Jump to content

Infected with System Check, cannot be detected by antivirus


Recommended Posts

My laptop has been infected with the System Check virus, or something similar. I found a few solutions online, but I was unable to fix it. This is what I've tried:

-RKill

(kills 2 unknown processes with random names and stops the popups, closes the virus program)

-Unhide

(successfully unhides all my files)

-TDSKiller

(could not run at first, I ran FixTDSS and it could run after, however it found nothing)

-MBAM free version

(ran a full scan as well as a few quick scans before and after trying the 3 programs above, but it found nothing)

I'm currently running in Safe Mode with Networking. The virus appeared only when I booted my laptop today.

I have attached DDS.txt and Attach.txt as instructed by the pinned topic. I hope someone can help! Thanks!

Attach.txt

DDS.txt

Link to post
Share on other sites

Hello Merrainee and :welcome:! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support or here (http://helpdesk.malwarebytes.org/home). If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

BACKDOOR WARNING

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

Help: I Got Hacked. Now What Do I Do?

Help: I Got Hacked. Now What Do I Do? Part II

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

Please use Normal mode for my instructions, not Safe mode.

Step 1

Please delete your TDSSKiller copy and download the latest version of TDSSKiller from here and save it to your Desktop.

  1. Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    tdss_1.jpg
  2. Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
    tdss_2.jpg
  3. Click the Start Scan button.
    tdss_3.jpg
  4. If a suspicious object is detected, the default action will be Skip, click on Continue.
    tdss_4.jpg
  5. If malicious objects are found, they will show in the Scan results and offer three (3) options.
  6. Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    tdss_5.jpg
  7. Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Step 2

Follow the instructions here to run Malwarebytes' Anti-Malware:

http://forums.malwarebytes.org/index.php?showtopic=85715&view=findpost&p=434002

Post the log file in your next reply.

In your next reply, post the following log files:

  • TDSSKiller log
  • Malwarebytes' Anti-Malware log
  • a new fresh DDS log file

Link to post
Share on other sites

Hi, thank you for your reply! I've carried out the steps above. TDSSKiller found a few objects but didn't show any Cure options, so I skipped them all. While updating MBAM, it gave this error: PROGRAM_ERROR_UPDATING (5, 0, MBAMFileIO::WriteFile) Access is denied. MBAM found two objects and I've removed them.

While restarting and such, I had to run Rkill to stop the virus from throwing out popups, but my desktop went entirely black without my start bar. Nothing I pressed seemed to have any effect either. I had to force shut and restart my laptop and I'm not running RKill for now.

Here are the logs:

TDSSKiller

Sorry, had to attach it as it said my post was too long?

MBAM Log

Malwarebytes Anti-Malware 1.62.0.1300

www.malwarebytes.org

Database version: v2012.07.12.08

Windows 7 Service Pack 1 x86 NTFS

Internet Explorer 9.0.8112.16421

SP :: ROSHIE [administrator]

13/7/2012 12:26:48 PM

mbam-log-2012-07-13 (12-26-48).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 267996

Time elapsed: 17 minute(s), 27 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 5

HKCR\CLSID\{18689D3E-CF06-482F-AEB1-0880F859F0AA} (PUP.Funshion) -> No action taken.

HKCR\TypeLib\{5165BFF4-4E35-446F-B00E-EA4185B64F76} (PUP.Funshion) -> No action taken.

HKCR\Interface\{332C1DFF-B83D-40E3-968F-F85E20BF0CFB} (PUP.Funshion) -> No action taken.

HKCR\Fun.OnlineInstallCtrl.1 (PUP.Funshion) -> No action taken.

HKCR\Fun.OnlineInstallCtrl (PUP.Funshion) -> No action taken.

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 2

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.

Folders Detected: 3

C:\Program Files\Funshion Online (PUP.Funshion) -> No action taken.

C:\Program Files\Funshion Online\Funshion (PUP.Funshion) -> No action taken.

C:\Program Files\Funshion Online\Funshion\icon (PUP.Funshion) -> No action taken.

Files Detected: 9

C:\Windows\System32\funshion.ini (PUP.Funshion) -> No action taken.

C:\Program Files\Funshion Online\Funshion\fpsrv.dll (PUP.Funshion) -> No action taken.

C:\Program Files\Funshion Online\Funshion\funoictl.dll (PUP.Funshion) -> No action taken.

C:\Program Files\Funshion Online\Funshion\funshion.ini (PUP.Funshion) -> No action taken.

C:\Program Files\Funshion Online\Funshion\FunshionGame2.ico (PUP.Funshion) -> No action taken.

C:\Program Files\Funshion Online\Funshion\FunshionGame3.ico (PUP.Funshion) -> No action taken.

C:\Program Files\Funshion Online\Funshion\FunshionService.diagnose (PUP.Funshion) -> No action taken.

C:\Program Files\Funshion Online\Funshion\Funshop2.ico (PUP.Funshion) -> No action taken.

C:\Program Files\Funshion Online\Funshion\Funshop3.ico (PUP.Funshion) -> No action taken.

(end)

Ran a second scan and deleted the other PUP.Funshion files detected.

Malwarebytes Anti-Malware 1.62.0.1300

www.malwarebytes.org

Database version: v2012.07.12.08

Windows 7 Service Pack 1 x86 NTFS

Internet Explorer 9.0.8112.16421

SP :: ROSHIE [administrator]

13/7/2012 12:46:18 PM

mbam-log-2012-07-13 (12-46-18).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 268007

Time elapsed: 17 minute(s), 16 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 5

HKCR\CLSID\{18689D3E-CF06-482F-AEB1-0880F859F0AA} (PUP.Funshion) -> Quarantined and deleted successfully.

HKCR\TypeLib\{5165BFF4-4E35-446F-B00E-EA4185B64F76} (PUP.Funshion) -> Quarantined and deleted successfully.

HKCR\Interface\{332C1DFF-B83D-40E3-968F-F85E20BF0CFB} (PUP.Funshion) -> Quarantined and deleted successfully.

HKCR\Fun.OnlineInstallCtrl.1 (PUP.Funshion) -> Quarantined and deleted successfully.

HKCR\Fun.OnlineInstallCtrl (PUP.Funshion) -> Quarantined and deleted successfully.

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 3

C:\Program Files\Funshion Online (PUP.Funshion) -> Delete on reboot.

C:\Program Files\Funshion Online\Funshion (PUP.Funshion) -> Delete on reboot.

C:\Program Files\Funshion Online\Funshion\icon (PUP.Funshion) -> Quarantined and deleted successfully.

Files Detected: 9

C:\Windows\System32\funshion.ini (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Program Files\Funshion Online\Funshion\fpsrv.dll (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Program Files\Funshion Online\Funshion\funoictl.dll (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Program Files\Funshion Online\Funshion\funshion.ini (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Program Files\Funshion Online\Funshion\FunshionGame2.ico (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Program Files\Funshion Online\Funshion\FunshionGame3.ico (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Program Files\Funshion Online\Funshion\FunshionService.diagnose (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Program Files\Funshion Online\Funshion\Funshop2.ico (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Program Files\Funshion Online\Funshion\Funshop3.ico (PUP.Funshion) -> Quarantined and deleted successfully.

(end)

DDS Log:

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.3.1

Run by SP at 13:58:06 on 2012-07-13

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.65.1033.18.3059.1659 [GMT -5:00]

.

AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Symantec Endpoint Protection *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}

FW: Symantec Endpoint Protection *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}

.

============== Running Processes ===============

.

C:\windows\system32\wininit.exe

C:\windows\system32\lsm.exe

C:\windows\system32\svchost.exe -k DcomLaunch

C:\Program Files\Fingerprint Sensor\AtService.exe

C:\Windows\system32\nvvsvc.exe

C:\Program Files\Softex\OmniPass\OmniServ.exe

C:\windows\system32\svchost.exe -k RPCSS

C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\windows\system32\svchost.exe -k netsvcs

C:\windows\system32\svchost.exe -k LocalService

C:\windows\system32\nvvsvc.exe

C:\windows\SYSTEM32\WISPTIS.EXE

C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe

C:\windows\SYSTEM32\WISPTIS.EXE

C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe

C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe

C:\windows\system32\Dwm.exe

C:\windows\Explorer.EXE

C:\windows\system32\svchost.exe -k NetworkService

C:\windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\windows\system32\WLANExt.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\windows\system32\conhost.exe

C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe

C:\Program Files\Softex\OmniPass\opvapp.exe

C:\windows\System32\spoolsv.exe

C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe

C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe

C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe

C:\Program Files\Fingerprint Sensor\ATSwpNav.exe

C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

C:\Program Files\LSI SoftModem\agrsmsvc.exe

C:\windows\system32\svchost.exe -k bthsvcs

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Intel\WiFi\bin\EvtEng.exe

C:\Windows\vsnp2uvc.exe

C:\Windows\snuvcdsm.exe

C:\Program Files\CSR\Bluetooth Feature Pack 5.0\CSRSkype.exe

C:\Program Files\CSR\Bluetooth Feature Pack 5.0\ConMgr.exe

C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe

C:\Program Files\Fujitsu\PSUtility\TrayManager.exe

C:\Program Files\LogMeIn Hamachi\hamachi-2.exe

C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe

C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files\Fujitsu\BatteryAid2\BatteryDaemon.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe

C:\Program Files\Fujitsu\Application Panel\BtnHndHkb.exe

C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe

C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe

C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe

C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe

C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe

C:\Program Files\Fujitsu\updnavi\updatenv.exe

c:\Program Files\Fujitsu\PSUtility\PSUService.exe

C:\Program Files\Softex\OmniPass\scureapp.exe

C:\Program Files\Motorola\MotForwardDaemon\ForwardDaemon.exe

C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe

C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

C:\Program Files\Fujitsu\SSUtility\FJSSDMN.exe

c:\Program Files\CyberLink\Shared files\RichVideo.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe

C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe

C:\windows\system32\svchost.exe -k imgsvc

C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe

C:\Program Files\VMware\VMware Workstation\vmware-tray.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\windows\system32\Wacom_Tablet.exe

C:\ProgramData\DwGrEROeImE.exe

C:\Program Files\Fujitsu\updnavi\updnvsrv.exe

C:\Users\SP\AppData\Local\Google\Update\GoogleUpdate.exe

C:\windows\system32\WTablet\Wacom_TabletUser.exe

C:\windows\system32\Wacom_Tablet.exe

C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe

C:\Windows\System32\StikyNot.exe

C:\ProgramData\kwAzjqkPUoRbQu.exe

C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe

C:\windows\system32\vmnat.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\windows\system32\CCM\CcmExec.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\VMware\VMware Workstation\vmware-authd.exe

C:\windows\system32\vmnetdhcp.exe

C:\Program Files\VMware\VMware Workstation\vmware-hostd.exe

C:\windows\system32\wbem\unsecapp.exe

C:\windows\system32\wbem\wmiprvse.exe

C:\windows\system32\wbem\wmiprvse.exe

C:\windows\system32\msiexec.exe

C:\windows\system32\SearchIndexer.exe

C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\windows\System32\svchost.exe -k WerSvcGroup

C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\windows\system32\wbem\wmiprvse.exe

C:\windows\System32\alg.exe

C:\windows\system32\conhost.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://about.start.iplay.com

uDefault_Page_URL = hxxp://www.sp.edu.sg

uURLSearchHooks: H - No File

BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\adobe contribute cs5\plugins\ieplugin\contributeieplugin.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office14\GROOVEEX.DLL

BHO: {889D2FEB-5411-4565-8998-1DD2C5261283} - No File

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL

BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.0 runtime\bin\jp2ssv.dll

TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\adobe contribute cs5\plugins\ieplugin\contributeieplugin.dll

uRun: [Google Update] "c:\users\sp\appdata\local\google\update\GoogleUpdate.exe" /c

uRun: [AdobeBridge]

uRun: [RESTART_STICKY_NOTES] c:\windows\system32\StikyNot.exe

uRun: [kwAzjqkPUoRbQu] c:\programdata\kwAzjqkPUoRbQu.exe

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [indicatorUtility] c:\program files\fujitsu\fujitsu hotkey utility\IndicatorUty.exe

mRun: [LoadFUJ02E3] c:\program files\fujitsu\fuj02e3\FUJ02E3.exe

mRun: [ATSwpNav] "c:\program files\fingerprint sensor\ATSwpNav" -run

mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s

mRun: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe

mRun: [snp2uvc] c:\windows\vsnp2uvc.exe

mRun: [sNUVCDSM] c:\windows\snuvcdsm.exe

mRun: [CSRSkype] c:\program files\csr\bluetooth feature pack 5.0\CSRSkype.exe

mRun: [ConMgr] "c:\program files\csr\bluetooth feature pack 5.0\ConMgr.exe"

mRun: [FDM7] c:\program files\fujitsu\fdm7\FdmDaemon.exe

mRun: [PSUTility] c:\program files\fujitsu\psutility\TrayManager.exe

mRun: [LoadFujitsuQuickTouch] c:\program files\fujitsu\application panel\QuickTouch.exe

mRun: [LoadBtnHnd] c:\program files\fujitsu\application panel\BtnHnd.exe

mRun: [FJBATAID2] c:\program files\fujitsu\batteryaid2\BatteryDaemon.exe

mRun: [RemoteControl8] "c:\program files\cyberlink\powerdvd8\PDVD8Serv.exe"

mRun: [PDVD8LanguageShortcut] "c:\program files\cyberlink\powerdvd8\language\Language.exe"

mRun: [updatePDRShortCut] "c:\program files\cyberlink\powerdirector\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerdirector" updatewithcreateonce "software\cyberlink\powerdirector\7.0"

mRun: [uCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" updatewithcreateonce "software\cyberlink\youcam\3.0"

mRun: [YouCam Mirror Tray icon] "c:\program files\cyberlink\youcam\YouCamTray.exe" /s

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [FJUPDNV_Chitose] c:\program files\fujitsu\updnavi\updatenv.exe

mRun: [OmniPass] c:\program files\softex\omnipass\scureapp.exe

mRun: [NUSB3MON] "c:\program files\nec electronics\usb 3.0 host controller driver\application\nusb3mon.exe"

mRun: [sSUtility] c:\program files\fujitsu\ssutility\FJSSDMN.exe

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"

mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"

mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin

mRun: [switchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe

mRun: [LogMeIn Hamachi Ui] "c:\program files\logmein hamachi\hamachi-2-ui.exe" --auto-start

mRun: [PlusService] c:\program files\yuna software\messenger plus!\PlusService.exe

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [vmware-tray] c:\program files\vmware\vmware workstation\vmware-tray.exe

mRun: [bCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [DwGrEROeImE.exe] c:\programdata\DwGrEROeImE.exe

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

LSP: %SystemRoot%\system32\vsocklib.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab

DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

TCP: DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.1.1

TCP: Interfaces\{B8DBD259-EBF3-4628-A020-E5AD6D0D6674} : DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.1.1

TCP: Interfaces\{B8DBD259-EBF3-4628-A020-E5AD6D0D6674}\3594E4744554C4D273733313 : DhcpNameServer = 192.168.1.254

TCP: Interfaces\{B8DBD259-EBF3-4628-A020-E5AD6D0D6674}\46C696E6B6 : DhcpNameServer = 192.168.0.1

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll

Notify: igfxcui - igfxdev.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office14\GROOVEEX.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\sp\appdata\roaming\mozilla\firefox\profiles\ulcmxq60.default\

FF - prefs.js: browser.startup.homepage - www.google.com

FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL

FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL

FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\ahnlab\asp\components\aosmgr\conflict_221\npaosmgr.dll

FF - plugin: c:\program files\ahnlab\asp\mykeydefense 2.5\npmkd25aos.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll

FF - plugin: c:\program files\oracle\javafx 2.0 runtime\bin\plugin2\npjp2.dll

FF - plugin: c:\program files\tabletplugins\npwacom.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

FF - plugin: c:\programdata\thunder network\thunder\data\npxunlei1.0.0.1.dll

FF - plugin: c:\users\sp\appdata\local\google\update\1.3.21.111\npGoogleUpdate3.dll

FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_265.dll

FF - plugin: c:\windows\system32\npdeployJava1.dll

FF - plugin: c:\windows\system32\npmproxy.dll

.

---- FIREFOX POLICIES ----

FF - user.js: yahoo.homepage.dontask - true

============= SERVICES / DRIVERS ===============

.

R0 FBIOSDRV;Fujitsu BIOS Driver;c:\windows\system32\drivers\FBIOSDRV.sys [2009-9-2 17008]

R0 FJGSDisk;G-Sensor Application Filter Driver;c:\windows\system32\drivers\FJGSDisk.sys [2010-3-15 12776]

R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [2009-8-1 659328]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-5-30 106656]

R3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;c:\windows\system32\drivers\fuj02e3.sys [2009-9-2 5632]

R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [2012-5-28 73216]

R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2009-10-25 125696]

R3 k57nd60x;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60x.sys [2009-10-15 274984]

R3 NETw5s32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETw5s32.sys [2009-9-15 6114816]

R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [2009-10-26 58240]

R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [2009-10-26 136704]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2009-11-11 66664]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\drivers\motfilt.sys [2009-1-29 6016]

S3 BthAvrcp;Bluetooth AVRCP Profile;c:\windows\system32\drivers\BthAvrcp.sys [2009-8-20 28000]

S3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y6032.sys [2009-7-13 214016]

S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [2012-5-28 102784]

S3 ewusbmbb;HUAWEI USB-WWAN miniport;c:\windows\system32\drivers\ewusbwwan.sys [2012-5-28 349184]

S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2012-7-6 12400]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2009-10-29 209920]

S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2012-7-13 31560]

S3 Mkd2kfNt;Mkd2kfNt;c:\windows\system32\drivers\Mkd2kfNT.sys [2011-6-2 133632]

S3 Mkd2Nadr;Mkd2Nadr;c:\windows\system32\drivers\Mkd2Nadr.sys [2011-6-2 79360]

S3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\drivers\motoandroid.sys [2009-7-10 25856]

S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2012-1-25 20864]

S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2012-1-25 8448]

S3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\drivers\Motousbnet.sys [2012-1-25 23808]

S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]

S3 O2MDGRDR;O2MDGRDR;c:\windows\system32\drivers\o2mdg.sys [2009-7-20 60576]

S3 O2SDGRDR;O2SDGRDR;c:\windows\system32\drivers\o2sdg.sys [2009-7-15 41632]

S3 PCDSRVC{F819FCA4-67B3B36D-06000000}_0;PCDSRVC{F819FCA4-67B3B36D-06000000}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\fujitsu hardware diagnostics tool\pcdsrvc.pkms [2009-11-16 20848]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2009-12-11 174592]

.

=============== Created Last 30 ================

.

2012-07-13 17:21:53 31560 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys

2012-07-12 15:30:52 236280 ---ha-w- c:\programdata\kwAzjqkPUoRbQu.exe

2012-07-12 15:20:05 325880 ---ha-w- c:\programdata\DwGrEROeImE.exe

2012-07-12 04:44:08 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-07-12 04:44:07 194560 ----a-w- c:\program files\internet explorer\ieproxy.dll

2012-07-12 04:44:07 194048 ----a-w- c:\program files\internet explorer\IEShims.dll

2012-07-12 04:44:07 140920 ----a-w- c:\program files\internet explorer\sqmapi.dll

2012-07-12 04:44:06 142848 ----a-w- c:\windows\system32\ieUnatt.exe

2012-07-12 04:44:04 1800192 ----a-w- c:\windows\system32\jscript9.dll

2012-07-12 04:44:03 748664 ----a-w- c:\program files\internet explorer\iexplore.exe

2012-07-12 04:44:02 678912 ----a-w- c:\program files\internet explorer\iedvtool.dll

2012-07-12 04:44:02 387584 ----a-w- c:\program files\internet explorer\jsdbgui.dll

2012-07-12 04:44:00 1427968 ----a-w- c:\windows\system32\inetcpl.cpl

2012-07-12 03:54:49 -------- d--h--w- c:\users\sp\appdata\local\{6D163377-3D2C-4041-8E24-4D27E03B6D8D}

2012-07-12 03:54:25 -------- d--h--w- c:\users\sp\appdata\local\{4D52A9A4-29F0-4C93-BA21-6470B93D347A}

2012-07-11 15:49:52 -------- d--h--w- c:\users\sp\appdata\local\{154CCAA7-44D8-4E45-86EF-7C74DE308DEE}

2012-07-11 15:49:30 -------- d--h--w- c:\users\sp\appdata\local\{B028E758-E5C5-4686-B3A9-A95348C9B57D}

2012-07-11 15:09:20 369336 ----a-w- c:\windows\system32\drivers\cng.sys

2012-07-11 15:09:19 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys

2012-07-11 15:09:10 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2012-07-11 15:08:30 1019904 ----a-w- c:\program files\common files\system\ado\msado15.dll

2012-07-11 15:08:29 805376 ----a-w- c:\windows\system32\cdosys.dll

2012-07-11 15:08:24 352256 ----a-w- c:\program files\common files\system\ado\msadomd.dll

2012-07-11 15:08:23 57344 ----a-w- c:\program files\common files\system\ado\msador15.dll

2012-07-11 15:08:22 212992 ----a-w- c:\program files\common files\system\msadc\msadco.dll

2012-07-11 15:08:18 143360 ----a-w- c:\program files\common files\system\ado\msjro.dll

2012-07-11 15:08:14 372736 ----a-w- c:\program files\common files\system\ado\msadox.dll

2012-07-11 03:29:30 -------- d--h--w- c:\users\sp\appdata\local\{B8A34615-244E-46DB-8BD7-07B30C3A8361}

2012-07-11 03:29:09 -------- d--h--w- c:\users\sp\appdata\local\{6F7DE407-E19F-4A9B-859B-177284FA7F68}

2012-07-10 19:31:41 -------- d--h--w- c:\programdata\Motorola

2012-07-10 19:30:53 -------- d--h--w- c:\users\sp\appdata\roaming\Motorola Mobility

2012-07-10 19:30:34 -------- d--h--w- c:\program files\Motorola Mobility

2012-07-10 19:30:34 -------- d--h--w- c:\program files\Motorola

2012-07-10 19:30:34 -------- d--h--w- c:\program files\common files\MSSoap

2012-07-10 19:28:32 -------- d--h--w- c:\program files\common files\Motorola Shared

2012-07-10 19:26:48 -------- d--h--w- c:\users\sp\appdata\roaming\Motorola

2012-07-10 18:02:57 -------- d--h--w- c:\users\sp\.keytooliui

2012-07-10 15:28:41 -------- d--h--w- c:\users\sp\appdata\local\{77663E87-A162-45E0-9FCA-96AC07B36A52}

2012-07-10 15:28:19 -------- d--h--w- c:\users\sp\appdata\local\{B1EE5B13-D6AD-4915-B05D-5F0BD4ECC3C3}

2012-07-10 02:56:45 -------- d--h--w- c:\users\sp\appdata\local\{6FBFD123-9EF1-46CD-995C-3AA8D641EA3A}

2012-07-10 02:56:21 -------- d--h--w- c:\users\sp\appdata\local\{E3F5E366-E359-4405-8063-9AACA2756D74}

2012-07-09 18:29:12 -------- d--h--w- c:\program files\eclipse

2012-07-09 03:21:20 -------- d--h--w- c:\users\sp\appdata\roaming\Malwarebytes

2012-07-09 03:21:13 -------- d--h--w- c:\programdata\Malwarebytes

2012-07-09 03:21:12 -------- d--h--w- c:\program files\Malwarebytes' Anti-Malware

2012-07-09 02:30:45 -------- d--h--w- c:\users\sp\appdata\local\{48E68B56-1DD9-48C3-9882-756AE3748F1C}

2012-07-09 02:30:24 -------- d--h--w- c:\users\sp\appdata\local\{7320C3EE-8164-4C51-BC57-D72917613123}

2012-07-08 14:29:24 -------- d--h--w- c:\users\sp\appdata\local\{47A852B3-0EEC-4C9A-AF6D-85D954D15FD5}

2012-07-08 14:29:07 -------- d--h--w- c:\users\sp\appdata\local\{36AF0129-C3A2-4E19-BE0A-0A5AFD742A03}

2012-07-07 15:10:37 -------- d--h--w- c:\users\sp\appdata\local\{37857896-1E50-4D1D-8DAA-AC87A5235B33}

2012-07-07 15:10:15 -------- d--h--w- c:\users\sp\appdata\local\{06335C05-660C-4FFE-B093-9D3C48AEC7DF}

2012-07-07 03:09:41 -------- d--h--w- c:\users\sp\appdata\local\{EE58FFD0-37E8-453F-A943-8E1898924AC6}

2012-07-07 03:09:16 -------- d--h--w- c:\users\sp\appdata\local\{0E7F4EBD-2F16-42DF-89CD-2BA31502DDAE}

2012-07-07 00:49:59 -------- d--h--w- c:\programdata\TSLOG

2012-07-06 23:43:30 -------- d--h--w- c:\programdata\Xunlei

2012-07-06 23:41:37 -------- d--h--w- c:\program files\common files\Thunder Network

2012-07-06 23:41:31 -------- d--h--w- c:\programdata\Thunder Network

2012-07-06 23:40:57 -------- d--h--w- c:\program files\Thunder Network

2012-07-06 16:07:24 25200 ---ha-w- c:\windows\system32\drivers\ggsemc.sys

2012-07-06 16:07:24 12400 ---ha-w- c:\windows\system32\drivers\ggflt.sys

2012-07-06 16:06:13 -------- d--h--w- c:\programdata\Sony Ericsson

2012-07-06 16:06:09 -------- d--h--w- c:\program files\Sony Ericsson

2012-07-06 15:08:22 -------- d--h--w- c:\users\sp\appdata\local\{0DC32457-489F-4306-8544-0692008F6211}

2012-07-06 15:07:48 -------- d--h--w- c:\users\sp\appdata\local\{C0D33954-3164-49FB-90B6-5B962DA67CC8}

2012-07-04 15:22:52 -------- d--h--w- c:\users\sp\appdata\local\{2BC879F2-6069-42DC-BDF0-9F01F489D6AE}

2012-07-04 15:22:31 -------- d--h--w- c:\users\sp\appdata\local\{C0CBF135-BBB5-4C62-A8D6-1B9EE7CB9854}

2012-07-04 03:22:04 -------- d--h--w- c:\users\sp\appdata\local\{63EABDBB-EB15-4095-93E9-F8F799CE116E}

2012-07-04 03:21:42 -------- d--h--w- c:\users\sp\appdata\local\{7C0794D1-B112-4378-A273-C39A3B99F529}

2012-07-03 15:21:14 -------- d--h--w- c:\users\sp\appdata\local\{EF48F83E-97BE-4019-8C1D-BE30BD0B334D}

2012-07-03 15:20:52 -------- d--h--w- c:\users\sp\appdata\local\{6F08551B-24EE-41BE-A1E9-89D839E88C2E}

2012-07-03 03:20:13 -------- d--h--w- c:\users\sp\appdata\local\{88A3D3B7-946F-4055-9422-48D5E07B0875}

2012-07-03 03:19:49 -------- d--h--w- c:\users\sp\appdata\local\{3429F9C0-3D3A-48CE-8FE9-C568411F9556}

2012-07-01 18:02:25 -------- d--h--w- c:\users\sp\appdata\local\{297501F1-E60D-4368-9791-9960AB2485F0}

2012-07-01 18:02:04 -------- d--h--w- c:\users\sp\appdata\local\{A2240C57-CBB7-4E42-B1E3-9D1B19ACC1B9}

2012-06-30 14:59:46 -------- d--h--w- c:\users\sp\appdata\local\{FA0EE562-905C-4082-BBF0-E62648FCC276}

2012-06-30 14:59:24 -------- d--h--w- c:\users\sp\appdata\local\{93FB469D-2688-4C74-BE88-2B4E00B0242F}

2012-06-29 14:40:53 -------- d--h--w- c:\users\sp\appdata\local\{D3483237-4182-4E1B-8D91-4DB1C339BD96}

2012-06-29 14:40:26 -------- d--h--w- c:\users\sp\appdata\local\{42A5FD40-9A67-440E-8E35-B290B109693B}

2012-06-28 15:10:23 -------- d--h--w- c:\users\sp\appdata\local\{AEAEA033-1480-4ACE-8172-377FAAB59E91}

2012-06-28 15:10:02 -------- d--h--w- c:\users\sp\appdata\local\{9907CC72-9CB7-42C6-BB59-54F812A3E918}

2012-06-26 14:26:10 -------- d--h--w- c:\users\sp\appdata\local\{996B9632-F4AA-495D-9449-D3BDA21D1A7F}

2012-06-26 14:26:00 -------- d--h--w- c:\users\sp\appdata\local\{82339FF5-B698-4534-8B2C-8FF420DF9A81}

2012-06-26 01:31:10 -------- d--h--w- c:\users\sp\appdata\local\{4861598B-F83E-476D-A750-42E78C6D140E}

2012-06-26 01:30:48 -------- d--h--w- c:\users\sp\appdata\local\{EA7690CE-A086-45B4-BB11-F7A3D488CCEB}

2012-06-25 02:10:27 -------- d--h--w- c:\users\sp\appdata\local\{32A077B5-2EA5-4E31-B4AB-DEC00B93AD69}

2012-06-23 03:45:02 -------- d--h--w- c:\users\sp\appdata\local\{599BD4B9-4454-4E67-8DB5-1621A284B4C1}

2012-06-23 03:44:41 -------- d--h--w- c:\users\sp\appdata\local\{310B9E23-1CF7-42A8-ACC9-3A0A21F3310E}

2012-06-22 15:44:14 -------- d--h--w- c:\users\sp\appdata\local\{79398A62-6B6F-49E5-A92A-9BEA39E06FDD}

2012-06-22 15:43:49 -------- d--h--w- c:\users\sp\appdata\local\{0306ACA1-F474-4A1E-8838-1BBDC4A4EF35}

2012-06-22 03:43:19 -------- d--h--w- c:\users\sp\appdata\local\{63473AE9-22A6-42A0-96BE-2F46903A3545}

2012-06-22 03:42:58 -------- d--h--w- c:\users\sp\appdata\local\{A1B43DB9-19BD-479C-B0C5-8EA9EFF7E001}

2012-06-21 15:42:31 -------- d--h--w- c:\users\sp\appdata\local\{350D4A3E-EB89-48BB-A2F4-C4FF42A410AA}

2012-06-21 15:42:09 -------- d--h--w- c:\users\sp\appdata\local\{88BB2E8A-38F1-411F-8EDE-C3087FE17409}

2012-06-21 03:41:38 -------- d--h--w- c:\users\sp\appdata\local\{06B7D4FC-79A5-4A57-99D5-AAAB9945DFC6}

2012-06-21 03:41:14 -------- d--h--w- c:\users\sp\appdata\local\{D1841185-2E72-4A1E-B549-AB8362B4C4FB}

2012-06-20 15:40:41 -------- d--h--w- c:\users\sp\appdata\local\{F22F75CF-5987-4945-88BD-427B9C902283}

2012-06-20 15:40:17 -------- d--h--w- c:\users\sp\appdata\local\{B797E5AA-CF64-4316-A1D3-15314E030969}

2012-06-20 03:39:50 -------- d--h--w- c:\users\sp\appdata\local\{9CC6C64F-1D4B-48F1-B32B-37C081D7F283}

2012-06-20 03:39:29 -------- d--h--w- c:\users\sp\appdata\local\{23132524-34D1-48C5-AC45-BEB514A2DBC5}

2012-06-19 22:35:14 4967624 ---ha-w- c:\program files\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll

2012-06-19 15:39:02 -------- d--h--w- c:\users\sp\appdata\local\{41F88865-C560-4028-8826-3497224DDCF3}

2012-06-19 15:38:39 -------- d--h--w- c:\users\sp\appdata\local\{D21D7ED2-4596-4FC3-A7F6-DC62AD143DB7}

2012-06-19 03:37:56 -------- d--h--w- c:\users\sp\appdata\local\{1086CC20-6BFA-454D-BF43-47BEB88D6E57}

2012-06-19 03:37:24 -------- d--h--w- c:\users\sp\appdata\local\{93198057-5BB3-4251-BA17-AF3331D2C5BD}

2012-06-18 15:36:37 -------- d--h--w- c:\users\sp\appdata\local\{209D2A9E-1B39-428C-9D3E-8F91BA118A90}

2012-06-18 15:36:10 770384 ---ha-w- c:\program files\mozilla firefox\msvcr100.dll

2012-06-18 15:36:10 421200 ---ha-w- c:\program files\mozilla firefox\msvcp100.dll

2012-06-17 14:41:21 -------- d--h--w- c:\users\sp\appdata\local\{497CF24B-FB60-426A-B481-240DD813E437}

2012-06-16 04:00:58 -------- d--h--w- c:\users\sp\appdata\local\{FAF83CBB-55B6-4405-B03D-C074270285A3}

2012-06-15 13:57:12 -------- d--h--w- c:\users\sp\appdata\local\{06358064-5F0F-4500-B9D3-942BEA3959D4}

.

==================== Find3M ====================

.

2012-07-13 19:02:06 865022 ----a-w- c:\windows\system32\PerfStringBackup.TMP

2012-07-12 04:19:19 70344 ---ha-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-07-12 04:19:19 426184 ---ha-w- c:\windows\system32\FlashPlayerApp.exe

2012-06-25 21:04:24 1394248 ---ha-w- c:\windows\system32\msxml4.dll

2012-06-06 05:05:52 1390080 ----a-w- c:\windows\system32\msxml6.dll

2012-06-06 05:05:52 1236992 ----a-w- c:\windows\system32\msxml3.dll

2012-06-02 04:40:39 225280 ----a-w- c:\windows\system32\schannel.dll

2012-06-02 04:39:10 219136 ----a-w- c:\windows\system32\ncrypt.dll

2012-05-30 06:50:44 34768 ---ha-w- c:\windows\xinstaller.exe

2012-05-30 06:50:42 79824 ---ha-w- c:\windows\xinstaller.dll

2012-05-01 04:44:12 164352 ----a-w- c:\windows\system32\profsvc.dll

2012-04-28 03:17:07 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-04-26 04:45:55 58880 ----a-w- c:\windows\system32\rdpwsx.dll

2012-04-26 04:45:54 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll

2012-04-26 04:41:16 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe

2012-04-24 04:36:42 140288 ----a-w- c:\windows\system32\cryptsvc.dll

2012-04-24 04:36:42 1158656 ----a-w- c:\windows\system32\crypt32.dll

2012-04-24 04:36:42 103936 ----a-w- c:\windows\system32\cryptnet.dll

.

=================== ROOTKIT ====================

.

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

Windows 6.1.7601 Disk: FUJITSU_ rev.0000 -> Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1

.

device: opened successfully

user: MBR read successfully

.

Disk trace:

called modules: >>UNKNOWN [0x8384F000]<< >>UNKNOWN [0x8C650000]<< >>UNKNOWN [0x8C63F000]<< >>UNKNOWN [0x8BDA6000]<< >>UNKNOWN [0x83818000]<< >>UNKNOWN [0x8C01B000]<< >>UNKNOWN [0x8BC90000]<< >>UNKNOWN [0xA0F20000]<<

_asm { DEC EBP; POP EDX; NOP ; ADD [EBX], AL; ADD [EAX], AL; ADD [EAX+EAX], AL; ADD [EAX], AL; }

1 ntkrnlpa!IofCallDriver[0x8388655A] -> \Device\Harddisk0\DR0[0x861F1700]

\Driver\Disk[0x861F5668] -> IRP_MJ_CREATE -> 0x8C65439F

3 [0x8C65459E] -> ntkrnlpa!IofCallDriver[0x8388655A] -> [0x86EEE8C0]

\Driver\ACPI[0x8615BE40] -> IRP_MJ_CREATE -> 0x8BDAF4CC

5 [0x8BDAF3D4] -> ntkrnlpa!IofCallDriver[0x8388655A] -> \Device\Ide\IAAStorageDevice-1[0x86EBB028]

\Driver\iaStor[0x86EEA030] -> IRP_MJ_CREATE -> 0x8C07C830

kernel: MBR read successfully

_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; MOV CX, 0x4; MOV BP, 0x7be; CMP BYTE [bP+0x0], 0x0; }

user & kernel MBR OK

Warning: possible TDL3 rootkit infection !

.

============= FINISH: 14:14:13.65 ===============

TDSSKiller.2.7.45.0_13.07.2012_12.09.27_log.txt

Link to post
Share on other sites

Thanks for your information!

Step 1

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

Note: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Step 2

Download aswMBR.exe to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan

aswMBR2-1.gif

On completion of the scan click save log, save it to your desktop and post in your next reply

aswMBR2.png

In your next reply, post the following log files:

  • ComboFix log
  • aswMBR log

Link to post
Share on other sites

I restarted my computer a few times during the previous steps, and the virus hid my files again. My start bar disappeared and I could do nothing after running RKill. After that, I didn't bother with running RKill or Unhide. Should I run those now before running Combofix?

Link to post
Share on other sites

Delete your unhide.exe copy:

Please download unhide.exe from here and save it to your Desktop. Double-click on the Unhide.exe icon on your desktop and allow the program to run. This program will remove the +H, or hidden, attribute from all the files on your hard drives. If there are any files that were purposely hidden by you, you will need to hide them again after this tool is run. When Unhide is complete, it will create a logfile on the Windows Desktop called Unhide.txt .

Then run ComboFix.

In your next reply, post the following log files:

  • unhide log
  • ComboFix log

Link to post
Share on other sites

The Combofix guide said to close all windows but the virus window was still open, so I ran RKill. It said Access Denied, but the virus window closed so I left it like that and closed RKill. I ran Unhide without any problems. I was unable to disable my Symantec antivirus before running Combofix, but it seems like it ran smoothly.

Unhide Log

Unhide by Lawrence Abrams (Grinler)

http://www.bleepingcomputer.com/

Copyright 2008-2012 BleepingComputer.com

More Information about Unhide.exe can be found at this link:

http://www.bleepingcomputer.com/forums/topic405109.html

Program started at: 07/12/2012 11:51:34 AM

Windows Version: Windows 7

Please be patient while your files are made visible again.

Processing the C:\ drive

Finished processing the C:\ drive. 511031 files processed.

Processing the D:\ drive

Finished processing the D:\ drive. 41 files processed.

Restoring the Start Menu.

* 285 Shortcuts and Desktop items were restored.

Searching for Windows Registry changes made by FakeHDD rogues.

- Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer

- Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer

- Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System

- Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced

* Start_ShowControlPanel was set to 0! It was set back to 1!

* Start_ShowHelp was set to 0! It was set back to 1!

* Start_ShowMyComputer was set to 0! It was set back to 1!

* Start_ShowMyDocs was set to 0! It was set back to 1!

* Start_ShowMyMusic was set to 0! It was set back to 1!

* Start_ShowMyPics was set to 0! It was set back to 1!

* Start_ShowPrinters was set to 0! It was set back to 1!

* Start_ShowRun was set to 0! It was set back to 1!

* Start_ShowSearch was set to 0! It was set back to 1!

* Start_ShowSetProgramAccessAndDefaults was set to 0! It was set back to 1!

* Start_ShowRecentDocs was set to 0! It was set back to 2!

* Start_ShowNetConn was set to 0! It was set back to 1!

* Start_ShowNetPlaces was set to 0! It was set back to 1!

* Start_TrackDocs was set to 0! It was set back to 1!

* Start_TrackProgs was set to 0! It was set back to 1!

* Start_ShowUser was set to 0! It was set back to 1!

* Start_ShowMyGames was set to 0! It was set back to 1!

Restarting Explorer.exe in order to apply changes.

Program finished at: 07/12/2012 12:05:59 PM

Execution time: 0 hours(s), 14 minute(s), and 24 seconds(s)

Unhide by Lawrence Abrams (Grinler)

http://www.bleepingcomputer.com/

Copyright 2008-2012 BleepingComputer.com

More Information about Unhide.exe can be found at this link:

http://www.bleepingcomputer.com/forums/topic405109.html

Program started at: 07/12/2012 04:28:45 PM

Windows Version: Windows 7

Please be patient while your files are made visible again.

Processing the C:\ drive

Finished processing the C:\ drive. 511919 files processed.

Processing the D:\ drive

Finished processing the D:\ drive. 41 files processed.

Restoring the Start Menu.

* 285 Shortcuts and Desktop items were restored.

Searching for Windows Registry changes made by FakeHDD rogues.

- Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer

- Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer

- Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System

- Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced

* Start_ShowControlPanel was set to 0! It was set back to 1!

* Start_ShowHelp was set to 0! It was set back to 1!

* Start_ShowMyComputer was set to 0! It was set back to 1!

* Start_ShowMyDocs was set to 0! It was set back to 1!

* Start_ShowMyMusic was set to 0! It was set back to 1!

* Start_ShowMyPics was set to 0! It was set back to 1!

* Start_ShowPrinters was set to 0! It was set back to 1!

* Start_ShowRun was set to 0! It was set back to 1!

* Start_ShowSearch was set to 0! It was set back to 1!

* Start_ShowSetProgramAccessAndDefaults was set to 0! It was set back to 1!

* Start_ShowRecentDocs was set to 0! It was set back to 2!

* Start_ShowNetConn was set to 0! It was set back to 1!

* Start_ShowNetPlaces was set to 0! It was set back to 1!

* Start_TrackDocs was set to 0! It was set back to 1!

* Start_TrackProgs was set to 0! It was set back to 1!

* Start_ShowUser was set to 0! It was set back to 1!

* Start_ShowMyGames was set to 0! It was set back to 1!

Restarting Explorer.exe in order to apply changes.

Program finished at: 07/12/2012 04:45:18 PM

Execution time: 0 hours(s), 16 minute(s), and 32 seconds(s)

Unhide by Lawrence Abrams (Grinler)

http://www.bleepingcomputer.com/

Copyright 2008-2012 BleepingComputer.com

More Information about Unhide.exe can be found at this link:

http://www.bleepingcomputer.com/forums/topic405109.html

Program started at: 07/13/2012 04:59:15 PM

Windows Version: Windows 7

Please be patient while your files are made visible again.

Processing the C:\ drive

Finished processing the C:\ drive. 510230 files processed.

Processing the D:\ drive

Finished processing the D:\ drive. 43 files processed.

Restoring the Start Menu.

* 285 Shortcuts and Desktop items were restored.

Searching for Windows Registry changes made by FakeHDD rogues.

- Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer

- Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer

- Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System

* DisableTaskMgr policy was found and deleted!

- Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop

* HidNoChangingWallPaperden policy was found and deleted!

- Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced

* Start_ShowControlPanel was set to 0! It was set back to 1!

* Start_ShowHelp was set to 0! It was set back to 1!

* Start_ShowMyComputer was set to 0! It was set back to 1!

* Start_ShowMyDocs was set to 0! It was set back to 1!

* Start_ShowMyMusic was set to 0! It was set back to 1!

* Start_ShowMyPics was set to 0! It was set back to 1!

* Start_ShowPrinters was set to 0! It was set back to 1!

* Start_ShowRun was set to 0! It was set back to 1!

* Start_ShowSearch was set to 0! It was set back to 1!

* Start_ShowSetProgramAccessAndDefaults was set to 0! It was set back to 1!

* Start_ShowRecentDocs was set to 0! It was set back to 2!

* Start_ShowNetConn was set to 0! It was set back to 1!

* Start_ShowNetPlaces was set to 0! It was set back to 1!

* Start_TrackDocs was set to 0! It was set back to 1!

* Start_TrackProgs was set to 0! It was set back to 1!

* Start_ShowUser was set to 0! It was set back to 1!

* Start_ShowMyGames was set to 0! It was set back to 1!

Restarting Explorer.exe in order to apply changes.

Program finished at: 07/13/2012 05:07:54 PM

Execution time: 0 hours(s), 8 minute(s), and 39 seconds(s)

Combofix Log

ComboFix 12-07-13.03 - SP 13/07/2012 17:19:08.1.4 - x86

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.65.1033.18.3059.1578 [GMT -5:00]

Running from: c:\users\SP\Desktop\ComboFix.exe

AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}

FW: Symantec Endpoint Protection *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}

SP: Symantec Endpoint Protection *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\100

c:\programdata\DwGrEROeImE.exe

c:\programdata\kwAzjqkPUoRbQu

c:\programdata\kwAzjqkPUoRbQu.exe

c:\users\SP\AppData\Local\Microsoft\Windows\Temporary Internet Files\bidconfig_v1.2.dat

c:\users\SP\AppData\Local\Microsoft\Windows\Temporary Internet Files\collecttask_v1.2.dat

c:\windows\apppatch\AppLoc.exe

c:\windows\system32\drivers\10CF_FUJITSU_FPCA_SH760_FUJITSU_FJNB20B_Version 1.07_FUJ - 1070000_Version 1.07 _NVIDIA GeForce 310M .MRK

c:\windows\system32\html

c:\windows\system32\html\calendar.html

c:\windows\system32\html\calendarbottom.html

c:\windows\system32\html\calendartop.html

c:\windows\system32\html\crystalexportdialog.htm

c:\windows\system32\html\crystalprinthost.html

c:\windows\system32\images

c:\windows\system32\images\toolbar\calendar.gif

c:\windows\system32\images\toolbar\crlogo.gif

c:\windows\system32\images\toolbar\export.gif

c:\windows\system32\images\toolbar\export_over.gif

c:\windows\system32\images\toolbar\exportd.gif

c:\windows\system32\images\toolbar\First.gif

c:\windows\system32\images\toolbar\first_over.gif

c:\windows\system32\images\toolbar\Firstd.gif

c:\windows\system32\images\toolbar\gotopage.gif

c:\windows\system32\images\toolbar\gotopage_over.gif

c:\windows\system32\images\toolbar\gotopaged.gif

c:\windows\system32\images\toolbar\grouptree.gif

c:\windows\system32\images\toolbar\grouptree_over.gif

c:\windows\system32\images\toolbar\grouptreed.gif

c:\windows\system32\images\toolbar\grouptreepressed.gif

c:\windows\system32\images\toolbar\Last.gif

c:\windows\system32\images\toolbar\last_over.gif

c:\windows\system32\images\toolbar\Lastd.gif

c:\windows\system32\images\toolbar\Next.gif

c:\windows\system32\images\toolbar\next_over.gif

c:\windows\system32\images\toolbar\Nextd.gif

c:\windows\system32\images\toolbar\Prev.gif

c:\windows\system32\images\toolbar\prev_over.gif

c:\windows\system32\images\toolbar\Prevd.gif

c:\windows\system32\images\toolbar\print.gif

c:\windows\system32\images\toolbar\print_over.gif

c:\windows\system32\images\toolbar\printd.gif

c:\windows\system32\images\toolbar\Refresh.gif

c:\windows\system32\images\toolbar\refresh_over.gif

c:\windows\system32\images\toolbar\refreshd.gif

c:\windows\system32\images\toolbar\Search.gif

c:\windows\system32\images\toolbar\search_over.gif

c:\windows\system32\images\toolbar\searchd.gif

c:\windows\system32\images\toolbar\up.gif

c:\windows\system32\images\toolbar\up_over.gif

c:\windows\system32\images\toolbar\upd.gif

c:\windows\system32\images\tree\begindots.gif

c:\windows\system32\images\tree\beginminus.gif

c:\windows\system32\images\tree\beginplus.gif

c:\windows\system32\images\tree\blank.gif

c:\windows\system32\images\tree\blankdots.gif

c:\windows\system32\images\tree\dots.gif

c:\windows\system32\images\tree\lastdots.gif

c:\windows\system32\images\tree\lastminus.gif

c:\windows\system32\images\tree\lastplus.gif

c:\windows\system32\images\tree\Magnify.gif

c:\windows\system32\images\tree\minus.gif

c:\windows\system32\images\tree\minusbox.gif

c:\windows\system32\images\tree\plus.gif

c:\windows\system32\images\tree\plusbox.gif

c:\windows\system32\images\tree\singleminus.gif

c:\windows\system32\images\tree\singleplus.gif

.

.

((((((((((((((((((((((((( Files Created from 2012-06-13 to 2012-07-13 )))))))))))))))))))))))))))))))

.

.

2012-07-13 22:31 . 2012-07-13 22:31 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-07-13 19:01 . 2012-07-13 21:43 865022 ----a-w- c:\windows\system32\PerfStringBackup.TMP

2012-07-13 17:21 . 2012-07-13 17:21 31560 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys

2012-07-12 04:40 . 2012-06-12 02:40 2345984 ----a-w- c:\windows\system32\win32k.sys

2012-07-11 15:09 . 2012-06-02 04:40 369336 ----a-w- c:\windows\system32\drivers\cng.sys

2012-07-11 15:09 . 2012-06-02 04:45 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys

2012-07-11 15:09 . 2012-06-02 04:39 219136 ----a-w- c:\windows\system32\ncrypt.dll

2012-07-11 15:09 . 2012-06-02 04:40 225280 ----a-w- c:\windows\system32\schannel.dll

2012-07-11 15:09 . 2012-06-02 04:45 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2012-07-11 15:09 . 2012-06-06 05:05 1390080 ----a-w- c:\windows\system32\msxml6.dll

2012-07-11 15:08 . 2012-06-06 05:05 1236992 ----a-w- c:\windows\system32\msxml3.dll

2012-07-11 15:08 . 2010-06-26 03:24 2048 ----a-w- c:\windows\system32\msxml3r.dll

2012-07-11 15:08 . 2012-06-06 05:05 1019904 ----a-w- c:\program files\Common Files\System\ado\msado15.dll

2012-07-11 15:08 . 2012-06-06 05:03 805376 ----a-w- c:\windows\system32\cdosys.dll

2012-07-11 15:08 . 2012-06-06 05:05 352256 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll

2012-07-11 15:08 . 2012-06-06 05:05 57344 ----a-w- c:\program files\Common Files\System\ado\msador15.dll

2012-07-11 15:08 . 2012-06-06 05:05 212992 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll

2012-07-11 15:08 . 2012-06-06 05:05 143360 ----a-w- c:\program files\Common Files\System\ado\msjro.dll

2012-07-11 15:08 . 2012-06-06 05:05 372736 ----a-w- c:\program files\Common Files\System\ado\msadox.dll

2012-07-10 19:31 . 2012-07-10 19:31 -------- d-----w- c:\programdata\Motorola

2012-07-10 19:30 . 2012-07-10 19:30 -------- d-----w- c:\users\SP\AppData\Roaming\Motorola Mobility

2012-07-10 19:30 . 2012-07-10 19:30 -------- d-----w- c:\program files\Motorola Mobility

2012-07-10 19:30 . 2012-07-10 19:30 -------- d-----w- c:\program files\Motorola

2012-07-10 19:28 . 2012-07-10 19:28 -------- d-----w- c:\program files\Common Files\Motorola Shared

2012-07-10 19:26 . 2012-07-10 19:26 -------- d-----w- c:\users\SP\AppData\Roaming\Motorola

2012-07-10 18:02 . 2012-07-10 18:02 -------- d-----w- c:\users\SP\.keytooliui

2012-07-09 18:29 . 2012-07-12 15:14 -------- d-----w- c:\program files\eclipse

2012-07-09 03:21 . 2012-07-09 03:21 -------- d-----w- c:\users\SP\AppData\Roaming\Malwarebytes

2012-07-09 03:21 . 2012-07-09 03:21 -------- d-----w- c:\programdata\Malwarebytes

2012-07-09 03:21 . 2012-07-13 17:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-07-07 01:03 . 2012-07-07 01:03 -------- d-----w- c:\users\Public\Real

2012-07-07 00:49 . 2012-07-07 00:49 -------- d-----w- c:\programdata\TSLOG

2012-07-06 23:43 . 2012-07-06 23:43 -------- d-----w- c:\programdata\Xunlei

2012-07-06 23:41 . 2012-07-13 00:47 -------- d-----w- c:\program files\Common Files\Thunder Network

2012-07-06 23:41 . 2012-07-06 23:42 -------- d-----w- c:\programdata\Thunder Network

2012-07-06 23:40 . 2012-07-13 00:47 -------- d-----w- c:\program files\Thunder Network

2012-07-06 16:07 . 2012-07-06 16:07 25200 ----a-w- c:\windows\system32\drivers\ggsemc.sys

2012-07-06 16:07 . 2012-07-06 16:07 12400 ----a-w- c:\windows\system32\drivers\ggflt.sys

2012-07-06 16:06 . 2012-07-06 16:06 -------- d-----w- c:\programdata\Sony Ericsson

2012-07-06 16:06 . 2012-07-06 16:06 -------- d-----w- c:\program files\Sony Ericsson

2012-07-06 16:00 . 2012-07-06 16:00 -------- d-----w- c:\programdata\Sony

2012-06-25 21:04 . 2012-06-25 21:04 1394248 ----a-w- c:\windows\system32\msxml4.dll

2012-06-21 14:57 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-21 14:57 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll

2012-06-21 14:57 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-21 14:57 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll

2012-06-21 14:57 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll

2012-06-21 14:57 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll

2012-06-21 14:57 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll

2012-06-21 14:56 . 2012-06-02 20:19 171904 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-21 14:56 . 2012-06-02 20:12 33792 ----a-w- c:\windows\system32\wuapp.exe

2012-06-19 22:35 . 2012-06-19 22:35 4967624 ----a-w- c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll

2012-06-18 15:36 . 2012-06-18 15:36 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll

2012-06-18 15:36 . 2012-06-18 15:36 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-07-12 04:19 . 2012-03-30 03:53 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-07-12 04:19 . 2011-05-19 01:48 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-05-30 06:50 . 2012-05-30 06:50 34768 ---ha-w- c:\windows\xinstaller.exe

2012-05-30 06:50 . 2012-05-30 06:50 79824 ---ha-w- c:\windows\xinstaller.dll

2012-05-01 04:44 . 2012-06-13 18:14 164352 ----a-w- c:\windows\system32\profsvc.dll

2012-04-28 03:17 . 2012-06-13 18:14 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-04-26 04:45 . 2012-06-13 18:16 58880 ----a-w- c:\windows\system32\rdpwsx.dll

2012-04-26 04:45 . 2012-06-13 18:16 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll

2012-04-26 04:41 . 2012-06-13 18:16 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe

2012-04-24 04:36 . 2012-06-13 18:14 1158656 ----a-w- c:\windows\system32\crypt32.dll

2012-04-24 04:36 . 2012-06-13 18:14 140288 ----a-w- c:\windows\system32\cryptsvc.dll

2012-04-24 04:36 . 2012-06-13 18:14 103936 ----a-w- c:\windows\system32\cryptnet.dll

2012-06-18 15:36 . 2011-05-11 12:22 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AAADesktopTips]

@="{4562B511-62E9-4533-B7B2-56A8BB10B482}"

[HKEY_CLASSES_ROOT\CLSID\{4562B511-62E9-4533-B7B2-56A8BB10B482}]

2012-05-30 02:56 247760 ----a-w- c:\program files\Common Files\Thunder Network\Kankan\xappex.1.1.1.38.(403).dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\SP\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\SP\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\SP\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\SP\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ATSwpNav"="c:\program files\Fingerprint Sensor\ATSwpNav -run" [X]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]

"IndicatorUtility"="c:\program files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe" [2009-10-10 47976]

"LoadFUJ02E3"="c:\program files\Fujitsu\FUJ02E3\FUJ02E3.exe" [2009-10-14 36712]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-08-05 7703072]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-10-09 1578280]

"snp2uvc"="c:\windows\vsnp2uvc.exe" [2009-08-12 662016]

"SNUVCDSM"="c:\windows\snuvcdsm.exe" [2009-05-22 24576]

"CSRSkype"="c:\program files\CSR\Bluetooth Feature Pack 5.0\CSRSkype.exe" [2009-08-20 346464]

"ConMgr"="c:\program files\CSR\Bluetooth Feature Pack 5.0\ConMgr.exe" [2009-08-20 504160]

"FDM7"="c:\program files\Fujitsu\FDM7\FdmDaemon.exe" [2009-10-27 128360]

"PSUTility"="c:\program files\Fujitsu\PSUtility\TrayManager.exe" [2009-07-27 144744]

"LoadFujitsuQuickTouch"="c:\program files\Fujitsu\Application Panel\QuickTouch.exe" [2009-10-16 138088]

"LoadBtnHnd"="c:\program files\Fujitsu\Application Panel\BtnHnd.exe" [2009-10-16 33640]

"FJBATAID2"="c:\program files\Fujitsu\BatteryAid2\BatteryDaemon.exe" [2009-10-16 107880]

"RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2009-07-17 91432]

"PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2009-04-16 50472]

"UpdatePDRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-01-04 222504]

"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]

"YouCam Mirror Tray icon"="c:\program files\CyberLink\YouCam\YouCamTray.exe" [2009-10-03 167008]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"FJUPDNV_Chitose"="c:\program files\Fujitsu\updnavi\updatenv.exe" [2009-08-07 143360]

"OmniPass"="c:\program files\Softex\OmniPass\scureapp.exe" [2009-08-27 3248128]

"NUSB3MON"="c:\program files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2009-10-21 106496]

"SSUtility"="c:\program files\Fujitsu\SSUtility\FJSSDMN.exe" [2007-12-14 193832]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-12-01 13838952]

"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2011-03-02 115560]

"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-05 500208]

"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 402432]

"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2011-05-25 1951112]

"PlusService"="c:\program files\Yuna Software\Messenger Plus!\PlusService.exe" [2012-02-27 801792]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]

"vmware-tray"="c:\program files\VMware\VMware Workstation\vmware-tray.exe" [2011-11-13 103536]

"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"mixer2"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]

@="Service"

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]

R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]

R2 VMwareHostd;VMware Workstation Server;c:\program files\VMware\VMware Workstation\vmware-hostd.exe [x]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]

R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [x]

R3 BthAvrcp;Bluetooth AVRCP Profile;c:\windows\system32\drivers\BthAvrcp.sys [x]

R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y6032.sys [x]

R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]

R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [x]

R3 ewusbmbb;HUAWEI USB-WWAN miniport;c:\windows\system32\DRIVERS\ewusbwwan.sys [x]

R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [x]

R3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]

R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [x]

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [x]

R3 Mkd2kfNt;Mkd2kfNt;c:\windows\system32\drivers\Mkd2kfNt.sys [x]

R3 Mkd2Nadr;Mkd2Nadr;c:\windows\system32\drivers\Mkd2Nadr.sys [x]

R3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\Drivers\motoandroid.sys [x]

R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [x]

R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [x]

R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [x]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]

R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [x]

R3 O2MDGRDR;O2MDGRDR;c:\windows\system32\drivers\o2mdg.sys [x]

R3 O2SDGRDR;O2SDGRDR;c:\windows\system32\drivers\o2sdg.sys [x]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [x]

R3 PCDSRVC{F819FCA4-67B3B36D-06000000}_0;PCDSRVC{F819FCA4-67B3B36D-06000000}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\fujitsu hardware diagnostics tool\pcdsrvc.pkms [x]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]

R3 Sony PC Companion;Sony PC Companion;c:\program files\Sony\Sony PC Companion\PCCService.exe [x]

R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R3 XDva393;XDva393;c:\windows\system32\XDva393.sys [x]

R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [x]

S0 FBIOSDRV;Fujitsu BIOS Driver;c:\windows\System32\Drivers\FBIOSDRV.sys [x]

S0 FJGSDisk;G-Sensor Application Filter Driver;c:\windows\system32\DRIVERS\FJGSDisk.sys [x]

S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]

S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\AtService.exe [x]

S2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [x]

S2 Motorola Device Manager;Motorola Device Manager Service;c:\program files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [x]

S2 PowerSavingUtilityService;PowerSavingUtilityService;c:\program files\Fujitsu\PSUtility\PSUService.exe [x]

S2 PST Service;PST Service;c:\program files\Motorola\MotForwardDaemon\ForwardDaemon.exe [x]

S2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [x]

S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]

S2 UpdateNaviInstallService;UpdateNaviInstallService;c:\program files\Fujitsu\updnavi\updnvsrv.exe [x]

S2 VFPRadioSupportService;Bluetooth Feature Support;c:\program files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe [x]

S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [x]

S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [x]

S2 vstor2-mntapi10-shared;Vstor2 MntApi 1.0 Driver (shared);c:\windows\system32\drivers\vstor2-mntapi10-shared.sys [x]

S3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [x]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]

S3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;c:\windows\system32\drivers\FUJ02E3.sys [x]

S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [x]

S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]

S3 k57nd60x;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [x]

S3 NETw5s32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [x]

S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]

S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [x]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc Mcx2Svc

XLServicePlatform REG_MULTI_SZ XLServicePlatform

.

Contents of the 'Scheduled Tasks' folder

.

2012-07-13 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 04:19]

.

2012-07-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2584503236-3850616731-3045101856-1005Core.job

- c:\users\SP\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-11 13:47]

.

2012-07-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2584503236-3850616731-3045101856-1005UA.job

- c:\users\SP\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-11 13:47]

.

2012-06-26 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job

- c:\program files\Fujitsu Hardware Diagnostics Tool\pcdrcui.exe [2009-11-17 04:36]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://about.start.iplay.com

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105

LSP: %SystemRoot%\system32\vsocklib.dll

TCP: DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.1.1

FF - ProfilePath - c:\users\SP\AppData\Roaming\Mozilla\Firefox\Profiles\ulcmxq60.default\

FF - prefs.js: browser.startup.homepage - www.google.com

FF - user.js: yahoo.homepage.dontask - true

.

- - - - ORPHANS REMOVED - - - -

.

URLSearchHooks-{88c7f2aa-f93f-432c-8f0e-b7d85967a527} - (no file)

Toolbar-Locked - (no file)

HKCU-Run-AdobeBridge - (no file)

HKCU-Run-kwAzjqkPUoRbQu - c:\programdata\kwAzjqkPUoRbQu.exe

HKLM-Run-DwGrEROeImE.exe - c:\programdata\DwGrEROeImE.exe

SafeBoot-Symantec Antvirus

AddRemove-LSI Soft Modem - c:\windows\agrsmdel

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{F819FCA4-67B3B36D-06000000}_0]

"ImagePath"="\??\c:\program files\fujitsu hardware diagnostics tool\pcdsrvc.pkms"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-07-13 17:35:10

ComboFix-quarantined-files.txt 2012-07-13 22:35

.

Pre-Run: 61,263,237,120 bytes free

Post-Run: 71,124,664,320 bytes free

.

- - End Of File - - D306478D44F86C1E96B07946DA1C2E88

Link to post
Share on other sites

Thanks! :)

Please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan

  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

Link to post
Share on other sites

Scan Log

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=054b33af7b7dc84891a54aa2445d9299

# end=finished

# remove_checked=true

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2012-07-14 08:04:21

# local_time=2012-07-14 03:04:21 (-0600, Central Daylight Time)

# country="Singapore"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=5893 16776638 100 94 31601769 93823705 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=440359

# found=2

# cleaned=2

# scan_time=17347

C:\Qoobox\Quarantine\C\ProgramData\DwGrEROeImE.exe.vir a variant of Win32/Kryptik.AIIB trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\ProgramData\kwAzjqkPUoRbQu.exe.vir a variant of Win32/Kryptik.AIIB trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

Link to post
Share on other sites

Glad I could help! :)

Please uninstall ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix#uninstall

Next, uninstall ESET Online Scanner and then manually delte DDS, TDSSKiller, aswMBR and unhide.

Some malware prevention tips:

http://forums.malwarebytes.org/index.php?showtopic=104379&pid=515983&st=0entry515983

Safe surfing! :)

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.