Jump to content

services.exe infected

mikeg37

By mikeg37
in Resolved Malware Removal Logs

 Share

Recommended Posts

mikeg37

mikeg37

Posted
Posted

Hello,

I keep getting an alert from AVG saying that a threat was detected. More specifically, it's services.exe that is infected with a "Trojan horse Droppper.Generic_c.MMI". I've been going through similar posts for a while, but can't seem to fix it and don't want to mess anything up. Any help that could be given would be greatly appreciated..

Thanks in advance!!

Link to post
Share on other sites
MrCharlie

MrCharlie

Posted
Posted

Welcome to the forum, please start at the link below:

http://forums.malwar...?showtopic=9573

Post back the 2 logs here.....DDS.txt and Attach.txt

<====><====><====><====><====><====><====><====>

Next.......

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller to your desktop.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

MrC

Link to post
Share on other sites
mikeg37

mikeg37

Posted
  • Author
Posted

Ok, I've completed the steps as requested. I wasn't sure if you need all logs, but i posted them all in the order; DDS, Attach, RKreport, MBAM log.

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1

Run by Mike at 15:36:57 on 2012-08-11

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3893.1642 [GMT -7:00]

.

AV: AVG Internet Security *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Internet Security *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: AVG Firewall *Enabled* {621CC794-9486-F902-D092-0484E8EA828B}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Program Files (x86)\AVG\AVG9\avgchsva.exe

C:\Program Files (x86)\AVG\AVG9\avgrsa.exe

C:\Windows\system32\lsm.exe

C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\Dell\DellDock\DockLogin.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\WLANExt.exe

C:\Windows\system32\conhost.exe

C:\Windows\System32\spoolsv.exe

C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe

C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe

C:\Program Files (x86)\AVG\AVG9\avgfws9.exe

C:\Program Files\Bonjour\mDNSResponder.exe

c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Windows\system32\lxdecoms.exe

C:\ProgramData\Rpcnet\Bin\rpcld.exe

C:\Windows\SysWOW64\rpcnet.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\Dell\QuickSet\quickset.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\Dell\DellDock\DellDock.exe

C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe

C:\Program Files (x86)\AVG\AVG9\avgtray.exe

C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe

C:\Program Files (x86)\AVG\AVG9\avgemc.exe

C:\Windows\system32\conhost.exe

C:\Program Files (x86)\AVG\AVG9\avgam.exe

C:\Program Files (x86)\AVG\AVG9\avgnsa.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe

C:\Program Files (x86)\AVG\AVG9\avgcsrvx.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe

C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe

c:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

\\.\globalroot\systemroot\Installer\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\U

C:\Program Files (x86)\iTunes\iTunes.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe

C:\Windows\system32\conhost.exe

C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe

C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe

C:\Windows\system32\conhost.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\ATH.exe

C:\Windows\system32\conhost.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\ATH.exe

C:\Windows\system32\conhost.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\igfxsrvc.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = g.msn.com/USCON/1

uDefault_Page_URL = g.msn.com/USCON/1

uInternet Settings,ProxyOverride = *.local

mWinlogon: Userinit=userinit.exe

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll

TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

uRun: [Google Update] "C:\Users\Mike\AppData\Local\Google\Update\GoogleUpdate.exe" /c

uRun: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe

uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"

mRun: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe

mRun: [dellsupportcenter] "c:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

StartupFolder: C:\Users\Mike\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files (x86)\Dell\DellDock\DellDock.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000

IE: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL

Trusted Zone: intuit.com\ttlc

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{ED415B2E-B18E-4C1D-8293-57C23202AD79} : DhcpNameServer = 10.50.0.1 10.50.0.2 10.50.0.3

TCP: Interfaces\{FAF3D3D8-AB7E-4C43-91AE-5E076FD3E9C8} : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{FAF3D3D8-AB7E-4C43-91AE-5E076FD3E9C8}\2656C6B696E6534376 : DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11

TCP: Interfaces\{FAF3D3D8-AB7E-4C43-91AE-5E076FD3E9C8}\3416D60757373416E64697D223E24374D27657563747 : DhcpNameServer = 192.168.3.1

TCP: Interfaces\{FAF3D3D8-AB7E-4C43-91AE-5E076FD3E9C8}\4646D2772747 : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{FAF3D3D8-AB7E-4C43-91AE-5E076FD3E9C8}\5514055726C69636 : DhcpNameServer = 128.196.11.234 128.196.11.233

TCP: Interfaces\{FAF3D3D8-AB7E-4C43-91AE-5E076FD3E9C8}\551475966496 : DhcpNameServer = 128.196.11.234 128.196.11.233

TCP: Interfaces\{FAF3D3D8-AB7E-4C43-91AE-5E076FD3E9C8}\7796767696E637765627265627 : DhcpNameServer = 192.168.1.1

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll

BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File

BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

BHO-X64: Search Helper - No File

BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO-X64: SkypeIEPluginBHO - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll

TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun-x64: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"

mRun-x64: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe

mRun-x64: [dellsupportcenter] "c:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRunOnce-x64: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\hkd0lpyv.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q=

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/webhp?hl=en

FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q=

FF - component: C:\Program Files (x86)\AVG\AVG9\Firefox\components\avgssff.dll

FF - component: C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\hkd0lpyv.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.dll

FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Users\Mike\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll

FF - plugin: C:\Windows\SysWOW64\npmproxy.dll

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSErHrw7a;AVG9IDSErHr;C:\Windows\system32\Drivers\AVGIDSwa.sys --> C:\Windows\system32\Drivers\AVGIDSwa.sys [?]

R0 AvgRkx64;avgrkx64.sys;C:\Windows\system32\Drivers\avgrkx64.sys --> C:\Windows\system32\Drivers\avgrkx64.sys [?]

R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]

R1 Avgfwfd;AVG network filter service;C:\Windows\system32\DRIVERS\avgfwd6a.sys --> C:\Windows\system32\DRIVERS\avgfwd6a.sys [?]

R1 AvgLdx64;AVG AVI Loader Driver x64;C:\Windows\system32\Drivers\avgldx64.sys --> C:\Windows\system32\Drivers\avgldx64.sys [?]

R1 AvgMfx64;AVG On-access Scanner Minifilter Driver x64;C:\Windows\system32\Drivers\avgmfx64.sys --> C:\Windows\system32\Drivers\avgmfx64.sys [?]

R1 AvgTdiA;AVG Network Redirector x64;C:\Windows\system32\Drivers\avgtdia.sys --> C:\Windows\system32\Drivers\avgtdia.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2010-7-10 98208]

R2 avg9emc;AVG E-mail Scanner;C:\Program Files (x86)\AVG\AVG9\avgemc.exe [2010-8-10 921952]

R2 avg9wd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe [2010-8-10 308136]

R2 avgfws9;AVG Firewall;C:\Program Files (x86)\AVG\AVG9\avgfws9.exe [2010-11-24 2331544]

R2 AVGIDSAgent;AVG9IDSAgent;C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2010-8-10 5897808]

R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]

R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-8-25 13672]

R2 lxde_device;lxde_device;C:\Windows\system32\lxdecoms.exe -service --> C:\Windows\system32\lxdecoms.exe -service [?]

R2 rpcld;Remote Procedure Call (RPC) LD;C:\ProgramData\Rpcnet\Bin\rpcld.exe --> C:\ProgramData\Rpcnet\Bin\rpcld.exe [?]

R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-7-9 2320920]

R3 AVGIDSDriverw7a;AVG9IDSDriver;C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN764\AVGIDSDriver.sys [2010-8-10 132688]

R3 AVGIDSFilterw7a;AVG9IDSFilter;C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN764\AVGIDSFilter.sys [2010-8-10 35920]

R3 BcmVWL;Broadcom Virtual Wireless;C:\Windows\system32\DRIVERS\bcmvwl64.sys --> C:\Windows\system32\DRIVERS\bcmvwl64.sys [?]

R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]

R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]

R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]

R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]

R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-4-22 116648]

S2 lxdeCATSCustConnectService;lxdeCATSCustConnectService;C:\Windows\System32\spool\drivers\x64\3\lxdeserv.exe [2007-5-29 33712]

S3 BrSerIb;Brother MFC Serial Interface Driver(WDM);C:\Windows\system32\DRIVERS\BrSerIb.sys --> C:\Windows\system32\DRIVERS\BrSerIb.sys [?]

S3 BrUsbSIb;Brother MFC Serial USB Driver(WDM);C:\Windows\system32\DRIVERS\BrUsbSIb.sys --> C:\Windows\system32\DRIVERS\BrUsbSIb.sys [?]

S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-4-22 116648]

S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-5 113120]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

.

=============== File Associations ===============

.

regfile="regedit.exe" "%1"

.

=============== Created Last 30 ================

.

2012-08-11 09:29:41 -------- d-----w- C:\Users\Mike\AppData\Roaming\Malwarebytes

2012-08-11 09:29:28 -------- d-----w- C:\ProgramData\Malwarebytes

2012-08-11 09:29:27 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-08-11 09:29:27 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-08-10 22:44:10 -------- d-sh--w- C:\Windows\System32\%APPDATA%

2012-08-02 03:20:49 -------- d-----w- C:\Program Files\iPod

2012-08-02 03:20:48 -------- d-----w- C:\Program Files\iTunes

2012-08-02 03:20:48 -------- d-----w- C:\Program Files (x86)\iTunes

2012-07-22 23:19:54 -------- d-----w- C:\Program Files (x86)\Oracle

2012-07-22 23:19:32 772544 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll

.

==================== Find3M ====================

.

2012-08-11 08:51:59 58288 ----a-w- C:\Windows\SysWow64\rpcnet.dll

2012-07-06 05:06:20 687544 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2012-06-12 03:08:36 3148800 ----a-w- C:\Windows\System32\win32k.sys

2012-06-08 01:25:31 13160 ----a-w- C:\Windows\SysWow64\Upgrd.exe

2012-06-08 01:25:28 58288 ------w- C:\Windows\SysWow64\rpcnet.exe

2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll

2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll

2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll

2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll

2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll

2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll

2012-06-04 17:42:57 49592 ----a-w- C:\Windows\SysWow64\pkgslv.exe

2012-06-04 17:42:56 46008 ----a-w- C:\Windows\SysWow64\pkgmgr.dll

2012-06-02 22:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll

2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll

2012-06-02 22:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe

2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll

2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys

2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys

2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys

2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll

2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll

2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll

2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll

2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll

2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll

.

============= FINISH: 15:40:23.72 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 8/10/2010 4:09:50 PM

System Uptime: 8/11/2012 2:25:09 PM (1 hours ago)

.

Motherboard: Dell Inc. | | 021CN3

Processor: Intel® Core i3 CPU M 350 @ 2.27GHz | U2E1 | 2266/133mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 283 GiB total, 63.253 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP196: 7/20/2012 12:00:05 AM - Scheduled Checkpoint

RP197: 7/22/2012 4:18:29 PM - Installed Java 7 Update 5

RP198: 7/22/2012 4:19:35 PM - Installed JavaFX 2.1.1

RP199: 7/30/2012 1:34:34 AM - Scheduled Checkpoint

RP200: 8/9/2012 1:49:07 PM - Scheduled Checkpoint

.

==== Installed Programs ======================

.

.

Update for Microsoft Office 2007 (KB2508958)

µTorrent

ABBYY FineReader 6.0 Sprint

Adobe Anchor Service CS3

Adobe Asset Services CS3

Adobe Bridge CS3

Adobe Bridge Start Meeting

Adobe Camera Raw 4.0

Adobe CMaps

Adobe Color - Photoshop Specific

Adobe Color Common Settings

Adobe Color EU Extra Settings

Adobe Color JA Extra Settings

Adobe Color NA Recommended Settings

Adobe Default Language CS3

Adobe Device Central CS3

Adobe Dreamweaver CS3

Adobe ExtendScript Toolkit 2

Adobe Extension Manager CS3

Adobe Flash Player 10 ActiveX

Adobe Fonts All

Adobe Help Viewer CS3

Adobe Linguistics CS3

Adobe PDF Library Files

Adobe Photoshop CS3

Adobe Reader 9.1.2

Adobe Setup

Adobe Stock Photos CS3

Adobe Type Support

Adobe Update Manager CS3

Adobe Version Cue CS3 Client

Adobe WinSoft Linguistics Plugin

Adobe XMP Panels CS3

Advanced Audio FX Engine

Apple Application Support

Apple Software Update

ASIO4ALL

AVG 9.0

Banctec Service Agreement

Consumer In-Home Service Agreement

D3DX10

Dell Dock

Dell Driver Download Manager

Dell Getting Started Guide

Dell Support Center (Support Software)

Dell Webcam Central

Diablo II

Diablo III

FL Studio 9

FoxyTunes for Firefox

Google Chrome

Google Earth Plug-in

Google Update Helper

GoToAssist 8.0.0.514

IL Download Manager

Intel® Graphics Media Accelerator Driver

Intel® Management Engine Components

Java Auto Updater

Java 6 Update 24

Java 7 Update 5

JavaFX 2.1.1

Junk Mail filter update

Live! Cam Avatar Creator

Malwarebytes Anti-Malware version 1.62.0.1300

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Excel MUI (English) 2007

Microsoft Office File Validation Add-In

Microsoft Office Home and Student 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Search Enhancement Pack

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Mozilla Firefox 14.0.1 (x86 en-US)

Mozilla Maintenance Service

MSVCRT

MSVCRT_amd64

PDF Settings

PoiZone

PowerDVD DX

QuickTime

Realtek High Definition Audio Driver

RollerCoaster Tycoon

Roxio Burn

Sawer

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition

Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition

Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition

Skype Toolbars

Skype™ 5.0

Toxic Biohazard

TurboTax 2010

TurboTax 2010 waziper

TurboTax 2010 WinPerFedFormset

TurboTax 2010 WinPerReleaseEngine

TurboTax 2010 WinPerTaxSupport

TurboTax 2010 wrapper

TurboTax 2011

TurboTax 2011 waziper

TurboTax 2011 WinPerFedFormset

TurboTax 2011 WinPerReleaseEngine

TurboTax 2011 WinPerTaxSupport

TurboTax 2011 wrapper

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office OneNote 2007 Help (KB963670)

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

Visual C++ 8.0 Runtime Setup Package (x64)

VLC media player 1.1.2

VLC Setup Helper 3.00

WildTangent Games

Windows Live Communications Platform

Windows Live Essentials

Windows Live Installer

Windows Live Mail

Windows Live Messenger

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live Sync

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

WinRAR

WinSCP 4.2.9

Xilisoft Video Converter Ultimate 6

.

==== Event Viewer Messages From Past Week ========

.

8/11/2012 3:22:32 PM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891

8/11/2012 3:22:32 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891

8/11/2012 1:52:01 AM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.

8/11/2012 1:51:59 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the lxdeCATSCustConnectService service to connect.

8/11/2012 1:51:59 AM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.

8/11/2012 1:51:59 AM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.

8/11/2012 1:51:59 AM, Error: Service Control Manager [7000] - The lxdeCATSCustConnectService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

.

==== End Of File ===========================

RogueKiller V7.6.6 [08/10/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User: Mike [Admin rights]

Mode: Scan -- Date: 08/11/2012 15:52:40

¤¤¤ Bad processes: 1 ¤¤¤

[sUSP PATH] rpcld.exe -- C:\ProgramData\Rpcnet\Bin\rpcld.exe -> KILLED [TermProc]

¤¤¤ Registry Entries: 7 ¤¤¤

[ZeroAccess] HKCR\[...]\InprocServer32 : (C:\Users\Mike\AppData\Local\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\n.) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

[HJ] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

[HJ] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

[HJ] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND

[HJ] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

[ZeroAccess][FILE] @ : c:\windows\installer\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\@ --> FOUND

[ZeroAccess][FOLDER] U : c:\windows\installer\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\U --> FOUND

[ZeroAccess][FOLDER] L : c:\windows\installer\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\L --> FOUND

[ZeroAccess][FILE] @ : c:\users\mike\appdata\local\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\@ --> FOUND

[ZeroAccess][FOLDER] U : c:\users\mike\appdata\local\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\U --> FOUND

[ZeroAccess][FOLDER] L : c:\users\mike\appdata\local\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\L --> FOUND

[susp.ASLR][ASLR WIPED-OFF] services.exe : c:\windows\system32\services.exe --> FOUND

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Hitachi HTS545032B9A300 +++++

--- User ---

[MBR] 5ea7e81eaf591d3ec1f78e1d30874d01

[bSP] b7b3eb14adfd50ca04b936abaf85fbb5 : Windows 7 MBR Code

Partition table:

0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 15000 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30926848 | Size: 290143 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1].txt >>

RKreport[1].txt

Malwarebytes Anti-Malware 1.62.0.1300

www.malwarebytes.org

Database version: v2012.08.11.02

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Mike :: CARLOS [administrator]

8/11/2012 3:35:21 PM

mbam-log-2012-08-11 (15-53-03).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 200800

Time elapsed: 7 minute(s), 27 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 1

HKCR\regfile\shell\open\command| (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> No action taken.

Folders Detected: 0

(No malicious items detected)

Files Detected: 2

C:\Users\Mike\Local Settings\Temporary Internet Files\Content.IE5\E5TUB8AF\calc[1].exe (RootKit.0Access) -> No action taken.

C:\Windows\Installer\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\U\00000001.@ (RootKit.0Access.H) -> No action taken.

(end)

Thanks!!

Link to post
Share on other sites
MrCharlie

MrCharlie

Posted
Posted

Please Update and run a Quick Scan with MBAM, post the report.

Make sure that everything is checked, and click Remove Selected.

-------------------------------------------

Your computer is infected with a nasty rootkit. Please read the following information first.

You're infected with Rootkit.ZeroAccess, a BackDoor Trojan.

BACKDOOR WARNING

------------------------------

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

http://www.dslreports.com/faq/10451

When Should I Format, How Should I Reinstall

http://www.dslreports.com/faq/10063

I will try my best to clean this machine but I can't guarantee that it will be 100% secure afterwards.

Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

-----------------------------------------

Please make sure system restore is running and create a new restore point before continuing!

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.

For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

How to tell > 32 or 64 bit

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:

  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:



    • Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt

    [*]Select Command Prompt

    [*]In the command window type in notepad and press Enter.

    [*]The notepad opens. Under File menu select Open.

    [*]Select "Computer" and find your flash drive letter and close the notepad.

    [*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter

    Note: Replace letter e with the drive letter of your flash drive.

    [*]The tool will start to run.

    [*]When the tool opens click Yes to disclaimer.

    [*]Press Scan button.

    [*]FRST will let you know when the scan is complete and has written the FRST.txt to file, close out this message, then type the following into the search box:

    services.exe

    [*]Now press the Search button

    [*]When the search is complete, search.txt will also be written to your USB

    [*]Type exit and reboot the computer normally

    [*]Please copy and paste both logs in your reply.(FRST.txt and Search.txt)

MrC

Link to post
Share on other sites
mikeg37

mikeg37

Posted
  • Author
Posted

I'd like to do the cleanup, but if that doesn't work I guess I'll have to reformat & reinstall. Here is the Search.txt log and the FRST.txt log:\

Farbar Recovery Scan Tool Version: 09-08-2012

Ran by SYSTEM at 2012-08-11 19:28:39

Running from F:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

[2009-07-13 18:19] - [2009-07-13 20:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\services.exe

[2009-07-13 18:19] - [2009-07-13 20:39] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06

====== End Of Search ======

Scan result of Farbar Recovery Scan Tool Version: 09-08-2012

Ran by SYSTEM at 11-08-2012 19:26:28

Running from F:\

Windows 7 Home Premium (X64) OS Language: English(US)

The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1882920 2009-11-12] (Synaptics Incorporated)

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [10038304 2010-02-02] (Realtek Semiconductor)

HKLM\...\Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe [3178064 2010-01-05] (Dell Inc.)

HKLM\...\Run: [igfxTray] C:\Windows\system32\igfxtray.exe [167704 2012-01-11] (Intel Corporation)

HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [392984 2012-01-11] (Intel Corporation)

HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [417560 2012-01-11] (Intel Corporation)

HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [35696 2009-02-27] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [140520 2009-12-29] (CyberLink Corp.)

HKLM-x32\...\Run: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe [2077536 2012-01-26] (AVG Technologies CZ, s.r.o.)

HKLM-x32\...\Run: [dellsupportcenter] "c:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter [206064 2009-05-21] (SupportSoft, Inc.)

HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-07-05] (Apple Inc.)

HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-05-30] (Apple Inc.)

HKLM-x32\...\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252296 2012-01-17] (Sun Microsystems, Inc.)

HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421776 2012-06-07] (Apple Inc.)

HKU\Mike\...\Run: [Google Update] "C:\Users\Mike\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2010-11-29] (Google Inc.)

HKU\Mike\...\Run: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe [2646128 2010-11-07] (PeerBlock, LLC)

HKU\Mike\...\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe [59240 2012-02-23] (Apple Inc.)

HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [462920 2012-07-03] (Malwarebytes Corporation)

HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript [1085000 2012-07-03] (Malwarebytes Corporation)

Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]

Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

AppInit_DLLs: avgrssta.dll

Startup: C:\Users\All Users\Start Menu\Programs\Startup\Bluetooth.lnk

ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

Startup: C:\Users\Default\Start Menu\Programs\Startup\Dell Dock First Run.lnk

ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

Startup: C:\Users\Default User\Start Menu\Programs\Startup\Dell Dock First Run.lnk

ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

Startup: C:\Users\Mike\Start Menu\Programs\Startup\Dell Dock.lnk

ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

==================== Services (Whitelisted) ======

2 avg9emc; "C:\Program Files (x86)\AVG\AVG9\avgemc.exe" [921952 2010-08-10] (AVG Technologies CZ, s.r.o.)

2 avg9wd; "C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe" [308136 2010-08-10] (AVG Technologies CZ, s.r.o.)

2 avgfws9; "C:\Program Files (x86)\AVG\AVG9\avgfws9.exe" [2331544 2010-11-24] (AVG Technologies CZ, s.r.o.)

2 AVGIDSAgent; "C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe" AVGIDSAgent [5897808 2010-08-10] (AVG Technologies CZ, s.r.o.)

2 lxdeCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\x64\3\\lxdeserv.exe [33712 2007-05-29] (Lexmark International, Inc.)

2 lxde_device; C:\Windows\system32\lxdecoms.exe -service [1053104 2007-05-29] ( )

2 lxde_device; C:\Windows\SysWow64\lxdecoms.exe -service [598960 2007-05-29] ( )

2 rpcld; C:\ProgramData\Rpcnet\Bin\rpcld.exe [179120 2011-09-28] (Absolute Software Corp.)

2 UNS; "C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe" [2320920 2009-09-30] (Intel Corporation)

========================== Drivers (Whitelisted) =============

1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [29976 2010-08-10] (AVG Technologies CZ, s.r.o.)

3 AVGIDSDriverw7a; \??\C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN764\AVGIDSDriver.sys [132688 2010-08-10] (AVG Technologies CZ, s.r.o. )

0 AVGIDSErHrw7a; C:\Windows\System32\Drivers\AVGIDSwa.sys [27216 2010-08-10] (AVG Technologies CZ, s.r.o. )

3 AVGIDSFilterw7a; \??\C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN764\AVGIDSFilter.sys [35920 2010-08-10] (AVG Technologies CZ, s.r.o. )

1 AvgLdx64; C:\Windows\System32\Drivers\AvgLdx64.sys [269904 2010-08-10] (AVG Technologies CZ, s.r.o.)

1 AvgMfx64; C:\Windows\System32\Drivers\AvgMfx64.sys [35664 2011-09-12] (AVG Technologies CZ, s.r.o.)

0 AvgRkx64; C:\Windows\System32\Drivers\AvgRkx64.sys [56008 2010-08-10] (AVG Technologies CZ, s.r.o.)

1 AvgTdiA; C:\Windows\System32\Drivers\AvgTdiA.sys [317520 2011-05-05] (AVG Technologies CZ, s.r.o.)

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2012-08-11 18:30 - 2012-08-11 19:26 - 00000000 ____D C:\FRST

2012-08-11 18:28 - 2012-08-11 18:29 - 01439703 ____A (Farbar) C:\Users\Mike\Downloads\FRST64.exe

2012-08-11 17:52 - 2012-08-11 17:52 - 00002543 ____A C:\Users\Mike\Desktop\RKreport[1].txt

2012-08-11 17:51 - 2012-08-11 17:52 - 00000000 ____D C:\Users\Mike\Desktop\RK_Quarantine

2012-08-11 17:51 - 2012-08-11 17:51 - 01558528 ____A C:\Users\Mike\Downloads\RogueKiller.exe

2012-08-11 17:49 - 2012-08-11 17:49 - 00022442 ____A C:\Users\Mike\Desktop\DDS.txt

2012-08-11 17:49 - 2012-08-11 17:49 - 00008948 ____A C:\Users\Mike\Desktop\Attach.txt

2012-08-11 17:36 - 2012-08-11 17:36 - 00607260 ____R (Swearware) C:\Users\Mike\Downloads\dds.scr

2012-08-11 04:29 - 2012-08-11 04:29 - 00000000 ____D C:\Users\Mike\Application Data\Malwarebytes

2012-08-11 04:29 - 2012-08-11 04:29 - 00000000 ____D C:\Users\Mike\AppData\Roaming\Malwarebytes

2012-08-11 04:29 - 2012-08-11 04:29 - 00000000 ____D C:\Users\All Users\Malwarebytes

2012-08-11 04:29 - 2012-08-11 04:29 - 00000000 ____D C:\Users\All Users\Application Data\Malwarebytes

2012-08-11 04:29 - 2012-08-11 04:29 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-08-11 04:29 - 2012-07-03 15:46 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys

2012-08-11 04:28 - 2012-08-11 04:28 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Mike\Downloads\mbam-setup-1.62.0.1300.exe

2012-08-11 04:14 - 2012-08-11 04:14 - 02136664 ____A (Kaspersky Lab ZAO) C:\Users\Mike\Downloads\tdsskiller.exe

2012-08-10 17:44 - 2012-08-10 17:44 - 00000000 __SHD C:\Windows\System32\%APPDATA%

2012-08-01 22:20 - 2012-08-01 22:21 - 00000000 ____D C:\Program Files\iTunes

2012-08-01 22:20 - 2012-08-01 22:21 - 00000000 ____D C:\Program Files (x86)\iTunes

2012-08-01 22:20 - 2012-08-01 22:20 - 00000000 ____D C:\Program Files\iPod

2012-07-27 02:58 - 2012-07-27 03:04 - 158984228 ____A C:\Users\Mike\Downloads\win7_64-152612.zip

2012-07-22 18:19 - 2012-07-22 18:19 - 00000000 ____D C:\Program Files (x86)\Oracle

2012-07-22 18:19 - 2012-07-06 00:06 - 00772544 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll

2012-07-22 18:19 - 2012-07-06 00:06 - 00227760 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe

============ 3 Months Modified Files ========================

2012-08-11 21:22 - 2010-08-10 19:07 - 00058288 ____A (Absolute Software Corp.) C:\Windows\SysWOW64\rpcnet.dll

2012-08-11 21:21 - 2009-07-14 00:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

2012-08-11 21:21 - 2009-07-13 23:51 - 00079991 ____A C:\Windows\setupact.log

2012-08-11 21:20 - 2010-07-10 02:32 - 00050108 ____A C:\Windows\PFRO.log

2012-08-11 21:08 - 2009-07-14 00:13 - 00726270 ____A C:\Windows\System32\PerfStringBackup.INI

2012-08-11 20:54 - 2010-11-29 22:15 - 00000904 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2582827555-3901325744-1863463855-1001UA.job

2012-08-11 20:33 - 2012-04-22 19:56 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2012-08-11 18:33 - 2012-04-22 19:56 - 00000890 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2012-08-11 18:33 - 2009-07-14 00:10 - 01273303 ____A C:\Windows\WindowsUpdate.log

2012-08-11 18:29 - 2012-08-11 18:28 - 01439703 ____A (Farbar) C:\Users\Mike\Downloads\FRST64.exe

2012-08-11 17:52 - 2012-08-11 17:52 - 00002543 ____A C:\Users\Mike\Desktop\RKreport[1].txt

2012-08-11 17:51 - 2012-08-11 17:51 - 01558528 ____A C:\Users\Mike\Downloads\RogueKiller.exe

2012-08-11 17:49 - 2012-08-11 17:49 - 00022442 ____A C:\Users\Mike\Desktop\DDS.txt

2012-08-11 17:49 - 2012-08-11 17:49 - 00008948 ____A C:\Users\Mike\Desktop\Attach.txt

2012-08-11 17:36 - 2012-08-11 17:36 - 00607260 ____R (Swearware) C:\Users\Mike\Downloads\dds.scr

2012-08-11 04:28 - 2012-08-11 04:28 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Mike\Downloads\mbam-setup-1.62.0.1300.exe

2012-08-11 04:14 - 2012-08-11 04:14 - 02136664 ____A (Kaspersky Lab ZAO) C:\Users\Mike\Downloads\tdsskiller.exe

2012-08-11 04:01 - 2009-07-13 23:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2012-08-11 04:01 - 2009-07-13 23:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2012-08-10 22:01 - 2010-11-29 22:15 - 00000852 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2582827555-3901325744-1863463855-1001Core.job

2012-07-27 03:04 - 2012-07-27 02:58 - 158984228 ____A C:\Users\Mike\Downloads\win7_64-152612.zip

2012-07-22 18:18 - 2011-04-20 21:57 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe

2012-07-22 18:18 - 2011-04-20 21:57 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe

2012-07-11 23:44 - 2009-07-13 23:45 - 02265104 ____A C:\Windows\System32\FNTCACHE.DAT

2012-07-11 23:34 - 2011-07-12 21:07 - 00005390 ____A C:\Windows\IE9_main.log

2012-07-11 23:33 - 2012-07-11 23:33 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2012-07-11 23:33 - 2012-07-11 23:33 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2012-07-11 23:33 - 2012-07-11 23:33 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2012-07-11 23:33 - 2012-07-11 23:33 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2012-07-11 23:33 - 2012-07-11 23:33 - 03695416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat

2012-07-11 23:33 - 2012-07-11 23:33 - 03695416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat

2012-07-11 23:33 - 2012-07-11 23:33 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2012-07-11 23:33 - 2012-07-11 23:33 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2012-07-11 23:33 - 2012-07-11 23:33 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll

2012-07-11 23:33 - 2012-07-11 23:33 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2012-07-11 23:33 - 2012-07-11 23:33 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2012-07-11 23:33 - 2012-07-11 23:33 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2012-07-11 23:33 - 2012-07-11 23:33 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl

2012-07-11 23:33 - 2012-07-11 23:33 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2012-07-11 23:33 - 2012-07-11 23:33 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll

2012-07-11 23:33 - 2012-07-11 23:33 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2012-07-11 23:33 - 2012-07-11 23:33 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2012-07-11 23:33 - 2012-07-11 23:33 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2012-07-11 23:33 - 2012-07-11 23:33 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll

2012-07-11 23:33 - 2012-07-11 23:33 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2012-07-11 23:33 - 2012-07-11 23:33 - 00697344 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll

2012-07-11 23:33 - 2012-07-11 23:33 - 00603648 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll

2012-07-11 23:33 - 2012-07-11 23:33 - 00580608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2012-07-11 23:33 - 2012-07-11 23:33 - 00534528 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll

2012-07-11 23:33 - 2012-07-11 23:33 - 00452608 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll

2012-07-11 23:33 - 2012-07-11 23:33 - 00448512 ____A (Microsoft Corporation) C:\Windows\System32\html.iec

2012-07-11 23:33 - 2012-07-11 23:33 - 00434176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2012-07-11 23:33 - 2012-07-11 23:33 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2012-07-11 23:33 - 2012-07-11 23:33 - 00403248 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll

2012-07-11 23:33 - 2012-07-11 23:33 - 00367104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec

2012-07-11 23:33 - 2012-07-11 23:33 - 00353792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2012-07-11 23:33 - 2012-07-11 23:33 - 00353584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

2012-07-11 23:33 - 2012-07-11 23:33 - 00282112 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll

2012-07-11 23:33 - 2012-07-11 23:33 - 00267776 ____A (Microsoft Corporation) C:\Windows\System32\ieaksie.dll

2012-07-11 23:33 - 2012-07-11 23:33 - 00249344 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll

2012-07-11 23:33 - 2012-07-11 23:33 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll

2012-07-11 23:33 - 2012-07-11 23:33 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll

2012-07-11 23:33 - 2012-07-11 23:33 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll

2012-07-11 23:33 - 2012-07-11 23:33 - 00227840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieaksie.dll

2012-07-11 23:33 - 2012-07-11 23:33 - 00223232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2012-07-11 23:33 - 2012-07-11 23:33 - 00222208 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll

2012-07-11 23:33 - 2012-07-11 23:33 - 00203776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll

2012-07-11 23:33 - 2012-07-11 23:33 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll

2012-07-11 23:33 - 2012-07-11 23:33 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2012-07-11 23:33 - 2012-07-11 23:33 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe

2012-07-11 23:33 - 2012-07-11 23:33 - 00165888 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe

2012-07-11 23:33 - 2012-07-11 23:33 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakui.dll

2012-07-11 23:33 - 2012-07-11 23:33 - 00163840 ____A (Microsoft Corporation) C:\Windows\System32\ieakui.dll

2012-07-11 23:33 - 2012-07-11 23:33 - 00162304 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2012-07-11 23:33 - 2012-07-11 23:33 - 00161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll

2012-07-11 23:33 - 2012-07-11 23:33 - 00160256 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe

2012-07-11 23:33 - 2012-07-11 23:33 - 00160256 ____A (Microsoft Corporation) C:\Windows\System32\ieakeng.dll

2012-07-11 23:33 - 2012-07-11 23:33 - 00152064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe

2012-07-11 23:33 - 2012-07-11 23:33 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe

2012-07-11 23:33 - 2012-07-11 23:33 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll

2012-07-11 23:33 - 2012-07-11 23:33 - 00145920 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll

2012-07-11 23:33 - 2012-07-11 23:33 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2012-07-11 23:33 - 2012-07-11 23:33 - 00135168 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll

2012-07-11 23:33 - 2012-07-11 23:33 - 00130560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakeng.dll

2012-07-11 23:33 - 2012-07-11 23:33 - 00123392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll

2012-07-11 23:33 - 2012-07-11 23:33 - 00118784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll

2012-07-11 23:33 - 2012-07-11 23:33 - 00114176 ____A (Microsoft Corporation) C:\Windows\System32\admparse.dll

2012-07-11 23:33 - 2012-07-11 23:33 - 00111616 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll

2012-07-11 23:33 - 2012-07-11 23:33 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll

2012-07-11 23:33 - 2012-07-11 23:33 - 00103936 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll

2012-07-11 23:33 - 2012-07-11 23:33 - 00101888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\admparse.dll

2012-07-11 23:33 - 2012-07-11 23:33 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll

2012-07-11 23:33 - 2012-07-11 23:33 - 00091648 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe

2012-07-11 23:33 - 2012-07-11 23:33 - 00089088 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe

2012-07-11 23:33 - 2012-07-11 23:33 - 00089088 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe

2012-07-11 23:33 - 2012-07-11 23:33 - 00086528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll

2012-07-11 23:33 - 2012-07-11 23:33 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2012-07-11 23:33 - 2012-07-11 23:33 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll

2012-07-11 23:33 - 2012-07-11 23:33 - 00082432 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll

2012-07-11 23:33 - 2012-07-11 23:33 - 00078848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll

2012-07-11 23:33 - 2012-07-11 23:33 - 00076800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe

2012-07-11 23:33 - 2012-07-11 23:33 - 00076800 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx

2012-07-11 23:33 - 2012-07-11 23:33 - 00074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe

2012-07-11 23:33 - 2012-07-11 23:33 - 00074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2012-07-11 23:33 - 2012-07-11 23:33 - 00074240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe

2012-07-11 23:33 - 2012-07-11 23:33 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2012-07-11 23:33 - 2012-07-11 23:33 - 00066048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll

2012-07-11 23:33 - 2012-07-11 23:33 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2012-07-11 23:33 - 2012-07-11 23:33 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll

2012-07-11 23:33 - 2012-07-11 23:33 - 00063488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx

2012-07-11 23:33 - 2012-07-11 23:33 - 00055296 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll

2012-07-11 23:33 - 2012-07-11 23:33 - 00054272 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll

2012-07-11 23:33 - 2012-07-11 23:33 - 00049664 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll

2012-07-11 23:33 - 2012-07-11 23:33 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll

2012-07-11 23:33 - 2012-07-11 23:33 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll

2012-07-11 23:33 - 2012-07-11 23:33 - 00041472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll

2012-07-11 23:33 - 2012-07-11 23:33 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll

2012-07-11 23:33 - 2012-07-11 23:33 - 00035840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll

2012-07-11 23:33 - 2012-07-11 23:33 - 00031744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2012-07-11 23:33 - 2012-07-11 23:33 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll

2012-07-11 23:33 - 2012-07-11 23:33 - 00023552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll

2012-07-11 23:33 - 2012-07-11 23:33 - 00012288 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe

2012-07-11 23:33 - 2012-07-11 23:33 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe

2012-07-11 23:33 - 2012-07-11 23:33 - 00010752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe

2012-07-11 23:33 - 2012-07-11 23:33 - 00010752 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe

2012-07-11 23:26 - 2010-08-25 11:57 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe

2012-07-06 00:06 - 2012-07-22 18:19 - 00772544 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll

2012-07-06 00:06 - 2012-07-22 18:19 - 00227760 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe

2012-07-06 00:06 - 2010-08-10 18:19 - 00687544 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll

2012-07-03 15:46 - 2012-08-11 04:29 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys

2012-06-11 22:08 - 2012-07-11 23:34 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys

2012-06-09 00:43 - 2012-07-10 18:42 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll

2012-06-08 23:41 - 2012-07-10 18:42 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll

2012-06-07 20:25 - 2011-07-06 03:49 - 00013160 ____A (Absolute Software Corp.) C:\Windows\SysWOW64\Upgrd.exe

2012-06-07 20:25 - 2010-08-10 19:07 - 00058288 ____N (Absolute Software Corp.) C:\Windows\SysWOW64\rpcnet.exe

2012-06-06 01:06 - 2012-07-10 18:42 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll

2012-06-06 01:06 - 2012-07-10 18:42 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll

2012-06-06 01:02 - 2012-07-10 18:41 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll

2012-06-06 00:05 - 2012-07-10 18:42 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll

2012-06-06 00:05 - 2012-07-10 18:42 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll

2012-06-06 00:03 - 2012-07-10 18:41 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll

2012-06-04 12:42 - 2010-08-20 14:22 - 00049592 ____A (Absolute Software Corp.) C:\Windows\SysWOW64\pkgslv.exe

2012-06-04 12:42 - 2010-08-20 14:22 - 00046008 ____A (Absolute Software Corp.) C:\Windows\SysWOW64\pkgmgr.dll

2012-06-02 17:19 - 2012-06-22 15:24 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll

2012-06-02 17:19 - 2012-06-22 15:24 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll

2012-06-02 17:19 - 2012-06-22 15:24 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe

2012-06-02 17:19 - 2012-06-22 15:24 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll

2012-06-02 17:19 - 2012-06-22 15:24 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll

2012-06-02 17:19 - 2012-06-22 15:23 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll

2012-06-02 17:15 - 2012-06-22 15:24 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll

2012-06-02 17:15 - 2012-06-22 15:24 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll

2012-06-02 17:15 - 2012-06-22 15:23 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe

2012-06-02 00:50 - 2012-07-10 18:41 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys

2012-06-02 00:48 - 2012-07-10 18:41 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys

2012-06-02 00:48 - 2012-07-10 18:41 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys

2012-06-02 00:45 - 2012-07-10 18:41 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll

2012-06-02 00:44 - 2012-07-10 18:41 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll

2012-06-01 23:40 - 2012-07-10 18:41 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll

2012-06-01 23:40 - 2012-07-10 18:41 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll

2012-06-01 23:39 - 2012-07-10 18:41 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll

2012-06-01 23:34 - 2012-07-10 18:41 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll

2012-05-22 21:42 - 2011-03-25 11:14 - 00040591 ____A C:\Windows\DIIUnin.dat

ZeroAccess:

C:\Windows\Installer\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}

C:\Windows\Installer\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\@

C:\Windows\Installer\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\L

C:\Windows\Installer\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\U

C:\Windows\Installer\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\U\00000001.@

C:\Windows\Installer\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\U\80000000.@

C:\Windows\Installer\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\U\800000cb.@

ZeroAccess:

C:\Users\Mike\AppData\Local\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}

C:\Users\Mike\AppData\Local\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\@

C:\Users\Mike\AppData\Local\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\L

C:\Users\Mike\AppData\Local\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\U

========================= Known DLLs (Whitelisted) ============

========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!.

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK

HKLM\...\exefile\DefaultIcon: %1 => OK

HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 15%

Total physical RAM: 3892.52 MB

Available physical RAM: 3298.94 MB

Total Pagefile: 3890.67 MB

Available Pagefile: 3296.67 MB

Total Virtual: 8192 MB

Available Virtual: 8191.91 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:283.34 GB) (Free:63.16 GB) NTFS

2 Drive d: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:5.04 GB) NTFS ==>[system with boot components (obtained from reading drive)]

4 Drive f: (KINGSTON) (Removable) (Total:3.74 GB) (Free:3.74 GB) FAT32

5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt

-------- ------------- ------- ------- --- ---

Disk 0 Online 298 GB 0 B

Disk 1 Online 3836 MB 0 B

Partitions of Disk 0:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 OEM 100 MB 1024 KB

Partition 2 Primary 14 GB 101 MB

Partition 3 Primary 283 GB 14 GB

==================================================================================

Disk: 0

Partition 1

Type : DE

Hidden: Yes

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 4 FAT Partition 100 MB Healthy Hidden

==================================================================================

Disk: 0

Partition 2

Type : 07

Hidden: No

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 1 D RECOVERY NTFS Partition 14 GB Healthy

==================================================================================

Disk: 0

Partition 3

Type : 07

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 2 C OS NTFS Partition 283 GB Healthy

==================================================================================

Partitions of Disk 1:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 3835 MB 548 KB

==================================================================================

Disk: 1

Partition 1

Type : 0B

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 3 F KINGSTON FAT32 Removable 3835 MB Healthy

==================================================================================

Last Boot: 2012-08-08 02:00

======================= End Of Log ==========================

Thanks

Link to post
Share on other sites
MrCharlie

MrCharlie

Posted
Posted

OK, here you go......Please carefully carry out this procedure!!!!!!

Please download the attached fixlist.txt and copy it to your flashdrive.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options. (as you did before)

Run FRST64 or FRST (which ever one you're using) and press the Fix button just once and wait.

The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

MrC

Link to post
Share on other sites
mikeg37

mikeg37

Posted
  • Author
Posted

Fixlog:

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 09-08-2012

Ran by SYSTEM at 2012-08-12 12:26:24 Run:1

Running from F:\

==============================================

C:\Windows\Installer\{c614d3bf-243a-3fd7-a4fd-36cd3756874b} moved successfully.

C:\Users\Mike\AppData\Local\{c614d3bf-243a-3fd7-a4fd-36cd3756874b} moved successfully.

C:\Windows\System32\services.exe moved successfully.

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\Windows\System32\services.exe

==== End of Fixlog ====

thanks!

Link to post
Share on other sites
MrCharlie

MrCharlie

Posted
Posted

Well Done, lets run ComboFix to clear up any leftovers.

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Link to post
Share on other sites
mikeg37

mikeg37

Posted
  • Author
Posted

ComboFix.txt:

ComboFix 12-08-10.02 - Mike 08/12/2012 13:09:33.1.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3893.2283 [GMT -7:00]

Running from: c:\users\Mike\Desktop\ComboFix.exe

AV: AVG Internet Security *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

FW: AVG Firewall *Enabled* {621CC794-9486-F902-D092-0484E8EA828B}

SP: AVG Internet Security *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\Install.exe

c:\programdata\LoJackNotifier.txt

c:\programdata\SPL428E.tmp

c:\windows\SysWow64\system

c:\windows\WinRAR

c:\windows\WinRAR\uninstall.exe

.

.

((((((((((((((((((((((((( Files Created from 2012-07-12 to 2012-08-12 )))))))))))))))))))))))))))))))

.

.

2012-08-11 23:30 . 2012-08-12 00:26 -------- d-----w- C:\FRST

2012-08-11 09:29 . 2012-08-11 09:29 -------- d-----w- c:\users\Mike\AppData\Roaming\Malwarebytes

2012-08-11 09:29 . 2012-08-12 02:47 -------- d-----w- c:\programdata\Malwarebytes

2012-08-11 09:29 . 2012-08-11 09:29 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-08-11 09:29 . 2012-07-03 20:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-08-10 22:44 . 2012-08-10 22:44 -------- d-sh--w- c:\windows\system32\%APPDATA%

2012-08-02 03:20 . 2012-08-02 03:20 -------- d-----w- c:\program files\iPod

2012-08-02 03:20 . 2012-08-02 03:21 -------- d-----w- c:\program files\iTunes

2012-08-02 03:20 . 2012-08-02 03:21 -------- d-----w- c:\program files (x86)\iTunes

2012-07-22 23:20 . 2012-07-22 23:20 -------- d-----w- c:\program files (x86)\Common Files\Java

2012-07-22 23:19 . 2012-07-22 23:19 -------- d-----w- c:\program files (x86)\Oracle

2012-07-22 23:19 . 2012-07-06 05:06 772544 ----a-w- c:\windows\SysWow64\npDeployJava1.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-08-12 20:20 . 2010-08-11 00:07 58288 ----a-w- c:\windows\SysWow64\rpcnet.dll

2012-07-12 04:33 . 2012-07-12 04:33 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe

2012-07-12 04:33 . 2012-07-12 04:33 1800192 ----a-w- c:\windows\SysWow64\jscript9.dll

2012-07-12 04:33 . 2012-07-12 04:33 161792 ----a-w- c:\windows\SysWow64\msls31.dll

2012-07-12 04:33 . 2012-07-12 04:33 1129472 ----a-w- c:\windows\SysWow64\wininet.dll

2012-07-12 04:33 . 2012-07-12 04:33 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll

2012-07-12 04:33 . 2012-07-12 04:33 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll

2012-07-12 04:33 . 2012-07-12 04:33 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe

2012-07-12 04:33 . 2012-07-12 04:33 74752 ----a-w- c:\windows\SysWow64\iesetup.dll

2012-07-12 04:33 . 2012-07-12 04:33 63488 ----a-w- c:\windows\SysWow64\tdc.ocx

2012-07-12 04:33 . 2012-07-12 04:33 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll

2012-07-12 04:33 . 2012-07-12 04:33 367104 ----a-w- c:\windows\SysWow64\html.iec

2012-07-12 04:33 . 2012-07-12 04:33 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl

2012-07-12 04:33 . 2012-07-12 04:33 420864 ----a-w- c:\windows\SysWow64\vbscript.dll

2012-07-12 04:33 . 2012-07-12 04:33 35840 ----a-w- c:\windows\SysWow64\imgutil.dll

2012-07-12 04:33 . 2012-07-12 04:33 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb

2012-07-12 04:33 . 2012-07-12 04:33 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll

2012-07-12 04:33 . 2012-07-12 04:33 152064 ----a-w- c:\windows\SysWow64\wextract.exe

2012-07-12 04:33 . 2012-07-12 04:33 150528 ----a-w- c:\windows\SysWow64\iexpress.exe

2012-07-12 04:33 . 2012-07-12 04:33 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe

2012-07-12 04:33 . 2012-07-12 04:33 11776 ----a-w- c:\windows\SysWow64\mshta.exe

2012-07-12 04:33 . 2012-07-12 04:33 101888 ----a-w- c:\windows\SysWow64\admparse.dll

2012-07-12 04:33 . 2012-07-12 04:33 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe

2012-07-12 04:33 . 2012-07-12 04:33 85504 ----a-w- c:\windows\system32\jsproxy.dll

2012-07-12 04:33 . 2012-07-12 04:33 818688 ----a-w- c:\windows\system32\jscript.dll

2012-07-12 04:33 . 2012-07-12 04:33 65024 ----a-w- c:\windows\system32\pngfilt.dll

2012-07-12 04:33 . 2012-07-12 04:33 55296 ----a-w- c:\windows\system32\msfeedsbs.dll

2012-07-12 04:33 . 2012-07-12 04:33 49664 ----a-w- c:\windows\system32\imgutil.dll

2012-07-12 04:33 . 2012-07-12 04:33 267776 ----a-w- c:\windows\system32\ieaksie.dll

2012-07-12 04:33 . 2012-07-12 04:33 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-07-12 04:33 . 2012-07-12 04:33 2311680 ----a-w- c:\windows\system32\jscript9.dll

2012-07-12 04:33 . 2012-07-12 04:33 222208 ----a-w- c:\windows\system32\msls31.dll

2012-07-12 04:33 . 2012-07-12 04:33 2144768 ----a-w- c:\windows\system32\iertutil.dll

2012-07-12 04:33 . 2012-07-12 04:33 197120 ----a-w- c:\windows\system32\msrating.dll

2012-07-12 04:33 . 2012-07-12 04:33 17807360 ----a-w- c:\windows\system32\mshtml.dll

2012-07-12 04:33 . 2012-07-12 04:33 173056 ----a-w- c:\windows\system32\ieUnatt.exe

2012-07-12 04:33 . 2012-07-12 04:33 163840 ----a-w- c:\windows\system32\ieakui.dll

2012-07-12 04:33 . 2012-07-12 04:33 160256 ----a-w- c:\windows\system32\ieakeng.dll

2012-07-12 04:33 . 2012-07-12 04:33 149504 ----a-w- c:\windows\system32\occache.dll

2012-07-12 04:33 . 2012-07-12 04:33 145920 ----a-w- c:\windows\system32\iepeers.dll

2012-07-12 04:33 . 2012-07-12 04:33 1392128 ----a-w- c:\windows\system32\wininet.dll

2012-07-12 04:33 . 2012-07-12 04:33 135168 ----a-w- c:\windows\system32\IEAdvpack.dll

2012-07-12 04:33 . 2012-07-12 04:33 1346048 ----a-w- c:\windows\system32\urlmon.dll

2012-07-12 04:33 . 2012-07-12 04:33 12288 ----a-w- c:\windows\system32\mshta.exe

2012-07-12 04:33 . 2012-07-12 04:33 114176 ----a-w- c:\windows\system32\admparse.dll

2012-07-12 04:33 . 2012-07-12 04:33 10752 ----a-w- c:\windows\system32\msfeedssync.exe

2012-07-12 04:33 . 2012-07-12 04:33 96768 ----a-w- c:\windows\system32\mshtmled.dll

2012-07-12 04:33 . 2012-07-12 04:33 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

2012-07-12 04:33 . 2012-07-12 04:33 89088 ----a-w- c:\windows\system32\ie4uinit.exe

2012-07-12 04:33 . 2012-07-12 04:33 85504 ----a-w- c:\windows\system32\iesetup.dll

2012-07-12 04:33 . 2012-07-12 04:33 82432 ----a-w- c:\windows\system32\icardie.dll

2012-07-12 04:33 . 2012-07-12 04:33 76800 ----a-w- c:\windows\system32\tdc.ocx

2012-07-12 04:33 . 2012-07-12 04:33 697344 ----a-w- c:\windows\system32\msfeeds.dll

2012-07-12 04:33 . 2012-07-12 04:33 603648 ----a-w- c:\windows\system32\vbscript.dll

2012-07-12 04:33 . 2012-07-12 04:33 534528 ----a-w- c:\windows\system32\ieapfltr.dll

2012-07-12 04:33 . 2012-07-12 04:33 48640 ----a-w- c:\windows\system32\mshtmler.dll

2012-07-12 04:33 . 2012-07-12 04:33 452608 ----a-w- c:\windows\system32\dxtmsft.dll

2012-07-12 04:33 . 2012-07-12 04:33 448512 ----a-w- c:\windows\system32\html.iec

2012-07-12 04:33 . 2012-07-12 04:33 403248 ----a-w- c:\windows\system32\iedkcs32.dll

2012-07-12 04:33 . 2012-07-12 04:33 39936 ----a-w- c:\windows\system32\iernonce.dll

2012-07-12 04:33 . 2012-07-12 04:33 3695416 ----a-w- c:\windows\system32\ieapfltr.dat

2012-07-12 04:33 . 2012-07-12 04:33 30720 ----a-w- c:\windows\system32\licmgr10.dll

2012-07-12 04:33 . 2012-07-12 04:33 282112 ----a-w- c:\windows\system32\dxtrans.dll

2012-07-12 04:33 . 2012-07-12 04:33 249344 ----a-w- c:\windows\system32\webcheck.dll

2012-07-12 04:33 . 2012-07-12 04:33 248320 ----a-w- c:\windows\system32\ieui.dll

2012-07-12 04:33 . 2012-07-12 04:33 237056 ----a-w- c:\windows\system32\url.dll

2012-07-12 04:33 . 2012-07-12 04:33 165888 ----a-w- c:\windows\system32\iexpress.exe

2012-07-12 04:33 . 2012-07-12 04:33 160256 ----a-w- c:\windows\system32\wextract.exe

2012-07-12 04:33 . 2012-07-12 04:33 1494528 ----a-w- c:\windows\system32\inetcpl.cpl

2012-07-12 04:33 . 2012-07-12 04:33 111616 ----a-w- c:\windows\system32\iesysprep.dll

2012-07-12 04:33 . 2012-07-12 04:33 10924032 ----a-w- c:\windows\system32\ieframe.dll

2012-07-12 04:33 . 2012-07-12 04:33 103936 ----a-w- c:\windows\system32\inseng.dll

2012-07-12 04:26 . 2010-08-25 16:57 59701280 ----a-w- c:\windows\system32\MRT.exe

2012-07-06 05:06 . 2010-08-10 23:19 687544 ----a-w- c:\windows\SysWow64\deployJava1.dll

2012-06-12 03:08 . 2012-07-12 04:34 3148800 ----a-w- c:\windows\system32\win32k.sys

2012-06-09 05:43 . 2012-07-10 23:42 14172672 ----a-w- c:\windows\system32\shell32.dll

2012-06-08 01:25 . 2011-07-06 08:49 13160 ----a-w- c:\windows\SysWow64\Upgrd.exe

2012-06-08 01:25 . 2010-08-11 00:07 58288 ------w- c:\windows\SysWow64\rpcnet.exe

2012-06-06 06:06 . 2012-07-10 23:42 2004480 ----a-w- c:\windows\system32\msxml6.dll

2012-06-06 06:06 . 2012-07-10 23:42 1881600 ----a-w- c:\windows\system32\msxml3.dll

2012-06-06 06:02 . 2012-07-10 23:41 1133568 ----a-w- c:\windows\system32\cdosys.dll

2012-06-06 05:05 . 2012-07-10 23:42 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll

2012-06-06 05:05 . 2012-07-10 23:42 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll

2012-06-06 05:03 . 2012-07-10 23:41 805376 ----a-w- c:\windows\SysWow64\cdosys.dll

2012-06-04 17:42 . 2010-08-20 19:22 49592 ----a-w- c:\windows\SysWow64\pkgslv.exe

2012-06-04 17:42 . 2010-08-20 19:22 46008 ----a-w- c:\windows\SysWow64\pkgmgr.dll

2012-06-02 22:19 . 2012-06-22 20:24 38424 ----a-w- c:\windows\system32\wups.dll

2012-06-02 22:19 . 2012-06-22 20:24 2428952 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-02 22:19 . 2012-06-22 20:24 57880 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-02 22:19 . 2012-06-22 20:24 44056 ----a-w- c:\windows\system32\wups2.dll

2012-06-02 22:19 . 2012-06-22 20:23 186752 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-02 22:19 . 2012-06-22 20:24 701976 ----a-w- c:\windows\system32\wuapi.dll

2012-06-02 22:15 . 2012-06-22 20:24 2622464 ----a-w- c:\windows\system32\wucltux.dll

2012-06-02 22:15 . 2012-06-22 20:23 36864 ----a-w- c:\windows\system32\wuapp.exe

2012-06-02 22:15 . 2012-06-22 20:24 99840 ----a-w- c:\windows\system32\wudriver.dll

2012-06-02 05:50 . 2012-07-10 23:41 458704 ----a-w- c:\windows\system32\drivers\cng.sys

2012-06-02 05:48 . 2012-07-10 23:41 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys

2012-06-02 05:48 . 2012-07-10 23:41 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2012-06-02 05:45 . 2012-07-10 23:41 340992 ----a-w- c:\windows\system32\schannel.dll

2012-06-02 05:44 . 2012-07-10 23:41 307200 ----a-w- c:\windows\system32\ncrypt.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"PeerBlock"="c:\program files\PeerBlock\peerblock.exe" [2010-11-07 2646128]

"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-12-29 140520]

"AVG9_TRAY"="c:\progra~2\AVG\AVG9\avgtray.exe" [2012-01-26 2077536]

"dellsupportcenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-06 421888]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-08 421776]

.

c:\users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-6-16 1320288]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-1 1079584]

.

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-6-16 1320288]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"mixer3"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rpcnet]

@="Service"

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-23 116648]

R2 lxdeCATSCustConnectService;lxdeCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\lxdeserv.exe [2007-05-29 33712]

R3 BrSerIb;Brother MFC Serial Interface Driver(WDM);c:\windows\system32\DRIVERS\BrSerIb.sys [2009-07-14 281088]

R3 BrUsbSIb;Brother MFC Serial USB Driver(WDM);c:\windows\system32\DRIVERS\BrUsbSIb.sys [2009-06-10 15360]

R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-07-03 35104]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-23 116648]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-08-02 113120]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-01-07 232992]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-08-14 1255736]

S0 AVGIDSErHrw7a;AVG9IDSErHr;c:\windows\System32\Drivers\AVGIDSwa.sys [2010-08-11 27216]

S0 AvgRkx64;avgrkx64.sys;c:\windows\System32\Drivers\avgrkx64.sys [2010-08-11 56008]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]

S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys [2010-08-11 29976]

S1 AvgLdx64;AVG AVI Loader Driver x64;c:\windows\System32\Drivers\avgldx64.sys [2010-08-11 269904]

S1 AvgMfx64;AVG On-access Scanner Minifilter Driver x64;c:\windows\System32\Drivers\avgmfx64.sys [2011-09-12 35664]

S1 AvgTdiA;AVG Network Redirector x64;c:\windows\System32\Drivers\avgtdia.sys [2011-05-05 317520]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]

S2 avg9emc;AVG E-mail Scanner;c:\program files (x86)\AVG\AVG9\avgemc.exe [2010-08-11 921952]

S2 avg9wd;AVG WatchDog;c:\program files (x86)\AVG\AVG9\avgwdsvc.exe [2010-08-11 308136]

S2 avgfws9;AVG Firewall;c:\program files (x86)\AVG\AVG9\avgfws9.exe [2010-11-24 2331544]

S2 AVGIDSAgent;AVG9IDSAgent;c:\program files (x86)\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe AVGIDSAgent [x]

S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]

S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-08-26 13672]

S2 lxde_device;lxde_device;c:\windows\system32\lxdecoms.exe [2007-05-29 1053104]

S2 rpcld;Remote Procedure Call (RPC) LD;c:\programdata\Rpcnet\Bin\rpcld.exe [x]

S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-10-01 2320920]

S3 AVGIDSDriverw7a;AVG9IDSDriver;c:\program files (x86)\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN764\AVGIDSDriver.sys [2010-08-11 132688]

S3 AVGIDSFilterw7a;AVG9IDSFilter;c:\program files (x86)\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN764\AVGIDSFilter.sys [2010-08-11 35920]

S3 BcmVWL;Broadcom Virtual Wireless;c:\windows\system32\DRIVERS\bcmvwl64.sys [2010-02-02 20984]

S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-06-15 172704]

S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]

S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-11 158720]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-01-08 271872]

S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2009-12-22 74280]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

Contents of the 'Scheduled Tasks' folder

.

2012-08-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-23 00:56]

.

2012-08-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-23 00:56]

.

2012-08-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2582827555-3901325744-1863463855-1001Core.job

- c:\users\Mike\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-30 03:14]

.

2012-08-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2582827555-3901325744-1863463855-1001UA.job

- c:\users\Mike\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-30 03:14]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-02-03 10038304]

"QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2010-01-05 3178064]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-01-11 167704]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-01-11 392984]

"Persistence"="c:\windows\system32\igfxpers.exe" [2012-01-11 417560]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x1

"AppInit_DLLs"=c:\windows\System32\avgrssta.dll

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = g.msn.com/USCON/1

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000

IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

Trusted Zone: intuit.com\ttlc

TCP: DhcpNameServer = 192.168.1.1

FF - ProfilePath - c:\users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\hkd0lpyv.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q=

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/webhp?hl=en

FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q=

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

Toolbar-Locked - (no file)

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

AddRemove-WinRAR - c:\windows\WinRAR\uninstall.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-2582827555-3901325744-1863463855-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.Email.1"

.

[HKEY_USERS\S-1-5-21-2582827555-3901325744-1863463855-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.VCard.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10e.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10e.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]

@Denied: (A 2) (Everyone)

@="IFlashBroker3"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

c:\windows\SysWOW64\rpcnet.exe

c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\program files (x86)\AVG\AVG9\avgam.exe

c:\program files (x86)\AVG\AVG9\avgcsrvx.exe

c:\program files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe

c:\program files (x86)\Dell Support Center\bin\sprtsvc.exe

.

**************************************************************************

.

Completion time: 2012-08-12 13:30:00 - machine was rebooted

ComboFix-quarantined-files.txt 2012-08-12 20:30

.

Pre-Run: 67,579,289,600 bytes free

Post-Run: 69,934,338,048 bytes free

.

- - End Of File - - ABB2AADB5627E8409B306768F1942749

Link to post
Share on other sites
MrCharlie

MrCharlie

Posted
Posted

Great thumbsup.gif

A little clean up to do....

Please Uninstall ComboFix: (if you used it)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

cf2.jpg

Then hit enter.

This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall)

---------------------------------

Please download OTL from one of the links below: (you may already have OTL on the system)

http://oldtimer.geekstogo.com/OTL.exe

http://oldtimer.geekstogo.com/OTL.com

http://www.itxassociates.com/OT-Tools/OTL.exe

Save it to your desktop.

Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)

Any other programs or logs you can manually delete.

IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, etc....

-------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

Link to post
Share on other sites
Maurice Naggar

Maurice Naggar

Posted
Posted

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.