Jump to content

Madhurry

Members
 View Profile  See their activity

  • Posts

    1

  • Joined

  • Last visited

 Content Type 

Posts posted by Madhurry

    Madhurry

    in Resolved Malware Removal Logs

    Posted

    Post Merged

    We look for post with 0 replies, so when you reply to your own topic, we assume you're being helped.

    Please be patient, someone will assist you as soon as possible.

    Greetings all,

    I am new to this forum and recently uncovered nearly the same thing roses did, but the file MB found was quarantined: VENDOR = Stolen.data - item = C:\WILLYESUN\Appdata\Roaming\SMRBbackup.25.

    I have changed my all my email and banking passwords and working on the rest of my password file now. I have run DDS and I will paste and attach (don't know which is better here) the results. I am requesting help on this, it would appear based on other sites that a lot of people have been hit through their firewalls by this mess. I run free avast as primary and MB as secondary. MB was the one that found it!!!!

    I have downloaded combo fix but I want to wait until instructed to run it till I here from someone who thinks its necessary

    Request HELP asap!!!!

    Thank you

    Madhurry

    Greetings to all again,

    I decided to run combofix after all and got the results, however I am unable to attach the document as I did with the others. Word or Notepad will not open this, I used Notepad++ to open it???

    So i am pasting the results here instead.

    Thank you for help in advance.

    Madhurry

    ComboFix 13-05-14.01 - WILLYESUN 05/15/2013 2:44.1.2 - x64

    Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8191.5923 [GMT -7:00]

    Running from: c:\users\WILLYESUN\Downloads\ComboFix.exe

    AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

    SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    .

    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    c:\users\Jacob Smith\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk

    c:\users\Jacob Smith\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk\rasphone.pbk

    c:\users\WILLYESUN\AppData\Local\Microsoft\Windows\Temporary Internet Files\{6D20AA1A-87BC-45DF-89CF-A9109336E762}.xps

    c:\users\WILLYESUN\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk

    c:\users\WILLYESUN\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk\rasphone.pbk

    c:\users\WILLYESUN\Documents\~WRL1898.tmp

    c:\users\WILLYESUN\Documents\ShopToWin

    c:\windows\SysWow64\logs

    c:\windows\SysWow64\logs\launcher_20130130.log

    c:\windows\SysWow64\Packet.dll

    c:\windows\SysWow64\pthreadVC.dll

    c:\windows\SysWow64\wpcap.dll

    .

    .

    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    -------\Legacy_NPF

    -------\Service_NPF

    .

    .

    ((((((((((((((((((((((((( Files Created from 2013-04-15 to 2013-05-15 )))))))))))))))))))))))))))))))

    .

    .

    2013-05-15 09:48 . 2013-05-15 09:48 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

    2013-05-15 09:48 . 2013-05-15 09:48 -------- d-----w- c:\users\UpdatusUser.WILLYESUN-PC\AppData\Local\temp

    2013-05-15 07:02 . 2013-05-13 06:37 9460464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7144AB3E-19A2-4B4C-B4BA-A290CD4FBA6A}\mpengine.dll

    2013-05-14 17:30 . 2013-05-14 17:30 -------- d-----w- c:\program files (x86)\SlimDrivers

    2013-05-11 10:37 . 2013-05-11 10:37 209472 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll

    2013-05-06 20:34 . 2013-05-06 20:35 -------- d-----w- C:\Data

    2013-05-06 20:09 . 2013-05-06 20:09 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69

    2013-05-06 20:08 . 2013-05-06 20:08 -------- d-----w- c:\users\Jacob Smith

    2013-05-06 19:59 . 2013-05-06 20:13 -------- d-----w- C:\TESTGROUP

    2013-05-05 21:12 . 2012-08-21 20:01 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys

    2013-05-05 21:11 . 2013-05-05 21:11 -------- d-----w- c:\program files\iPod

    2013-05-05 21:11 . 2013-05-05 21:12 -------- d-----w- c:\program files\iTunes

    2013-04-29 17:40 . 2013-04-29 17:40 -------- d-----w- c:\program files (x86)\Apple Software Update

    2013-04-29 17:39 . 2013-04-29 17:39 -------- d-----w- c:\program files\Bonjour

    2013-04-29 17:39 . 2013-04-29 17:39 -------- d-----w- c:\program files (x86)\Bonjour

    2013-04-29 01:34 . 2013-04-29 01:45 -------- d-----w- C:\CIS227

    2013-04-29 00:21 . 2013-04-29 00:21 -------- d-----w- C:\MarketingDocuments

    2013-04-28 06:57 . 2013-04-28 06:57 -------- d-----w- c:\program files (x86)\Common Files\Java

    2013-04-28 06:57 . 2013-04-04 12:35 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

    2013-04-23 17:04 . 2013-04-12 14:45 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys

    2013-04-22 21:56 . 2013-04-22 22:01 -------- d-----w- C:\VHD Storage

    2013-04-21 20:33 . 2013-04-21 20:33 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll

    2013-04-21 20:33 . 2013-04-21 20:33 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll

    2013-04-21 20:33 . 2013-04-21 20:33 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll

    2013-04-21 20:33 . 2013-04-21 20:33 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll

    2013-04-21 20:33 . 2013-04-21 20:33 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll

    2013-04-21 20:33 . 2013-04-21 20:33 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll

    2013-04-21 20:33 . 2013-04-21 20:33 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll

    2013-04-21 20:33 . 2013-04-21 20:33 -------- d-----w- c:\program files (x86)\QuickTime

    .

    .

    .

    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    2013-05-14 19:14 . 2012-07-01 00:47 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

    2013-05-14 19:14 . 2012-06-17 05:29 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

    2013-05-09 08:59 . 2013-03-07 06:50 378432 ----a-w- c:\windows\system32\drivers\aswSP.sys

    2013-05-09 08:59 . 2013-03-07 06:50 72016 ----a-w- c:\windows\system32\drivers\aswRdr2.sys

    2013-05-09 08:59 . 2013-03-07 06:50 64288 ----a-w- c:\windows\system32\drivers\aswTdi.sys

    2013-05-09 08:59 . 2013-03-07 06:50 1025808 ----a-w- c:\windows\system32\drivers\aswSnx.sys

    2013-05-09 08:59 . 2013-03-07 06:50 189936 ----a-w- c:\windows\system32\drivers\aswVmm.sys

    2013-05-09 08:59 . 2013-03-07 06:50 65336 ----a-w- c:\windows\system32\drivers\aswRvrt.sys

    2013-05-09 08:59 . 2013-03-07 06:50 33400 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

    2013-05-09 08:59 . 2013-03-07 06:50 80816 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

    2013-05-09 08:58 . 2013-03-07 06:49 41664 ----a-w- c:\windows\avastSS.scr

    2013-05-09 08:58 . 2013-03-01 09:57 287840 ----a-w- c:\windows\system32\aswBoot.exe

    2013-05-02 09:06 . 2012-01-14 19:16 278800 ------w- c:\windows\system32\MpSigStub.exe

    2013-04-10 17:27 . 2013-04-10 17:27 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll

    2013-04-10 17:27 . 2012-02-02 21:42 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll

    2013-04-10 17:27 . 2012-02-02 21:42 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll

    2013-04-10 06:51 . 2012-01-15 19:12 72702784 ----a-w- c:\windows\system32\MRT.exe

    2013-04-04 21:50 . 2013-03-07 07:00 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

    2013-04-01 06:59 . 2013-04-01 06:59 119808 ----a-r- c:\users\WILLYESUN\AppData\Roaming\Microsoft\Installer\{CCF298AF-9CE1-4B26-B251-486E98A34789}\icons.exe

    2013-03-30 04:39 . 2013-03-30 04:39 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe

    2013-03-30 04:39 . 2013-03-30 04:39 97280 ----a-w- c:\windows\system32\mshtmled.dll

    2013-03-30 04:39 . 2013-03-30 04:39 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

    2013-03-30 04:39 . 2013-03-30 04:39 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll

    2013-03-30 04:39 . 2013-03-30 04:39 81408 ----a-w- c:\windows\system32\icardie.dll

    2013-03-30 04:39 . 2013-03-30 04:39 77312 ----a-w- c:\windows\system32\tdc.ocx

    2013-03-30 04:39 . 2013-03-30 04:39 762368 ----a-w- c:\windows\system32\ieapfltr.dll

    2013-03-30 04:39 . 2013-03-30 04:39 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe

    2013-03-30 04:39 . 2013-03-30 04:39 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll

    2013-03-30 04:39 . 2013-03-30 04:39 62976 ----a-w- c:\windows\system32\pngfilt.dll

    2013-03-30 04:39 . 2013-03-30 04:39 61952 ----a-w- c:\windows\SysWow64\tdc.ocx

    2013-03-30 04:39 . 2013-03-30 04:39 599552 ----a-w- c:\windows\system32\vbscript.dll

    2013-03-30 04:39 . 2013-03-30 04:39 523264 ----a-w- c:\windows\SysWow64\vbscript.dll

    2013-03-30 04:39 . 2013-03-30 04:39 52224 ----a-w- c:\windows\system32\msfeedsbs.dll

    2013-03-30 04:39 . 2013-03-30 04:39 51200 ----a-w- c:\windows\system32\imgutil.dll

    2013-03-30 04:39 . 2013-03-30 04:39 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll

    2013-03-30 04:39 . 2013-03-30 04:39 48640 ----a-w- c:\windows\system32\mshtmler.dll

    2013-03-30 04:39 . 2013-03-30 04:39 452096 ----a-w- c:\windows\system32\dxtmsft.dll

    2013-03-30 04:39 . 2013-03-30 04:39 441856 ----a-w- c:\windows\system32\html.iec

    2013-03-30 04:39 . 2013-03-30 04:39 38400 ----a-w- c:\windows\SysWow64\imgutil.dll

    2013-03-30 04:39 . 2013-03-30 04:39 361984 ----a-w- c:\windows\SysWow64\html.iec

    2013-03-30 04:39 . 2013-03-30 04:39 281600 ----a-w- c:\windows\system32\dxtrans.dll

    2013-03-30 04:39 . 2013-03-30 04:39 27648 ----a-w- c:\windows\system32\licmgr10.dll

    2013-03-30 04:39 . 2013-03-30 04:39 270848 ----a-w- c:\windows\system32\iedkcs32.dll

    2013-03-30 04:39 . 2013-03-30 04:39 247296 ----a-w- c:\windows\system32\webcheck.dll

    2013-03-30 04:39 . 2013-03-30 04:39 235008 ----a-w- c:\windows\system32\url.dll

    2013-03-30 04:39 . 2013-03-30 04:39 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll

    2013-03-30 04:39 . 2013-03-30 04:39 226304 ----a-w- c:\windows\system32\elshyph.dll

    2013-03-30 04:39 . 2013-03-30 04:39 216064 ----a-w- c:\windows\system32\msls31.dll

    2013-03-30 04:39 . 2013-03-30 04:39 197120 ----a-w- c:\windows\system32\msrating.dll

    2013-03-30 04:39 . 2013-03-30 04:39 185344 ----a-w- c:\windows\SysWow64\elshyph.dll

    2013-03-30 04:39 . 2013-03-30 04:39 173568 ----a-w- c:\windows\system32\ieUnatt.exe

    2013-03-30 04:39 . 2013-03-30 04:39 167424 ----a-w- c:\windows\system32\iexpress.exe

    2013-03-30 04:39 . 2013-03-30 04:39 158720 ----a-w- c:\windows\SysWow64\msls31.dll

    2013-03-30 04:39 . 2013-03-30 04:39 1509376 ----a-w- c:\windows\system32\inetcpl.cpl

    2013-03-30 04:39 . 2013-03-30 04:39 150528 ----a-w- c:\windows\SysWow64\iexpress.exe

    2013-03-30 04:39 . 2013-03-30 04:39 149504 ----a-w- c:\windows\system32\occache.dll

    2013-03-30 04:39 . 2013-03-30 04:39 144896 ----a-w- c:\windows\system32\wextract.exe

    2013-03-30 04:39 . 2013-03-30 04:39 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl

    2013-03-30 04:39 . 2013-03-30 04:39 1400416 ----a-w- c:\windows\system32\ieapfltr.dat

    2013-03-30 04:39 . 2013-03-30 04:39 138752 ----a-w- c:\windows\SysWow64\wextract.exe

    2013-03-30 04:39 . 2013-03-30 04:39 13824 ----a-w- c:\windows\system32\mshta.exe

    2013-03-30 04:39 . 2013-03-30 04:39 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe

    2013-03-30 04:39 . 2013-03-30 04:39 136192 ----a-w- c:\windows\system32\iepeers.dll

    2013-03-30 04:39 . 2013-03-30 04:39 135680 ----a-w- c:\windows\system32\IEAdvpack.dll

    2013-03-30 04:39 . 2013-03-30 04:39 12800 ----a-w- c:\windows\SysWow64\mshta.exe

    2013-03-30 04:39 . 2013-03-30 04:39 12800 ----a-w- c:\windows\system32\msfeedssync.exe

    2013-03-30 04:39 . 2013-03-30 04:39 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll

    2013-03-30 04:39 . 2013-03-30 04:39 102912 ----a-w- c:\windows\system32\inseng.dll

    2013-03-28 05:13 . 2013-03-28 05:13 369168 ----a-w- c:\windows\system32\wpcap.dll

    2013-03-28 05:13 . 2013-03-28 05:13 35344 ----a-w- c:\windows\system32\drivers\npf.sys

    2013-03-28 05:13 . 2013-03-28 05:13 106000 ----a-w- c:\windows\system32\packet.dll

    2013-03-25 10:20 . 2012-07-02 03:27 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll

    2013-03-25 10:20 . 2012-01-22 08:53 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll

    2013-03-25 10:00 . 2013-03-25 01:00 141 ----a-w- c:\users\WILLYESUN\Network_Meter_Data.js

    2013-03-24 06:27 . 2013-03-24 06:27 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll

    2013-03-24 06:27 . 2013-03-24 06:27 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll

    2013-03-19 06:04 . 2013-04-10 06:48 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe

    2013-03-19 05:46 . 2013-04-10 06:48 43520 ----a-w- c:\windows\system32\csrsrv.dll

    2013-03-19 05:04 . 2013-04-10 06:48 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

    2013-03-19 05:04 . 2013-04-10 06:48 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

    2013-03-19 04:47 . 2013-04-10 06:48 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll

    2013-03-19 03:06 . 2013-04-10 06:48 112640 ----a-w- c:\windows\system32\smss.exe

    2013-03-01 17:56 . 2012-11-19 23:20 963488 ----a-w- c:\windows\system32\deployJava1.dll

    2013-03-01 17:56 . 2012-11-19 23:20 1085344 ----a-w- c:\windows\system32\npDeployJava1.dll

    2013-03-01 03:36 . 2013-04-10 03:17 3153408 ----a-w- c:\windows\system32\win32k.sys

    2013-02-21 10:30 . 2013-04-10 06:49 1766912 ----a-w- c:\windows\SysWow64\wininet.dll

    2013-02-21 10:29 . 2013-04-10 06:49 2877440 ----a-w- c:\windows\SysWow64\jscript9.dll

    2013-02-21 10:29 . 2013-04-10 06:49 61440 ----a-w- c:\windows\SysWow64\iesetup.dll

    2013-02-21 10:29 . 2013-04-10 06:49 109056 ----a-w- c:\windows\SysWow64\iesysprep.dll

    2013-02-21 10:15 . 2013-04-10 06:49 51712 ----a-w- c:\windows\system32\ie4uinit.exe

    2013-02-21 10:15 . 2013-04-10 06:49 2240512 ----a-w- c:\windows\system32\wininet.dll

    2013-02-21 10:14 . 2013-04-10 06:49 1365504 ----a-w- c:\windows\system32\urlmon.dll

    2013-02-21 10:14 . 2013-04-10 06:49 19230208 ----a-w- c:\windows\system32\mshtml.dll

    2013-02-21 10:14 . 2013-04-10 06:49 603136 ----a-w- c:\windows\system32\msfeeds.dll

    2013-02-21 10:14 . 2013-04-10 06:49 3958784 ----a-w- c:\windows\system32\jscript9.dll

    2013-02-21 10:14 . 2013-04-10 06:49 53248 ----a-w- c:\windows\system32\jsproxy.dll

    2013-02-21 10:14 . 2013-04-10 06:49 855552 ----a-w- c:\windows\system32\jscript.dll

    2013-02-21 10:14 . 2013-04-10 06:49 526336 ----a-w- c:\windows\system32\ieui.dll

    2013-02-21 10:14 . 2013-04-10 06:49 67072 ----a-w- c:\windows\system32\iesetup.dll

    2013-02-21 10:14 . 2013-04-10 06:49 136704 ----a-w- c:\windows\system32\iesysprep.dll

    .

    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    *Note* empty entries & legit default entries are not shown

    REGEDIT4

    .

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "0724E2CBC6C3656A06DC67F299A89EF16AAB7CAF._service_run"="c:\users\WILLYESUN\AppData\Local\Google\Chrome\Application\chrome.exe" [2013-04-09 1312720]

    "Jump Desktop"="c:\program files (x86)\Jump Desktop\JumpDesktop.exe" [2012-05-18 424040]

    "NETGEARGenie"="c:\program files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe" [2012-10-16 1041736]

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]

    "tvncontrol"="c:\program files (x86)\TightVNC\tvnserver.exe" [2010-07-08 815704]

    "NETGEAR USB Control Center"="c:\program files (x86)\NETGEAR\USB Control Center\Control Center.exe" [2012-09-21 4139008]

    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]

    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]

    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]

    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-02-20 152392]

    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]

    .

    c:\users\WILLYESUN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

    OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2013-1-8 228448]

    .

    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

    NETGEAR USB Control Center.lnk - c:\program files (x86)\NETGEAR\USB Control Center\Choose_Language.exe [2012-3-23 709120]

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

    "ConsentPromptBehaviorAdmin"= 5 (0x5)

    "ConsentPromptBehaviorUser"= 3 (0x3)

    "EnableUIADesktopToggle"= 0 (0x0)

    "SoftwareSASGeneration"= 1 (0x1)

    .

    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

    "LoadAppInit_DLLs"=1 (0x1)

    .

    R1 AntiLog32;AntiLog32;c:\windows\system32\drivers\AntiLog64.sys [x]

    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

    R3 A6200;NETGEAR A6200 WiFi Adapter Driver;c:\windows\system32\DRIVERS\bcmwlhigh664.sys [2012-07-31 2263144]

    R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2012-01-14 79360]

    R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2012-12-21 17480]

    R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2012-12-21 9800]

    R3 keycrypt;keycrypt;c:\windows\system32\DRIVERS\KeyCrypt64.sys [x]

    R3 MSI_MSIBIOS_010507;MSI_MSIBIOS_010507;c:\program files (x86)\MSI\Live Update 5\msibios64_100507.sys [x]

    R3 NetgearUDSTcpBus;NetgearUDSTcpBus;c:\windows\system32\drivers\NetgearUDSTcpBus.sys [2012-08-13 183584]

    R3 NTIOLib_1_0_4;NTIOLib_1_0_4;c:\program files (x86)\MSI\Live Update 5\NTIOLib_X64.sys [x]

    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]

    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]

    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-12-13 54784]

    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-01-15 1255736]

    R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys [2009-07-14 25088]

    S0 aswRvrt;aswRvrt; [x]

    S0 aswVmm;aswVmm; [x]

    S0 SMR250;Symantec SMR Utility Service 2.5.0;c:\windows\System32\drivers\SMR250.SYS [2012-02-25 96376]

    S1 aswSnx;aswSnx; [x]

    S1 aswSP;aswSP; [x]

    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-12-19 240640]

    S2 AntiSpywareService;Comcast AntiSpyware;c:\program files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe [2009-06-17 616408]

    S2 aswFsBlk;aswFsBlk; [x]

    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-05-09 80816]

    S2 JumpDesktop;Jump Desktop Service;c:\program files (x86)\Jump Desktop\JumpService.exe [2012-05-18 7680]

    S2 tvnserver;TightVNC Server;c:\program files (x86)\TightVNC\tvnserver.exe [2010-07-08 815704]

    S2 WNDA6200;NETGEAR A6200 Service;c:\program files (x86)\NETGEAR\A6200\WifiService.exe [2012-07-27 25888]

    S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-11-06 96256]

    S3 FIXUSTOR;FIXUSTOR;c:\windows\system32\DRIVERS\fixustor.sys [2000-01-01 13696]

    S3 NetgearUDSMBus;UDS Master Bus of Kernel USB Software Bus by TCP;c:\windows\system32\drivers\NetgearUDSMBus.sys [2012-08-13 107296]

    .

    .

    --- Other Services/Drivers In Memory ---

    .

    *NewlyCreated* - WS2IFSL

    .

    Contents of the 'Scheduled Tasks' folder

    .

    2013-05-15 c:\windows\Tasks\Adobe Flash Player Updater.job

    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-01 19:14]

    .

    2013-05-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-01 09:58]

    .

    2013-05-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-01 09:58]

    .

    2013-05-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2078581981-1077204460-3374807228-1000Core.job

    - c:\users\WILLYESUN\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-14 19:09]

    .

    2013-05-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2078581981-1077204460-3374807228-1000UA.job

    - c:\users\WILLYESUN\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-14 19:09]

    .

    2013-05-15 c:\windows\Tasks\SlimDrivers Startup.job

    - c:\program files (x86)\SlimDrivers\SlimDrivers.exe [2013-04-24 21:12]

    .

    .

    --------- X64 Entries -----------

    .

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

    @="{472083B0-C522-11CF-8763-00608CC02F24}"

    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

    2013-05-09 08:58 133840 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]

    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"

    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]

    2013-04-16 23:10 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]

    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"

    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]

    2013-04-16 23:10 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]

    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"

    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]

    2013-04-16 23:10 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]

    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"

    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]

    2013-04-16 23:10 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "GENIE"="c:\program files (x86)\NETGEAR\A6200\A6200.exe" [2012-08-07 7831840]

    .

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService

    FontCache

    .

    ------- Supplementary Scan -------

    .

    uLocal Page = c:\windows\system32\blank.htm

    uStart Page = hxxp://www.bing.com

    mLocal Page = c:\windows\SysWOW64\blank.htm

    uInternet Settings,ProxyOverride = *.local

    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000

    IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105

    TCP: DhcpNameServer = 192.168.1.1

    FF - ProfilePath - c:\users\WILLYESUN\AppData\Roaming\Mozilla\Firefox\Profiles\gauippyv.default\

    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3287802&SearchSource=3&q={searchTerms}&CUI=UN23850200211002293

    FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?SSPV=SP_FFWSP06&ctid=CT3279141&SearchSource=13&CUI=UN27341453124293301

    FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3287802&SearchSource=2&CUI=UN23850200211002293&UM=UM_ID&q=

    FF - user.js: extensions.BabylonToolbar_i.id - dc6dd6d60000000000000021855a5cc9

    FF - user.js: extensions.BabylonToolbar_i.hardId - dc6dd6d60000000000000021855a5cc9

    FF - user.js: extensions.BabylonToolbar_i.instlDay - 15525

    FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17

    FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17

    FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1719:49

    FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon

    FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar

    FF - user.js: extensions.BabylonToolbar_i.aflt - babsst

    FF - user.js: extensions.BabylonToolbar_i.smplGrp - none

    FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9

    FF - user.js: extensions.BabylonToolbar_i.newTab - false

    FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=109935&tt=010712_7

    FF - user.js: extensions.BabylonToolbar_i.babExt -

    FF - user.js: extensions.BabylonToolbar_i.srcExt - ss

    FF - user.js: extensions.BabylonToolbar_i.instlRef - sst

    FF - user.js: network.protocol-handler.warn-external.dnupdate - false

    FF - user.js: browser.sessionstore.resume_from_crash - false

    FF - user.js: extensions.delta.tlbrSrchUrl -

    FF - user.js: extensions.delta.id - dc6dd6d60000000000000021855a5cc9

    FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}

    FF - user.js: extensions.delta.instlDay - 15740

    FF - user.js: extensions.delta.vrsn - 1.8.10.0

    FF - user.js: extensions.delta.vrsni - 1.8.10.0

    FF - user.js: extensions.delta.vrsnTs - 1.8.10.019:48

    FF - user.js: extensions.delta.prtnrId - delta

    FF - user.js: extensions.delta.prdct - delta

    FF - user.js: extensions.delta.aflt - babsst

    FF - user.js: extensions.delta.smplGrp - none

    FF - user.js: extensions.delta.tlbrId - base

    FF - user.js: extensions.delta.instlRef - sst

    FF - user.js: extensions.delta.dfltLng - en

    FF - user.js: extensions.delta.excTlbr - false

    FF - user.js: extensions.delta.admin - false

    FF - user.js: extensions.delta.autoRvrt - false

    FF - user.js: extensions.delta.rvrt - false

    FF - user.js: extensions.delta.newTab - false

    FF - user.js: browser.sessionstore.resume_session_once - true

    FF - user.js: capability.policy.policynames - allowclipboard

    FF - user.js: capability.policy.allowclipboard.sites - hxxps://classes.lanecc.edu/

    FF - user.js: capability.policy.allowclipboard.Clipboard.cutcopy - allAccess

    FF - user.js: capability.policy.allowclipboard.Clipboard.paste - allAccess

    FF - user.js: capability.policy.allowclipboard.sites - hxxps://classes.lanecc.edu/mod/forum/index.php?id=35335

    FF - user.js: capability.policy.allowclipboard.sites - hxxps://classes.lanecc.edu/mod/forum/index.php?id=35833

    FF - user.js: capability.policy.allowclipboard.sites - hxxps://classes.lanecc.edu/mod/forum/post.php?forum=31406

    .

    - - - - ORPHANS REMOVED - - - -

    .

    Toolbar-10 - (no file)

    Wow6432Node-HKLM-Run-<NO NAME> - (no file)

    Toolbar-10 - (no file)

    ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)

    ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)

    ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)

    ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)

    .

    .

    .

    --------------------- LOCKED REGISTRY KEYS ---------------------

    .

    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

    @Denied: (A) (Everyone)

    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

    .

    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

    @Denied: (A) (Everyone)

    .

    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

    "Key"="ActionsPane3"

    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

    .

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

    @Denied: (Full) (Everyone)

    .

    ------------------------ Other Running Processes ------------------------

    .

    c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe

    c:\program files\AVAST Software\Avast\AvastSvc.exe

    c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

    c:\program files (x86)\CA\PPRT\bin\ITMRTSVC.exe

    .

    **************************************************************************

    .

    Completion time: 2013-05-15 02:54:49 - machine was rebooted

    ComboFix-quarantined-files.txt 2013-05-15 09:54

    .

    Pre-Run: 372,836,413,440 bytes free

    Post-Run: 372,791,099,392 bytes free

    .

    - - End Of File - - 90C076BC6178C294BC713AFA772790D9

    MBAttach.txt

    MBDDS.txt

    MBDDS.txt

    MBAttach.txt

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.