:49 3958784 ----a-w- c:\windows\system32\jscript9.dll 2013-02-21 10:14 . 2013-04-10 06:49 53248 ----a-w- c:\windows\system32\jsproxy.dll 2013-02-21 10:14 . 2013-04-10 06:49 855552 ----a-w- c:\windows\system32\jscript.dll 2013-02-21 10:14 . 2013-04-10 06:49 526336 ----a-w- c:\windows\system32\ieui.dll 2013-02-21 10:14 . 2013-04-10 06:49 67072 ----a-w- c:\windows\system32\iesetup.dll 2013-02-21 10:14 . 2013-04-10 06:49 136704 ----a-w- c:\windows\system32\iesysprep.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "0724E2CBC6C3656A06DC67F299A89EF16AAB7CAF._service_run"="c:\users\WILLYESUN\AppData\Local\Google\Chrome\Application\chrome.exe" [2013-04-09 1312720] "Jump Desktop"="c:\program files (x86)\Jump Desktop\JumpDesktop.exe" [2012-05-18 424040] "NETGEARGenie"="c:\program files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe" [2012-10-16 1041736] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968] "tvncontrol"="c:\program files (x86)\TightVNC\tvnserver.exe" [2010-07-08 815704] "NETGEAR USB Control Center"="c:\program files (x86)\NETGEAR\USB Control Center\Control Center.exe" [2012-09-21 4139008] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-02-20 152392] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576] . c:\users\WILLYESUN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2013-1-8 228448] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ NETGEAR USB Control Center.lnk - c:\program files (x86)\NETGEAR\USB Control Center\Choose_Language.exe [2012-3-23 709120] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "SoftwareSASGeneration"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . R1 AntiLog32;AntiLog32;c:\windows\system32\drivers\AntiLog64.sys [x] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R3 A6200;NETGEAR A6200 WiFi Adapter Driver;c:\windows\system32\DRIVERS\bcmwlhigh664.sys [2012-07-31 2263144] R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2012-01-14 79360] R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2012-12-21 17480] R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2012-12-21 9800] R3 keycrypt;keycrypt;c:\windows\system32\DRIVERS\KeyCrypt64.sys [x] R3 MSI_MSIBIOS_010507;MSI_MSIBIOS_010507;c:\program files (x86)\MSI\Live Update 5\msibios64_100507.sys [x] R3 NetgearUDSTcpBus;NetgearUDSTcpBus;c:\windows\system32\drivers\NetgearUDSTcpBus.sys [2012-08-13 183584] R3 NTIOLib_1_0_4;NTIOLib_1_0_4;c:\program files (x86)\MSI\Live Update 5\NTIOLib_X64.sys [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-12-13 54784] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-01-15 1255736] R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys [2009-07-14 25088] S0 aswRvrt;aswRvrt; [x] S0 aswVmm;aswVmm; [x] S0 SMR250;Symantec SMR Utility Service 2.5.0;c:\windows\System32\drivers\SMR250.SYS [2012-02-25 96376] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-12-19 240640] S2 AntiSpywareService;Comcast AntiSpyware;c:\program files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe [2009-06-17 616408] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-05-09 80816] S2 JumpDesktop;Jump Desktop Service;c:\program files (x86)\Jump Desktop\JumpService.exe [2012-05-18 7680] S2 tvnserver;TightVNC Server;c:\program files (x86)\TightVNC\tvnserver.exe [2010-07-08 815704] S2 WNDA6200;NETGEAR A6200 Service;c:\program files (x86)\NETGEAR\A6200\WifiService.exe [2012-07-27 25888] S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-11-06 96256] S3 FIXUSTOR;FIXUSTOR;c:\windows\system32\DRIVERS\fixustor.sys [2000-01-01 13696] S3 NetgearUDSMBus;UDS Master Bus of Kernel USB Software Bus by TCP;c:\windows\system32\drivers\NetgearUDSMBus.sys [2012-08-13 107296] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL . Contents of the 'Scheduled Tasks' folder . 2013-05-15 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-01 19:14] . 2013-05-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-01 09:58] . 2013-05-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-01 09:58] . 2013-05-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2078581981-1077204460-3374807228-1000Core.job - c:\users\WILLYESUN\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-14 19:09] . 2013-05-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2078581981-1077204460-3374807228-1000UA.job - c:\users\WILLYESUN\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-14 19:09] . 2013-05-15 c:\windows\Tasks\SlimDrivers Startup.job - c:\program files (x86)\SlimDrivers\SlimDrivers.exe [2013-04-24 21:12] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2013-05-09 08:58 133840 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}] 2013-04-16 23:10 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}] 2013-04-16 23:10 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}] 2013-04-16 23:10 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}] 2013-04-16 23:10 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "GENIE"="c:\program files (x86)\NETGEAR\A6200\A6200.exe" [2012-08-07 7831840] . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService FontCache . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.bing.com mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105 TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\users\WILLYESUN\AppData\Roaming\Mozilla\Firefox\Profiles\gauippyv.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3287802&SearchSource=3&q={searchTerms}&CUI=UN23850200211002293 FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?SSPV=SP_FFWSP06&ctid=CT3279141&SearchSource=13&CUI=UN27341453124293301 FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3287802&SearchSource=2&CUI=UN23850200211002293&UM=UM_ID&q= FF - user.js: extensions.BabylonToolbar_i.id - dc6dd6d60000000000000021855a5cc9 FF - user.js: extensions.BabylonToolbar_i.hardId - dc6dd6d60000000000000021855a5cc9 FF - user.js: extensions.BabylonToolbar_i.instlDay - 15525 FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1719:49 FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar FF - user.js: extensions.BabylonToolbar_i.aflt - babsst FF - user.js: extensions.BabylonToolbar_i.smplGrp - none FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9 FF - user.js: extensions.BabylonToolbar_i.newTab - false FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=109935&tt=010712_7 FF - user.js: extensions.BabylonToolbar_i.babExt - FF - user.js: extensions.BabylonToolbar_i.srcExt - ss FF - user.js: extensions.BabylonToolbar_i.instlRef - sst FF - user.js: network.protocol-handler.warn-external.dnupdate - false FF - user.js: browser.sessionstore.resume_from_crash - false FF - user.js: extensions.delta.tlbrSrchUrl - FF - user.js: extensions.delta.id - dc6dd6d60000000000000021855a5cc9 FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} FF - user.js: extensions.delta.instlDay - 15740 FF - user.js: extensions.delta.vrsn - 1.8.10.0 FF - user.js: extensions.delta.vrsni - 1.8.10.0 FF - user.js: extensions.delta.vrsnTs - 1.8.10.019:48 FF - user.js: extensions.delta.prtnrId - delta FF - user.js: extensions.delta.prdct - delta FF - user.js: extensions.delta.aflt - babsst FF - user.js: extensions.delta.smplGrp - none FF - user.js: extensions.delta.tlbrId - base FF - user.js: extensions.delta.instlRef - sst FF - user.js: extensions.delta.dfltLng - en FF - user.js: extensions.delta.excTlbr - false FF - user.js: extensions.delta.admin - false FF - user.js: extensions.delta.autoRvrt - false FF - user.js: extensions.delta.rvrt - false FF - user.js: extensions.delta.newTab - false FF - user.js: browser.sessionstore.resume_session_once - true FF - user.js: capability.policy.policynames - allowclipboard FF - user.js: capability.policy.allowclipboard.sites - hxxps://classes.lanecc.edu/ FF - user.js: capability.policy.allowclipboard.Clipboard.cutcopy - allAccess FF - user.js: capability.policy.allowclipboard.Clipboard.paste - allAccess FF - user.js: capability.policy.allowclipboard.sites - hxxps://classes.lanecc.edu/mod/forum/index.php?id=35335 FF - user.js: capability.policy.allowclipboard.sites - hxxps://classes.lanecc.edu/mod/forum/index.php?id=35833 FF - user.js: capability.policy.allowclipboard.sites - hxxps://classes.lanecc.edu/mod/forum/post.php?forum=31406 . - - - - ORPHANS REMOVED - - - - . Toolbar-10 - (no file) Wow6432Node-HKLM-Run-<NO NAME> - (no file) Toolbar-10 - (no file) ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file) ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file) ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file) ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file) . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe c:\program files\AVAST Software\Avast\AvastSvc.exe c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files (x86)\CA\PPRT\bin\ITMRTSVC.exe . ************************************************************************** . Completion time: 2013-05-15 02:54:49 - machine was rebooted ComboFix-quarantined-files.txt 2013-05-15 09:54 . Pre-Run: 372,836,413,440 bytes free Post-Run: 372,791,099,392 bytes free . - - End Of File - - 90C076BC6178C294BC713AFA772790D9 MBAttach.txt MBDDS.txt MBDDS.txt MBAttach.txt
- May 15, 2013
- 2 replies

Sign In

Madhurry

Posts

Joined

Last visited

Reputation

Madhurry

Browse

Activity

Personal

Business

Business Modules

Partners

Learn

Start here

Type of malware/attacks

How does it get on my computer?

Scams and grifts

Support

Important Information