Jump to content

IE 9 Infected with HIjacked About:blank home page and A/V found (2) Trojans.


Recommended Posts

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, a fresh run of DDS and save it to your Desktop.

Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please COPY & PASTE DDS.txt

Extras

& MBAM scan log directly into your reply.

Edited by Maurice Naggar
Link to post
Share on other sites

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, a fresh run of DDS and save it to your Desktop.

Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please COPY & PASTE DDS.txt

Extras

& MBAM scan log directly into your reply.

I removed java and re-booted seemed to boot fine. Or normal.

I'll post that log for ya.

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421

Run by Wayne at 20:13:16 on 2012-05-03

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6089.3370 [GMT -5:00]

.

AV: Bitdefender Antivirus *Enabled/Updated* {50909708-FF80-02AF-F814-B28405891E92}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Bitdefender Antispyware *Enabled/Updated* {EBF176EC-D9BA-0D21-C2A4-89F67E0E542F}

FW: Bitdefender Firewall *Enabled* {68AB162D-B5EF-03F7-D34B-1BB1FB5A59E9}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Program Files\Bitdefender\Bitdefender 2012\vsserv.exe

C:\Windows\system32\nvvsvc.exe

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\PCPitstop\PCPitstopScheduleService.exe

C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe

C:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe

C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\WUDFHost.exe

C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe

C:\Program Files\Bitdefender\Bitdefender 2012\bdagent.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskhost.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Program Files (x86)\CyberLink\Shared files\brs.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\svchost.exe -k SDRSVC

C:\Windows\system32\WLANExt.exe

C:\Windows\system32\conhost.exe

C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Users\Wayne\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Wayne\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Wayne\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

mStart Page = about:blank

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll

BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File

BHO: WOT Helper: {c920e44a-7f78-4e64-bdd7-a57026e7feb7} - C:\Program Files (x86)\WOT\WOT.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: WOT: {71576546-354d-41c9-aae8-31f2ec22bf0d} - C:\Program Files (x86)\WOT\WOT.dll

uRun: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent

uRun: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

mRun: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe

mRun: [updateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"

mRun: [bDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe

mRun: [uCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"

mRun: [LGODDFU] "C:\Program Files (x86)\lg_fwupdate\fwupdate.exe" blrun

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

StartupFolder: C:\Users\Wayne\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\NETGEA~1.LNK - C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll

DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{1BD7F3B9-7DC6-44A1-A9EF-10A1906545C6} : DhcpNameServer = 192.168.1.1

Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll

BHO-X64: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File

BHO-X64: WOT Helper: {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files (x86)\WOT\WOT.dll

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB-X64: WOT: {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll

mRun-x64: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe

mRun-x64: [updateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"

mRun-x64: [bDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe

mRun-x64: [uCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"

mRun-x64: [LGODDFU] "C:\Program Files (x86)\lg_fwupdate\fwupdate.exe" blrun

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

.

============= SERVICES / DRIVERS ===============

.

R0 amd_sata;amd_sata;C:\Windows\system32\DRIVERS\amd_sata.sys --> C:\Windows\system32\DRIVERS\amd_sata.sys [?]

R0 amd_xata;amd_xata;C:\Windows\system32\DRIVERS\amd_xata.sys --> C:\Windows\system32\DRIVERS\amd_xata.sys [?]

R0 avc3;avc3;C:\Windows\system32\DRIVERS\avc3.sys --> C:\Windows\system32\DRIVERS\avc3.sys [?]

R0 SCMNdisP;General NDIS Protocol Driver;C:\Windows\system32\DRIVERS\scmndisp.sys --> C:\Windows\system32\DRIVERS\scmndisp.sys [?]

R1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf6.sys [2011-11-14 90192]

R1 bdfwfpf;bdfwfpf;C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [2011-11-14 103504]

R1 BDVEDISK;BDVEDISK;C:\Windows\system32\DRIVERS\bdvedisk.sys --> C:\Windows\system32\DRIVERS\bdvedisk.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-4-4 63928]

R2 cpuz135;cpuz135;\??\C:\Windows\system32\drivers\cpuz135_x64.sys --> C:\Windows\system32\drivers\cpuz135_x64.sys [?]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-4-29 654408]

R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2012-4-29 2255464]

R2 PCPitstop Scheduling;PCPitstop Scheduling;C:\Program Files (x86)\PCPitstop\PCPitstopScheduleService.exe [2012-4-29 86016]

R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-5-3 1153368]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-8-3 379496]

R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-1-18 450848]

R2 UPDATESRV;BitDefender Desktop Update Service;C:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe [2012-3-13 66096]

R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\system32\DRIVERS\asmthub3.sys --> C:\Windows\system32\DRIVERS\asmthub3.sys [?]

R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\system32\DRIVERS\asmtxhci.sys --> C:\Windows\system32\DRIVERS\asmtxhci.sys [?]

R3 avchv;avchv Function Driver;C:\Windows\system32\DRIVERS\avchv.sys --> C:\Windows\system32\DRIVERS\avchv.sys [?]

R3 avckf;avckf;C:\Windows\system32\DRIVERS\avckf.sys --> C:\Windows\system32\DRIVERS\avckf.sys [?]

R3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;C:\Windows\system32\DRIVERS\bcmwlhigh664.sys --> C:\Windows\system32\DRIVERS\bcmwlhigh664.sys [?]

R3 LVUVC64;Logitech Webcam C210(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

R3 SafeBox;SafeBox;C:\Program Files\Bitdefender\Bitdefender Safebox\safeboxservice.exe [2012-2-21 75384]

R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]

R3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]

S2 CLKMSVC10_38F51D56;CyberLink Product - 2012/04/29 13:45:20;C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [2011-4-20 241648]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 WSWNDA3100;WSWNDA3100;C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe [2012-4-29 272864]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-29 253088]

S3 bdsandbox;bdsandbox;\??\C:\Windows\system32\drivers\bdsandbox.sys --> C:\Windows\system32\drivers\bdsandbox.sys [?]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]

S3 Update Server;BitDefender Update Server v2;C:\Program Files\Common Files\Bitdefender\Bitdefender Arrakis Server\bin\arrakis3.exe [2011-10-14 466736]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

.

=============== Created Last 30 ================

.

2012-05-03 23:10:37 -------- d-----w- C:\$RECYCLE.BIN

2012-05-03 22:54:30 98816 ----a-w- C:\Windows\sed.exe

2012-05-03 22:54:30 518144 ----a-w- C:\Windows\SWREG.exe

2012-05-03 22:54:30 256000 ----a-w- C:\Windows\PEV.exe

2012-05-03 22:54:30 208896 ----a-w- C:\Windows\MBR.exe

2012-05-03 21:23:45 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy

2012-05-03 21:23:45 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy

2012-05-03 21:16:38 -------- d-----w- C:\Program Files (x86)\VS Revo Group

2012-05-03 07:10:07 476960 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll

2012-05-03 07:05:40 -------- d-----w- C:\Users\Wayne\AppData\Roaming\OpenOffice.org

2012-05-03 07:04:27 -------- d-----w- C:\Program Files (x86)\OpenOffice.org 3

2012-05-03 07:03:54 472864 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2012-05-03 06:56:39 -------- d-----w- C:\Program Files\Handbrake

2012-05-03 06:53:41 23816 ------w- C:\Windows\System32\drivers\cpuz135_x64.sys

2012-05-03 06:53:41 -------- d-----w- C:\Program Files\CPUID

2012-05-02 22:58:28 -------- d-----w- C:\Users\Wayne\.thumbnails

2012-05-02 22:56:48 -------- d-----w- C:\Users\Wayne\.gimp-2.6

2012-05-02 22:56:36 -------- d-----w- C:\Program Files (x86)\GIMP-2.0

2012-05-02 09:23:00 -------- d-----w- C:\ProgramData\vsosdk

2012-05-01 22:39:56 65602 ----a-w- C:\Windows\SysWow64\cook3260.dll

2012-05-01 22:39:56 626688 ----a-w- C:\Windows\SysWow64\vp7vfw.dll

2012-05-01 22:39:56 217127 ----a-w- C:\Windows\SysWow64\drv43260.dll

2012-05-01 22:39:56 208935 ----a-w- C:\Windows\SysWow64\drv33260.dll

2012-05-01 22:39:56 176165 ----a-w- C:\Windows\SysWow64\drv23260.dll

2012-05-01 22:39:56 1184984 ----a-w- C:\Windows\SysWow64\wvc1dmod.dll

2012-05-01 22:39:56 102439 ----a-w- C:\Windows\SysWow64\sipr3260.dll

2012-05-01 22:39:55 -------- d-----w- C:\Program Files (x86)\VSO

2012-05-01 21:29:01 -------- d-----w- C:\Users\Wayne\AppData\Roaming\tixati

2012-05-01 21:24:04 -------- d-----w- C:\Program Files\tixati

2012-05-01 21:01:15 -------- d-----w- C:\Users\Wayne\AppData\Local\Google

2012-05-01 21:00:51 -------- d-----w- C:\Users\Wayne\AppData\Local\Deployment

2012-05-01 21:00:51 -------- d-----w- C:\Users\Wayne\AppData\Local\Apps

2012-04-30 08:41:18 -------- d-----w- C:\Users\Wayne\AppData\Local\Skyrim

2012-04-30 01:53:38 -------- d-----w- C:\Program Files\CCleaner

2012-04-30 01:43:52 -------- d-----w- C:\ProgramData\PCPitstop

2012-04-30 01:43:52 -------- d-----w- C:\Program Files (x86)\PCPitstop

2012-04-30 00:21:20 -------- d-----w- C:\Program Files\WOT

2012-04-30 00:21:20 -------- d-----w- C:\Program Files (x86)\WOT

2012-04-29 22:52:47 902656 ----a-w- C:\Windows\System32\d2d1.dll

2012-04-29 22:52:47 1139200 ----a-w- C:\Windows\System32\FntCache.dll

2012-04-29 22:52:46 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll

2012-04-29 22:16:59 -------- d-----w- C:\Users\Wayne\AppData\Roaming\NVIDIA

2012-04-29 22:16:43 -------- d-----w- C:\Program Files\Speccy

2012-04-29 22:12:20 -------- d-----w- C:\Users\Wayne\AppData\Local\Adobe

2012-04-29 22:07:54 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-04-29 22:07:54 418464 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-04-29 21:45:38 -------- d-----w- C:\Program Files (x86)\Common Files\Steam

2012-04-29 21:45:36 -------- d-----w- C:\Program Files (x86)\Steam

2012-04-29 21:35:12 -------- d-----w- C:\ProgramData\Elaborate Bytes

2012-04-29 21:32:46 -------- d-----w- C:\Program Files (x86)\SlySoft

2012-04-29 21:32:33 -------- d-----w- C:\Program Files (x86)\Elaborate Bytes

2012-04-29 21:22:56 -------- d-----w- C:\Windows\SysWow64\Wat

2012-04-29 21:20:17 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe

2012-04-29 21:20:16 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2012-04-29 21:20:16 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2012-04-29 20:45:17 -------- d-----w- C:\Windows\Panther

2012-04-29 19:39:28 25312 ------w- C:\Windows\System32\drivers\SCMNdisP.sys

2012-04-29 19:39:27 47632 ------w- C:\Windows\System32\drivers\npf.sys

2012-04-29 19:39:27 -------- d-----w- C:\Program Files (x86)\NETGEAR

2012-04-29 19:37:39 -------- d-----w- C:\Users\Wayne\AppData\Local\Diagnostics

2012-04-29 19:31:59 7680 ----a-w- C:\Windows\SysWow64\instnm.exe

2012-04-29 19:27:45 90624 ----a-w- C:\Windows\System32\drivers\bowser.sys

2012-04-29 19:21:01 166912 ----a-w- C:\Windows\System32\powrprof.dll

2012-04-29 19:21:01 145920 ----a-w- C:\Windows\SysWow64\powrprof.dll

2012-04-29 19:16:28 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe

2012-04-29 19:16:28 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll

2012-04-29 19:16:27 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll

2012-04-29 19:16:27 77312 ----a-w- C:\Windows\System32\rdpwsx.dll

2012-04-29 19:16:27 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys

2012-04-29 19:16:27 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys

2012-04-29 19:16:27 1031680 ----a-w- C:\Windows\System32\rdpcore.dll

2012-04-29 19:09:46 304128 ----a-w- C:\ProgramData\1335726092.bdinstall.bin

2012-04-29 19:09:29 -------- d-----w- C:\ProgramData\BDLogging

2012-04-29 19:09:16 -------- d-----w- C:\Users\Wayne\AppData\Roaming\Bitdefender

2012-04-29 19:09:14 -------- d-----w- C:\ProgramData\Bitdefender

2012-04-29 19:02:12 -------- d-----w- C:\Users\Wayne\AppData\Roaming\QuickScan

2012-04-29 19:02:01 -------- d-----w- C:\Program Files\Bitdefender

2012-04-29 19:01:37 442088 ----a-w- C:\Windows\System32\drivers\bdfsfltr.sys

2012-04-29 19:01:37 329800 ------w- C:\Windows\System32\drivers\trufos.sys

2012-04-29 19:01:00 -------- d-----w- C:\Program Files\Common Files\Bitdefender

2012-04-29 19:00:39 -------- d-----w- C:\Program Files (x86)\Common Files\Bitdefender

2012-04-29 18:53:06 -------- d-----w- C:\Users\Wayne\AppData\Roaming\Malwarebytes

2012-04-29 18:52:32 24904 ------w- C:\Windows\System32\drivers\mbam.sys

2012-04-29 18:52:32 -------- d-----w- C:\ProgramData\Malwarebytes

2012-04-29 18:52:32 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-04-29 18:50:45 -------- d-----w- C:\Users\Wayne\AppData\Local\Power2Go

2012-04-29 18:48:05 -------- d-----w- C:\Temp

2012-04-29 18:47:29 59904 ----a-w- C:\Windows\SysWow64\wbemdisp.tlb

2012-04-29 18:47:29 16384 ----a-w- C:\Windows\SysWow64\lgfwunis.exe

2012-04-29 18:47:29 115016 ----a-w- C:\Windows\SysWow64\MSINET.OCX

2012-04-29 18:47:29 102912 ----a-w- C:\Windows\SysWow64\Vb6stkit.dll

2012-04-29 18:47:29 102160 ----a-w- C:\Windows\SysWow64\VB6KO.DLL

2012-04-29 18:47:28 -------- d-----w- C:\Program Files (x86)\lg_fwupdate

2012-04-29 18:44:13 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll

2012-04-29 18:44:13 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll

2012-04-29 18:44:13 29480 ----a-w- C:\Windows\SysWow64\msxml3a.dll

2012-04-29 18:42:05 -------- d-----w- C:\Users\Wayne\AppData\Local\Cyberlink

2012-04-29 18:40:42 225280 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\IScript\iscript.dll

2012-04-29 18:40:42 176128 ------w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll

2012-04-29 18:40:41 77824 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll

2012-04-29 18:40:41 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll

2012-04-29 18:27:18 -------- d-----w- C:\Program Files (x86)\ASM104xUSB3

2012-04-29 18:26:18 107552 ----a-w- C:\Windows\System32\RTNUninst64.dll

2012-04-29 18:24:57 518896 ----a-w- C:\Windows\System32\SRSTSX64.dll

2012-04-29 18:23:54 47232 ------w- C:\Windows\System32\drivers\usbfilter.sys

2012-04-29 18:23:51 -------- d-----w- C:\Program Files\ATI

2012-04-29 17:56:47 -------- d-sh--w- C:\Windows\Installer

.

==================== Find3M ====================

.

2012-03-26 23:42:14 138360 ----a-w- C:\Windows\SysWow64\drivers\AnyDVD.sys

2012-03-26 23:42:14 138360 ------w- C:\Windows\System32\drivers\AnyDVD.sys

2012-03-21 01:22:46 691896 ----a-w- C:\Windows\System32\drivers\avc3.sys

2012-03-01 06:46:16 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys

2012-03-01 06:38:27 220672 ----a-w- C:\Windows\System32\wintrust.dll

2012-03-01 06:33:50 81408 ----a-w- C:\Windows\System32\imagehlp.dll

2012-03-01 06:28:47 5120 ----a-w- C:\Windows\System32\wmi.dll

2012-03-01 05:37:41 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll

2012-03-01 05:33:23 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll

2012-03-01 05:29:16 5120 ----a-w- C:\Windows\SysWow64\wmi.dll

2012-02-28 06:56:48 2311168 ----a-w- C:\Windows\System32\jscript9.dll

2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\System32\wininet.dll

2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-02-28 06:42:55 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-02-28 01:03:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-02-17 21:45:56 545064 ----a-w- C:\Windows\System32\drivers\avckf.sys

2012-02-10 06:36:07 1544192 ----a-w- C:\Windows\System32\DWrite.dll

2012-02-10 05:38:43 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll

2012-02-10 03:43:00 962368 ----a-w- C:\Windows\System32\nvumdshimx.dll

2012-02-10 03:43:00 812352 ----a-w- C:\Windows\SysWow64\nvumdshim.dll

2012-02-10 03:43:00 364352 ----a-w- C:\Windows\System32\nvdecodemft.dll

2012-02-10 03:43:00 301376 ----a-w- C:\Windows\SysWow64\nvdecodemft.dll

2012-02-10 03:43:00 260416 ----a-w- C:\Windows\System32\nvinitx.dll

2012-02-10 03:43:00 215360 ----a-w- C:\Windows\SysWow64\nvinit.dll

.

============= FINISH: 20:13:55.00 ===============

Link to post
Share on other sites

You will want to print out or copy these instructions to Notepad for offline reference!

You must turn OFF Spybot's Tea Timer, otherwise it will revert any fixes.

Start Spybot-S&D, switch to the Advanced mode via the menu bar item Mode

then select Advanced Mode

On the left hand side, slect Tools

Then click on the Resident icon in the list

Uncheck Resident TeaTimer and OK any prompts.

Now Logoff & Restart your computer fresh.

NEXT

Use your browser to go here at Virustotal website

Click the Browse button and then navigate to C:\Program Files (x86)\lg_fwupdate\fwupdate.exe, then click the Submit button.

The various virus scanners will identify the file and if it is not identified, the AV vendors will then have a copy of it for analysis. Save the results, and post back here in a reply.

==

Use your browser to go here at VirSCAN.org website

Click the Browse button and then navigate to C:\Program Files (x86)\lg_fwupdate\fwupdate.exe, then click the Submit button.

Save the results, and post back here in a reply.

NEXT

Download and Save McAfee Stinger to your Desktop

http://www.mcafee.com/us/downloads/free-tools/stinger.aspx

Close all browsers before starting. Disable your antivirus program and anti-malware,if any.

How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

On Windows 7 & Vista systems, Right Click stinger-icon.gif and select Run as Administrator.

On XP, double-click to start it.

The GUI interface will look like this

stinger2.png

The C drive is the default for scanning.

Press the Preferences button. In the top right-block "On virus detection", click Rename

In the bottom block "Heuristic network check for suspicious files" select High

Click the Scan Now button.

When done, use the File menu and select Save report to file

Stinger.txt is the log report and will be saved to your Desktop. I will need a copy of that log.

Stinger is a standalone utility used to detect and remove specific malware. It is not a full scan for all types of malware or viruses.

It is not intended as virus protection.

NEXT

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Close all open browsers at this point.

Start Internet Explorer (fresh) by pressing Start >> Internet Explorer >> Right-Click and select Run As Administrator.

Using Internet Explorer browser only, go to ESET Online Scanner website:

http://www.eset.com/onlinescan/

  • Accept the Terms of Use and press Start button;
  • Approve the install of the required ActiveX Control, then follow on-screen instructions;
  • Enable (check) the Remove found threats option, and run the scan.
  • After the scan completes, the Details tab in the Results window will display what was found and removed.
    • A logfile is created and located at C:\Program Files (x86)\Eset\EsetOnlineScanner\log.txt.

    Look at contents of this file using Notepad.

    The Frequently Asked Questions for ESET Online Scanner can be viewed here

    http://go.eset.com/us/online-scanner/faq

    • It is emphasized to temporarily disable any pc-resident {active} antivirus program prior to any on-line scan by any on-line scanner.
      (And the prompt re-enabling when finished.)
    • If you use Firefox, you have to install IETab, an add-on. This is to enable ActiveX support.
    • Do not use the system while the scan is running. Once the full scan is underway, go take a long break popcorn.gifpepsi.gif

Re-enable the antivirus program.

Reply with copy of reports from Virustotal

and Virscan

Stinger.txt, and the Eset scan log, AND tell me, How is the system now :excl:

Link to post
Share on other sites

None of the scanners could find anything and the fwupdate.exe is software to my lg blu-ray drive I sure hope its not spyware.

ComboFix 12-05-04.03 - Wayne 05/04/2012 13:37:21.2.8 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6089.4600 [GMT -5:00]

Running from: c:\users\Wayne\Desktop\ComboFix.exe

AV: Bitdefender Antivirus *Disabled/Updated* {50909708-FF80-02AF-F814-B28405891E92}

FW: Bitdefender Firewall *Disabled* {68AB162D-B5EF-03F7-D34B-1BB1FB5A59E9}

SP: Bitdefender Antispyware *Disabled/Updated* {EBF176EC-D9BA-0D21-C2A4-89F67E0E542F}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Wayne\AppData\Roaming\vso_ts_preview.xml

.

.

((((((((((((((((((((((((( Files Created from 2012-04-04 to 2012-05-04 )))))))))))))))))))))))))))))))

.

.

2012-05-04 18:43 . 2012-05-04 18:43 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-05-04 02:43 . 2012-05-04 02:43 -------- d-----w- c:\program files (x86)\ESET

2012-05-04 02:40 . 2012-05-04 02:40 16200 ----a-w- c:\windows\stinger.sys

2012-05-04 02:39 . 2012-05-04 02:42 -------- d-----w- c:\program files (x86)\stinger

2012-05-03 21:23 . 2012-05-03 21:38 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2012-05-03 21:23 . 2012-05-03 21:26 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy

2012-05-03 21:16 . 2012-05-03 21:16 -------- d-----w- c:\program files (x86)\VS Revo Group

2012-05-03 07:10 . 2012-05-03 07:10 476960 ----a-w- c:\windows\SysWow64\npdeployJava1.dll

2012-05-03 07:04 . 2012-05-03 07:04 -------- d-----w- c:\program files (x86)\OpenOffice.org 3

2012-05-03 07:03 . 2012-05-03 07:10 472864 ----a-w- c:\windows\SysWow64\deployJava1.dll

2012-05-03 06:56 . 2012-05-03 06:56 -------- d-----w- c:\program files\Handbrake

2012-05-03 06:53 . 2012-05-03 06:53 -------- d-----w- c:\program files\CPUID

2012-05-03 06:53 . 2012-03-09 15:57 23816 ------w- c:\windows\system32\drivers\cpuz135_x64.sys

2012-05-03 01:15 . 2012-05-03 01:15 -------- d-----w- c:\program files\7-Zip

2012-05-02 23:36 . 2012-05-03 21:53 -------- d-----w- c:\users\Public\CyberLink

2012-05-02 22:56 . 2012-05-02 22:56 -------- d-----w- c:\program files (x86)\GIMP-2.0

2012-05-02 09:23 . 2012-05-02 09:23 -------- d-----w- c:\programdata\vsosdk

2012-05-01 22:39 . 2009-09-02 18:44 65602 ----a-w- c:\windows\SysWow64\cook3260.dll

2012-05-01 22:39 . 2009-09-02 18:44 626688 ----a-w- c:\windows\SysWow64\vp7vfw.dll

2012-05-01 22:39 . 2009-09-02 18:44 217127 ----a-w- c:\windows\SysWow64\drv43260.dll

2012-05-01 22:39 . 2009-09-02 18:44 208935 ----a-w- c:\windows\SysWow64\drv33260.dll

2012-05-01 22:39 . 2009-09-02 18:44 176165 ----a-w- c:\windows\SysWow64\drv23260.dll

2012-05-01 22:39 . 2009-09-02 18:44 1184984 ----a-w- c:\windows\SysWow64\wvc1dmod.dll

2012-05-01 22:39 . 2009-09-02 18:44 102439 ----a-w- c:\windows\SysWow64\sipr3260.dll

2012-05-01 22:39 . 2012-05-01 22:39 -------- d-----w- c:\program files (x86)\VSO

2012-05-01 21:24 . 2012-05-01 21:24 -------- d-----w- c:\program files\tixati

2012-04-30 01:53 . 2012-04-30 01:53 -------- d-----w- c:\program files\CCleaner

2012-04-30 01:43 . 2012-05-04 16:41 -------- d-----w- c:\programdata\PCPitstop

2012-04-30 01:43 . 2012-04-30 01:43 -------- d-----w- c:\program files (x86)\PCPitstop

2012-04-30 00:21 . 2012-04-30 00:21 -------- d-----w- c:\program files\WOT

2012-04-30 00:21 . 2012-04-30 00:21 -------- d-----w- c:\program files (x86)\WOT

2012-04-29 22:52 . 2011-02-19 12:05 1139200 ----a-w- c:\windows\system32\FntCache.dll

2012-04-29 22:52 . 2011-02-19 12:04 902656 ----a-w- c:\windows\system32\d2d1.dll

2012-04-29 22:52 . 2011-02-19 06:30 739840 ----a-w- c:\windows\SysWow64\d2d1.dll

2012-04-29 22:49 . 2012-04-29 22:49 -------- d-----w- c:\program files (x86)\Microsoft.NET

2012-04-29 22:40 . 2012-04-29 22:40 -------- d-----w- c:\program files (x86)\ImgBurn

2012-04-29 22:16 . 2012-04-29 22:16 -------- d-----w- c:\program files\Speccy

2012-04-29 22:08 . 2012-04-29 22:08 -------- d-----w- c:\program files (x86)\Common Files\Adobe

2012-04-29 22:07 . 2012-04-29 22:07 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-04-29 22:07 . 2012-04-29 22:07 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-04-29 22:07 . 2012-04-29 22:07 -------- d-----w- c:\windows\SysWow64\Macromed

2012-04-29 22:07 . 2012-04-29 22:07 -------- d-----w- c:\windows\system32\Macromed

2012-04-29 21:45 . 2012-04-29 22:45 -------- d-----w- c:\program files (x86)\Common Files\Steam

2012-04-29 21:45 . 2012-05-04 18:45 -------- d-----w- c:\program files (x86)\Steam

2012-04-29 21:35 . 2012-04-29 21:35 -------- d-----w- c:\programdata\Elaborate Bytes

2012-04-29 21:34 . 2012-04-29 21:34 -------- d-----w- c:\programdata\SlySoft

2012-04-29 21:32 . 2012-04-29 21:32 -------- d-----w- c:\program files (x86)\SlySoft

2012-04-29 21:32 . 2012-04-29 22:22 -------- d-----w- c:\program files (x86)\Elaborate Bytes

2012-04-29 21:22 . 2012-04-29 21:22 -------- d-----w- c:\windows\SysWow64\Wat

2012-04-29 21:20 . 2012-03-06 06:53 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-04-29 21:20 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2012-04-29 21:20 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2012-04-29 20:45 . 2012-04-30 01:54 -------- d-----w- c:\windows\Panther

2012-04-29 19:39 . 2007-01-19 23:24 25312 ------w- c:\windows\system32\drivers\SCMNdisP.sys

2012-04-29 19:39 . 2012-04-29 19:39 -------- d-----w- c:\program files (x86)\NETGEAR

2012-04-29 19:39 . 2010-02-03 16:20 47632 ------w- c:\windows\system32\drivers\npf.sys

2012-04-29 19:31 . 2011-07-16 05:41 362496 ----a-w- c:\windows\system32\wow64win.dll

2012-04-29 19:27 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll

2012-04-29 19:21 . 2011-11-24 07:17 166912 ----a-w- c:\windows\system32\powrprof.dll

2012-04-29 19:21 . 2011-11-24 06:22 145920 ----a-w- c:\windows\SysWow64\powrprof.dll

2012-04-29 19:16 . 2012-04-29 19:16 -------- d-----w- c:\program files (x86)\Common Files\logishrd

2012-04-29 19:16 . 2012-04-29 19:16 -------- d-----w- c:\program files\Common Files\logishrd

2012-04-29 19:16 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll

2012-04-29 19:16 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe

2012-04-29 19:16 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll

2012-04-29 19:16 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll

2012-04-29 19:16 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-04-29 19:16 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys

2012-04-29 19:16 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll

2012-04-29 19:09 . 2012-04-29 19:09 304128 ----a-w- c:\programdata\1335726092.bdinstall.bin

2012-04-29 19:09 . 2012-04-29 19:09 -------- d-----w- c:\programdata\BDLogging

2012-04-29 19:09 . 2012-04-29 19:09 -------- d-----w- c:\programdata\Bitdefender

2012-04-29 19:02 . 2012-04-29 19:03 -------- d-----w- c:\program files\Bitdefender

2012-04-29 19:01 . 2011-10-27 20:07 329800 ------w- c:\windows\system32\drivers\trufos.sys

2012-04-29 19:01 . 2011-08-16 19:59 442088 ----a-w- c:\windows\system32\drivers\bdfsfltr.sys

2012-04-29 19:01 . 2012-04-29 19:01 -------- d-----w- c:\program files\Common Files\Bitdefender

2012-04-29 19:00 . 2012-04-29 19:00 -------- d-----w- c:\program files (x86)\Common Files\Bitdefender

2012-04-29 18:52 . 2012-04-29 18:52 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-04-29 18:52 . 2012-04-29 18:52 -------- d-----w- c:\programdata\Malwarebytes

2012-04-29 18:52 . 2012-04-04 20:56 24904 ------w- c:\windows\system32\drivers\mbam.sys

2012-04-29 18:48 . 2012-04-29 18:48 -------- d-----w- C:\Temp

2012-04-29 18:47 . 2012-04-29 18:48 16384 ----a-w- c:\windows\SysWow64\lgfwunis.exe

2012-04-29 18:47 . 2001-08-30 02:00 59904 ----a-w- c:\windows\SysWow64\wbemdisp.tlb

2012-04-29 18:47 . 1998-07-22 05:00 102912 ----a-w- c:\windows\SysWow64\Vb6stkit.dll

2012-04-29 18:47 . 1998-07-22 05:00 102160 ----a-w- c:\windows\SysWow64\VB6KO.DLL

2012-04-29 18:47 . 1998-06-24 05:00 115016 ----a-w- c:\windows\SysWow64\MSINET.OCX

2012-04-29 18:47 . 2012-05-04 18:45 -------- d-----w- c:\program files (x86)\lg_fwupdate

2012-04-29 18:44 . 2012-04-29 18:44 29480 ----a-w- c:\windows\SysWow64\msxml3a.dll

2012-04-29 18:44 . 2012-04-29 18:44 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll

2012-04-29 18:44 . 2012-04-29 18:44 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll

2012-04-29 18:40 . 2012-04-29 18:47 -------- d-----w- c:\program files (x86)\CyberLink

2012-04-29 18:40 . 2012-05-02 23:43 -------- d-----w- c:\programdata\CyberLink

2012-04-29 18:31 . 2012-05-04 18:44 -------- d-----w- c:\programdata\NVIDIA

2012-04-29 18:31 . 2012-05-04 01:23 -------- d-----w- c:\users\UpdatusUser

2012-04-29 18:27 . 2012-04-29 18:27 -------- d-----w- c:\program files (x86)\ASM104xUSB3

2012-04-29 18:26 . 2011-06-10 11:34 107552 ----a-w- c:\windows\system32\RTNUninst64.dll

2012-04-29 18:25 . 2009-07-14 01:15 315904 ----a-w- c:\windows\SysWow64\Difxaef4.rra

2012-04-29 18:25 . 2010-11-25 03:27 120408 ------w- c:\windows\system32\drivers\jraid.sys

2012-04-29 18:25 . 2012-04-29 18:25 -------- d-----w- c:\windows\RaidTool

2012-04-29 18:25 . 2012-04-29 18:25 -------- d-----w- c:\windows\SysWow64\RTCOM

2012-04-29 18:25 . 2012-04-29 18:25 -------- d-----w- c:\program files\Realtek

2012-04-29 18:23 . 2010-12-16 04:06 47232 ------w- c:\windows\system32\drivers\usbfilter.sys

2012-04-29 18:23 . 2012-04-29 18:23 -------- dc----w- c:\windows\system32\DRVSTORE

2012-04-29 18:23 . 2012-04-29 18:23 -------- d-----w- c:\program files\ATI

2012-04-29 17:56 . 2012-05-04 00:02 -------- d-sh--w- c:\windows\Installer

2012-04-29 17:56 . 2012-04-29 19:39 -------- d-----w- c:\program files (x86)\InstallShield Installation Information

2012-04-29 17:53 . 2012-05-02 23:13 -------- d-----w- c:\users\Wayne

2012-04-29 17:53 . 2012-04-29 17:53 -------- d-----w- C:\Recovery

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-03-26 23:42 . 2012-03-26 23:42 138360 ----a-w- c:\windows\SysWow64\drivers\AnyDVD.sys

2012-03-26 23:42 . 2012-03-26 23:42 138360 ------w- c:\windows\system32\drivers\AnyDVD.sys

2012-03-21 01:22 . 2012-03-21 01:22 691896 ----a-w- c:\windows\system32\drivers\avc3.sys

2012-02-17 21:45 . 2012-02-17 21:45 545064 ----a-w- c:\windows\system32\drivers\avckf.sys

2012-02-10 03:43 . 2012-02-10 03:43 962368 ----a-w- c:\windows\system32\nvumdshimx.dll

2012-02-10 03:43 . 2012-02-10 03:43 812352 ----a-w- c:\windows\SysWow64\nvumdshim.dll

2012-02-10 03:43 . 2012-02-10 03:43 364352 ----a-w- c:\windows\system32\nvdecodemft.dll

2012-02-10 03:43 . 2012-02-10 03:43 301376 ----a-w- c:\windows\SysWow64\nvdecodemft.dll

2012-02-10 03:43 . 2012-02-10 03:43 260416 ----a-w- c:\windows\system32\nvinitx.dll

2012-02-10 03:43 . 2012-02-10 03:43 215360 ----a-w- c:\windows\SysWow64\nvinit.dll

.

.

((((((((((((((((((((((((((((( SnapShot@2012-05-03_23.10.50 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-07-14 04:54 . 2012-05-04 18:45 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2009-07-14 04:54 . 2012-05-03 23:10 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2009-07-14 04:54 . 2012-05-03 23:10 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-07-14 04:54 . 2012-05-04 18:45 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-07-14 04:54 . 2012-05-03 23:10 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 04:54 . 2012-05-04 18:45 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 05:10 . 2012-05-04 16:43 38040 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2012-04-29 18:30 . 2012-05-04 16:43 5048 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4076960806-2078906943-2856338773-1000_UserData.bin

+ 2012-05-04 18:44 . 2012-05-04 18:44 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2012-05-03 23:09 . 2012-05-03 23:09 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2012-05-04 05:02 . 2012-05-04 10:44 187332 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin

+ 2009-07-14 02:36 . 2012-05-04 16:46 623940 c:\windows\system32\perfh009.dat

- 2009-07-14 02:36 . 2012-05-03 21:54 623940 c:\windows\system32\perfh009.dat

+ 2009-07-14 02:36 . 2012-05-04 16:46 106316 c:\windows\system32\perfc009.dat

- 2009-07-14 02:36 . 2012-05-03 21:54 106316 c:\windows\system32\perfc009.dat

+ 2009-07-14 04:46 . 2012-05-03 23:18 101256 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat

- 2009-07-14 05:01 . 2012-05-03 23:08 281008 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2009-07-14 05:01 . 2012-05-04 18:43 281008 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2012-04-29 22:42 . 2012-05-04 18:43 631320 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4076960806-2078906943-2856338773-1000-8192.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-04-29 1242448]

"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-09-07 43608]

"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]

"BDRegion"="c:\program files (x86)\Cyberlink\Shared files\brs.exe" [2011-09-28 75048]

"UCam_Menu"="c:\program files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]

"LGODDFU"="c:\program files (x86)\lg_fwupdate\fwupdate.exe" [2012-04-29 557056]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]

.

c:\users\Wayne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

NETGEAR WNDA3100v2 Smart Wizard.lnk - c:\program files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe [2012-4-29 4577760]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"mixer4"=wdmaud.drv

.

R2 CLKMSVC10_38F51D56;CyberLink Product - 2012/04/29 13:45;c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [2011-04-20 241648]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 WSWNDA3100;WSWNDA3100;c:\program files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe [2010-08-19 272864]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-29 253088]

R3 avckf;avckf;c:\windows\system32\DRIVERS\avckf.sys [x]

R3 bdsandbox;bdsandbox;c:\windows\system32\drivers\bdsandbox.sys [x]

R3 LVUVC64;Logitech Webcam C210(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]

R3 Update Server;BitDefender Update Server v2;c:\program files\Common Files\Bitdefender\Bitdefender Arrakis Server\bin\arrakis3.exe [2011-10-15 466736]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]

S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [x]

S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [x]

S0 avc3;avc3;c:\windows\system32\DRIVERS\avc3.sys [x]

S0 SCMNdisP;General NDIS Protocol Driver;c:\windows\system32\DRIVERS\scmndisp.sys [x]

S1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [2011-11-15 90192]

S1 bdfwfpf;bdfwfpf;c:\program files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [2011-11-15 103504]

S1 BDVEDISK;BDVEDISK;c:\windows\system32\DRIVERS\bdvedisk.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]

S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [x]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]

S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-08-03 2255464]

S2 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files (x86)\PCPitstop\PCPitstopScheduleService.exe [2010-09-13 86016]

S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-08-03 379496]

S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848]

S2 UPDATESRV;BitDefender Desktop Update Service;c:\program files\Bitdefender\Bitdefender 2012\updatesrv.exe [2012-03-13 66096]

S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [x]

S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [x]

S3 avchv;avchv Function Driver;c:\windows\system32\DRIVERS\avchv.sys [x]

S3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\DRIVERS\bcmwlhigh664.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

S3 SafeBox;SafeBox;c:\program files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe [2012-02-21 75384]

S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]

.

.

--- Other Services/Drivers In Memory ---

.

*Deregistered* - CLKMDRV10_38F51D56

.

Contents of the 'Scheduled Tasks' folder

.

2012-05-04 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-29 22:07]

.

2012-05-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4076960806-2078906943-2856338773-1000Core.job

- c:\users\Wayne\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-01 21:01]

.

2012-05-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4076960806-2078906943-2856338773-1000UA.job

- c:\users\Wayne\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-01 21:01]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox1]

@="{152C96EB-288E-4EDC-B7C6-D21F8250ADF3}"

[HKEY_CLASSES_ROOT\CLSID\{152C96EB-288E-4EDC-B7C6-D21F8250ADF3}]

2012-02-22 18:55 266952 ----a-w- c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox2]

@="{342DAA0B-D796-460D-8566-901E08A1CCAD}"

[HKEY_CLASSES_ROOT\CLSID\{342DAA0B-D796-460D-8566-901E08A1CCAD}]

2012-02-22 18:55 266952 ----a-w- c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox3]

@="{57595DAE-1AE1-4D97-A49E-67CBB53B52DF}"

[HKEY_CLASSES_ROOT\CLSID\{57595DAE-1AE1-4D97-A49E-67CBB53B52DF}]

2012-02-22 18:55 266952 ----a-w- c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox4]

@="{33816773-98AE-4723-ADE0-EBE54C8B5A67}"

[HKEY_CLASSES_ROOT\CLSID\{33816773-98AE-4723-ADE0-EBE54C8B5A67}]

2012-02-22 18:55 266952 ----a-w- c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-19 11613288]

"BDAgent"="c:\program files\Bitdefender\Bitdefender 2012\bdagent.exe" [2012-03-22 1067256]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.com/

mStart Page = about:blank

mLocal Page = c:\windows\SysWOW64\blank.htm

TCP: DhcpNameServer = 192.168.1.1

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\CyberLink\Shared files\RichVideo.exe

c:\program files (x86)\OpenOffice.org 3\program\soffice.exe

c:\program files (x86)\OpenOffice.org 3\program\soffice.bin

c:\program files (x86)\Malwarebytes' Anti-Malware\mbam.exe

.

**************************************************************************

.

Completion time: 2012-05-04 13:48:40 - machine was rebooted

ComboFix-quarantined-files.txt 2012-05-04 18:48

.

Pre-Run: 893,353,422,848 bytes free

Post-Run: 893,481,148,416 bytes free

.

- - End Of File - - 1F740A1FF1D2F213BCDC61CC160B94F7

I couldn't seem to find anything using a A/V scanner but BD did find those 2 Viruses.

I can post what BD says about that, since it can seem to create a log from it.

Event Details

File: C:\Users\Wayne\AppData\Local\Temp\7zEB296.tmp\mamep.exe

Action Taken: Deleted

Date: Thursday, May 03, 2012 4:23:23 AM

Virus Name: Trojan.Generic.6139542

Event Details

File: C:\Users\Wayne\AppData\Local\Temp\7zEB296.tmp\mamepgui.exe

Action taken: This threat has been removed at computer startup.

Date: Thursday, May 03, 2012 4:23:23 AM

Virus Name: Trojan.Generic.5970835

This is the best I can do.

Unless you have some better tools because none of these scanners can find a single thing.

Link to post
Share on other sites

The Virustotal & Virscan online scans were to see about 1 file. It is begnin.

Your Bitdefender details showed 2 suspects in temporary areas.

But I want to take a moment to remind you please, do not run tools on your own while I am helping you.

You just ran Combofix on your own.

and, what happened to the ESET scan I asked for ?

NEXT

It appears, again, you did not turn off Tea Timer. It is important to have it OFF while we try to clean.

Start Spybot-S&D, switch to the Advanced mode via the menu bar item Mode

then select Advanced Mode

On the left hand side, slect Tools

Then click on the Resident icon in the list

Uncheck Resident TeaTimer and OK any prompts.

Now Logoff & Restart your computer fresh.

You should be able to change the home page in your browser. Do so now.

If it fails, I will need full details: name of browser, what home page you need, how you tried.

NEXT

Download OTL by OldTimer to your desktop: http://oldtimer.geekstogo.com/OTL.exe

Please close any of your open windows/programs and exit; saving any open work you have.

I'd like to have you do a special run of OTL to generate some searches & a new log-report.

  • Please double-click OTL.exe otlDesktopIcon.png to run it. (Note: If you
    are running on Vista or Windows 7, right-click on the file and choose Run As Administrator).
  • Copy all the lines in between the **** stars lines **** below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after
    highlighting, right-click and choose Copy):
    *****************************************************************
    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %ALLUSERSPROFILE%\Application Data\*.
    %ALLUSERSPROFILE%\Application Data\*.exe /s
    %ALLUSERSPROFILE%\Application Data\*.dll /s
    %APPDATA%\*.
    %APPDATA%\*.exe /s
    %APPDATA%\*.dll /s
    %SYSTEMDRIVE%\*.exe
    /md5start
    themeui.dll
    beep.sys
    userinit.exe
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    /md5stop
    %USERPROFILE%\..|smtmp;true;true;true /FP
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    CREATERESTOREPOINT
    *****************************************************************
  • Return to OTL. Right click in the "Custom Scans/Fixes" window (under the aqua-blue bar) and choose Paste.
  • Close any browser(s) windows that may be open.
  • Using your mouse, click on Run Scan.
  • The scan won't take long.
    When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
    These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of just OTL.txt

Edited by Maurice Naggar
Link to post
Share on other sites

  • 2 weeks later...

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.