Jump to content

Backdoor tidserv!inf; Malwarebytes crashed and computer becomes unresponsive during quick scan


Recommended Posts

Hi,

I have had a Backdoor Tidserv!inf on my computer. My anti-virus Norton Internet Security was unable to remove it so after trying a couple of related Norton extensions such as Power-Eraser and the Tidserv removal tool I downloaded Malwarebytes. After performing a quick scan and detecting a number of threats such trojans, etc. Malwarebytes successfully removed them and prompted me to restart my PC. After restarting I ran another quick scan however this time it crashed. I attempted 3 or 4 more quick scans since then but every time Malwarebytes crashes and my computer becomes unresponsive. Per instructions here are the DDS logs:

DDS (Ver_2012-11-20.01) - NTFS_x86

Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.7.2

Run by Kevin at 13:24:41 on 2013-01-13

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3069.1549 [GMT -8:00]

.

AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

.

============== Running Processes ================

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\nvvsvc.exe

C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\SLsvc.exe

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\System32\spoolsv.exe

C:\Program Files\Intel\IntelDH\CCU\AlertService.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\20.2.0.19\ccSvcHst.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\DRIVERS\xaudio.exe

C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe

C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\20.2.0.19\ccSvcHst.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

C:\Program Files\Ask.com\Updater\Updater.exe

C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

C:\Program Files\Pando Networks\Media Booster\PMB.exe

C:\Program Files\Common Files\Apple\Internet Services\ubd.exe

C:\Users\Kevin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe

C:\Windows\system32\msiexec.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k hpdevmgmt

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://start.funmoods.com/?f=1&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1QzutDtDtCzy0DtCtB0AyCtBtD0C0AtA0B0AtN0D0Tzu0CtBtCzytN1L2XzutBtFtCtFtCtFtAtCtB&cr=1085946328

uWindow Title = Internet Explorer provided by Dell

mStart Page = hxxp://start.funmoods.com/?f=1&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1QzutDtDtCzy0DtCtB0AyCtBtD0C0AtA0B0AtN0D0Tzu0CtBtCzytN1L2XzutBtFtCtFtCtFtAtCtB&cr=1085946328

mSearchAssistant = hxxp://www.google.com/ie

uURLSearchHooks: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} -

mURLSearchHooks: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} -

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>

BHO: {1036AD63-AEAC-460B-9060-C96005D4DC86} - <orphaned>

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - c:\program files\conduitengine\ConduitEngine.dll

BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll

BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\program files\norton internet security\norton internet security\engine\20.2.0.19\coieplg.dll

BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\norton internet security\norton internet security\engine\20.2.0.19\ips\ipsbho.dll

BHO: Funmoods Helper Object: {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} -

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll

BHO: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} -

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Privacy Safeguard BHO: {A42D2EB4-DD31-4BB5-8AA5-8D4E04806DBE} - c:\program files\privacysafeguard\PrivacySafeGuard.dll

BHO: FrostWire Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll

TB: BitTorrentBar Toolbar: {88C7F2AA-F93F-432C-8F0E-B7D85967A527} -

TB: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - c:\program files\conduitengine\ConduitEngine.dll

TB: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} -

TB: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - c:\program files\conduitengine\ConduitEngine.dll

TB: FrostWire Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll

TB: Funmoods Toolbar: {A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} -

TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton internet security\norton internet security\engine\20.2.0.19\coieplg.dll

uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun

uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe

uRun: [steam] "c:\program files\steam\Steam.exe" -silent

uRun: [iSUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler

uRun: [EA Core] "c:\program files\electronic arts\eadm\Core.exe" -silent

uRun: [sbitunesagent] c:\program files\songbird\songbirditunesagent.exe

uRun: [Hole plus] "c:\programdata\ticksetupsetup.1fngd7q"

uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun

uRun: [Pando Media Booster] c:\program files\pando networks\media booster\PMB.exe

uRun: [MobileDocuments] c:\program files\common files\apple\internet services\ubd.exe

uRun: [spotify Web Helper] "c:\users\kevin\appdata\roaming\spotify\data\SpotifyWebHelper.exe"

uRun: [spotify] "c:\users\kevin\appdata\roaming\spotify\spotify.exe" /uri spotify:autostart

uRun: [skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun

mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide

mRun: [symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"

mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

dRun: [iSUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler

StartupFolder: c:\users\kevin\appdata\roaming\micros~1\windows\startm~1\programs\startup\lastfm~1.lnk - c:\program files\last.fm\LastFMHelper.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\apcups~1.lnk - c:\program files\apc\apc powerchute personal edition\Display.exe

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0

mPolicies-System: EnableLUA = dword:0

mPolicies-System: EnableUIADesktopToggle = dword:0

mPolicies-Explorer: NoDriveTypeAutoRun = dword:145

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: NameServer = 192.168.0.1

TCP: Interfaces\{39C7A135-16F8-45FC-9816-A71F882A2504} : DHCPNameServer = 192.168.0.1

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll

LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\24.0.1312.52\installer\setup.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

.

============= SERVICES / DRIVERS ===============

.

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1402000.013\symds.sys [2013-1-11 368288]

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1402000.013\symefa.sys [2013-1-11 927904]

R1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\nis\1402000.013\ccsetx86.sys [2013-1-11 134304]

R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_20.1.0.24\definitions\ipsdefs\20130111.002\IDSvix86.sys [2013-1-11 386720]

R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\nis\1402000.013\symtdiv.sys [2013-1-11 350368]

R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-9-23 21504]

R2 MCLServiceATL;Intel® Application Tracker;c:\program files\intel\inteldh\intel media server\shells\MCLServiceATL.exe [2006-11-18 174552]

R2 NIS;Norton Internet Security;c:\program files\norton internet security\norton internet security\engine\20.2.0.19\ccsvchst.exe [2013-1-11 143928]

R2 nmsgopro;GoProto Protocol Driver for NMS;c:\windows\system32\drivers\nmsgopro.sys [2006-9-27 28672]

R2 nmsunidr;UniDriver for NMS;c:\windows\system32\drivers\nmsunidr.sys [2006-10-19 7424]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2012-10-2 382824]

R3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);c:\windows\system32\drivers\vrtaucbl.sys [2008-12-6 50944]

R3 IntelDH;IntelDH Driver;c:\windows\system32\drivers\IntelDH.sys [2007-2-1 5504]

S1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_20.1.0.24\definitions\bashdefs\20130107.001\BHDrvx86.sys [2012-11-29 995488]

S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1402000.013\ironx86.sys [2013-1-11 175264]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-11-9 160944]

S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\steam\steamapps\common\dragon age origins\bin_ship\daupdatersvc.service.exe --> c:\program files\steam\steamapps\common\dragon age origins\bin_ship\DAUpdaterSvc.Service.exe [?]

S3 idrmkl;idrmkl;c:\users\kevin\appdata\local\temp\idrmkl.sys [2011-8-26 29696]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2013-1-13 40776]

S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2005-8-2 32512]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

S4 DQLWinService;DQLWinService;c:\program files\common files\intel\inteldh\nms\adpplugins\DQLWinService.exe [2006-10-29 208896]

S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-10-29 24652]

.

=============== Created Last 30 ================

.

2013-01-13 10:08:50 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2013-01-13 09:45:47 -------- d-----w- c:\users\kevin\appdata\roaming\Malwarebytes

2013-01-13 09:45:30 -------- d-----w- c:\programdata\Malwarebytes

2013-01-13 09:45:28 21104 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-01-13 09:45:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2013-01-12 04:42:23 350368 ----a-r- c:\windows\system32\drivers\nis\1402000.013\symtdiv.sys

2013-01-12 04:42:22 927904 ----a-w- c:\windows\system32\drivers\nis\1402000.013\symefa.sys

2013-01-12 04:42:22 368288 ----a-w- c:\windows\system32\drivers\nis\1402000.013\symds.sys

2013-01-12 04:42:22 338592 ----a-r- c:\windows\system32\drivers\nis\1402000.013\symnets.sys

2013-01-12 04:42:22 32888 ----a-r- c:\windows\system32\drivers\nis\1402000.013\srtspx.sys

2013-01-12 04:42:22 21400 ----a-r- c:\windows\system32\drivers\nis\1402000.013\symelam.sys

2013-01-12 04:42:21 586400 ----a-w- c:\windows\system32\drivers\nis\1402000.013\srtsp.sys

2013-01-12 04:42:21 175264 ----a-r- c:\windows\system32\drivers\nis\1402000.013\ironx86.sys

2013-01-12 04:42:21 134304 ----a-w- c:\windows\system32\drivers\nis\1402000.013\ccsetx86.sys

2013-01-12 04:40:54 9103 ----a-w- c:\windows\system32\drivers\nis\1402000.013\symvtcer.dat

2013-01-12 04:40:54 -------- d-----w- c:\windows\system32\drivers\nis\1402000.013

2013-01-10 07:34:52 -------- d-----r- c:\program files\Skype

2013-01-09 08:23:41 204288 ----a-w- c:\windows\system32\ncrypt.dll

2013-01-09 08:23:41 1400832 ----a-w- c:\windows\system32\msxml6.dll

2013-01-09 08:23:40 2048000 ----a-w- c:\windows\system32\win32k.sys

2012-12-23 17:22:17 9728 ----a-w- c:\windows\system32\Wdfres.dll

2012-12-23 17:22:07 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys

2012-12-23 17:22:07 16896 ----a-w- c:\windows\system32\winusb.dll

2012-12-23 17:22:07 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys

2012-12-23 17:22:06 73216 ----a-w- c:\windows\system32\WUDFSvc.dll

2012-12-23 17:22:06 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll

2012-12-23 17:22:05 526952 ----a-w- c:\windows\system32\drivers\Wdf01000.sys

2012-12-23 17:22:05 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys

2012-12-23 17:22:04 613888 ----a-w- c:\windows\system32\WUDFx.dll

2012-12-23 17:22:04 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll

2012-12-23 17:22:04 196608 ----a-w- c:\windows\system32\WUDFHost.exe

2012-12-23 17:13:18 293376 ----a-w- c:\windows\system32\atmfd.dll

2012-12-23 17:13:17 34304 ----a-w- c:\windows\system32\atmlib.dll

2012-12-23 15:52:29 75776 ----a-w- c:\windows\system32\synceng.dll

2012-12-23 15:52:28 985088 ----a-w- c:\windows\system32\crypt32.dll

2012-12-23 15:52:28 376320 ----a-w- c:\windows\system32\dpnet.dll

2012-12-23 15:52:28 23040 ----a-w- c:\windows\system32\dpnsvr.exe

2012-12-23 15:52:27 98304 ----a-w- c:\windows\system32\cryptnet.dll

2012-12-23 15:52:27 133120 ----a-w- c:\windows\system32\cryptsvc.dll

2012-12-23 15:52:23 224640 ----a-w- c:\windows\system32\drivers\volsnap.sys

2012-12-23 15:52:21 172544 ----a-w- c:\windows\system32\wintrust.dll

2012-12-23 15:52:15 2048 ----a-w- c:\windows\system32\tzres.dll

2012-12-23 15:52:02 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-12-23 15:52:02 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-12-23 15:32:06 -------- d-sh--w- C:\found.001

2012-12-18 20:07:11 106240 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll

2012-12-18 20:07:11 106240 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll

.

==================== Find3M ====================

.

2013-01-12 04:46:24 142496 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS

2013-01-09 01:21:44 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-01-09 01:21:44 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-11-14 02:09:22 1800704 ----a-w- c:\windows\system32\jscript9.dll

2012-11-14 01:58:15 1427968 ----a-w- c:\windows\system32\inetcpl.cpl

2012-11-14 01:57:37 1129472 ----a-w- c:\windows\system32\wininet.dll

2012-11-14 01:49:25 142848 ----a-w- c:\windows\system32\ieUnatt.exe

2012-11-14 01:48:27 420864 ----a-w- c:\windows\system32\vbscript.dll

2012-11-14 01:44:42 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2009-01-23 21:03:00 417792 ----a-w- c:\program files\BNUpdate.exe

2009-01-23 21:02:26 65536 ----a-w- c:\program files\SEditPTB.loc

2009-01-23 21:02:26 65536 ----a-w- c:\program files\SEditITA.loc

2009-01-23 21:02:26 65536 ----a-w- c:\program files\SEditFRA.loc

2009-01-23 21:02:26 65536 ----a-w- c:\program files\SEditESP.loc

2009-01-23 21:02:26 65536 ----a-w- c:\program files\SEditENU.loc

2009-01-23 21:02:26 65536 ----a-w- c:\program files\SEditDEU.loc

2009-01-10 07:57:42 557310 ----a-w- c:\program files\battle.snp

2009-01-10 07:57:42 409600 ----a-w- c:\program files\storm.dll

2009-01-10 07:57:42 127767 ----a-w- c:\program files\standard.snp

2009-01-10 07:57:42 1220608 ----a-w- c:\program files\StarCraft.exe

2008-12-20 06:33:26 125440 ----a-w- c:\program files\iccwc3.icc

2008-12-20 06:01:32 327680 ----a-w- c:\program files\Launcher.exe

2008-12-20 06:01:30 128512 ----a-w- c:\program files\iccscbn.icc

2008-12-19 07:46:50 24064 ----a-w- c:\program files\w3lh.dll

2008-12-07 10:07:38 691545 ----a-w- c:\program files\unins000.exe

2008-09-17 05:31:06 642560 ----a-w- c:\program files\Chaosplugin.bwl

2007-09-13 07:19:36 95232 ----a-w- c:\program files\Smackw32.dll

2007-09-13 07:19:36 662474 ----a-w- c:\program files\InstCC.exe

2007-09-13 07:19:36 315392 ----a-w- c:\program files\Riched20.dll

2007-09-13 07:19:36 150528 ----a-w- c:\program files\SEditPTG.loc

2007-08-21 10:21:08 53248 ----a-w- c:\program files\nocd1151.bwl

2007-05-18 04:51:58 1016320 ----a-w- c:\program files\StarEdit.exe

.

============= FINISH: 13:27:04.46 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft® Windows Vista™ Home Premium

Boot Device: \Device\HarddiskVolume3

Install Date: 2/1/2007 9:46:38 AM

System Uptime: 1/13/2013 1:10:07 PM (0 hours ago)

.

Motherboard: Dell Inc. | | 0WG855

Processor: Intel® Core2 CPU 6600 @ 2.40GHz | Microprocessor | 2394/1066mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 223 GiB total, 42.91 GiB free.

D: is FIXED (NTFS) - 10 GiB total, 5.6 GiB free.

E: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {4D36E97B-E325-11CE-BFC1-08002BE10318}

Description: A738UC83 IDE Controller

Device ID: ACPI\PNPA000\4&5D18F2DF&0

Manufacturer: (Standard mass storage controllers)

Name: A738UC83 IDE Controller

PNP Device ID: ACPI\PNPA000\4&5D18F2DF&0

Service: a48achfq

.

==== System Restore Points ===================

.

RP2681: 1/12/2013 10:03:20 PM - Norton_Power_Eraser_20130112220320601

.

==== Installed Programs ======================

.

Update for Microsoft Office 2007 (KB2508958)

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader 9.5.3

Adobe Shockwave Player 11.5

Age of Mythology

Age of Mythology - The Titans Expansion

AIM 7

APC PowerChute Personal Edition

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Ask Toolbar

Audiosurf

Bandisoft MPEG-1 Decoder

BioWare Premium Module: Neverwinter Nights Kingmaker

BitTorrent

BitTorrent 6.0

Bonjour

Bridge From Special K

BufferChm

Call of Duty® 4 - Modern Warfare 1.4 Patch

Call of Duty® 4 - Modern Warfare 1.5 Multiplayer Patch

Call of Duty® 4 - Modern Warfare 1.6 Patch

Call of Duty® 4 - Modern Warfare 1.7 Patch

Company of Heroes

Conduit Engine

Conexant D850 PCI V.92 Modem

Counter-Strike: Source

CustomerResearchQFolder

D1400

D1400_Help

D3DX10

DellConnect

DellSupport

Deus Ex: Game of the Year Edition

DeviceManagementQFolder

Diablo II

Digital Line Detect

DivX Setup

dj_sf_ProductContext

dj_sf_software

dj_sf_software_req

Documentation & Support Launcher

DOOM 3

DOOM II: Hell on Earth

Download Updater (AOL LLC)

EarthLink Setup Files

eSupportQFolder

Finale PrintMusic 2007

Games, Music, & Photos Launcher

GOM Player

GOMTV Streamer

Google Chrome

Google Earth

Google Update Helper

Half-Life

Half-Life 2

Half-Life 2: Lost Coast

Half-Life: Blue Shift

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

HP Customer Participation Program 8.0

HP Deskjet 8.0 Software

HP Imaging Device Functions 8.0

HP Photosmart Essential

HP Solution Center 8.0

HPProductAssistant

HPSSupply

iCloud

Intel® Matrix Storage Manager

Intel® Viiv Software

Interlok driver setup x32

iTunes

Java 7 Update 7

Java Auto Updater

Java DB 10.5.3.0

Java SE Development Kit 6 Update 22

JavaFX 2.1.1

Jeopardy! 2003

Last.fm 1.5.4.27091

LiveUpdate 3.2 (Symantec Corporation)

LiveUpdate Notice (Symantec Corporation)

LucasArts' Jedi Knight

LucasArts' Mysteries of the Sith

Malwarebytes Anti-Malware version 1.70.0.1100

MarketResearch

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2698023)

Microsoft .NET Framework 1.1 Security Update (KB2742597)

Microsoft .NET Framework 1.1 Security Update (KB979906)

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft Application Error Reporting

Microsoft AppLocale

Microsoft Games for Windows - LIVE Redistributable

Microsoft Games for Windows Marketplace

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Excel MUI (English) 2007

Microsoft Office File Validation Add-In

Microsoft Office Home and Student 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft VC9 runtime libraries

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

Microsoft Windows Application Compatibility Database

Microsoft WSE 3.0 Runtime

Microsoft XNA Framework Redistributable 4.0

MobileMe Control Panel

Modem Diagnostic Tool

Morrowind: Game of the Year

Move Networks Media Player for Internet Explorer

MSVCRT

MSXML 4.0 SP2 (KB927978)

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB941833)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML4 Parser

NetBeans IDE 6.9.1

NetWaiting

NetZeroInstallers

Nexon Game Manager

Norton Internet Security

Norton Security Scan

NVIDIA 3D Vision Driver 306.97

NVIDIA Control Panel 306.97

NVIDIA Graphics Driver 306.97

NVIDIA Install Application

NVIDIA PhysX

NVIDIA Stereoscopic 3D Driver

OGA Notifier 2.0.0048.0

OpenAL

Opposing Force

Oregon Trail II

Origin

Pando Media Booster

Penumbra

Privacy SafeGuard version 1.1

Quake

QuickTime

Rosetta Stone Version 3

Roxio Creator Audio

Roxio Creator BDAV Plugin

Roxio Creator Copy

Roxio Creator Data

Roxio Creator DE

Roxio Creator Tools

Roxio Drag-to-Disc

Roxio Express Labeler

Roxio MyDVD DE

Roxio Update Manager

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Extended (KB2416472)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Security Update for Microsoft .NET Framework 4 Extended (KB2736428)

Security Update for Microsoft .NET Framework 4 Extended (KB2742595)

Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition

Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition

Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition

Segoe UI

Sid Meier's Civilization IV

SigmaTel Audio

Skype™ 6.0

SolutionCenter

Sonic Activation Module

Source Dedicated Server

Source SDK Base - Orange Box

Spotify

Star Wars Jedi Knight Jedi Academy

Star Wars JK II Jedi Outcast

Star Wars® Knights of the Old Republic® II: The Sith Lords

Star Wars: Knights of the Old Republic

StarCraft II

Status

Steam

Super Meat Boy

SWAT 4

System Requirements Lab

Team Fortress Classic

Terraria

The Sims™ 3

The Sims™ 3 Late Night

The Ultimate DOOM

Toolbox

TrayApp

UnloadSupport

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2473228)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office OneNote 2007 Help (KB963670)

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

URL Assistant

User's Guides

VC80CRTRedist - 8.0.50727.6195

Ventrilo Client

Viewpoint Media Player

Virtual Audio Cable 4.9

Visual C++ 2008 x86 Runtime - (v9.0.30729)

Visual C++ 2008 x86 Runtime - v9.0.30729.01

Warcraft III

Warcraft III: All Products

WebReg

Winamp

Winamp Detector Plug-in

Winamp Essentials Pack

Windows Live Communications Platform

Windows Live Essentials

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

WinRAR archiver

Yahoo! Messenger

Yahoo! Software Update

.

==== Event Viewer Messages From Past Week ========

.

1/13/2013 2:25:47 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

1/13/2013 2:25:46 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

1/13/2013 2:25:40 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD BHDrvx86 ccSet_NIS DfsC eeCtrl IDSVix86 Lbd NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb spldr sptd SRTSPX SymIRON SYMTDIv tdx Wanarpv6

1/13/2013 2:25:40 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

1/13/2013 2:25:40 AM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.

1/13/2013 2:25:40 AM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.

1/13/2013 2:25:40 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

1/13/2013 2:25:40 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.

1/13/2013 2:25:40 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

1/13/2013 2:25:40 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

1/13/2013 2:25:40 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.

1/13/2013 2:25:40 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

1/13/2013 2:25:40 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.

1/13/2013 2:25:40 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

1/13/2013 2:25:40 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.

1/13/2013 2:25:40 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

1/13/2013 2:25:40 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

1/13/2013 2:25:05 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}

1/13/2013 2:25:05 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

1/13/2013 2:25:02 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

1/13/2013 2:24:50 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

1/13/2013 2:24:25 AM, Error: Microsoft-Windows-TerminalServices-LocalSessionManager [1048] - Terminal Service start failed. The relevant status code was This service cannot be started in Safe Mode .

1/13/2013 2:24:25 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service TermService with arguments "" in order to run the server: {F9A874B6-F8A8-4D73-B5A8-AB610816828B}

1/13/2013 2:24:23 AM, Error: EventLog [6008] - The previous system shutdown at 2:13:45 AM on 1/13/2013 was unexpected.

1/13/2013 2:23:42 AM, Error: sptd [4] - Driver detected an internal error in its data structures for .

1/13/2013 2:11:30 AM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.

1/13/2013 2:07:23 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Lbd Smb

1/13/2013 12:27:15 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume OS.

1/13/2013 12:27:15 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:.

1/13/2013 12:19:39 PM, Error: EventLog [6008] - The previous system shutdown at 2:34:53 AM on 1/13/2013 was unexpected.

1/13/2013 1:12:07 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx86 Lbd Smb SymIRON

1/13/2013 1:12:07 PM, Error: Service Control Manager [7005] - The LoadUserProfile call failed with the following error: Access is denied.

1/13/2013 1:12:07 PM, Error: Service Control Manager [7000] - The npkcrypt service failed to start due to the following error: The system cannot find the path specified.

1/13/2013 1:11:16 PM, Error: EventLog [6008] - The previous system shutdown at 12:27:30 PM on 1/13/2013 was unexpected.

.

==== End Of File ===========================

Thanks in advance!

Link to post
Share on other sites

Hello Kylekatarn10! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.

BACKDOOR WARNING

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

Help: I Got Hacked. Now What Do I Do?

Help: I Got Hacked. Now What Do I Do? Part II

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please let me know.

Link to post
Share on other sites

Step 1

Please uninstall the following applications:

Ask Toolbar

BitTorrent

BitTorrent 6.0

Conduit Engine

Viewpoint Media Player

Step 2

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Step 3

Please download Malwarebytes Anti-Rootkit from here.

  1. Unzip the contents to a folder in a convenient location.
  2. Open the folder where the contents were unzipped and run mbar.exe ( right click and select Run as adminsistrator for Vista and Windows 7)
  3. Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  4. Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  5. Wait while the system shuts down and the cleanup process is performed.
  6. Please post the two logs produced.

In your next reply, post the following log files:

  • Junkware Removal Tool log
  • Malwarebytes Anti-Rootkit log
  • a new fresh DDS log

Link to post
Share on other sites

Darn. So, I followed your instructions until I used the Malwarebytes Anti-Rootkit program. It crashed and caused my computer to become completely unresponsive twice, both times after discovering 19 malware at different points in each scan. Anyway, here is the JRT log and fresh DDS logs:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 4.4.2 (01.08.2013:1)

OS: Windows Vista Home Premium x86

Ran by Kevin on Sun 01/13/2013 at 16:27:21.49

Blog: http://thisisudax.blogspot.com

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

Successfully stopped: [service] viewpoint manager service

Successfully deleted: [service] viewpoint manager service

~~~ Registry Values

Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\toolbar\webbrowser\\{30f9b915-b755-4826-820b-08fba6bd249d}

Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\toolbar\webbrowser\\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}

Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\urlsearchhooks\\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}

Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}

Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\urlsearchhooks\\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}

Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{a4c272ec-ed9e-4ace-a6f2-9558c7f29ef3}

Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\main\\Start Page

Successfully repaired: [Registry Value] hkey_users\.default\software\microsoft\internet explorer\main\\Start Page

Successfully repaired: [Registry Value] hkey_users\s-1-5-18\software\microsoft\internet explorer\main\\Start Page

Successfully repaired: [Registry Value] hkey_users\s-1-5-19\software\microsoft\internet explorer\main\\Start Page

Successfully repaired: [Registry Value] hkey_users\s-1-5-20\software\microsoft\internet explorer\main\\Start Page

Successfully repaired: [Registry Value] hkey_users\S-1-5-21-2446573200-3105183575-2128207625-1001\software\microsoft\internet explorer\main\\Start Page

Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\main\\Start Page

~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_classes_root\escort.escortiepane

Successfully deleted: [Registry Key] hkey_classes_root\escort.escortiepane.1

Successfully deleted: [Registry Key] hkey_classes_root\f

Successfully deleted: [Registry Key] hkey_classes_root\funmoods.dskbnd

Successfully deleted: [Registry Key] hkey_classes_root\funmoods.dskbnd.1

Successfully deleted: [Registry Key] hkey_classes_root\funmoods.funmoodshlpr

Successfully deleted: [Registry Key] hkey_classes_root\funmoods.funmoodshlpr.1

Successfully deleted: [Registry Key] hkey_classes_root\funmoodsapp.appcore

Successfully deleted: [Registry Key] hkey_classes_root\funmoodsapp.appcore.1

Successfully deleted: [Registry Key] hkey_local_machine\software\conduit

Successfully deleted: [Registry Key] hkey_current_user\software\softonic

Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\crossrider

Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\pricegong

Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\dnu.exe

Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\escort.dll

Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\escortapp.dll

Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\escorteng.dll

Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\escortlbr.dll

Successfully deleted: [Registry Key] hkey_local_machine\software\classes\conduit.engine

Successfully deleted: [Registry Key] hkey_local_machine\software\classes\dnupdate

Successfully deleted: [Registry Key] hkey_local_machine\software\classes\dnupdater.downloaduibrowser

Successfully deleted: [Registry Key] hkey_local_machine\software\classes\dnupdater.downloaduibrowser.1

Successfully deleted: [Registry Key] hkey_local_machine\software\classes\dnupdater.downloadupdcontroller

Successfully deleted: [Registry Key] hkey_local_machine\software\classes\dnupdater.downloadupdcontroller.1

Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\active setup\installed components\{03f998b2-0e00-11d3-a498-00104b6eb52e}

Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\active setup\installed components\{1b00725b-c455-4de6-bfb6-ad540ad427cd}

Successfully deleted: [Registry Key-Heur] HKEY_LOCAL_MACHINE\software\classes\Toolbar.CT2790392

Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{02478d38-c3f9-4efb-9b51-7695eca05670}

Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{1036ad63-aeac-460b-9060-c96005d4dc86}

Successfully deleted: [Registry Key] hkey_classes_root\clsid\{75ebb0aa-4214-4cb4-90ec-e3e07ecd04f7}

Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{75ebb0aa-4214-4cb4-90ec-e3e07ecd04f7}

Successfully deleted: [Registry Key] hkey_classes_root\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}

Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}

Successfully deleted: [Registry Key] hkey_classes_root\clsid\{965b9dbe-b104-44ac-950a-8a5f97aff439}

Successfully deleted: [Registry Key] hkey_classes_root\clsid\{a42d2eb4-dd31-4bb5-8aa5-8d4e04806dbe}

Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{a42d2eb4-dd31-4bb5-8aa5-8d4e04806dbe}

Successfully deleted: [Registry Key] hkey_classes_root\clsid\{a4c272ec-ed9e-4ace-a6f2-9558c7f29ef3}

Successfully deleted: [Registry Key] hkey_classes_root\clsid\{a9db719c-7156-415e-b49d-bad039de4f13}

Successfully deleted: [Registry Key] hkey_classes_root\clsid\{f03fd9d0-4f2b-497c-8a71-dd41d70b07d9}

Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{afbcb7e0-f91a-4951-9f31-58fee57a25c4}

Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{afbcb7e0-f91a-4951-9f31-58fee57a25c4}

Failed to delete: [Registry Key] "hkey_local_machine\software\microsoft\windows nt\currentversion\schedule\taskcache\tree\scheduled update for ask toolbar"

~~~ Files

Successfully deleted: [File] "C:\Users\Kevin\appdata\local\funmoods.crx"

Successfully deleted: [File] "C:\Users\Kevin\appdata\local\funmoods-speeddial.crx"

Successfully deleted: [File] C:\eula.1028.txt

Successfully deleted: [File] C:\eula.1031.txt

Successfully deleted: [File] C:\eula.1033.txt

Successfully deleted: [File] C:\eula.1036.txt

Successfully deleted: [File] C:\eula.1040.txt

Successfully deleted: [File] C:\eula.1041.txt

Successfully deleted: [File] C:\eula.1042.txt

Successfully deleted: [File] C:\eula.2052.txt

Successfully deleted: [File] C:\install.res.1028.dll

Successfully deleted: [File] C:\install.res.1031.dll

Successfully deleted: [File] C:\install.res.1033.dll

Successfully deleted: [File] C:\install.res.1036.dll

Successfully deleted: [File] C:\install.res.1040.dll

Successfully deleted: [File] C:\install.res.1041.dll

Successfully deleted: [File] C:\install.res.1042.dll

Successfully deleted: [File] C:\install.res.2052.dll

Successfully deleted: [File] C:\install.res.3082.dll

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\installmate"

Successfully deleted: [Folder] "C:\ProgramData\premium"

Successfully deleted: [Folder] "C:\ProgramData\trymedia"

Successfully deleted: [Folder] "C:\ProgramData\viewpoint"

Successfully deleted: [Folder] "C:\Users\Kevin\AppData\Roaming\iwin"

Successfully deleted: [Folder] "C:\Users\Kevin\appdata\locallow\boost_interprocess"

Successfully deleted: [Folder] "C:\Users\Kevin\appdata\locallow\conduit"

Successfully deleted: [Folder] "C:\Users\Kevin\appdata\locallow\pricegong"

Successfully deleted: [Folder] "C:\Program Files\conduit"

Successfully deleted: [Folder] "C:\Program Files\conduitengine"

Successfully deleted: [Folder] "C:\Program Files\privacysafeguard"

Successfully deleted: [Folder] "C:\Program Files\trymedia"

Successfully deleted: [Folder] "C:\Program Files\viewpoint"

Successfully deleted: [Folder] "C:\Program Files\Common Files\software update utility"

Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\privacy safeguard"

Successfully deleted: [Folder] "C:\Users\Kevin\appdata\locallow\asktoolbar"

~~~ Chrome

Successfully deleted: [Folder] C:\Users\Kevin\appdata\local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj

Successfully deleted: [Registry Key] hkey_current_user\software\google\chrome\extensions\bbjciahceamgodcoidkjpchnokgfpphh

Successfully deleted: [Registry Key] hkey_local_machine\software\google\chrome\extensions\bbjciahceamgodcoidkjpchnokgfpphh

Successfully deleted: [Registry Key] hkey_current_user\software\google\chrome\extensions\cjpglkicenollcignonpgiafdgfeehoj

Successfully deleted: [Registry Key] hkey_local_machine\software\google\chrome\extensions\cjpglkicenollcignonpgiafdgfeehoj

Successfully deleted: [Registry Key] hkey_local_machine\software\google\chrome\extensions\geggofhlfbcmanadhknllmlajiafopoh

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Sun 01/13/2013 at 16:29:54.80

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

DDS (Ver_2012-11-20.01) - NTFS_x86

Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.7.2

Run by Kevin at 17:19:08 on 2013-01-13

.

============== Running Processes ================

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\nvvsvc.exe

C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\SLsvc.exe

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\System32\spoolsv.exe

C:\Program Files\Intel\IntelDH\CCU\AlertService.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\20.2.0.19\ccSvcHst.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Windows\system32\DRIVERS\xaudio.exe

C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe

C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe

C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe

C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\20.2.0.19\ccSvcHst.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Steam\Steam.exe

C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

C:\Program Files\Pando Networks\Media Booster\PMB.exe

C:\Program Files\Common Files\Apple\Internet Services\ubd.exe

C:\Users\Kevin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe

C:\Users\Kevin\AppData\Roaming\Spotify\spotify.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\system32\msiexec.exe

C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe

C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k hpdevmgmt

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com

uWindow Title = Internet Explorer provided by Dell

mStart Page = hxxp://www.google.com

mSearchAssistant = hxxp://www.google.com/ie

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll

BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\program files\norton internet security\norton internet security\engine\20.2.0.19\coieplg.dll

BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\norton internet security\norton internet security\engine\20.2.0.19\ips\ipsbho.dll

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll

TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton internet security\norton internet security\engine\20.2.0.19\coieplg.dll

uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun

uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe

uRun: [steam] "c:\program files\steam\Steam.exe" -silent

uRun: [iSUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler

uRun: [EA Core] "c:\program files\electronic arts\eadm\Core.exe" -silent

uRun: [sbitunesagent] c:\program files\songbird\songbirditunesagent.exe

uRun: [Hole plus] "c:\programdata\ticksetupsetup.1fngd7q"

uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun

uRun: [Pando Media Booster] c:\program files\pando networks\media booster\PMB.exe

uRun: [MobileDocuments] c:\program files\common files\apple\internet services\ubd.exe

uRun: [spotify Web Helper] "c:\users\kevin\appdata\roaming\spotify\data\SpotifyWebHelper.exe"

uRun: [spotify] "c:\users\kevin\appdata\roaming\spotify\spotify.exe" /uri spotify:autostart

uRun: [skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun

mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide

mRun: [symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"

mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

dRun: [iSUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0

mPolicies-System: EnableLUA = dword:0

mPolicies-System: EnableUIADesktopToggle = dword:0

mPolicies-Explorer: NoDriveTypeAutoRun = dword:145

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: NameServer = 192.168.0.1

TCP: Interfaces\{39C7A135-16F8-45FC-9816-A71F882A2504} : DHCPNameServer = 192.168.0.1

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll

LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\24.0.1312.52\installer\setup.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

.

============= SERVICES / DRIVERS ===============

.

R? BHDrvx86;BHDrvx86

R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86

R? DAUpdaterSvc;Dragon Age: Origins - Content Updater

R? DQLWinService;DQLWinService

R? EagleXNt;EagleXNt

R? idrmkl;idrmkl

R? iusbohci;iusbohci

R? Lbd;Lbd

R? NPF;NetGroup Packet Filter Driver

R? npkycryp;npkycryp

R? SkypeUpdate;Skype Updater

R? SymIRON;Symantec Iron Driver

R? SYMNDISV;Symantec Network Filter Driver

R? WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0

S? ccSet_NIS;Norton Internet Security Settings Manager

S? EraserUtilRebootDrv;EraserUtilRebootDrv

S? EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM)

S? FontCache;Windows Font Cache Service

S? IDSVix86;IDSVix86

S? IntelDH;IntelDH Driver

S? MCLServiceATL;Intel® Application Tracker

S? NIS;Norton Internet Security

S? nmsgopro;GoProto Protocol Driver for NMS

S? nmsunidr;UniDriver for NMS

S? Stereo Service;NVIDIA Stereoscopic 3D Driver Service

S? SymDS;Symantec Data Store

S? SymEFA;Symantec Extended File Attributes

S? SYMTDIv;Symantec Vista Network Dispatch Driver

.

=============== Created Last 30 ================

.

2013-01-14 00:27:15 -------- d-----w- c:\windows\ERUNT

2013-01-14 00:27:08 -------- d-----w- C:\JRT

2013-01-13 09:45:47 -------- d-----w- c:\users\kevin\appdata\roaming\Malwarebytes

2013-01-13 09:45:30 -------- d-----w- c:\programdata\Malwarebytes

2013-01-13 09:45:28 21104 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-01-13 09:45:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2013-01-12 04:42:23 350368 ----a-r- c:\windows\system32\drivers\nis\1402000.013\symtdiv.sys

2013-01-12 04:42:22 927904 ----a-w- c:\windows\system32\drivers\nis\1402000.013\symefa.sys

2013-01-12 04:42:22 368288 ----a-w- c:\windows\system32\drivers\nis\1402000.013\symds.sys

2013-01-12 04:42:22 338592 ----a-r- c:\windows\system32\drivers\nis\1402000.013\symnets.sys

2013-01-12 04:42:22 32888 ----a-r- c:\windows\system32\drivers\nis\1402000.013\srtspx.sys

2013-01-12 04:42:22 21400 ----a-r- c:\windows\system32\drivers\nis\1402000.013\symelam.sys

2013-01-12 04:42:21 586400 ----a-w- c:\windows\system32\drivers\nis\1402000.013\srtsp.sys

2013-01-12 04:42:21 175264 ----a-r- c:\windows\system32\drivers\nis\1402000.013\ironx86.sys

2013-01-12 04:42:21 134304 ----a-w- c:\windows\system32\drivers\nis\1402000.013\ccsetx86.sys

2013-01-12 04:40:54 9103 ----a-w- c:\windows\system32\drivers\nis\1402000.013\symvtcer.dat

2013-01-12 04:40:54 -------- d-----w- c:\windows\system32\drivers\nis\1402000.013

2013-01-10 07:34:52 -------- d-----r- c:\program files\Skype

2013-01-09 08:23:41 204288 ----a-w- c:\windows\system32\ncrypt.dll

2013-01-09 08:23:41 1400832 ----a-w- c:\windows\system32\msxml6.dll

2013-01-09 08:23:40 2048000 ----a-w- c:\windows\system32\win32k.sys

2012-12-23 17:22:17 9728 ----a-w- c:\windows\system32\Wdfres.dll

2012-12-23 17:22:07 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys

2012-12-23 17:22:07 16896 ----a-w- c:\windows\system32\winusb.dll

2012-12-23 17:22:07 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys

2012-12-23 17:22:06 73216 ----a-w- c:\windows\system32\WUDFSvc.dll

2012-12-23 17:22:06 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll

2012-12-23 17:22:05 526952 ----a-w- c:\windows\system32\drivers\Wdf01000.sys

2012-12-23 17:22:05 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys

2012-12-23 17:22:04 613888 ----a-w- c:\windows\system32\WUDFx.dll

2012-12-23 17:22:04 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll

2012-12-23 17:22:04 196608 ----a-w- c:\windows\system32\WUDFHost.exe

2012-12-23 17:13:18 293376 ----a-w- c:\windows\system32\atmfd.dll

2012-12-23 17:13:17 34304 ----a-w- c:\windows\system32\atmlib.dll

2012-12-23 15:52:29 75776 ----a-w- c:\windows\system32\synceng.dll

2012-12-23 15:52:28 985088 ----a-w- c:\windows\system32\crypt32.dll

2012-12-23 15:52:28 376320 ----a-w- c:\windows\system32\dpnet.dll

2012-12-23 15:52:28 23040 ----a-w- c:\windows\system32\dpnsvr.exe

2012-12-23 15:52:27 98304 ----a-w- c:\windows\system32\cryptnet.dll

2012-12-23 15:52:27 133120 ----a-w- c:\windows\system32\cryptsvc.dll

2012-12-23 15:52:23 224640 ----a-w- c:\windows\system32\drivers\volsnap.sys

2012-12-23 15:52:21 172544 ----a-w- c:\windows\system32\wintrust.dll

2012-12-23 15:52:15 2048 ----a-w- c:\windows\system32\tzres.dll

2012-12-23 15:52:02 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-12-23 15:52:02 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-12-23 15:32:06 -------- d-sh--w- C:\found.001

2012-12-18 20:07:11 106240 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll

2012-12-18 20:07:11 106240 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll

.

==================== Find3M ====================

.

2013-01-12 04:46:24 142496 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS

2013-01-09 01:21:44 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-01-09 01:21:44 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-11-14 02:09:22 1800704 ----a-w- c:\windows\system32\jscript9.dll

2012-11-14 01:58:15 1427968 ----a-w- c:\windows\system32\inetcpl.cpl

2012-11-14 01:57:37 1129472 ----a-w- c:\windows\system32\wininet.dll

2012-11-14 01:49:25 142848 ----a-w- c:\windows\system32\ieUnatt.exe

2012-11-14 01:48:27 420864 ----a-w- c:\windows\system32\vbscript.dll

2012-11-14 01:44:42 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2009-01-23 21:03:00 417792 ----a-w- c:\program files\BNUpdate.exe

2009-01-23 21:02:26 65536 ----a-w- c:\program files\SEditPTB.loc

2009-01-23 21:02:26 65536 ----a-w- c:\program files\SEditITA.loc

2009-01-23 21:02:26 65536 ----a-w- c:\program files\SEditFRA.loc

2009-01-23 21:02:26 65536 ----a-w- c:\program files\SEditESP.loc

2009-01-23 21:02:26 65536 ----a-w- c:\program files\SEditENU.loc

2009-01-23 21:02:26 65536 ----a-w- c:\program files\SEditDEU.loc

2009-01-10 07:57:42 557310 ----a-w- c:\program files\battle.snp

2009-01-10 07:57:42 409600 ----a-w- c:\program files\storm.dll

2009-01-10 07:57:42 127767 ----a-w- c:\program files\standard.snp

2009-01-10 07:57:42 1220608 ----a-w- c:\program files\StarCraft.exe

2008-12-20 06:33:26 125440 ----a-w- c:\program files\iccwc3.icc

2008-12-20 06:01:32 327680 ----a-w- c:\program files\Launcher.exe

2008-12-20 06:01:30 128512 ----a-w- c:\program files\iccscbn.icc

2008-12-19 07:46:50 24064 ----a-w- c:\program files\w3lh.dll

2008-12-07 10:07:38 691545 ----a-w- c:\program files\unins000.exe

2008-09-17 05:31:06 642560 ----a-w- c:\program files\Chaosplugin.bwl

2007-09-13 07:19:36 95232 ----a-w- c:\program files\Smackw32.dll

2007-09-13 07:19:36 662474 ----a-w- c:\program files\InstCC.exe

2007-09-13 07:19:36 315392 ----a-w- c:\program files\Riched20.dll

2007-09-13 07:19:36 150528 ----a-w- c:\program files\SEditPTG.loc

2007-08-21 10:21:08 53248 ----a-w- c:\program files\nocd1151.bwl

2007-05-18 04:51:58 1016320 ----a-w- c:\program files\StarEdit.exe

.

============= FINISH: 17:25:01.79 ===============

DDS (Ver_2012-11-20.01)

.

Microsoft® Windows Vista™ Home Premium

Boot Device: \Device\HarddiskVolume3

Install Date: 2/1/2007 9:46:38 AM

System Uptime: 1/13/2013 5:14:31 PM (0 hours ago)

.

Motherboard: Dell Inc. | | 0WG855

Processor: Intel® Core2 CPU 6600 @ 2.40GHz | Microprocessor | 2394/1066mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 223 GiB total, 41.033 GiB free.

D: is FIXED (NTFS) - 10 GiB total, 5.6 GiB free.

E: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: Intel® 82566DC Gigabit Network Connection

Device ID: PCI\VEN_8086&DEV_104B&SUBSYS_01DB1028&REV_02\3&172E68DD&1&C8

Manufacturer: Intel

Name: Intel® 82566DC Gigabit Network Connection

PNP Device ID: PCI\VEN_8086&DEV_104B&SUBSYS_01DB1028&REV_02\3&172E68DD&1&C8

Service: e1express

.

Class GUID: {4D36E97B-E325-11CE-BFC1-08002BE10318}

Description: A738UC83 IDE Controller

Device ID: ACPI\PNPA000\4&5D18F2DF&0

Manufacturer: (Standard mass storage controllers)

Name: A738UC83 IDE Controller

PNP Device ID: ACPI\PNPA000\4&5D18F2DF&0

Service: aid6b9up

.

==== System Restore Points ===================

.

.

==== Installed Programs ======================

.

Update for Microsoft Office 2007 (KB2508958)

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader 9.5.3

Adobe Shockwave Player 11.5

Age of Mythology

Age of Mythology - The Titans Expansion

AIM 7

APC PowerChute Personal Edition

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Audiosurf

Bandisoft MPEG-1 Decoder

BioWare Premium Module: Neverwinter Nights Kingmaker

Bonjour

Bridge From Special K

BufferChm

Call of Duty® 4 - Modern Warfare 1.4 Patch

Call of Duty® 4 - Modern Warfare 1.5 Multiplayer Patch

Call of Duty® 4 - Modern Warfare 1.6 Patch

Call of Duty® 4 - Modern Warfare 1.7 Patch

Company of Heroes

Conexant D850 PCI V.92 Modem

Counter-Strike: Source

CustomerResearchQFolder

D1400

D1400_Help

D3DX10

DellConnect

DellSupport

Deus Ex: Game of the Year Edition

DeviceManagementQFolder

Diablo II

Digital Line Detect

DivX Setup

dj_sf_ProductContext

dj_sf_software

dj_sf_software_req

Documentation & Support Launcher

DOOM 3

DOOM II: Hell on Earth

Download Updater (AOL LLC)

EarthLink Setup Files

eSupportQFolder

Finale PrintMusic 2007

Games, Music, & Photos Launcher

GOM Player

GOMTV Streamer

Google Chrome

Google Earth

Google Update Helper

Half-Life

Half-Life 2

Half-Life 2: Lost Coast

Half-Life: Blue Shift

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

HP Customer Participation Program 8.0

HP Deskjet 8.0 Software

HP Imaging Device Functions 8.0

HP Photosmart Essential

HP Solution Center 8.0

HPProductAssistant

HPSSupply

iCloud

Intel® Matrix Storage Manager

Intel® Viiv Software

Interlok driver setup x32

iTunes

Java 7 Update 7

Java Auto Updater

Java DB 10.5.3.0

Java SE Development Kit 6 Update 22

JavaFX 2.1.1

Jeopardy! 2003

Last.fm 1.5.4.27091

LiveUpdate 3.2 (Symantec Corporation)

LiveUpdate Notice (Symantec Corporation)

LucasArts' Jedi Knight

LucasArts' Mysteries of the Sith

Malwarebytes Anti-Malware version 1.70.0.1100

MarketResearch

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2698023)

Microsoft .NET Framework 1.1 Security Update (KB2742597)

Microsoft .NET Framework 1.1 Security Update (KB979906)

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft Application Error Reporting

Microsoft AppLocale

Microsoft Games for Windows - LIVE Redistributable

Microsoft Games for Windows Marketplace

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Excel MUI (English) 2007

Microsoft Office File Validation Add-In

Microsoft Office Home and Student 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft VC9 runtime libraries

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

Microsoft Windows Application Compatibility Database

Microsoft WSE 3.0 Runtime

Microsoft XNA Framework Redistributable 4.0

MobileMe Control Panel

Modem Diagnostic Tool

Morrowind: Game of the Year

Move Networks Media Player for Internet Explorer

MSVCRT

MSXML 4.0 SP2 (KB927978)

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB941833)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML4 Parser

NetBeans IDE 6.9.1

NetWaiting

NetZeroInstallers

Nexon Game Manager

Norton Internet Security

Norton Security Scan

NVIDIA 3D Vision Driver 306.97

NVIDIA Control Panel 306.97

NVIDIA Graphics Driver 306.97

NVIDIA Install Application

NVIDIA PhysX

NVIDIA Stereoscopic 3D Driver

OGA Notifier 2.0.0048.0

OpenAL

Opposing Force

Oregon Trail II

Origin

Pando Media Booster

Penumbra

Privacy SafeGuard version 1.1

Quake

QuickTime

Rosetta Stone Version 3

Roxio Creator Audio

Roxio Creator BDAV Plugin

Roxio Creator Copy

Roxio Creator Data

Roxio Creator DE

Roxio Creator Tools

Roxio Drag-to-Disc

Roxio Express Labeler

Roxio MyDVD DE

Roxio Update Manager

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Extended (KB2416472)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Security Update for Microsoft .NET Framework 4 Extended (KB2736428)

Security Update for Microsoft .NET Framework 4 Extended (KB2742595)

Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition

Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition

Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition

Segoe UI

Sid Meier's Civilization IV

SigmaTel Audio

Skype™ 6.0

SolutionCenter

Sonic Activation Module

Source Dedicated Server

Source SDK Base - Orange Box

Spotify

Star Wars Jedi Knight Jedi Academy

Star Wars JK II Jedi Outcast

Star Wars® Knights of the Old Republic® II: The Sith Lords

Star Wars: Knights of the Old Republic

StarCraft II

Status

Steam

Super Meat Boy

SWAT 4

System Requirements Lab

Team Fortress Classic

Terraria

The Sims™ 3

The Sims™ 3 Late Night

The Ultimate DOOM

Toolbox

TrayApp

UnloadSupport

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2473228)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office OneNote 2007 Help (KB963670)

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

URL Assistant

User's Guides

VC80CRTRedist - 8.0.50727.6195

Ventrilo Client

Virtual Audio Cable 4.9

Visual C++ 2008 x86 Runtime - (v9.0.30729)

Visual C++ 2008 x86 Runtime - v9.0.30729.01

Warcraft III

Warcraft III: All Products

WebReg

Winamp

Winamp Detector Plug-in

Winamp Essentials Pack

Windows Live Communications Platform

Windows Live Essentials

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

WinRAR archiver

Yahoo! Messenger

Yahoo! Software Update

.

==== End Of File ===========================

Link to post
Share on other sites

Please try this in Normal mode:

Note: Please do not run this tool without special supervision and instructions of someone authorized to do so. Otherwise, you could end up with serious problems. For more details, read this article: ComboFix usage, Questions, Help? - Look here

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please post the C:\ComboFix.txt in your next reply for further review.

Note: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Link to post
Share on other sites

ComboFix 13-01-16.01 - Kevin 01/16/2013 15:04:37.1.2 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3069.1710 [GMT -8:00]

Running from: c:\users\Kevin\Downloads\ComboFix.exe

AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\Install.exe

C:\Logo.sys

c:\users\Dad\AppData\Local\._Revolution_

c:\users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\5q008jcv.default\extensions\ffxtlbr@funmoods.com

c:\users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\5q008jcv.default\extensions\ffxtlbr@funmoods.com\chrome.manifest

c:\users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\5q008jcv.default\extensions\ffxtlbr@funmoods.com\content\funmoods.css

c:\users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\5q008jcv.default\extensions\ffxtlbr@funmoods.com\content\funmoods.xul

c:\users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\5q008jcv.default\extensions\ffxtlbr@funmoods.com\content\images\pref.jpg

c:\users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\5q008jcv.default\extensions\ffxtlbr@funmoods.com\content\imgs\arwDwn.gif

c:\users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\5q008jcv.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\ae.png

c:\users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\5q008jcv.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\bg.png

c:\users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\5q008jcv.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\ch.png

c:\users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\5q008jcv.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\cn.png

c:\users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\5q008jcv.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\cz.png

c:\users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\5q008jcv.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\de.png

c:\users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\5q008jcv.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\eg.png

c:\users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\5q008jcv.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\en.png

c:\users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\5q008jcv.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\es.png

c:\users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\5q008jcv.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\fr.png

c:\users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\5q008jcv.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\gr.png

c:\users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\5q008jcv.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\he.png

c:\users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\5q008jcv.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\il.png

c:\users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\5q008jcv.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\it.png

c:\users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\5q008jcv.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\ja.png

c:\users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\5q008jcv.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\jp.png

c:\users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\5q008jcv.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\nl.png

c:\users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\5q008jcv.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\no.png

c:\users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\5q008jcv.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\pl.png

c:\users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\5q008jcv.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\pt.png

c:\users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\5q008jcv.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\ro.png

c:\users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\5q008jcv.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\ru.png

c:\users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\5q008jcv.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\sa.png

c:\users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\5q008jcv.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\se.png

c:\users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\5q008jcv.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\sv.png

c:\users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\5q008jcv.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\tr.png

c:\users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\5q008jcv.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\ua.png

c:\users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\5q008jcv.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\us.png

c:\users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\5q008jcv.default\extensions\ffxtlbr@funmoods.com\content\imgs\help_16.gif

c:\users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\5q008jcv.default\extensions\ffxtlbr@funmoods.com\content\imgs\home.gif

c:\users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\5q008jcv.default\extensions\ffxtlbr@funmoods.com\content\imgs\logo.png

c:\users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\5q008jcv.default\extensions\ffxtlbr@funmoods.com\content\imgs\privecy_16_hot.gif

c:\users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\5q008jcv.default\extensions\ffxtlbr@funmoods.com\content\imgs\tellafriend.gif

c:\users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\5q008jcv.default\extensions\ffxtlbr@funmoods.com\content\loader.xul

c:\users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\5q008jcv.default\extensions\ffxtlbr@funmoods.com\content\mtstart.js

c:\users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\5q008jcv.default\extensions\ffxtlbr@funmoods.com\content\preferences.xul

c:\users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\5q008jcv.default\extensions\ffxtlbr@funmoods.com\content\tmplt.js

c:\users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\5q008jcv.default\extensions\ffxtlbr@funmoods.com\install.rdf

c:\users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\5q008jcv.default\extensions\ffxtlbr@funmoods.com\META-INF\le_c6a58f26_4d2d_4341_b387_c4f2289b6170.rsa

c:\users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\5q008jcv.default\extensions\ffxtlbr@funmoods.com\META-INF\le_c6a58f26_4d2d_4341_b387_c4f2289b6170.sf

c:\users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\5q008jcv.default\extensions\ffxtlbr@funmoods.com\META-INF\manifest.mf

c:\users\Kevin\AppData\Roaming\PnkBstrB.exe

c:\users\Public\AUTORUN.INF

c:\windows\apppatch\AppLoc.exe

c:\windows\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb

c:\windows\system32\drivers\npf.sys

c:\windows\system32\Packet.dll

c:\windows\system32\pthreadVC.dll

c:\windows\system32\URTTemp

c:\windows\system32\URTTemp\regtlib.exe

c:\windows\system32\wpcap.dll

c:\windows\wininit.ini

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_NPF

-------\Service_NPF

.

.

((((((((((((((((((((((((( Files Created from 2012-12-16 to 2013-01-16 )))))))))))))))))))))))))))))))

.

.

2013-01-16 23:32 . 2013-01-16 23:32 -------- d-----w- C:\found.002

2013-01-16 23:23 . 2013-01-16 23:37 -------- d-----w- c:\users\Kevin\AppData\Local\temp

2013-01-16 23:23 . 2013-01-16 23:23 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp

2013-01-16 23:23 . 2013-01-16 23:23 -------- d-----w- c:\users\TEMP\AppData\Local\temp

2013-01-16 23:23 . 2013-01-16 23:23 -------- d-----w- c:\users\IUSR_NMPR\AppData\Local\temp

2013-01-16 23:23 . 2013-01-16 23:23 -------- d-----w- c:\users\Guest\AppData\Local\temp

2013-01-16 23:23 . 2013-01-16 23:23 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-01-16 23:23 . 2013-01-16 23:23 -------- d-----w- c:\users\Dad\AppData\Local\temp

2013-01-14 00:27 . 2013-01-14 00:27 -------- d-----w- c:\windows\ERUNT

2013-01-14 00:27 . 2013-01-14 00:27 -------- d-----w- C:\JRT

2013-01-13 09:45 . 2013-01-13 09:45 -------- d-----w- c:\users\Kevin\AppData\Roaming\Malwarebytes

2013-01-13 09:45 . 2013-01-13 09:45 -------- d-----w- c:\programdata\Malwarebytes

2013-01-13 09:45 . 2013-01-13 09:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2013-01-13 09:45 . 2012-12-15 00:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-01-12 04:40 . 2013-01-12 04:49 -------- d-----w- c:\windows\system32\drivers\NIS\1402000.013

2013-01-10 07:34 . 2013-01-10 07:34 -------- d-----w- c:\program files\Common Files\Skype

2013-01-10 07:34 . 2013-01-10 07:34 -------- d-----r- c:\program files\Skype

2013-01-09 08:23 . 2012-11-20 04:22 204288 ----a-w- c:\windows\system32\ncrypt.dll

2013-01-09 08:23 . 2012-11-02 10:19 1400832 ----a-w- c:\windows\system32\msxml6.dll

2013-01-09 08:23 . 2012-11-23 01:35 2048000 ----a-w- c:\windows\system32\win32k.sys

2012-12-23 17:48 . 2012-12-23 17:48 -------- d-----w- c:\users\UpdatusUser

2012-12-23 17:22 . 2012-07-26 02:46 9728 ----a-w- c:\windows\system32\Wdfres.dll

2012-12-23 17:22 . 2012-07-26 02:33 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys

2012-12-23 17:22 . 2012-07-26 02:32 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys

2012-12-23 17:22 . 2009-07-14 12:12 16896 ----a-w- c:\windows\system32\winusb.dll

2012-12-23 17:22 . 2012-07-26 03:20 73216 ----a-w- c:\windows\system32\WUDFSvc.dll

2012-12-23 17:22 . 2012-07-26 03:20 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll

2012-12-23 17:22 . 2012-07-26 03:39 526952 ----a-w- c:\windows\system32\drivers\Wdf01000.sys

2012-12-23 17:22 . 2012-07-26 03:39 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys

2012-12-23 17:22 . 2012-07-26 03:21 196608 ----a-w- c:\windows\system32\WUDFHost.exe

2012-12-23 17:22 . 2012-07-26 03:20 613888 ----a-w- c:\windows\system32\WUDFx.dll

2012-12-23 17:22 . 2012-07-26 03:20 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll

2012-12-23 17:13 . 2012-12-16 10:50 293376 ----a-w- c:\windows\system32\atmfd.dll

2012-12-23 17:13 . 2012-12-16 13:12 34304 ----a-w- c:\windows\system32\atmlib.dll

2012-12-23 15:52 . 2012-09-25 16:19 75776 ----a-w- c:\windows\system32\synceng.dll

2012-12-23 15:52 . 2012-11-02 10:18 376320 ----a-w- c:\windows\system32\dpnet.dll

2012-12-23 15:52 . 2012-11-02 08:26 23040 ----a-w- c:\windows\system32\dpnsvr.exe

2012-12-23 15:52 . 2012-06-02 00:02 985088 ----a-w- c:\windows\system32\crypt32.dll

2012-12-23 15:52 . 2012-06-02 00:02 98304 ----a-w- c:\windows\system32\cryptnet.dll

2012-12-23 15:52 . 2012-06-02 00:02 133120 ----a-w- c:\windows\system32\cryptsvc.dll

2012-12-23 15:52 . 2012-08-21 11:47 224640 ----a-w- c:\windows\system32\drivers\volsnap.sys

2012-12-23 15:52 . 2012-08-24 15:53 172544 ----a-w- c:\windows\system32\wintrust.dll

2012-12-23 15:52 . 2012-11-13 01:29 2048 ----a-w- c:\windows\system32\tzres.dll

2012-12-23 15:52 . 2012-08-29 11:27 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-12-23 15:52 . 2012-08-29 11:27 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-12-23 15:32 . 2012-12-23 15:32 -------- d-----w- C:\found.001

2012-12-18 20:07 . 2012-12-18 20:07 106240 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll

2012-12-18 20:07 . 2012-12-18 20:07 106240 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-01-12 04:46 . 2009-10-08 22:52 142496 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS

2013-01-09 01:21 . 2012-05-24 03:04 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-01-09 01:21 . 2011-06-09 00:04 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2009-01-23 21:03 . 2011-03-23 00:36 417792 ----a-w- c:\program files\BNUpdate.exe

2009-01-23 21:02 . 2011-03-23 00:36 65536 ----a-w- c:\program files\SEditPTB.loc

2009-01-23 21:02 . 2011-03-23 00:36 65536 ----a-w- c:\program files\SEditITA.loc

2009-01-23 21:02 . 2011-03-23 00:36 65536 ----a-w- c:\program files\SEditFRA.loc

2009-01-23 21:02 . 2011-03-23 00:36 65536 ----a-w- c:\program files\SEditESP.loc

2009-01-23 21:02 . 2011-03-23 00:36 65536 ----a-w- c:\program files\SEditENU.loc

2009-01-23 21:02 . 2011-03-23 00:36 65536 ----a-w- c:\program files\SEditDEU.loc

2009-01-10 07:57 . 2011-03-23 00:36 409600 ----a-w- c:\program files\storm.dll

2009-01-10 07:57 . 2011-03-23 00:36 1220608 ----a-w- c:\program files\StarCraft.exe

2009-01-10 07:57 . 2011-03-23 00:36 557310 ----a-w- c:\program files\battle.snp

2009-01-10 07:57 . 2011-03-23 00:36 127767 ----a-w- c:\program files\standard.snp

2008-12-20 06:33 . 2011-03-23 00:36 125440 ----a-w- c:\program files\iccwc3.icc

2008-12-20 06:01 . 2011-03-23 00:36 327680 ----a-w- c:\program files\Launcher.exe

2008-12-20 06:01 . 2011-03-23 00:36 128512 ----a-w- c:\program files\iccscbn.icc

2008-12-19 07:46 . 2011-03-23 00:36 24064 ----a-w- c:\program files\w3lh.dll

2008-12-07 10:07 . 2011-03-23 00:36 691545 ----a-w- c:\program files\unins000.exe

2008-09-17 05:31 . 2011-03-23 00:36 642560 ----a-w- c:\program files\Chaosplugin.bwl

2007-09-13 07:19 . 2011-03-23 00:36 95232 ----a-w- c:\program files\Smackw32.dll

2007-09-13 07:19 . 2011-03-23 00:36 662474 ----a-w- c:\program files\InstCC.exe

2007-09-13 07:19 . 2011-03-23 00:36 315392 ----a-w- c:\program files\Riched20.dll

2007-09-13 07:19 . 2011-03-23 00:36 150528 ----a-w- c:\program files\SEditPTG.loc

2007-08-21 10:21 . 2011-03-23 00:36 53248 ----a-w- c:\program files\nocd1151.bwl

2007-05-18 04:51 . 2011-03-23 00:36 1016320 ----a-w- c:\program files\StarEdit.exe

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Hole plus"="c:\programdata\ticksetupsetup.1fngd7q" [X]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]

"Steam"="c:\program files\Steam\Steam.exe" [2012-12-23 1354736]

"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-21 213936]

"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2011-07-07 3077528]

"MobileDocuments"="c:\program files\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]

"Spotify Web Helper"="c:\users\Kevin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-12-23 1199576]

"Spotify"="c:\users\Kevin\AppData\Roaming\Spotify\spotify.exe" [2012-12-23 7880664]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-11-09 17877168]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-11-29 583048]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2012-02-23 59240]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-12-19 41208]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-19 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-08 421776]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-21 213936]

.

c:\users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Last.fm Helper.lnk - c:\program files\Last.fm\LastFMHelper.exe [N/A]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

APC UPS Status.lnk - c:\program files\APC\APC PowerChute Personal Edition\Display.exe [2008-11-5 267520]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

@="Service"

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]

2006-11-12 07:19 446976 ----a-w- c:\program files\DellSupport\DSAgnt.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellTransferAgent]

2007-11-13 21:46 135168 ----a-w- c:\programdata\Dell\TransferAgent\TransferAgent.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]

2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

2006-12-11 04:52 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]

2006-03-21 00:34 213936 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]

2006-03-21 00:34 213936 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]

2006-03-21 00:34 86960 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]

2006-11-22 22:56 303104 ----a-w- c:\windows\sttray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2013-01-12 02:26 1606760 ----a-w- c:\program files\Google\Chrome\Application\24.0.1312.52\Installer\setup.exe

.

Contents of the 'Scheduled Tasks' folder

.

2013-01-16 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-24 01:21]

.

2013-01-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-11 05:04]

.

2013-01-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-11 05:04]

.

2013-01-13 c:\windows\Tasks\Norton Security Scan for Kevin.job

- c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-05-21 17:06]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com

mStart Page = hxxp://www.google.com

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.0.1

.

- - - - ORPHANS REMOVED - - - -

.

HKCU-Run-EA Core - c:\program files\Electronic Arts\EADM\Core.exe

HKCU-Run-sbitunesagent - c:\program files\Songbird\songbirditunesagent.exe

HKCU-Run-DAEMON Tools Lite - c:\program files\DAEMON Tools Lite\DTLite.exe

SafeBoot-WudfPf

SafeBoot-WudfRd

MSConfigStartUp-Comrade - c:\program files\GameSpy\Comrade\Comrade.exe

MSConfigStartUp-EA Core - c:\program files\Electronic Arts\EADM\Core.exe

MSConfigStartUp-Veoh - c:\program files\Veoh Networks\Veoh\VeohClient.exe

MSConfigStartUp-VirtualCloneDrive - c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

AddRemove-SoftwareUpdUtility - c:\program files\Common Files\Software Update Utility\uninstall.exe

AddRemove-{7585478E9D9B42108671C12F8714CEFE} - c:\program files\DivX\DivXConverterUninstall.exe

AddRemove-{B820C985-D9F1-45B5-A7F5-0C5863CBEA04}_is1 - c:\program files\PrivacySafeGuard\unins000.exe

AddRemove-{F37167DD-4436-4641-90B6-329D60632DDA} - c:\program files\InstallShield Installation Information\{F37167DD-4436-4641-90B6-329D60632DDA}\Setup.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2013-01-16 15:38

Windows 6.0.6002 Service Pack 2 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NIS]

"ImagePath"="\"c:\program files\Norton Internet Security\Norton Internet Security\Engine\20.2.0.19\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Norton Internet Security\Engine\20.2.0.19\diMaster.dll\" /prefetch:1"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-2446573200-3105183575-2128207625-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

"??"=hex:78,5d,b5,bf,e2,b3,bb,e8,fd,23,97,e8,05,64,82,cd,47,db,a6,b5,16,a4,e0,

66,d9,49,f7,17,fb,fa,71,ad,01,2c,82,4a,bf,45,53,da,1a,d2,52,5e,52,47,61,db,\

"??"=hex:03,44,23,4f,85,b5,77,a1,4a,6c,d2,0d,48,7b,fc,c9

.

[HKEY_USERS\S-1-5-21-2446573200-3105183575-2128207625-1001\Software\SecuROM\License information*]

"datasecu"=hex:63,27,50,35,3f,34,95,2d,75,d0,a7,dc,0b,f5,0a,19,76,2c,ab,79,85,

65,a4,dc,a0,7f,0f,09,e5,8c,4d,78,89,98,ec,0f,a0,3b,d5,62,38,51,a5,b5,95,ef,\

"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'Explorer.exe'(3100)

c:\program files\Roxio\Drag-to-Disc\Shellex.dll

c:\windows\system32\DLAAPI_W.DLL

c:\program files\Roxio\Drag-to-Disc\ShellRes.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\nvvsvc.exe

c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

c:\program files\NVIDIA Corporation\Display\nvxdsync.exe

c:\windows\system32\nvvsvc.exe

c:\program files\Intel\IntelDH\CCU\AlertService.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

c:\program files\Norton Internet Security\Norton Internet Security\Engine\20.2.0.19\ccSvcHst.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

c:\windows\system32\DRIVERS\xaudio.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe

c:\program files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe

c:\program files\Norton Internet Security\Norton Internet Security\Engine\20.2.0.19\ccSvcHst.exe

c:\program files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe

c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe

c:\windows\ehome\ehmsas.exe

c:\program files\NVIDIA Corporation\Display\nvtray.exe

c:\program files\iPod\bin\iPodService.exe

c:\program files\APC\APC PowerChute Personal Edition\apcsystray.exe

c:\program files\Common Files\Apple\Apple Application Support\distnoted.exe

.

**************************************************************************

.

Completion time: 2013-01-16 15:49:10 - machine was rebooted

ComboFix-quarantined-files.txt 2013-01-16 23:48

.

Pre-Run: 43,722,588,160 bytes free

Post-Run: 48,559,804,416 bytes free

.

- - End Of File - - 9019FED76D1386290E4DE94B8E738B53

I should point out that when Combofix restarted my computer Windows initiated a disk check for consistency (from being manually shut down the other day) and displayed these two messages after the disk check: "Recovered orphaned file AUTOPA~2.EXE" "Recovered orphaned file autopatcherx.exe". Not sure if it means anything but since I know Combofix deleted some files I decided to mention it in-case they turned out to be recovered malware.

Link to post
Share on other sites

Please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan

  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\ESET\Eset Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic

Link to post
Share on other sites

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=8

# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)

# OnlineScanner.ocx=1.0.0.6889

# api_version=3.0.2

# EOSSerial=c6edd19ea3aa4047a69f30d576161361

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2013-01-18 07:24:05

# local_time=2013-01-17 11:24:05 (-0800, Pacific Standard Time)

# country="United States"

# lang=1033

# osver=6.0.6002 NT Service Pack 2

# compatibility_mode=3591 16777213 100 94 0 121000430 0 0

# compatibility_mode=5892 16776574 100 100 102556964 195101373 0 0

# scanned=450282

# found=1

# cleaned=0

# scan_time=23754

C:\Windows\winsxs\x86_microsoft-windows-nbsmb_31bf3856ad364e35_6.0.6002.18005_none_61560a3ff5180c84\smb.sys Win32/Olmarik.ZC trojan 13B985C6C789DAC7C6288340F38E895E2713F177 I

I'm glad it found the source of the problem, unfortunately it looks like it was unable to remove it. This is the same file that Norton has been saying is infected during my Full System Scans.

Link to post
Share on other sites

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

File::

C:\Windows\winsxs\x86_microsoft-windows-nbsmb_31bf3856ad364e35_6.0.6002.18005_none_61560a3ff5180c84\smb.sys

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Link to post
Share on other sites

ComboFix 13-01-16.01 - Kevin 01/18/2013 9:59.2.2 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3069.1565 [GMT -8:00]

Running from: c:\users\Kevin\Downloads\ComboFix.exe

Command switches used :: c:\users\Kevin\Downloads\CFScript.txt

AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

.

FILE ::

"c:\windows\winsxs\x86_microsoft-windows-nbsmb_31bf3856ad364e35_6.0.6002.18005_none_61560a3ff5180c84\smb.sys"

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\winsxs\x86_microsoft-windows-nbsmb_31bf3856ad364e35_6.0.6002.18005_none_61560a3ff5180c84\smb.sys

.

.

((((((((((((((((((((((((( Files Created from 2012-12-18 to 2013-01-18 )))))))))))))))))))))))))))))))

.

.

2013-01-18 18:14 . 2013-01-18 18:14 -------- d-----w- c:\users\Kevin\AppData\Local\temp

2013-01-18 18:14 . 2013-01-18 18:14 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp

2013-01-18 18:14 . 2013-01-18 18:14 -------- d-----w- c:\users\TEMP\AppData\Local\temp

2013-01-18 18:14 . 2013-01-18 18:14 -------- d-----w- c:\users\IUSR_NMPR\AppData\Local\temp

2013-01-18 18:14 . 2013-01-18 18:14 -------- d-----w- c:\users\Guest\AppData\Local\temp

2013-01-18 18:14 . 2013-01-18 18:14 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-01-18 18:14 . 2013-01-18 18:14 -------- d-----w- c:\users\Dad\AppData\Local\temp

2013-01-18 00:40 . 2013-01-18 00:40 -------- d-----w- c:\program files\ESET

2013-01-16 23:32 . 2013-01-16 23:32 -------- d-----w- C:\found.002

2013-01-14 00:27 . 2013-01-14 00:27 -------- d-----w- c:\windows\ERUNT

2013-01-14 00:27 . 2013-01-14 00:27 -------- d-----w- C:\JRT

2013-01-13 09:45 . 2013-01-13 09:45 -------- d-----w- c:\users\Kevin\AppData\Roaming\Malwarebytes

2013-01-13 09:45 . 2013-01-13 09:45 -------- d-----w- c:\programdata\Malwarebytes

2013-01-13 09:45 . 2013-01-13 09:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2013-01-13 09:45 . 2012-12-15 00:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-01-12 04:40 . 2013-01-18 00:41 -------- d-----w- c:\windows\system32\drivers\NIS\1402000.013

2013-01-10 07:34 . 2013-01-10 07:34 -------- d-----w- c:\program files\Common Files\Skype

2013-01-10 07:34 . 2013-01-10 07:34 -------- d-----r- c:\program files\Skype

2013-01-09 08:23 . 2012-11-20 04:22 204288 ----a-w- c:\windows\system32\ncrypt.dll

2013-01-09 08:23 . 2012-11-02 10:19 1400832 ----a-w- c:\windows\system32\msxml6.dll

2013-01-09 08:23 . 2012-11-23 01:35 2048000 ----a-w- c:\windows\system32\win32k.sys

2012-12-23 17:48 . 2012-12-23 17:48 -------- d-----w- c:\users\UpdatusUser

2012-12-23 17:22 . 2012-07-26 02:46 9728 ----a-w- c:\windows\system32\Wdfres.dll

2012-12-23 17:22 . 2012-07-26 02:33 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys

2012-12-23 17:22 . 2012-07-26 02:32 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys

2012-12-23 17:22 . 2009-07-14 12:12 16896 ----a-w- c:\windows\system32\winusb.dll

2012-12-23 17:22 . 2012-07-26 03:20 73216 ----a-w- c:\windows\system32\WUDFSvc.dll

2012-12-23 17:22 . 2012-07-26 03:20 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll

2012-12-23 17:22 . 2012-07-26 03:39 526952 ----a-w- c:\windows\system32\drivers\Wdf01000.sys

2012-12-23 17:22 . 2012-07-26 03:39 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys

2012-12-23 17:22 . 2012-07-26 03:21 196608 ----a-w- c:\windows\system32\WUDFHost.exe

2012-12-23 17:22 . 2012-07-26 03:20 613888 ----a-w- c:\windows\system32\WUDFx.dll

2012-12-23 17:22 . 2012-07-26 03:20 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll

2012-12-23 17:13 . 2012-12-16 10:50 293376 ----a-w- c:\windows\system32\atmfd.dll

2012-12-23 17:13 . 2012-12-16 13:12 34304 ----a-w- c:\windows\system32\atmlib.dll

2012-12-23 15:52 . 2012-09-25 16:19 75776 ----a-w- c:\windows\system32\synceng.dll

2012-12-23 15:52 . 2012-11-02 10:18 376320 ----a-w- c:\windows\system32\dpnet.dll

2012-12-23 15:52 . 2012-11-02 08:26 23040 ----a-w- c:\windows\system32\dpnsvr.exe

2012-12-23 15:52 . 2012-06-02 00:02 985088 ----a-w- c:\windows\system32\crypt32.dll

2012-12-23 15:52 . 2012-06-02 00:02 98304 ----a-w- c:\windows\system32\cryptnet.dll

2012-12-23 15:52 . 2012-06-02 00:02 133120 ----a-w- c:\windows\system32\cryptsvc.dll

2012-12-23 15:52 . 2012-08-21 11:47 224640 ----a-w- c:\windows\system32\drivers\volsnap.sys

2012-12-23 15:52 . 2012-08-24 15:53 172544 ----a-w- c:\windows\system32\wintrust.dll

2012-12-23 15:52 . 2012-11-13 01:29 2048 ----a-w- c:\windows\system32\tzres.dll

2012-12-23 15:52 . 2012-08-29 11:27 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-12-23 15:52 . 2012-08-29 11:27 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-12-23 15:32 . 2012-12-23 15:32 -------- d-----w- C:\found.001

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-01-12 04:46 . 2009-10-08 22:52 142496 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS

2013-01-09 01:21 . 2012-05-24 03:04 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-01-09 01:21 . 2011-06-09 00:04 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2009-01-23 21:03 . 2011-03-23 00:36 417792 ----a-w- c:\program files\BNUpdate.exe

2009-01-23 21:02 . 2011-03-23 00:36 65536 ----a-w- c:\program files\SEditPTB.loc

2009-01-23 21:02 . 2011-03-23 00:36 65536 ----a-w- c:\program files\SEditITA.loc

2009-01-23 21:02 . 2011-03-23 00:36 65536 ----a-w- c:\program files\SEditFRA.loc

2009-01-23 21:02 . 2011-03-23 00:36 65536 ----a-w- c:\program files\SEditESP.loc

2009-01-23 21:02 . 2011-03-23 00:36 65536 ----a-w- c:\program files\SEditENU.loc

2009-01-23 21:02 . 2011-03-23 00:36 65536 ----a-w- c:\program files\SEditDEU.loc

2009-01-10 07:57 . 2011-03-23 00:36 409600 ----a-w- c:\program files\storm.dll

2009-01-10 07:57 . 2011-03-23 00:36 1220608 ----a-w- c:\program files\StarCraft.exe

2009-01-10 07:57 . 2011-03-23 00:36 557310 ----a-w- c:\program files\battle.snp

2009-01-10 07:57 . 2011-03-23 00:36 127767 ----a-w- c:\program files\standard.snp

2008-12-20 06:33 . 2011-03-23 00:36 125440 ----a-w- c:\program files\iccwc3.icc

2008-12-20 06:01 . 2011-03-23 00:36 327680 ----a-w- c:\program files\Launcher.exe

2008-12-20 06:01 . 2011-03-23 00:36 128512 ----a-w- c:\program files\iccscbn.icc

2008-12-19 07:46 . 2011-03-23 00:36 24064 ----a-w- c:\program files\w3lh.dll

2008-12-07 10:07 . 2011-03-23 00:36 691545 ----a-w- c:\program files\unins000.exe

2008-09-17 05:31 . 2011-03-23 00:36 642560 ----a-w- c:\program files\Chaosplugin.bwl

2007-09-13 07:19 . 2011-03-23 00:36 95232 ----a-w- c:\program files\Smackw32.dll

2007-09-13 07:19 . 2011-03-23 00:36 662474 ----a-w- c:\program files\InstCC.exe

2007-09-13 07:19 . 2011-03-23 00:36 315392 ----a-w- c:\program files\Riched20.dll

2007-09-13 07:19 . 2011-03-23 00:36 150528 ----a-w- c:\program files\SEditPTG.loc

2007-08-21 10:21 . 2011-03-23 00:36 53248 ----a-w- c:\program files\nocd1151.bwl

2007-05-18 04:51 . 2011-03-23 00:36 1016320 ----a-w- c:\program files\StarEdit.exe

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Hole plus"="c:\programdata\ticksetupsetup.1fngd7q" [X]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]

"Steam"="c:\program files\Steam\Steam.exe" [2012-12-23 1354736]

"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-21 213936]

"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2011-07-07 3077528]

"MobileDocuments"="c:\program files\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]

"Spotify Web Helper"="c:\users\Kevin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-12-23 1199576]

"Spotify"="c:\users\Kevin\AppData\Roaming\Spotify\spotify.exe" [2012-12-23 7880664]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-11-09 17877168]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-11-29 583048]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2012-02-23 59240]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-12-19 41208]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-19 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-08 421776]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-21 213936]

.

c:\users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Last.fm Helper.lnk - c:\program files\Last.fm\LastFMHelper.exe [N/A]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

APC UPS Status.lnk - c:\program files\APC\APC PowerChute Personal Edition\Display.exe [2008-11-5 267520]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

@="Service"

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]

2006-11-12 07:19 446976 ----a-w- c:\program files\DellSupport\DSAgnt.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellTransferAgent]

2007-11-13 21:46 135168 ----a-w- c:\programdata\Dell\TransferAgent\TransferAgent.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]

2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

2006-12-11 04:52 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]

2006-03-21 00:34 213936 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]

2006-03-21 00:34 213936 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]

2006-03-21 00:34 86960 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]

2006-11-22 22:56 303104 ----a-w- c:\windows\sttray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2013-01-12 02:26 1606760 ----a-w- c:\program files\Google\Chrome\Application\24.0.1312.52\Installer\setup.exe

.

Contents of the 'Scheduled Tasks' folder

.

2013-01-18 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-24 01:21]

.

2013-01-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-11 05:04]

.

2013-01-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-11 05:04]

.

2013-01-17 c:\windows\Tasks\Norton Security Scan for Kevin.job

- c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-05-21 17:06]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com

mStart Page = hxxp://www.google.com

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.0.1

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2013-01-18 10:14

Windows 6.0.6002 Service Pack 2 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NIS]

"ImagePath"="\"c:\program files\Norton Internet Security\Norton Internet Security\Engine\20.2.0.19\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Norton Internet Security\Engine\20.2.0.19\diMaster.dll\" /prefetch:1"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-2446573200-3105183575-2128207625-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

"??"=hex:78,5d,b5,bf,e2,b3,bb,e8,fd,23,97,e8,05,64,82,cd,47,db,a6,b5,16,a4,e0,

66,d9,49,f7,17,fb,fa,71,ad,01,2c,82,4a,bf,45,53,da,1a,d2,52,5e,52,47,61,db,\

"??"=hex:03,44,23,4f,85,b5,77,a1,4a,6c,d2,0d,48,7b,fc,c9

.

[HKEY_USERS\S-1-5-21-2446573200-3105183575-2128207625-1001\Software\SecuROM\License information*]

"datasecu"=hex:63,27,50,35,3f,34,95,2d,75,d0,a7,dc,0b,f5,0a,19,76,2c,ab,79,85,

65,a4,dc,a0,7f,0f,09,e5,8c,4d,78,89,98,ec,0f,a0,3b,d5,62,38,51,a5,b5,95,ef,\

"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

Completion time: 2013-01-18 10:16:52

ComboFix-quarantined-files.txt 2013-01-18 18:16

ComboFix2.txt 2013-01-16 23:49

.

Pre-Run: 44,989,747,200 bytes free

Post-Run: 44,854,370,304 bytes free

.

- - End Of File - - 8016F64627F219EC38DF5B5B0DAFAE07

Link to post
Share on other sites

Download AVPTool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named)

Click the cog in the upper right

AVPfront.gif

Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan

avpsettings.gif

Allow AVP to delete all infections found

Once it has finished select report tab (last tab)

Select Detected threads report from the left and press Save button

Save it to your desktop and post it in your next reply.

Link to post
Share on other sites

Status: Deleted (events: 1)

1/18/2013 5:04:35 PM Deleted Trojan program Exploit.JS.RealPlr.am C:\Documents and Settings\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\2XA74KDP\urchin[1].js High

Status: Will be deleted when the computer is restarted (events: 2)

1/18/2013 5:04:41 PM Will be deleted when the computer is restarted Trojan program Exploit.JS.RealPlr.am C:\Documents and Settings\Guest\AppData\Local\Temporary Internet Files\Low\Content.IE5\2XA74KDP\urchin[1].js High

1/18/2013 5:04:45 PM Will be deleted when the computer is restarted Trojan program Exploit.JS.RealPlr.am C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Low\Content.IE5\2XA74KDP\urchin[1].js High

Status: Absent (events: 1)

1/18/2013 10:56:16 PM Not found Trojan program Exploit.JS.RealPlr.am C:\Documents and Settings\Guest\Local Settings\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\2XA74KDP\urchin[1].js High

Status: Disinfected (events: 1)

1/18/2013 10:52:20 PM Disinfected virus Virus.Win32.TDSS.b C:\Qoobox\Quarantine\C\Windows\winsxs\x86_microsoft-windows-nbsmb_31bf3856ad364e35_6.0.6002.18005_none_61560a3ff5180c84\smb.sys.vir High

Link to post
Share on other sites

Glad I could help! :)

  • Download OTC to your desktop and run it
  • Click Yes to beginning the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.

Next, uninstall ESET Online Scanner and manually delete Junkware Removal Tool and Kaspersky AVP.

Some malware prevention tips:

http://users.telenet.be/bluepatchy/miekiemoes/prevention.html

Safe surfing! :)

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.