Jump to content

potentially malicious processes detected


Recommended Posts

Hello Guys,

To start, 2 days ago I've been receiving notification from bitdefender total security 2013 that there are potentially malicious processes in my computer. And they are the following:

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Common Files\Calibration\Adobe Gamma Loader.exe

i ran a quick scan on malwarebytes but there were no threats detected.

Any help guys??

thank you

here's the DDS.txt

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1

Run by Se7eN at 21:40:14 on 2012-08-07

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.2013.993 [GMT 8:00]

.

AV: Bitdefender Antivirus *Disabled/Updated* {98CD50CE-5097-4098-9669-6C401FB3969C}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Bitdefender Antispyware *Disabled/Updated* {23ACB12A-76AD-4F16-ACD9-57326434DC21}

FW: Bitdefender Firewall *Enabled* {A0F6D1EB-1AF8-41C0-BD36-C575E160D1E7}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskhost.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\IObit\Game Booster 3\gbtray.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\HP\HP Software Update\hpwuschd2.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Samsung\Kies\KiesTrayAgent.exe

C:\Program Files\Winamp\winampa.exe

C:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe

C:\Program Files\Application Updater\ApplicationUpdater.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Bitdefender\Bitdefender 2013\bdparentalservice.exe

C:\Windows\system32\svchost.exe -k hpdevmgmt

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\system32\PnkBstrA.exe

C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe

C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe

C:\Program Files\Bitdefender\Bitdefender 2013\BdParentalSysTray.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Nero\Update\NASvc.exe

C:\Program Files\Internet Download Manager\IDMan.exe

C:\Program Files\Internet Download Manager\IEMonitor.exe

C:\Program Files\Maxthon3\Bin\Maxthon.exe

C:\Program Files\Maxthon3\Bin\Maxthon.exe

C:\Program Files\Maxthon3\Bin\Maxthon.exe

C:\Program Files\Maxthon3\Bin\Maxthon.exe

C:\Program Files\Maxthon3\Bin\Maxthon.exe

C:\Program Files\Maxthon3\Bin\Maxthon.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uSearch Page = hxxp://www.google.com

uStart Page = hxxp://www.google.com/

uSearch Bar = hxxp://www.google.com/ie

uDefault_Search_URL = hxxp://www.google.com/ie

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

uURLSearchHooks: YTD Toolbar: {f3fee66e-e034-436a-86e4-9690573bee8a} - c:\program files\ytd toolbar\ie\6.2\ytdToolbarIE.dll

uURLSearchHooks: YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll

BHO: IDM integration (IDMIEHlprObj Class): {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:\program files\internet download manager\IDMIECC.dll

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office14\GROOVEEX.DLL

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll

BHO: YTD Toolbar: {f3fee66e-e034-436a-86e4-9690573bee8a} - c:\program files\ytd toolbar\ie\6.2\ytdToolbarIE.dll

BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn1\YTSingleInstance.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll

TB: YTD Toolbar: {f3fee66e-e034-436a-86e4-9690573bee8a} - c:\program files\ytd toolbar\ie\6.2\ytdToolbarIE.dll

EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll

uRun: [Google Update] "c:\users\se7en\appdata\local\google\update\GoogleUpdate.exe" /c

uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messen~1\YahooMessenger.exe" -quiet

uRun: [KiesPDLR] c:\program files\samsung\kies\external\firmwareupdate\KiesPDLR.exe

mRun: [bCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [NBAgent] "c:\program files\nero\nero 11\nero backitup\NBAgent.exe" /WinStart

mRun: [KiesTrayAgent] c:\program files\samsung\kies\KiesTrayAgent.exe

mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"

mRun: [bdagent] c:\program files\bitdefender\bitdefender 2013\bdagent.exe

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRun: [<NO NAME>]

mRun: [searchSettings] "c:\program files\common files\spigot\search settings\SearchSettings.exe"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

mPolicies-system: EnableLinkedConnections = 1 (0x1)

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm

IE: Download with IDM - c:\program files\internet download manager\IEExt.htm

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

LSP: c:\program files\bitdefender\bitdefender 2013\BdProvider.dll

TCP: DhcpNameServer = 121.1.3.81 121.1.3.16 121.1.3.66

TCP: Interfaces\{0A67CA2F-4D09-4015-BC1C-642981838190} : DhcpNameServer = 124.106.5.2 124.106.4.2

TCP: Interfaces\{B3B3E114-2A4D-4C34-98A2-6DBBEECC6D84} : DhcpNameServer = 121.1.3.81 121.1.3.16 121.1.3.66

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: igfxcui - igfxdev.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office14\GROOVEEX.DLL

.

============= SERVICES / DRIVERS ===============

.

R0 avc3;avc3;c:\windows\system32\drivers\avc3.sys [2012-7-28 611520]

R0 gzflt;gzflt;c:\windows\system32\drivers\gzflt.sys [2012-7-28 154464]

R0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\drivers\NBVol.sys [2012-3-14 56496]

R0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\drivers\NBVolUp.sys [2012-3-14 12464]

R1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [2012-7-28 74832]

R1 bdfwfpf;bdfwfpf;c:\program files\common files\bitdefender\bitdefender firewall\bdfwfpf.sys [2012-7-28 90704]

R1 BDVEDISK;BDVEDISK;c:\windows\system32\drivers\bdvedisk.sys [2012-7-28 72704]

R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [2005-3-16 13696]

R2 Application Updater;Application Updater;c:\program files\application updater\ApplicationUpdater.exe [2012-7-26 794560]

R2 BdDesktopParental;Bitdefender Desktop Parental Control;c:\program files\bitdefender\bitdefender 2013\bdparentalservice.exe [2012-8-7 58616]

R2 IDMWFP;IDMWFP;c:\windows\system32\drivers\idmwfp.sys [2012-6-7 96056]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-7-28 655944]

R2 NAUpdate;Nero Update;c:\program files\nero\update\NASvc.exe [2011-11-25 687400]

R2 SafeBox;SafeBox;c:\program files\bitdefender\bitdefender safebox\safeboxservice.exe [2012-7-28 82824]

R2 UPDATESRV;Bitdefender Desktop Update Service;c:\program files\bitdefender\bitdefender 2013\updatesrv.exe [2012-8-2 55544]

R3 avchv;avchv Function Driver;c:\windows\system32\drivers\avchv.sys [2012-7-28 240184]

R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2010-3-15 127488]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-7-28 22344]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-3-1 139776]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-11 250056]

S3 avckf;avckf;c:\windows\system32\drivers\avckf.sys [2012-7-28 447208]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]

S3 BDSandBox;BDSandBox;c:\windows\system32\drivers\bdsandbox.sys [2012-7-28 63056]

S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [2012-6-4 80824]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-1-22 30963576]

S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-10 4640000]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-10-8 15872]

S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2012-5-7 27192]

S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\drivers\SiSGB6.sys [2009-6-11 48128]

S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [2012-6-4 181432]

S3 ssudobex;SAMSUNG Mobile USB OBEX Serial Port(DEVGURU Ver.);c:\windows\system32\drivers\ssudobex.sys [2012-6-4 181432]

S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-10-8 52224]

S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-10-7 1343400]

S3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files\iobit\game booster 3\driver\WinRing0.sys [2012-5-24 14416]

.

=============== Created Last 30 ================

.

2012-08-07 01:55:03 -------- d-----w- c:\program files\Oracle

2012-08-05 13:14:19 -------- d-----w- c:\users\se7en\appdata\local\Macromedia

2012-08-05 03:00:11 4283672 ----a-w- c:\programdata\microsoft\ehome\packages\mceclientux\updateablemarkup\markup.dll

2012-08-05 02:58:03 42776 ----a-w- c:\programdata\microsoft\ehome\packages\mceclientux\dsm\StartResources.dll

2012-08-05 02:57:58 539984 ----a-w- c:\programdata\microsoft\ehome\packages\mcespotlight\mcespotlight\SpotlightResources.dll

2012-08-05 02:57:42 737072 ----a-w- c:\programdata\microsoft\ehome\packages\sportsv2\sportstemplatecore\Microsoft.MediaCenter.Sports.UI.dll

2012-08-03 06:57:42 772504 ----a-w- c:\windows\system32\npDeployJava1.dll

2012-08-03 06:23:32 164352 ----a-w- c:\windows\system32\profsvc.dll

2012-08-03 06:23:18 2342400 ----a-w- c:\windows\system32\msi.dll

2012-08-01 12:57:45 -------- d-----w- c:\users\se7en\appdata\local\bryangavino

2012-07-31 08:33:14 -------- d-----w- c:\program files\YTD Toolbar

2012-07-31 08:33:14 -------- d-----w- c:\program files\common files\Spigot

2012-07-31 08:33:14 -------- d-----w- c:\program files\Application Updater

2012-07-30 12:30:15 -------- d-----w- c:\users\se7en\appdata\roaming\Maxthon3

2012-07-30 12:30:11 -------- d-----w- c:\program files\Maxthon3

2012-07-28 11:42:23 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-07-28 11:42:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-07-28 11:33:15 -------- d-----w- c:\programdata\BDLogging

2012-07-28 11:31:38 72704 ----a-w- c:\windows\system32\drivers\bdvedisk.sys

2012-07-28 11:30:03 74832 ----a-w- c:\windows\system32\drivers\BdfNdisf6.sys

2012-07-28 11:30:03 63056 ----a-w- c:\windows\system32\drivers\bdsandbox.sys

2012-07-28 11:30:03 511328 ----a-w- c:\windows\capicom.dll

2012-07-28 11:30:03 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll

2012-07-28 11:30:03 -------- d-----w- c:\windows\system32\ui

2012-07-28 11:29:56 611520 ----a-w- c:\windows\system32\drivers\avc3.sys

2012-07-28 11:29:56 447208 ----a-w- c:\windows\system32\drivers\avckf.sys

2012-07-28 11:29:56 240184 ----a-w- c:\windows\system32\drivers\avchv.sys

2012-07-28 10:43:00 -------- d-----w- c:\users\se7en\appdata\roaming\Bitdefender

2012-07-28 10:42:57 -------- d-----w- c:\programdata\Bitdefender

2012-07-28 10:31:33 1699 ----a-w- c:\programdata\1343471187.932.bin

2012-07-28 07:30:58 -------- d-----w- c:\users\se7en\appdata\roaming\Malwarebytes

2012-07-28 07:30:52 -------- d-----w- c:\programdata\Malwarebytes

2012-07-28 02:20:39 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{a38dbe21-7aff-4fee-9a1d-5d3be1767696}\offreg.dll

2012-07-22 12:21:58 -------- d-----w- c:\program files\Winamp Detect

2012-07-20 23:20:24 6891424 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{a38dbe21-7aff-4fee-9a1d-5d3be1767696}\mpengine.dll

2012-07-17 11:22:12 -------- d-----w- c:\users\se7en\appdata\local\Facebook

2012-07-16 12:15:02 79256 ----a-w- c:\windows\system32\npOGPPlugin.dll

2012-07-16 12:15:01 271768 ----a-w- c:\windows\system32\OGPIEPlugin.ocx

2012-07-16 12:14:41 -------- d-----w- c:\program files\OGPlanet

2012-07-11 14:41:00 2345984 ----a-w- c:\windows\system32\win32k.sys

2012-07-11 13:45:42 140288 ----a-w- c:\windows\system32\cryptsvc.dll

2012-07-11 13:45:42 1158656 ----a-w- c:\windows\system32\crypt32.dll

2012-07-11 13:45:42 103936 ----a-w- c:\windows\system32\cryptnet.dll

2012-07-11 13:23:33 2422272 ----a-w- c:\windows\system32\wucltux.dll

2012-07-11 13:23:24 88576 ----a-w- c:\windows\system32\wudriver.dll

2012-07-11 13:23:04 33792 ----a-w- c:\windows\system32\wuapp.exe

2012-07-11 13:23:04 171904 ----a-w- c:\windows\system32\wuwebv.dll

2012-07-09 07:11:28 -------- d-----w- c:\program files\Vibrant Games

.

==================== Find3M ====================

.

2012-08-05 13:03:23 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-08-05 13:03:23 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-07-28 11:35:39 102200 ----a-w- c:\programdata\1343471187.3732.bin

2012-07-28 11:35:36 751551 ----a-w- c:\programdata\1343471187.1464.bin

2012-07-28 11:35:36 37648 ----a-w- c:\programdata\1343471187.2736.bin

2012-07-28 11:35:36 186812 ----a-w- c:\programdata\1343471187.3656.bin

2012-07-28 10:43:22 7401 ----a-w- c:\programdata\1343471187.2640.bin

2012-07-28 10:42:56 1090 ----a-w- c:\programdata\1343471187.1820.bin

2012-07-28 10:30:01 1090 ----a-w- c:\programdata\1343471187.2060.bin

2012-07-28 10:26:49 8544 ----a-w- c:\programdata\1343471187.3716.bin

2012-07-28 10:26:48 13531 ----a-w- c:\programdata\1343471187.1332.bin

2012-07-28 10:26:47 3042 ----a-w- c:\programdata\1343471187.2960.bin

2012-07-02 11:06:05 138184 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys

2012-07-02 11:05:48 183112 ----a-w- c:\windows\system32\PnkBstrB.exe

2012-06-30 10:42:59 66872 ----a-w- c:\windows\system32\PnkBstrA.exe

2012-06-06 05:05:52 1390080 ----a-w- c:\windows\system32\msxml6.dll

2012-06-06 05:05:52 1236992 ----a-w- c:\windows\system32\msxml3.dll

2012-06-06 05:03:06 805376 ----a-w- c:\windows\system32\cdosys.dll

2012-06-02 08:33:25 1800192 ----a-w- c:\windows\system32\jscript9.dll

2012-06-02 08:25:08 1129472 ----a-w- c:\windows\system32\wininet.dll

2012-06-02 08:25:03 1427968 ----a-w- c:\windows\system32\inetcpl.cpl

2012-06-02 08:20:33 142848 ----a-w- c:\windows\system32\ieUnatt.exe

2012-06-02 08:16:52 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-06-02 04:45:04 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2012-06-02 04:45:03 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys

2012-06-02 04:40:59 369336 ----a-w- c:\windows\system32\drivers\cng.sys

2012-06-02 04:40:39 225280 ----a-w- c:\windows\system32\schannel.dll

2012-06-02 04:39:10 219136 ----a-w- c:\windows\system32\ncrypt.dll

2012-05-31 04:25:14 237072 ------w- c:\windows\system32\MpSigStub.exe

2012-05-29 07:38:50 330240 ----a-w- c:\windows\MASetupCaller.dll

2012-05-24 21:18:40 4472832 ----a-w- c:\windows\system32\GPhotos.scr

2012-05-21 02:09:00 80824 ----a-w- c:\windows\system32\drivers\ssudbus.sys

2012-05-21 02:09:00 181432 ----a-w- c:\windows\system32\drivers\ssudobex.sys

2012-05-21 02:09:00 181432 ----a-w- c:\windows\system32\drivers\ssudmdm.sys

.

============= FINISH: 21:40:45.29 ===============

Here's the Attach.txt :

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Ultimate

Boot Device: \Device\HarddiskVolume1

Install Date: 9/7/2011 7:59:24 AM

System Uptime: 8/7/2012 8:01:28 PM (1 hours ago)

.

Motherboard: BIOSTAR Group | | G41-M7

Processor: Pentium® Dual-Core CPU E6600 @ 3.06GHz | CPU 1 | 1594/267mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 298 GiB total, 246.692 GiB free.

D: is CDROM ()

E: is FIXED (NTFS) - 168 GiB total, 137.731 GiB free.

.

==== Disabled Device Manager Items =============

.

Class GUID: {4d36e980-e325-11ce-bfc1-08002be10318}

Description: Floppy disk drive

Device ID: FDC\GENERIC_FLOPPY_DRIVE\5&18FF73AE&0&0

Manufacturer: (Standard floppy disk drives)

Name: Floppy disk drive

PNP Device ID: FDC\GENERIC_FLOPPY_DRIVE\5&18FF73AE&0&0

Service: flpydisk

.

==== System Restore Points ===================

.

RP198: 7/30/2012 8:25:13 PM - Revo Uninstaller Pro's restore point - Apple Software Update

RP200: 7/30/2012 8:26:55 PM - Revo Uninstaller Pro's restore point - Bonjour

RP201: 7/30/2012 8:27:21 PM - Removed Bonjour

RP203: 7/31/2012 6:10:44 PM - Installed DirectX

RP204: 7/31/2012 6:11:57 PM - Installed Nero Prerequisite Installer 1.0.

RP205: 8/3/2012 2:23:40 PM - Windows Update

RP206: 8/3/2012 2:55:37 PM - Installed Java SE Development Kit 7 Update 5

RP207: 8/3/2012 2:56:25 PM - Installed Java 7 Update 5

RP208: 8/3/2012 2:58:45 PM - Installed JavaFX 2.1.1 SDK

RP209: 8/3/2012 2:59:23 PM - Installed JavaFX 2.1.1

RP211: 8/4/2012 6:50:11 AM - Revo Uninstaller Pro's restore point - Facebook Messenger 2.1.4590.0

RP212: 8/4/2012 6:50:56 AM - Removed Facebook Messenger 2.1.4590.0

RP214: 8/6/2012 5:34:51 PM - Revo Uninstaller Pro's restore point - YTD Video Downloader 3.9

RP216: 8/7/2012 9:39:42 AM - Revo Uninstaller Pro's restore point - Java SE Development Kit 7 Update 5

RP218: 8/7/2012 9:41:40 AM - Revo Uninstaller Pro's restore point - Java 7 Update 5

RP219: 8/7/2012 9:41:55 AM - Removed Java 7 Update 5

RP221: 8/7/2012 9:43:05 AM - Revo Uninstaller Pro's restore point - JavaFX 2.1.1

RP222: 8/7/2012 9:43:21 AM - Removed JavaFX 2.1.1

RP224: 8/7/2012 9:44:35 AM - Revo Uninstaller Pro's restore point - JavaFX 2.1.1 SDK

RP225: 8/7/2012 9:44:54 AM - Removed JavaFX 2.1.1 SDK

RP227: 8/7/2012 9:46:43 AM - Revo Uninstaller Pro's restore point - Java 6 Update 31

RP228: 8/7/2012 9:47:05 AM - Removed Java 6 Update 31

RP229: 8/7/2012 9:52:33 AM - Installed Java SE Development Kit 7 Update 5

RP230: 8/7/2012 9:53:33 AM - Installed Java 7 Update 5

RP231: 8/7/2012 9:54:41 AM - Installed JavaFX 2.1.1 SDK

RP232: 8/7/2012 9:55:29 AM - Installed JavaFX 2.1.1

RP234: 8/7/2012 7:39:17 PM - Revo Uninstaller Pro's restore point - Adobe Reader X (10.1.3)

.

==== Installed Programs ======================

.

32 Bit HP CIO Components Installer

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Photoshop CS

Adobe Shockwave Player 11.6

Bitdefender Total Security 2013

BufferChm

CCleaner

Copy

Coupon Printer for Windows

Destinations

DeviceDiscovery

DJ_AIO_06_F2400_SW_Min

F2400

ffdshow [rev 3154] [2009-12-09]

Game Booster 3

Google Chrome

GPBaseService2

Hewlett-Packard ACLM.NET v1.1.0.0

High-Definition Video Playback

Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678)

HP Customer Participation Program 14.0

HP Deskjet F2400 All-in-One Driver Software 14.0 Rel. 6

HP Imaging Device Functions 14.0

HP Photo Creations

HP Product Detection

HP Smart Web Printing 4.60

HP Solution Center 14.0

HP Update

HPPhotoGadget

HPProductAssistant

HPSSupply

IGG Web3D Player version 1.0.0.37

Intel® Graphics Media Accelerator Driver

Internet Download Manager

Java Auto Updater

Java SE Development Kit 7 Update 5

Java 7 Update 5

JavaFX 2.1.1

JavaFX 2.1.1 SDK

K-Lite Mega Codec Pack 7.0.0

Malwarebytes Anti-Malware version 1.62.0.1300

MarketResearch

Maxthon 3

Microsoft .NET Framework 4 Client Profile

Microsoft Application Error Reporting

Microsoft Choice Guard

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office Groove MUI (English) 2010

Microsoft Office InfoPath MUI (English) 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Professional Plus 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Word MUI (English) 2010

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual Basic 2005 Express Edition - ENU

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft WSE 3.0 Runtime

MSVCRT

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MyFreeCodec

NBA 2K12

Need for Speed™ Undercover

Nero 11

Nero 11 Disc Menus Basic

Nero 11 Effects Basic

Nero 11 Image Samples

Nero 11 Kwik Themes Basic

Nero 11 PiP Effects Basic

Nero Audio Pack 1

Nero BackItUp 11

Nero BackItUp 11 Help (CHM)

Nero Backup Drivers

Nero Burning ROM 11

Nero Burning ROM 11 Help (CHM)

Nero ControlCenter 11

Nero ControlCenter 11 Help (CHM)

Nero Core Components 11

Nero CoverDesigner 11

Nero CoverDesigner 11 Help (CHM)

Nero Express 11

Nero Express 11 Help (CHM)

Nero Kwik Media

Nero Kwik Media Help (CHM)

Nero Prerequisite Installer 1.0

Nero Recode 11

Nero Recode 11 Help (CHM)

Nero RescueAgent 11

Nero RescueAgent 11 Help (CHM)

Nero SharedVideoCodecs

Nero SoundTrax 11

Nero SoundTrax 11 Help (CHM)

Nero Update

Nero Video 11

Nero Video 11 Help (CHM)

Nero WaveEditor 11

Nero WaveEditor 11 Help (CHM)

nero.prerequisites.msi

Pando Media Booster

Picasa 3

Popcap Game Collection

Revo Uninstaller Pro 2.5.8

Samsung Kies

SAMSUNG USB Driver for Mobile Phones

Scan

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Shop for HP Supplies

Skype web features

Skype™ 5.10

SmartWebPrinting

SolutionCenter

SpeedFan (remove only)

Status

Supreme Destiny version 7.55

swMSM

Toolbox

TrayApp

TypingMaster Pro

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

WebReg

Welcome App (Start-up experience)

Winamp

Winamp Detector Plug-in

Windows Installer Clean Up

Windows Live Communications Platform

Windows Live Essentials

Windows Live Photo Gallery

Windows Live Sign-in Assistant

Windows Live Sync

Windows Live Upload Tool

Windows Movie Maker 2.6

WinRAR 4.20 (32-bit)

Yahoo! Messenger

Yahoo! Software Update

Yahoo! Toolbar

YTD Toolbar v6.2

.

==== Event Viewer Messages From Past Week ========

.

8/6/2012 2:01:40 PM, Error: Schannel [36888] - The following fatal alert was generated: 10. The internal error state is 10.

8/3/2012 3:00:50 PM, Error: Schannel [36887] - The following fatal alert was received: 40.

7/31/2012 12:18:31 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.

7/31/2012 12:18:31 AM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

7/31/2012 12:18:31 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

7/31/2012 12:18:31 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

7/31/2012 12:18:25 AM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

7/31/2012 12:18:25 AM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.

.

==== End Of File ===========================

Link to post
Share on other sites

Welcome to the forum.

Those files are legitimate but you have other items on the system that I would suggest you remove.

Let me know if you want to remove them.

C:\Program Files\Application Updater\ApplicationUpdater.exe

C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe

uURLSearchHooks: YTD Toolbar: {f3fee66e-e034-436a-86e4-9690573bee8a} - c:\program files\ytd toolbar\ie\6.2\ytdToolbarIE.dll

TB: YTD Toolbar: {f3fee66e-e034-436a-86e4-9690573bee8a} - c:\program files\ytd toolbar\ie\6.2\ytdToolbarIE.dll

also can you......

Please find this file and upload ot ot VirusTotal for a free scan, let me know the results (just copy back the url)

http://www.virustotal.com/

http://virusscan.jotti.org/en

c:\windows\system32\drivers\gzflt.sys

MrC

Link to post
Share on other sites

if bitdefender prompts me again would I allow the process then??

Wait until we're done.

Please do this.........

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Link to post
Share on other sites

Ok i've followed all the steps and here is the log from combofix.txt

ComboFix 12-08-07.02 - Se7eN 08/07/2012 23:40:55.1.2 - x86

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.2013.948 [GMT 8:00]

Running from: c:\users\Se7eN\Desktop\ComboFix.exe

AV: Bitdefender Antivirus *Disabled/Outdated* {98CD50CE-5097-4098-9669-6C401FB3969C}

FW: Bitdefender Firewall *Enabled* {A0F6D1EB-1AF8-41C0-BD36-C575E160D1E7}

SP: Bitdefender Antispyware *Disabled/Outdated* {23ACB12A-76AD-4F16-ACD9-57326434DC21}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\1320493382.bdinstall.bin

c:\programdata\1320541090.bdinstall.bin

c:\programdata\1343471187.1332.bin

c:\programdata\1343471187.1464.bin

c:\programdata\1343471187.1820.bin

c:\programdata\1343471187.2060.bin

c:\programdata\1343471187.2640.bin

c:\programdata\1343471187.2736.bin

c:\programdata\1343471187.2960.bin

c:\programdata\1343471187.3656.bin

c:\programdata\1343471187.3716.bin

c:\programdata\1343471187.3732.bin

c:\programdata\1343471187.932.bin

c:\programdata\1344353323.bdinstall.bin

c:\programdata\1344353325.bdinstall.bin

c:\users\Se7eN\AppData\Local\Temp\26b4a1dd-e07b-48af-be4e-9642b273284b\CliSecureRT.dll

c:\windows\ST6UNST.000

c:\windows\system32\DEBUG.log

c:\windows\system32\muzapp.exe

c:\windows\system32\ui

c:\windows\system32\ui\bdidntconp.ui

.

.

((((((((((((((((((((((((( Files Created from 2012-07-07 to 2012-08-07 )))))))))))))))))))))))))))))))

.

.

2012-08-07 15:46 . 2012-08-07 15:46 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-08-07 15:29 . 2012-08-07 15:31 -------- d-----w- c:\users\Se7eN\AppData\Roaming\Bitdefender

2012-08-07 15:29 . 2012-08-07 15:30 -------- d-----w- c:\programdata\Bitdefender

2012-08-07 15:29 . 2012-04-24 07:28 340624 ----a-w- c:\windows\system32\drivers\trufos.sys

2012-08-07 15:29 . 2012-04-11 09:03 154464 ----a-w- c:\windows\system32\drivers\gzflt.sys

2012-08-07 12:22 . 2012-08-07 12:22 -------- d-----w- c:\users\Se7eN\AppData\Roaming\HPAppData

2012-08-07 01:55 . 2012-08-07 01:55 -------- d-----w- c:\program files\Oracle

2012-08-07 01:54 . 2012-08-07 01:54 -------- d-----w- c:\program files\Common Files\Java

2012-08-07 01:52 . 2012-08-07 01:53 -------- d-----w- c:\program files\Java

2012-08-05 13:14 . 2012-08-05 13:14 -------- d-----w- c:\users\Se7eN\AppData\Local\Macromedia

2012-08-05 03:00 . 2012-08-05 03:00 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll

2012-08-05 02:58 . 2012-08-05 02:58 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll

2012-08-05 02:57 . 2012-08-05 02:57 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

2012-08-05 02:57 . 2012-08-05 02:57 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll

2012-08-03 07:11 . 2012-08-03 07:11 -------- d-----w- c:\program files\Common Files\Skype

2012-08-03 06:57 . 2012-05-04 11:29 772504 ----a-w- c:\windows\system32\npDeployJava1.dll

2012-08-03 06:23 . 2012-05-01 04:44 164352 ----a-w- c:\windows\system32\profsvc.dll

2012-08-03 06:23 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\system32\msi.dll

2012-08-01 12:57 . 2012-08-01 12:57 -------- d-----w- c:\users\Se7eN\AppData\Local\bryangavino

2012-07-31 08:33 . 2012-07-31 08:33 -------- d-----w- c:\program files\YTD Toolbar

2012-07-31 08:33 . 2012-07-31 08:33 -------- d-----w- c:\program files\Common Files\Spigot

2012-07-31 08:33 . 2012-07-31 08:33 -------- d-----w- c:\program files\Application Updater

2012-07-30 12:30 . 2012-07-30 12:30 -------- d-----w- c:\users\Se7eN\AppData\Roaming\Maxthon3

2012-07-30 12:30 . 2012-07-30 12:30 -------- d-----w- c:\program files\Maxthon3

2012-07-28 11:42 . 2012-07-28 11:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-07-28 11:42 . 2012-07-03 05:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-07-28 11:33 . 2012-07-28 12:10 -------- d-----w- c:\programdata\BDLogging

2012-07-28 11:31 . 2012-04-17 06:40 72704 ----a-w- c:\windows\system32\drivers\bdvedisk.sys

2012-07-28 11:30 . 2011-11-17 09:38 63056 ----a-w- c:\windows\system32\drivers\bdsandbox.sys

2012-07-28 11:30 . 2011-11-14 12:16 74832 ----a-w- c:\windows\system32\drivers\BdfNdisf6.sys

2012-07-28 11:30 . 2009-07-14 06:27 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll

2012-07-28 11:30 . 2007-04-11 03:11 511328 ----a-w- c:\windows\capicom.dll

2012-07-28 11:29 . 2012-03-20 12:22 611520 ----a-w- c:\windows\system32\drivers\avc3.sys

2012-07-28 11:29 . 2012-02-17 08:45 447208 ----a-w- c:\windows\system32\drivers\avckf.sys

2012-07-28 11:29 . 2011-11-25 06:59 240184 ----a-w- c:\windows\system32\drivers\avchv.sys

2012-07-28 10:26 . 2012-07-28 10:42 -------- d-----w- c:\program files\Bitdefender

2012-07-28 07:30 . 2012-07-28 07:30 -------- d-----w- c:\users\Se7eN\AppData\Roaming\Malwarebytes

2012-07-28 07:30 . 2012-07-28 07:30 -------- d-----w- c:\programdata\Malwarebytes

2012-07-28 02:20 . 2012-07-28 02:20 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A38DBE21-7AFF-4FEE-9A1D-5D3BE1767696}\offreg.dll

2012-07-22 12:21 . 2012-07-22 12:21 -------- d-----w- c:\program files\Winamp Detect

2012-07-20 23:20 . 2012-06-29 08:44 6891424 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A38DBE21-7AFF-4FEE-9A1D-5D3BE1767696}\mpengine.dll

2012-07-17 11:22 . 2012-08-03 23:32 -------- d-----w- c:\users\Se7eN\AppData\Local\Facebook

2012-07-16 12:15 . 2009-11-18 17:33 79256 ----a-w- c:\windows\system32\npOGPPlugin.dll

2012-07-16 12:15 . 2009-11-18 17:33 271768 ----a-w- c:\windows\system32\OGPIEPlugin.ocx

2012-07-16 12:14 . 2012-07-16 12:49 -------- d-----w- c:\program files\OGPlanet

2012-07-11 14:41 . 2012-06-12 02:40 2345984 ----a-w- c:\windows\system32\win32k.sys

2012-07-11 13:45 . 2012-04-24 04:36 140288 ----a-w- c:\windows\system32\cryptsvc.dll

2012-07-11 13:45 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\system32\crypt32.dll

2012-07-11 13:45 . 2012-04-24 04:36 103936 ----a-w- c:\windows\system32\cryptnet.dll

2012-07-11 13:23 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe

2012-07-11 13:23 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll

2012-07-11 13:23 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll

2012-07-11 13:23 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll

2012-07-11 13:23 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll

2012-07-11 13:23 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll

2012-07-11 13:23 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll

2012-07-11 13:23 . 2012-06-02 07:19 171904 ----a-w- c:\windows\system32\wuwebv.dll

2012-07-11 13:23 . 2012-06-02 07:12 33792 ----a-w- c:\windows\system32\wuapp.exe

2012-07-09 07:11 . 2012-07-09 07:11 -------- d-----w- c:\program files\Vibrant Games

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-08-05 13:03 . 2012-04-11 08:08 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-08-05 13:03 . 2011-09-07 14:08 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-07-02 11:06 . 2012-06-30 10:43 138184 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys

2012-07-02 11:05 . 2012-06-30 10:43 183112 ----a-w- c:\windows\system32\PnkBstrB.exe

2012-06-30 10:42 . 2012-06-30 10:42 66872 ----a-w- c:\windows\system32\PnkBstrA.exe

2012-05-31 04:25 . 2011-11-06 08:45 237072 ------w- c:\windows\system32\MpSigStub.exe

2012-05-29 07:38 . 2012-03-28 14:11 330240 ----a-w- c:\windows\MASetupCaller.dll

2012-05-24 21:18 . 2012-05-24 21:18 4472832 ----a-w- c:\windows\system32\GPhotos.scr

2012-05-21 02:09 . 2012-06-04 10:43 181432 ----a-w- c:\windows\system32\drivers\ssudobex.sys

2012-05-21 02:09 . 2012-06-04 10:43 80824 ----a-w- c:\windows\system32\drivers\ssudbus.sys

2012-05-21 02:09 . 2012-06-04 10:43 181432 ----a-w- c:\windows\system32\drivers\ssudmdm.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files\Yahoo!\Companion\Installs\cpn2\yt.dll" [2012-03-21 1523512]

.

[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]

[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]

[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]

[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]

@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"

[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]

2012-02-08 00:49 22376 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox1]

@="{152C96EB-288E-4EDC-B7C6-D21F8250ADF3}"

[HKEY_CLASSES_ROOT\CLSID\{152C96EB-288E-4EDC-B7C6-D21F8250ADF3}]

2012-07-28 12:04 240920 ------w- c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox2]

@="{342DAA0B-D796-460D-8566-901E08A1CCAD}"

[HKEY_CLASSES_ROOT\CLSID\{342DAA0B-D796-460D-8566-901E08A1CCAD}]

2012-07-28 12:04 240920 ------w- c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox3]

@="{57595DAE-1AE1-4D97-A49E-67CBB53B52DF}"

[HKEY_CLASSES_ROOT\CLSID\{57595DAE-1AE1-4D97-A49E-67CBB53B52DF}]

2012-07-28 12:04 240920 ------w- c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox4]

@="{33816773-98AE-4723-ADE0-EBE54C8B5A67}"

[HKEY_CLASSES_ROOT\CLSID\{33816773-98AE-4723-ADE0-EBE54C8B5A67}]

2012-07-28 12:04 240920 ------w- c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe" [2012-05-24 6595928]

"KiesPDLR"="c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-06-08 21432]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-01-22 91520]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-09 49208]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-10-13 138008]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-10-13 171288]

"Persistence"="c:\windows\system32\igfxpers.exe" [2011-10-13 172824]

"NBAgent"="c:\program files\Nero\Nero 11\Nero BackItUp\NBAgent.exe" [2012-01-13 1493288]

"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2012-06-08 3521464]

"WinampAgent"="c:\program files\Winamp\winampa.exe" [2012-06-20 74752]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]

"SearchSettings"="c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe" [2012-07-26 1095560]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]

"Bdagent"="c:\program files\Bitdefender\Bitdefender 2013\bdagent.exe" [2012-06-25 1506784]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2011-9-6 113664]

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

"EnableLinkedConnections"= 1 (0x1)

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher

.

R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]

R3 avckf;avckf;c:\windows\system32\DRIVERS\avckf.sys [x]

R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [x]

R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x]

R3 dump_wmimmc;dump_wmimmc; [x]

R3 GGSAFERDriver;GGSAFER Driver;c:\program files\Garena Classic\safedrv.sys [x]

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [x]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [x]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]

R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [x]

R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSGB6.sys [x]

R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [x]

R3 ssudobex;SAMSUNG Mobile USB OBEX Serial Port(DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudobex.sys [x]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files\IObit\Game Booster 3\Driver\WinRing0.sys [x]

S0 avc3;avc3;c:\windows\system32\DRIVERS\avc3.sys [x]

S0 gzflt;gzflt;c:\windows\system32\DRIVERS\gzflt.sys [x]

S0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\DRIVERS\NBVol.sys [x]

S0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\DRIVERS\NBVolUp.sys [x]

S1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [x]

S1 bdfwfpf;bdfwfpf;c:\program files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [x]

S1 BDVEDISK;BDVEDISK;c:\windows\system32\DRIVERS\bdvedisk.sys [x]

S1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [x]

S2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [x]

S2 BdDesktopParental;Bitdefender Desktop Parental Control;c:\program files\Bitdefender\Bitdefender 2013\bdparentalservice.exe [x]

S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [x]

S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]

S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [x]

S2 SafeBox;SafeBox;c:\program files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe [x]

S2 UPDATESRV;Bitdefender Desktop Update Service;c:\program files\Bitdefender\Bitdefender 2013\updatesrv.exe [x]

S3 avchv;avchv Function Driver;c:\windows\system32\DRIVERS\avchv.sys [x]

S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Contents of the 'Scheduled Tasks' folder

.

2012-08-07 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-11 13:03]

.

2012-08-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3213346702-3299965334-3253153119-1000Core.job

- c:\users\Se7eN\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-13 11:26]

.

2012-08-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3213346702-3299965334-3253153119-1000UA.job

- c:\users\Se7eN\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-13 11:26]

.

2012-08-07 c:\windows\Tasks\HP Photo Creations Communicator.job

- c:\programdata\HP Photo Creations\MessageCheck.exe [2012-04-03 06:32]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

uDefault_Search_URL = hxxp://www.google.com/ie

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm

IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105

LSP: c:\program files\Bitdefender\Bitdefender 2013\BdProvider.dll

TCP: DhcpNameServer = 121.1.3.81 121.1.3.16 121.1.3.66

.

- - - - ORPHANS REMOVED - - - -

.

URLSearchHooks-{F3FEE66E-E034-436a-86E4-9690573BEE8A} - (no file)

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-3213346702-3299965334-3253153119-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]

@Denied: (2) (S-1-5-21-3213346702-3299965334-3253153119-1000)

@Denied: (2) (LocalSystem)

"Progid"="IE.AssocFile.HTM"

.

[HKEY_USERS\S-1-5-21-3213346702-3299965334-3253153119-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]

@Denied: (2) (S-1-5-21-3213346702-3299965334-3253153119-1000)

@Denied: (2) (LocalSystem)

"Progid"="IE.AssocFile.HTM"

.

[HKEY_USERS\S-1-5-21-3213346702-3299965334-3253153119-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]

@Denied: (2) (LocalSystem)

@Denied: (2) (S-1-5-21-3213346702-3299965334-3253153119-1000)

"Progid"="SafariHTML"

.

[HKEY_USERS\S-1-5-21-3213346702-3299965334-3253153119-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.svg\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="SafariHTML"

.

[HKEY_USERS\S-1-5-21-3213346702-3299965334-3253153119-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]

@Denied: (2) (S-1-5-21-3213346702-3299965334-3253153119-1000)

@Denied: (2) (LocalSystem)

"Progid"="Opera.HTML"

.

[HKEY_USERS\S-1-5-21-3213346702-3299965334-3253153119-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]

@Denied: (2) (S-1-5-21-3213346702-3299965334-3253153119-1000)

@Denied: (2) (LocalSystem)

"Progid"="Opera.HTML"

.

[HKEY_USERS\S-1-5-21-3213346702-3299965334-3253153119-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="SafariHTML"

.

[HKEY_USERS\S-1-5-21-3213346702-3299965334-3253153119-1000_Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]

@Denied: (Full) (Everyone)

"scansk"=hex(0):48,f8,76,41,56,88,71,1f,bb,b7,65,33,5a,b1,eb,9a,00,2d,1c,09,c3,

55,24,a8,8c,ee,b3,44,0c,bd,31,fb,4d,52,07,03,e0,10,0b,0c,00,00,00,00,00,00,\

.

[HKEY_USERS\S-1-5-21-3213346702-3299965334-3253153119-1000_Classes\CLSID\{c28f7db6-d259-4b6f-a002-871210405f9c}]

@Denied: (Full) (Everyone)

@Allowed: (Read) (RestrictedCode)

"Model"=dword:000000c5

"Therad"=dword:00000002

"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,

1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Bitdefender\Bitdefender 2013\vsserv.exe

c:\windows\system32\taskhost.exe

c:\program files\IObit\Game Booster 3\gbtray.exe

c:\windows\system32\PnkBstrA.exe

c:\windows\system32\sppsvc.exe

c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe

c:\windows\system32\conhost.exe

c:\program files\Bitdefender\Bitdefender 2013\BdParentalSysTray.exe

c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe

c:\program files\Yahoo!\Messenger\ymsgr_tray.exe

c:\program files\HP\Digital Imaging\bin\hpqbam08.exe

c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe

c:\program files\Windows Media Player\wmpnetwk.exe

.

**************************************************************************

.

Completion time: 2012-08-07 23:52:01 - machine was rebooted

ComboFix-quarantined-files.txt 2012-08-07 15:52

.

Pre-Run: 264,797,822,976 bytes free

Post-Run: 264,459,378,688 bytes free

.

- - End Of File - - 227107A2D97A7D0BBFE19B1AE17B49FB

can i uninstall combofix.exe now??

Link to post
Share on other sites

No don't uninstall anything yet!

Using ComboFix.......

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

4. If ComboFix wants to update.....please allow it to.

Folder::

C:\Program Files\Application Updater

c:\program files\ytd toolbar

C:\Program Files\Common Files\Spigot

Registry::

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SearchSettings"=-

DDS::

BHO: YTD Toolbar: {f3fee66e-e034-436a-86e4-9690573bee8a} - c:\program files\ytd toolbar\ie\6.2\ytdToolbarIE.dll

TB: YTD Toolbar: {f3fee66e-e034-436a-86e4-9690573bee8a} - c:\program files\ytd toolbar\ie\6.2\ytdToolbarIE.dll

ClearJavaCache::

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScript.gif

Refering to the picture above, drag CFScript into ComboFix.exe

CAUTION: Do not mouse-click ComboFix while it is running. It may cause it to stall.

After reboot, (in case it asks to reboot)......

Please provide the contents of the ComboFix log (C:\ComboFix.txt) in your next reply.

MrC

Link to post
Share on other sites

ComboFix 12-08-07.02 - Se7eN 08/08/2012 9:28.5.2 - x86 MINIMAL

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.2013.1213 [GMT 8:00]

Running from: c:\users\Se7eN\Desktop\ComboFix.exe

Command switches used :: c:\users\Se7eN\Desktop\CFScript.txt

AV: Bitdefender Antivirus *Disabled/Outdated* {98CD50CE-5097-4098-9669-6C401FB3969C}

FW: Bitdefender Firewall *Disabled* {A0F6D1EB-1AF8-41C0-BD36-C575E160D1E7}

SP: Bitdefender Antispyware *Disabled/Updated* {23ACB12A-76AD-4F16-ACD9-57326434DC21}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((( Files Created from 2012-07-08 to 2012-08-08 )))))))))))))))))))))))))))))))

.

.

2012-08-08 01:33 . 2012-08-08 01:33 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-08-07 16:36 . 2012-08-08 01:33 -------- d-----w- c:\users\Se7eN\AppData\Local\temp

2012-08-07 15:29 . 2012-08-07 15:31 -------- d-----w- c:\users\Se7eN\AppData\Roaming\Bitdefender

2012-08-07 15:29 . 2012-08-07 15:30 -------- d-----w- c:\programdata\Bitdefender

2012-08-07 15:29 . 2012-04-24 07:28 340624 ----a-w- c:\windows\system32\drivers\trufos.sys

2012-08-07 15:29 . 2012-04-11 09:03 154464 ----a-w- c:\windows\system32\drivers\gzflt.sys

2012-08-07 12:22 . 2012-08-07 12:22 -------- d-----w- c:\users\Se7eN\AppData\Roaming\HPAppData

2012-08-07 01:55 . 2012-08-07 01:55 -------- d-----w- c:\program files\Oracle

2012-08-07 01:54 . 2012-08-07 01:54 -------- d-----w- c:\program files\Common Files\Java

2012-08-07 01:52 . 2012-08-07 01:53 -------- d-----w- c:\program files\Java

2012-08-05 13:14 . 2012-08-05 13:14 -------- d-----w- c:\users\Se7eN\AppData\Local\Macromedia

2012-08-05 03:00 . 2012-08-05 03:00 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll

2012-08-05 02:58 . 2012-08-05 02:58 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll

2012-08-05 02:57 . 2012-08-05 02:57 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

2012-08-05 02:57 . 2012-08-05 02:57 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll

2012-08-03 07:11 . 2012-08-03 07:11 -------- d-----w- c:\program files\Common Files\Skype

2012-08-03 06:57 . 2012-05-04 11:29 772504 ----a-w- c:\windows\system32\npDeployJava1.dll

2012-08-03 06:23 . 2012-05-01 04:44 164352 ----a-w- c:\windows\system32\profsvc.dll

2012-08-03 06:23 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\system32\msi.dll

2012-08-01 12:57 . 2012-08-01 12:57 -------- d-----w- c:\users\Se7eN\AppData\Local\bryangavino

2012-07-30 12:30 . 2012-07-30 12:30 -------- d-----w- c:\users\Se7eN\AppData\Roaming\Maxthon3

2012-07-30 12:30 . 2012-07-30 12:30 -------- d-----w- c:\program files\Maxthon3

2012-07-28 11:42 . 2012-07-28 11:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-07-28 11:42 . 2012-07-03 05:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-07-28 11:33 . 2012-07-28 12:10 -------- d-----w- c:\programdata\BDLogging

2012-07-28 11:31 . 2012-04-17 06:40 72704 ----a-w- c:\windows\system32\drivers\bdvedisk.sys

2012-07-28 11:30 . 2011-11-17 09:38 63056 ----a-w- c:\windows\system32\drivers\bdsandbox.sys

2012-07-28 11:30 . 2011-11-14 12:16 74832 ----a-w- c:\windows\system32\drivers\BdfNdisf6.sys

2012-07-28 11:30 . 2009-07-14 06:27 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll

2012-07-28 11:30 . 2007-04-11 03:11 511328 ----a-w- c:\windows\capicom.dll

2012-07-28 11:29 . 2012-03-20 12:22 611520 ----a-w- c:\windows\system32\drivers\avc3.sys

2012-07-28 11:29 . 2012-02-17 08:45 447208 ----a-w- c:\windows\system32\drivers\avckf.sys

2012-07-28 11:29 . 2011-11-25 06:59 240184 ----a-w- c:\windows\system32\drivers\avchv.sys

2012-07-28 10:26 . 2012-07-28 10:42 -------- d-----w- c:\program files\Bitdefender

2012-07-28 07:30 . 2012-07-28 07:30 -------- d-----w- c:\users\Se7eN\AppData\Roaming\Malwarebytes

2012-07-28 07:30 . 2012-07-28 07:30 -------- d-----w- c:\programdata\Malwarebytes

2012-07-28 02:20 . 2012-07-28 02:20 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A38DBE21-7AFF-4FEE-9A1D-5D3BE1767696}\offreg.dll

2012-07-22 12:21 . 2012-07-22 12:21 -------- d-----w- c:\program files\Winamp Detect

2012-07-20 23:20 . 2012-06-29 08:44 6891424 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A38DBE21-7AFF-4FEE-9A1D-5D3BE1767696}\mpengine.dll

2012-07-17 11:22 . 2012-08-03 23:32 -------- d-----w- c:\users\Se7eN\AppData\Local\Facebook

2012-07-16 12:15 . 2009-11-18 17:33 79256 ----a-w- c:\windows\system32\npOGPPlugin.dll

2012-07-16 12:15 . 2009-11-18 17:33 271768 ----a-w- c:\windows\system32\OGPIEPlugin.ocx

2012-07-16 12:14 . 2012-07-16 12:49 -------- d-----w- c:\program files\OGPlanet

2012-07-11 14:41 . 2012-06-12 02:40 2345984 ----a-w- c:\windows\system32\win32k.sys

2012-07-11 13:45 . 2012-04-24 04:36 140288 ----a-w- c:\windows\system32\cryptsvc.dll

2012-07-11 13:45 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\system32\crypt32.dll

2012-07-11 13:45 . 2012-04-24 04:36 103936 ----a-w- c:\windows\system32\cryptnet.dll

2012-07-11 13:23 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe

2012-07-11 13:23 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll

2012-07-11 13:23 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll

2012-07-11 13:23 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll

2012-07-11 13:23 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll

2012-07-11 13:23 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll

2012-07-11 13:23 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll

2012-07-11 13:23 . 2012-06-02 07:19 171904 ----a-w- c:\windows\system32\wuwebv.dll

2012-07-11 13:23 . 2012-06-02 07:12 33792 ----a-w- c:\windows\system32\wuapp.exe

2012-07-09 07:11 . 2012-07-09 07:11 -------- d-----w- c:\program files\Vibrant Games

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-08-05 13:03 . 2012-04-11 08:08 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-08-05 13:03 . 2011-09-07 14:08 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-07-02 11:06 . 2012-06-30 10:43 138184 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys

2012-07-02 11:05 . 2012-06-30 10:43 183112 ----a-w- c:\windows\system32\PnkBstrB.exe

2012-06-30 10:42 . 2012-06-30 10:42 66872 ----a-w- c:\windows\system32\PnkBstrA.exe

2012-05-31 04:25 . 2011-11-06 08:45 237072 ------w- c:\windows\system32\MpSigStub.exe

2012-05-29 07:38 . 2012-03-28 14:11 330240 ----a-w- c:\windows\MASetupCaller.dll

2012-05-24 21:18 . 2012-05-24 21:18 4472832 ----a-w- c:\windows\system32\GPhotos.scr

2012-05-21 02:09 . 2012-06-04 10:43 181432 ----a-w- c:\windows\system32\drivers\ssudobex.sys

2012-05-21 02:09 . 2012-06-04 10:43 80824 ----a-w- c:\windows\system32\drivers\ssudbus.sys

2012-05-21 02:09 . 2012-06-04 10:43 181432 ----a-w- c:\windows\system32\drivers\ssudmdm.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files\Yahoo!\Companion\Installs\cpn2\yt.dll" [2012-03-21 1523512]

.

[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]

[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]

[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]

[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]

@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"

[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]

2012-02-08 00:49 22376 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox1]

@="{152C96EB-288E-4EDC-B7C6-D21F8250ADF3}"

[HKEY_CLASSES_ROOT\CLSID\{152C96EB-288E-4EDC-B7C6-D21F8250ADF3}]

2012-07-28 12:04 240920 ------w- c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox2]

@="{342DAA0B-D796-460D-8566-901E08A1CCAD}"

[HKEY_CLASSES_ROOT\CLSID\{342DAA0B-D796-460D-8566-901E08A1CCAD}]

2012-07-28 12:04 240920 ------w- c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox3]

@="{57595DAE-1AE1-4D97-A49E-67CBB53B52DF}"

[HKEY_CLASSES_ROOT\CLSID\{57595DAE-1AE1-4D97-A49E-67CBB53B52DF}]

2012-07-28 12:04 240920 ------w- c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox4]

@="{33816773-98AE-4723-ADE0-EBE54C8B5A67}"

[HKEY_CLASSES_ROOT\CLSID\{33816773-98AE-4723-ADE0-EBE54C8B5A67}]

2012-07-28 12:04 240920 ------w- c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe" [2012-05-24 6595928]

"KiesPDLR"="c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-06-08 21432]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-01-22 91520]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-09 49208]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-10-13 138008]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-10-13 171288]

"Persistence"="c:\windows\system32\igfxpers.exe" [2011-10-13 172824]

"NBAgent"="c:\program files\Nero\Nero 11\Nero BackItUp\NBAgent.exe" [2012-01-13 1493288]

"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2012-06-08 3521464]

"WinampAgent"="c:\program files\Winamp\winampa.exe" [2012-06-20 74752]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]

"Bdagent"="c:\program files\Bitdefender\Bitdefender 2013\bdagent.exe" [2012-08-07 1578872]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2011-9-6 113664]

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

"EnableLinkedConnections"= 1 (0x1)

.

R0 avc3;avc3;c:\windows\system32\DRIVERS\avc3.sys [x]

R0 gzflt;gzflt;c:\windows\system32\DRIVERS\gzflt.sys [x]

R1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [x]

R1 bdfwfpf;bdfwfpf;c:\program files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [x]

R1 BDVEDISK;BDVEDISK;c:\windows\system32\DRIVERS\bdvedisk.sys [x]

R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [x]

R2 BdDesktopParental;Bitdefender Desktop Parental Control;c:\program files\Bitdefender\Bitdefender 2013\bdparentalservice.exe [x]

R2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [x]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]

R2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [x]

R2 SafeBox;SafeBox;c:\program files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe [x]

R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]

R2 UPDATESRV;Bitdefender Desktop Update Service;c:\program files\Bitdefender\Bitdefender 2013\updatesrv.exe [x]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]

R3 avckf;avckf;c:\windows\system32\DRIVERS\avckf.sys [x]

R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [x]

R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x]

R3 dump_wmimmc;dump_wmimmc; [x]

R3 GGSAFERDriver;GGSAFER Driver;c:\program files\Garena Classic\safedrv.sys [x]

R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [x]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [x]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [x]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]

R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [x]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]

R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSGB6.sys [x]

R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [x]

R3 ssudobex;SAMSUNG Mobile USB OBEX Serial Port(DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudobex.sys [x]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files\IObit\Game Booster 3\Driver\WinRing0.sys [x]

S0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\DRIVERS\NBVol.sys [x]

S0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\DRIVERS\NBVolUp.sys [x]

S3 avchv;avchv Function Driver;c:\windows\system32\DRIVERS\avchv.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Contents of the 'Scheduled Tasks' folder

.

2012-08-07 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-11 13:03]

.

2012-08-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3213346702-3299965334-3253153119-1000Core.job

- c:\users\Se7eN\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-13 11:26]

.

2012-08-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3213346702-3299965334-3253153119-1000UA.job

- c:\users\Se7eN\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-13 11:26]

.

2012-08-07 c:\windows\Tasks\HP Photo Creations Communicator.job

- c:\programdata\HP Photo Creations\MessageCheck.exe [2012-04-03 06:32]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

uDefault_Search_URL = hxxp://www.google.com/ie

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm

IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105

LSP: c:\program files\Bitdefender\Bitdefender 2013\BdProvider.dll

TCP: DhcpNameServer = 121.1.3.81 121.1.3.16 121.1.3.66

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-3213346702-3299965334-3253153119-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]

@Denied: (2) (S-1-5-21-3213346702-3299965334-3253153119-1000)

@Denied: (2) (LocalSystem)

"Progid"="IE.AssocFile.HTM"

.

[HKEY_USERS\S-1-5-21-3213346702-3299965334-3253153119-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]

@Denied: (2) (S-1-5-21-3213346702-3299965334-3253153119-1000)

@Denied: (2) (LocalSystem)

"Progid"="IE.AssocFile.HTM"

.

[HKEY_USERS\S-1-5-21-3213346702-3299965334-3253153119-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]

@Denied: (2) (LocalSystem)

@Denied: (2) (S-1-5-21-3213346702-3299965334-3253153119-1000)

"Progid"="SafariHTML"

.

[HKEY_USERS\S-1-5-21-3213346702-3299965334-3253153119-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.svg\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="SafariHTML"

.

[HKEY_USERS\S-1-5-21-3213346702-3299965334-3253153119-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]

@Denied: (2) (S-1-5-21-3213346702-3299965334-3253153119-1000)

@Denied: (2) (LocalSystem)

"Progid"="Opera.HTML"

.

[HKEY_USERS\S-1-5-21-3213346702-3299965334-3253153119-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]

@Denied: (2) (S-1-5-21-3213346702-3299965334-3253153119-1000)

@Denied: (2) (LocalSystem)

"Progid"="Opera.HTML"

.

[HKEY_USERS\S-1-5-21-3213346702-3299965334-3253153119-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="SafariHTML"

.

[HKEY_USERS\S-1-5-21-3213346702-3299965334-3253153119-1000_Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]

@Denied: (Full) (Everyone)

"scansk"=hex(0):48,f8,76,41,56,88,71,1f,bb,b7,65,33,5a,b1,eb,9a,00,2d,1c,09,c3,

55,24,a8,8c,ee,b3,44,0c,bd,31,fb,4d,52,07,03,e0,10,0b,0c,00,00,00,00,00,00,\

.

[HKEY_USERS\S-1-5-21-3213346702-3299965334-3253153119-1000_Classes\CLSID\{c28f7db6-d259-4b6f-a002-871210405f9c}]

@Denied: (Full) (Everyone)

@Allowed: (Read) (RestrictedCode)

"Model"=dword:000000c5

"Therad"=dword:00000002

"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,

1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-08-08 09:35:00

ComboFix-quarantined-files.txt 2012-08-08 01:35

ComboFix2.txt 2012-08-07 15:52

.

Pre-Run: 264,169,832,448 bytes free

Post-Run: 263,536,676,864 bytes free

.

- - End Of File - - 61F6F60A9A7DA7E818F96901BAA3B284

here's the log

Link to post
Share on other sites

Malwarebytes Anti-Malware (PRO) 1.62.0.1300

www.malwarebytes.org

Database version: v2012.08.08.05

Windows 7 Service Pack 1 x86 NTFS

Internet Explorer 9.0.8112.16421

Se7eN :: GAVINOFAMILY [administrator]

Protection: Enabled

8/8/2012 8:19:32 PM

mbam-log-2012-08-08 (20-19-32).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 198751

Time elapsed: 37 minute(s), 20 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Thanks sir. As of now eveything's fine with my computer except that after fixing the problems with comboFix, my antivirus (Bitdefender Total Security 2013) lost its other tabs and features in its interface.

(screenshot attached below)

what fix should i do with this??

any suggestion coz i might want to change my AV coz its already irritating me, I want a suggestion from you as an expert on what AV i should put on to my PC. thanks

post-116135-0-90905600-1344430107.png

Link to post
Share on other sites

2012-08-07 16:38:18 . 2012-08-07 16:38:18 115,137 ----a-w- C:\Qoobox\Quarantine\C\Users\Se7eN\AppData\Local\Temp\26b4a1dd-e07b-48af-be4e-9642b273284b\CliSecureRT.dll.vir

2012-08-07 16:35:39 . 2012-08-07 16:35:39 230 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_Application Updater.reg.dat

2012-08-07 16:20:12 . 2012-08-08 01:28:30 0 ----a-w- C:\Qoobox\Quarantine\catchme.txt

2012-08-07 15:50:45 . 2012-08-07 15:50:45 118 ----a-w- C:\Qoobox\Quarantine\Registry_backups\URLSearchHooks-{F3FEE66E-E034-436a-86E4-9690573BEE8A}.reg.dat

2012-08-07 15:44:16 . 2012-08-08 01:32:39 6,074 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg

2012-08-07 15:38:39 . 2012-08-08 01:28:30 350 ----a-w- C:\Qoobox\Quarantine\catchme.log

2012-08-07 15:30:02 . 2012-08-07 15:30:02 389,083 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\1344353325.bdinstall.bin.vir

2012-08-07 15:28:45 . 2012-08-07 15:28:45 71,156 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\1344353323.bdinstall.bin.vir

2012-07-31 08:33:14 . 2012-07-31 08:33:14 45 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Common Files\Spigot\Search Settings\config.ini.vir

2012-07-31 08:33:14 . 2012-07-31 08:33:14 33 ----a-w- C:\Qoobox\Quarantine\C\Program Files\YTD Toolbar\IE\6.2\config.ini.vir

2012-07-31 08:33:14 . 2012-07-31 08:33:14 85 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Application Updater\config.ini.vir

2012-07-28 11:30:03 . 2012-06-25 18:14:39 160,768 ----a-w- C:\Qoobox\Quarantine\C\Windows\System32\ui\bdidntconp.ui.vir

2012-07-28 10:31:33 . 2012-07-28 10:31:34 1,699 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\1343471187.932.bin.vir

2012-07-28 10:26:46 . 2012-07-28 11:35:36 186,812 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\1343471187.3656.bin.vir

2012-07-28 10:26:46 . 2012-07-28 10:26:49 8,544 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\1343471187.3716.bin.vir

2012-07-28 10:26:46 . 2012-07-28 10:26:48 13,531 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\1343471187.1332.bin.vir

2012-07-28 10:26:46 . 2012-07-28 10:42:56 1,090 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\1343471187.1820.bin.vir

2012-07-28 10:26:46 . 2012-07-28 10:30:01 1,090 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\1343471187.2060.bin.vir

2012-07-28 10:26:46 . 2012-07-28 10:43:22 7,401 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\1343471187.2640.bin.vir

2012-07-28 10:26:46 . 2012-07-28 10:26:47 3,042 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\1343471187.2960.bin.vir

2012-07-28 10:26:31 . 2012-07-28 11:35:36 751,551 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\1343471187.1464.bin.vir

2012-07-28 10:26:29 . 2012-07-28 11:35:36 37,648 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\1343471187.2736.bin.vir

2012-07-28 10:26:27 . 2012-07-28 11:35:39 102,200 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\1343471187.3732.bin.vir

2012-07-26 11:52:06 . 2012-07-26 11:52:06 23,944 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Common Files\Spigot\Search Settings\wth.dll.vir

2012-07-26 11:52:04 . 2012-07-26 11:52:04 1,095,560 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe.vir

2012-07-26 11:52:02 . 2012-07-26 11:52:02 1,213,832 ----a-w- C:\Qoobox\Quarantine\C\Program Files\YTD Toolbar\IE\6.2\ytdToolbarIE.dll.vir

2012-07-26 11:51:44 . 2012-07-26 11:51:44 69,000 ----a-w- C:\Qoobox\Quarantine\C\Program Files\YTD Toolbar\WidgiHelper.exe.vir

2012-07-26 11:40:56 . 2012-07-26 11:40:56 794,560 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Application Updater\ApplicationUpdater.exe.vir

2012-07-24 02:54:18 . 2012-07-24 02:54:18 10,107 ----a-w- C:\Qoobox\Quarantine\C\Program Files\YTD Toolbar\Res\widgets.xml.vir

2012-07-23 02:44:56 . 2012-07-23 02:44:56 15,590 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Common Files\Spigot\GC\coupons_2.1.crx.vir

2012-07-20 08:50:18 . 2012-07-20 08:50:18 4,680 ----a-w- C:\Qoobox\Quarantine\C\Program Files\YTD Toolbar\Res\Lang\res1031.ini.vir

2012-07-20 08:50:18 . 2012-07-20 08:50:18 4,432 ----a-w- C:\Qoobox\Quarantine\C\Program Files\YTD Toolbar\Res\Lang\res1033.ini.vir

2012-07-20 08:50:18 . 2012-07-20 08:50:18 4,967 ----a-w- C:\Qoobox\Quarantine\C\Program Files\YTD Toolbar\Res\Lang\res1034.ini.vir

2012-07-20 08:50:18 . 2012-07-20 08:50:18 4,916 ----a-w- C:\Qoobox\Quarantine\C\Program Files\YTD Toolbar\Res\Lang\res1036.ini.vir

2012-07-20 08:50:18 . 2012-07-20 08:50:18 4,931 ----a-w- C:\Qoobox\Quarantine\C\Program Files\YTD Toolbar\Res\Lang\res1040.ini.vir

2012-07-17 11:26:15 . 2012-08-03 22:51:09 38,715 ----a-w- C:\Qoobox\Quarantine\C\Windows\System32\DEBUG.log.vir

2012-07-11 10:53:08 . 2012-07-11 10:53:08 976 ----a-w- C:\Qoobox\Quarantine\C\Program Files\YTD Toolbar\Res\amazon.gif.vir

2012-07-11 10:53:08 . 2012-07-11 10:53:08 953 ----a-w- C:\Qoobox\Quarantine\C\Program Files\YTD Toolbar\Res\dailymotion.gif.vir

2012-07-11 10:53:08 . 2012-07-11 10:53:08 920 ----a-w- C:\Qoobox\Quarantine\C\Program Files\YTD Toolbar\Res\ebay.gif.vir

2012-07-11 10:53:08 . 2012-07-11 10:53:08 100 ----a-w- C:\Qoobox\Quarantine\C\Program Files\YTD Toolbar\Res\facebook.gif.vir

2012-07-11 10:53:08 . 2012-07-11 10:53:08 1,085 ----a-w- C:\Qoobox\Quarantine\C\Program Files\YTD Toolbar\Res\googleplus.gif.vir

2012-07-11 10:53:08 . 2012-07-11 10:53:08 945 ----a-w- C:\Qoobox\Quarantine\C\Program Files\YTD Toolbar\Res\hulu.gif.vir

2012-07-11 10:53:08 . 2012-07-11 10:53:08 899 ----a-w- C:\Qoobox\Quarantine\C\Program Files\YTD Toolbar\Res\metacafe.gif.vir

2012-07-11 10:53:08 . 2012-07-11 10:53:08 1,027 ----a-w- C:\Qoobox\Quarantine\C\Program Files\YTD Toolbar\Res\radiobeta.gif.vir

2012-07-11 10:53:08 . 2012-07-11 10:53:08 1,004 ----a-w- C:\Qoobox\Quarantine\C\Program Files\YTD Toolbar\Res\search_amazon.gif.vir

2012-07-11 10:53:08 . 2012-07-11 10:53:08 614 ----a-w- C:\Qoobox\Quarantine\C\Program Files\YTD Toolbar\Res\search_baidu.gif.vir

2012-07-11 10:53:08 . 2012-07-11 10:53:08 929 ----a-w- C:\Qoobox\Quarantine\C\Program Files\YTD Toolbar\Res\search_ebay.gif.vir

2012-07-11 10:53:08 . 2012-07-11 10:53:08 941 ----a-w- C:\Qoobox\Quarantine\C\Program Files\YTD Toolbar\Res\search_yahoo.gif.vir

2012-07-11 10:53:08 . 2012-07-11 10:53:08 327 ----a-w- C:\Qoobox\Quarantine\C\Program Files\YTD Toolbar\Res\search_yandex.gif.vir

2012-07-11 10:53:08 . 2012-07-11 10:53:08 996 ----a-w- C:\Qoobox\Quarantine\C\Program Files\YTD Toolbar\Res\search_youtube.gif.vir

2012-07-11 10:53:08 . 2012-07-11 10:53:08 166 ----a-w- C:\Qoobox\Quarantine\C\Program Files\YTD Toolbar\Res\twitter.gif.vir

2012-07-11 10:53:08 . 2012-07-11 10:53:08 1,009 ----a-w- C:\Qoobox\Quarantine\C\Program Files\YTD Toolbar\Res\veoh.gif.vir

2012-07-11 10:53:08 . 2012-07-11 10:53:08 963 ----a-w- C:\Qoobox\Quarantine\C\Program Files\YTD Toolbar\Res\youtube.gif.vir

2012-07-11 10:53:08 . 2012-07-11 10:53:08 353 ----a-w- C:\Qoobox\Quarantine\C\Program Files\YTD Toolbar\Res\ytd.gif.vir

2012-07-11 10:53:08 . 2012-07-11 10:53:08 1,306 ----a-w- C:\Qoobox\Quarantine\C\Program Files\YTD Toolbar\Res\ytd_logo.gif.vir

2012-07-11 10:53:08 . 2012-07-11 10:53:08 2,358 ----a-w- C:\Qoobox\Quarantine\C\Program Files\YTD Toolbar\Res\ytd_logo_hover.gif.vir

2012-06-27 09:31:00 . 2012-06-27 09:31:00 14,201 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Common Files\Spigot\GC\ErrorAssistant_1.0.crx.vir

2012-06-06 09:34:12 . 2012-06-06 09:34:12 1,105 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Common Files\Spigot\Search Settings\Lang\res1031.ini.vir

2012-06-06 09:34:12 . 2012-06-06 09:34:12 1,028 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Common Files\Spigot\Search Settings\Lang\res1033.ini.vir

2012-06-06 09:34:12 . 2012-06-06 09:34:12 1,156 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Common Files\Spigot\Search Settings\Lang\res1034.ini.vir

2012-06-06 09:34:12 . 2012-06-06 09:34:12 1,119 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Common Files\Spigot\Search Settings\Lang\res1036.ini.vir

2012-06-06 09:34:12 . 2012-06-06 09:34:12 1,170 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Common Files\Spigot\Search Settings\Lang\res1040.ini.vir

2011-11-06 01:59:13 . 2011-11-06 01:59:13 864,146 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\1320541090.bdinstall.bin.vir

2011-11-05 13:33:27 . 2011-11-05 13:33:27 1,378,974 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\1320493382.bdinstall.bin.vir

2011-10-31 03:22:40 . 2011-10-31 03:22:40 172,032 ----a-w- C:\Qoobox\Quarantine\C\Windows\System32\muzapp.exe.vir

2011-10-27 08:42:04 . 2011-10-27 08:42:04 258 ----a-w- C:\Qoobox\Quarantine\C\Program Files\YTD Toolbar\Res\radio-close.gif.vir

2011-10-27 08:42:04 . 2011-10-27 08:42:04 237 ----a-w- C:\Qoobox\Quarantine\C\Program Files\YTD Toolbar\Res\radio-minimize.gif.vir

2011-10-02 01:38:54 . 2011-10-02 01:38:54 303 ----a-w- C:\Qoobox\Quarantine\C\Windows\ST6UNST.000.vir

2011-09-26 12:40:18 . 2011-09-26 12:40:18 1,837 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Common Files\Spigot\Search Settings\yandex_ff.xml.vir

2011-09-26 09:48:52 . 2011-09-26 09:48:52 3,958 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Common Files\Spigot\Search Settings\baidu_ff.xml.vir

2011-09-23 10:02:32 . 2012-07-31 08:33:14 470 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Common Files\Spigot\Search Settings\yahoo_ie.xml.vir

2011-09-23 04:15:30 . 2011-09-23 04:15:30 416 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Common Files\Spigot\Search Settings\baidu_ie.xml.vir

2011-09-23 04:15:30 . 2011-09-23 04:15:30 494 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Common Files\Spigot\Search Settings\yandex_ie.xml.vir

2010-09-23 10:55:40 . 2012-07-31 08:33:14 888 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Common Files\Spigot\Search Settings\yahoo_ff.xml.vir

2009-06-10 12:15:14 . 2009-06-10 12:15:14 941 ----a-w- C:\Qoobox\Quarantine\C\Program Files\YTD Toolbar\Res\icon_settings.gif.vir

2008-12-30 04:22:36 . 2008-12-30 04:22:36 1,029 ----a-w- C:\Qoobox\Quarantine\C\Program Files\YTD Toolbar\Res\search-button-hover.gif.vir

2008-12-30 04:22:36 . 2008-12-30 04:22:36 1,037 ----a-w- C:\Qoobox\Quarantine\C\Program Files\YTD Toolbar\Res\search-button.gif.vir

2008-12-30 04:22:36 . 2008-12-30 04:22:36 948 ----a-w- C:\Qoobox\Quarantine\C\Program Files\YTD Toolbar\Res\search-chevron-hover.gif.vir

2008-12-30 04:22:36 . 2008-12-30 04:22:36 846 ----a-w- C:\Qoobox\Quarantine\C\Program Files\YTD Toolbar\Res\search-chevron.gif.vir

Thanks for your suggestion but do you think ESET Smart Security 5 would be a great substitute?? coz MY sister bought a cd of this antivirus for her laptop which is good for 3 pc's.

Link to post
Share on other sites

Thanks for your suggestion but do you think ESET Smart Security 5 would be a great substitute?? coz MY sister bought a cd of this antivirus for her laptop which is good for 3 pc's.

Yes, that's a great AV.

So we don't have to worry about Bitdefender?

MrC

Link to post
Share on other sites

another thing i want to ask, why'd you chose MSE over other AV??

It's free and very good.

----------------------------

How to uninstall BitDefender:

http://www.bitdefend...fender-333.html

So regarding my computer issues, is everything fixed? and can I uninstall the combofix and the DDS,src from my machine?

A little clean up to do....

Please Uninstall ComboFix: (if you used it)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

cf2.jpg

Then hit enter.

This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall)

---------------------------------

Please download OTL from one of the links below: (you may already have OTL on the system)

http://oldtimer.geekstogo.com/OTL.exe

http://oldtimer.geekstogo.com/OTL.com

http://www.itxassoci...T-Tools/OTL.exe

Save it to your desktop.

Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)

Any other programs or logs you can manually delete.

IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, etc....

-------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.