Jump to content

Help! Radio stations are playing before I log in on Win7 laptop


odlaw

Recommended Posts

Hello odlaw and :welcome:! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.
Please follow the instructions here and then post your log files in a new reply in this thread:

http://forums.malwarebytes.org/index.php?showtopic=9573

Link to post
Share on other sites

Thankyou

Here are my logs as requested

 

 

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16457
Run by Dave at 18:03:28 on 2014-01-17
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\System32\spoolsv.exe
D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Windows\system32\igfxsrvc.exe
D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
D:\Utilities\IDMan.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
D:\Utilities\IEMonitor.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k WindowsMobile
.
============== Pseudo HJT Report ===============
.

BHO: {0055C089-8582-441B-A0BF-17B458C2A3A8} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - d:\program files\kaspersky lab\kaspersky internet security 2011\ievkbd.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - d:\program files\kaspersky lab\kaspersky internet security 2011\klwtbbho.dll
uRun: [iDMan] d:\utilities\IDMan.exe /onboot
uRun: [iSUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
mRun: [uSB2Check] RUNDLL32.EXE "c:\windows\system32\PCLECoInst.dll",CheckUSBController
mRun: [igfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [AVP] "d:\program files\kaspersky lab\kaspersky internet security 2011\avp.exe"
mRunOnce: [Malwarebytes Anti-Malware] d:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
uPolicies-Explorer: NoDriveTypeAutoRun = dword:221
mPolicies-Explorer: NoDriveTypeAutoRun = dword:28
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Anti-Banner - d:\program files\kaspersky lab\kaspersky internet security 2011\ie_banner_deny.htm
IE: Download all links with IDM - d:\utilities\IEGetAll.htm
IE: Download FLV video content with IDM - d:\utilities\IEGetVL.htm
IE: Download with IDM - d:\utilities\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - d:\program files\kaspersky lab\kaspersky internet security 2011\klwtbbho.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - d:\program files\kaspersky lab\kaspersky internet security 2011\klwtbbho.dll
LSP: mswsock.dll




TCP: NameServer = 192.168.1.1
TCP: Interfaces\{15B9D500-FB75-4D6A-B13F-7B5D3673D21E} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{2B0B8530-3411-431A-AD55-63E54AFE25FA} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{2B0B8530-3411-431A-AD55-63E54AFE25FA}\2656C6B696E6534376 : DHCPNameServer = 192.168.2.1 192.168.1.1
TCP: Interfaces\{2B0B8530-3411-431A-AD55-63E54AFE25FA}\2656C6B696E6E2561616 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{2B0B8530-3411-431A-AD55-63E54AFE25FA}\2656C6B696E6E2561616E2765756374737 : DHCPNameServer = 192.168.169.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: igfxcui - igfxdev.dll
Notify: klogon - c:\windows\system32\klogon.dll
AppInit_DLLs= d:\progra~1\kasper~1\kasper~1\kloehk.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
============= SERVICES / DRIVERS ===============
.
R? cleanhlp;cleanhlp
R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
R? gfiark;gfiark
R? hasplms;HASP License Manager
R? IDMWFP;IDMWFP
R? mbamchameleon;mbamchameleon
R? qcusbser;Qualcomm USB Device for Legacy Serial Communication
R? Revoflt;Revoflt
R? SydexFDD;Sydex Diskette Driver
R? WatAdminSvc;Windows Activation Technologies Service
S? AVP;Kaspersky Anti-Virus Service
S? b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0
S? GTIPCI21;GTIPCI21
S? kl2;kl2
S? KLIM6;Kaspersky Anti-Virus NDIS 6 Filter
S? klmouflt;Kaspersky Lab KLMOUFLT
S? multikey;Virtual USB MultiKey
S? USBlyzer;USBlyzer Capture Driver
S? VST_DPV;VST_DPV
S? VSTHWICH;VSTHWICH
.
=============== Created Last 30 ================
.
2014-01-17 22:19:56 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-01-17 22:13:00 -------- d-----w- c:\programdata\SparkTrust
2014-01-17 02:20:44 -------- d-----w- c:\users\dave\appdata\roaming\Wise Registry Cleaner
2014-01-16 23:33:51 -------- d-----w- c:\windows\ERUNT
2014-01-10 23:24:46 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-01-10 22:35:41 -------- d-----w- C:\TDSSKiller_Quarantine
2014-01-10 22:21:57 -------- d-----w- c:\users\dave\appdata\local\VS Revo Group
2014-01-10 22:21:06 -------- d-----w- c:\programdata\VS Revo Group
2014-01-10 22:21:05 27192 ----a-w- c:\windows\system32\drivers\revoflt.sys
2014-01-10 00:49:48 -------- d-----w- C:\AdwCleaner
2014-01-07 01:36:30 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2013-12-30 03:25:33 -------- d-----w- c:\users\dave\appdata\local\CrashDumps
.
==================== Find3M  ====================
.
2014-01-13 03:50:59 5888 ----a-w- c:\windows\system32\drivers\usbd.sys.bak
2014-01-13 03:49:59 586752 ----a-w- c:\windows\system32\drivers\PEAuth.sys.bak
2014-01-13 03:48:55 49728 ----a-w- c:\windows\system32\drivers\mup.sys.bak
2014-01-13 03:47:59 60416 ----a-w- c:\windows\system32\drivers\mpsdrv.sys.bak
2014-01-13 03:46:50 187472 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS.bak
2014-01-13 03:45:59 99968 ----a-w- c:\windows\system32\drivers\aksusb.sys.bak
2014-01-12 01:39:18 104664 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys.bak
2013-12-12 00:46:45 291 ----a-w- c:\programdata\ajwlqlfwl.reg
.
============= FINISH: 18:31:33.16 ===============

 

 

 

 

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 1/6/2010 8:18:27 PM
System Uptime: 1/17/2014 3:34:27 PM (3 hours ago)
.
Motherboard: Dell Inc. |  | 0U8082
Processor: Intel® Pentium® M processor 2.13GHz | Microprocessor | 1855/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 20 GiB total, 0.647 GiB free.
D: is FIXED (NTFS) - 36 GiB total, 2.982 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Dell Wireless 1370 WLAN Mini-PCI Card
Device ID: PCI\VEN_14E4&DEV_4318&SUBSYS_00051028&REV_02\4&18D49C8E&0&18F0
Manufacturer: Broadcom
Name: Dell Wireless 1370 WLAN Mini-PCI Card
PNP Device ID: PCI\VEN_14E4&DEV_4318&SUBSYS_00051028&REV_02\4&18D49C8E&0&18F0
Service: BCM43XX
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Bluetooth Device (Personal Area Network)
Device ID: BTH\MS_BTHPAN\6&AC4FFC3&0&2
Manufacturer: Microsoft
Name: Bluetooth Device (Personal Area Network)
PNP Device ID: BTH\MS_BTHPAN\6&AC4FFC3&0&2
Service: BthPan
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
 Update for Microsoft Office 2007 (KB2508958)
2007 Microsoft Office Suite Service Pack 2 (SP2)
Adobe Flash Player 11 ActiveX
Adobe Reader 9.4.6
ARC XT PRO for Uniden XT series
ARC396-PRO for Uniden BCD396T
ARC396 for Uniden BCD396T
ARC500PRO for GRE PSR500 and PSR600
CCleaner
Customizer 10000 Plus
Customizer for MC350E
CuteFTP 8 Professional
Dell Driver Download Manager
Exact Audio Copy 0.99pb5
FreeSCAN
Google Update Helper
HASP SRM Run-time
Internet Download Manager
Kaspersky Internet Security 2011
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
Motorola Driver Installation 4.1.0
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser
Musicnotes Software Suite 1.2
Nero 7 Lite 7.10.1.0
Pinnacle Instant DVD Recorder
Pinnacle Systems USB-2 Device Drivers
Revo Uninstaller Pro 3.0.8
RevSkills
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Groove 2007 (KB2552997)
Security Update for Microsoft Office InfoPath 2007 (KB2510061)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Silicon Laboratories CP210x USB to UART Bridge (Driver Removal)
Silicon Laboratories USBXpress Device (Driver Removal)
SophieSew version 1.13 build 42
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2597998) 32-Bit Edition
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2583910)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update Manager
USBlyzer - Software USB Protocol Analyzer
Virtual Weather Station
Visual C++ 9.0 CRT (x86) WinSXS MSM
Visual C++ 9.0 OpenMP (x86) WinSXS MSM
VLC media player 1.0.5
WeatherLink 6.0.3
WinAVI Video Converter
WinDirStat 1.1.2
Windows Mobile Device Updater Component
WinRAR archiver
Wise Registry Cleaner 7.92
Zune
Zune Language Pack (DEU)
Zune Language Pack (ESP)
Zune Language Pack (FRA)
Zune Language Pack (ITA)
Zune Language Pack (NLD)
Zune Language Pack (PTB)
Zune Language Pack (PTG)
.
==== End Of File ===========================
 

 

 

 

Link to post
Share on other sites

Step 1

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 2

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan button. Wait until is finished.
  • Click on Clean.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner\AdwCleaner[s0].txt as well.
Step 3
  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

In your next reply, post the following log files:

  • Junkware Removal Tool log
  • AdwCleaner log
  • Malwarebytes' Anti-Malware log
Link to post
Share on other sites

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.0 (01.07.2014:1)
OS: Windows 7 Home Premium x86
Ran by Dave on Sat 01/18/2014 at 14:08:12.43
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

 

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\sparktrust

 

~~~ Files

 

~~~ Folders

Failed to delete: [Folder] "C:\ProgramData\sparktrust"
Successfully deleted: [Folder] "C:\ProgramData\application data\sparktrust"

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 01/18/2014 at 14:11:32.28
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

# AdwCleaner v3.017 - Report created 18/01/2014 at 20:52:09
# Updated 12/01/2014 by Xplode
# Operating System : Windows 7 Home Premium  (32 bits)
# Username : Dave - LAPTOP
# Running from : C:\Users\Dave\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16457

*************************

AdwCleaner[R0].txt - [2721 octets] - [09/01/2014 19:50:15]
AdwCleaner[R1].txt - [737 octets] - [18/01/2014 14:22:29]
AdwCleaner[s0].txt - [2840 octets] - [09/01/2014 20:01:06]
AdwCleaner[s1].txt - [659 octets] - [18/01/2014 20:52:09]

########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [718 octets] ##########
 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.01.19.01

Windows 7 x86 NTFS
Internet Explorer 9.0.8112.16421
Dave :: LAPTOP [administrator]

1/18/2014 8:58:39 PM
mbam-log-2014-01-18 (20-58-39).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 208953
Time elapsed: 19 minute(s), 46 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 

Link to post
Share on other sites

Note: Please do not run this tool without special supervision and instructions of someone authorized to do so. Otherwise, you could end up with serious problems. For more details, read this article: ComboFix usage, Questions, Help? - Look here

Please visit this webpage and read the ComboFix User's Guide:

  • Once you've read the article and are ready to use the program you can download it directly from the link below.
  • Important! - Please make sure you save combofix to your desktop and do not run it from your browser
  • Direct download link for: ComboFix.exe
  • Please make sure you disable your security applications before running ComboFix.
  • Once Combofix has completed it will produce and open a log file. Please be patient as it can take some time to load.
  • Please copy/paste the contents or attach that log file to your next reply.
  • If needed the file can be located here: C:\combofix.txt
  • NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.
Link to post
Share on other sites

Here you go

ComboFix 14-01-16.03 - Dave 01/20/2014  18:00:27.1.1 - x86
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.1.1033.18.1015.503 [GMT -5:00]
Running from: c:\users\Dave\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Outdated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
FW: Kaspersky Internet Security *Disabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}
SP: Kaspersky Internet Security *Disabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2013-12-20 to 2014-01-20  )))))))))))))))))))))))))))))))
.
.
2014-01-20 23:11 . 2014-01-20 23:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-01-17 22:19 . 2013-04-04 19:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-01-17 02:20 . 2014-01-17 02:53 -------- d-----w- c:\users\Dave\AppData\Roaming\Wise Registry Cleaner
2014-01-16 23:33 . 2014-01-16 23:33 -------- d-----w- c:\windows\ERUNT
2014-01-10 23:24 . 2014-01-10 23:31 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-01-10 22:35 . 2014-01-11 15:00 -------- d-----w- C:\TDSSKiller_Quarantine
2014-01-10 22:21 . 2014-01-10 22:21 -------- d-----w- c:\users\Dave\AppData\Local\VS Revo Group
2014-01-10 22:21 . 2014-01-10 22:21 -------- d-----w- c:\programdata\VS Revo Group
2014-01-10 22:21 . 2009-12-30 15:21 27192 ----a-w- c:\windows\system32\drivers\revoflt.sys
2014-01-10 00:49 . 2014-01-19 01:52 -------- d-----w- C:\AdwCleaner
2014-01-07 01:36 . 2014-01-17 22:15 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2013-12-30 03:25 . 2014-01-13 02:14 -------- d-----w- c:\users\Dave\AppData\Local\CrashDumps
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-01-13 03:51 . 2014-01-11 15:34 132224 ----a-w- c:\windows\system32\drivers\WUDFRd.sys.bak
2014-01-13 03:51 . 2014-01-11 15:34 92672 ----a-w- c:\windows\system32\drivers\WUDFPf.sys.bak
2014-01-13 03:51 . 2014-01-11 15:34 16384 ----a-w- c:\windows\system32\drivers\ws2ifsl.sys.bak
2014-01-13 03:51 . 2014-01-11 15:34 14912 ----a-w- c:\windows\system32\drivers\wmilib.sys.bak
2014-01-13 03:51 . 2014-01-11 15:34 11264 ----a-w- c:\windows\system32\drivers\wmiacpi.sys.bak
2014-01-13 03:51 . 2014-01-11 15:34 34944 ----a-w- c:\windows\system32\drivers\winusb.sys.bak
2014-01-13 03:51 . 2014-01-11 15:34 19008 ----a-w- c:\windows\system32\drivers\wimmount.sys.bak
2014-01-13 03:51 . 2014-01-11 15:34 9728 ----a-w- c:\windows\system32\drivers\wfplwf.sys.bak
2014-01-13 03:51 . 2014-01-11 15:34 38480 ----a-w- c:\windows\system32\drivers\WdfLdr.sys.bak
2014-01-13 03:51 . 2014-01-11 15:34 445008 ----a-w- c:\windows\system32\drivers\Wdf01000.sys.bak
2014-01-13 03:51 . 2014-01-11 15:34 19024 ----a-w- c:\windows\system32\drivers\wd.sys.bak
2014-01-13 03:51 . 2014-01-11 15:34 35328 ----a-w- c:\windows\system32\drivers\watchdog.sys.bak
2014-01-13 03:51 . 2014-01-11 15:34 63488 ----a-w- c:\windows\system32\drivers\wanarp.sys.bak
2014-01-13 03:51 . 2014-01-11 15:34 21632 ----a-w- c:\windows\system32\drivers\wacompen.sys.bak
2014-01-13 03:51 . 2014-01-11 15:34 14336 ----a-w- c:\windows\system32\drivers\vwifimp.sys.bak
2014-01-13 03:51 . 2014-01-11 15:34 48128 ----a-w- c:\windows\system32\drivers\vwififlt.sys.bak
2014-01-13 03:51 . 2014-01-11 15:34 19968 ----a-w- c:\windows\system32\drivers\vwifibus.sys.bak
2014-01-13 03:51 . 2014-01-11 15:34 242176 ----a-w- c:\windows\system32\drivers\VSTICH3.SYS.bak
2014-01-13 03:51 . 2014-01-11 15:34 980992 ----a-w- c:\windows\system32\drivers\VSTDPV3.SYS.bak
2014-01-13 03:51 . 2014-01-11 15:34 661504 ----a-w- c:\windows\system32\drivers\VSTCNXT3.SYS.bak
2014-01-13 03:51 . 2014-01-11 15:34 141904 ----a-w- c:\windows\system32\drivers\vsmraid.sys.bak
2014-01-13 03:51 . 2014-01-11 15:34 245328 ----a-w- c:\windows\system32\drivers\volsnap.sys.bak
2014-01-13 03:51 . 2014-01-11 15:34 297040 ----a-w- c:\windows\system32\drivers\volmgrx.sys.bak
2014-01-13 03:51 . 2014-01-11 15:34 53312 ----a-w- c:\windows\system32\drivers\volmgr.sys.bak
2014-01-13 03:51 . 2014-01-11 15:34 111616 ----a-w- c:\windows\system32\drivers\videoprt.sys.bak
2014-01-13 03:51 . 2014-01-11 15:34 16976 ----a-w- c:\windows\system32\drivers\viaide.sys.bak
2014-01-13 03:51 . 2014-01-11 15:34 52736 ----a-w- c:\windows\system32\drivers\viac7.sys.bak
2014-01-13 03:51 . 2014-01-11 15:34 53328 ----a-w- c:\windows\system32\drivers\VIAAGP.SYS.bak
2014-01-13 03:51 . 2014-01-11 15:33 159824 ----a-w- c:\windows\system32\drivers\vhdmp.sys.bak
2014-01-13 03:51 . 2014-01-11 15:33 26112 ----a-w- c:\windows\system32\drivers\vgapnp.sys.bak
2014-01-13 03:51 . 2014-01-11 15:33 25088 ----a-w- c:\windows\system32\drivers\vga.sys.bak
2014-01-13 03:51 . 2014-01-11 15:33 32832 ----a-w- c:\windows\system32\drivers\vdrvroot.sys.bak
2014-01-13 03:51 . 2014-01-11 15:33 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys.bak
2014-01-13 03:51 . 2014-01-11 15:33 75776 ----a-w- c:\windows\system32\drivers\USBSTOR.SYS.bak
2014-01-13 03:51 . 2014-01-11 15:33 26112 ----a-w- c:\windows\system32\drivers\usbrpm.sys.bak
2014-01-13 03:51 . 2014-01-11 15:33 19968 ----a-w- c:\windows\system32\drivers\usbprint.sys.bak
2014-01-13 03:51 . 2014-01-11 15:33 284160 ----a-w- c:\windows\system32\drivers\usbport.sys.bak
2014-01-13 03:51 . 2014-01-11 15:33 20480 ----a-w- c:\windows\system32\drivers\usbohci.sys.bak
2014-01-13 03:51 . 2014-01-11 15:33 88960 ----a-w- c:\windows\system32\drivers\USBlyzer.sys.bak
2014-01-13 03:51 . 2014-01-11 15:33 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys.bak
2014-01-13 03:50 . 2014-01-11 15:33 43008 ----a-w- c:\windows\system32\drivers\usbehci.sys.bak
2014-01-13 03:50 . 2014-01-11 15:33 5888 ----a-w- c:\windows\system32\drivers\usbd.sys.bak
2014-01-13 03:50 . 2014-01-11 15:33 86016 ----a-w- c:\windows\system32\drivers\usbcir.sys.bak
2014-01-13 03:50 . 2014-01-11 15:33 75776 ----a-w- c:\windows\system32\drivers\usbccgp.sys.bak
2014-01-13 03:50 . 2014-01-11 15:33 25856 ----a-w- c:\windows\system32\drivers\USBCAMD2.sys.bak
2014-01-13 03:50 . 2014-01-11 15:33 25856 ----a-w- c:\windows\system32\drivers\USBCAMD.sys.bak
2014-01-13 03:50 . 2014-01-11 15:33 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys.bak
2014-01-13 03:50 . 2014-01-11 15:33 8192 ----a-w- c:\windows\system32\drivers\umpass.sys.bak
2014-01-13 03:50 . 2014-01-11 15:33 39936 ----a-w- c:\windows\system32\drivers\umbus.sys.bak
2014-01-13 03:50 . 2014-01-11 15:33 57424 ----a-w- c:\windows\system32\drivers\ULIAGPKX.SYS.bak
2014-01-13 03:50 . 2014-01-11 15:33 246784 ----a-w- c:\windows\system32\drivers\udfs.sys.bak
2014-01-13 03:50 . 2014-01-11 15:32 55888 ----a-w- c:\windows\system32\drivers\UAGP35.SYS.bak
2014-01-13 03:50 . 2014-01-11 15:32 108544 ----a-w- c:\windows\system32\drivers\tunnel.sys.bak
2014-01-13 03:50 . 2014-01-11 15:32 30208 ----a-w- c:\windows\system32\drivers\tssecsrv.sys.bak
2014-01-13 03:50 . 2014-01-11 15:32 51776 ----a-w- c:\windows\system32\drivers\termdd.sys.bak
2014-01-13 03:50 . 2014-01-11 15:32 74240 ----a-w- c:\windows\system32\drivers\tdx.sys.bak
2014-01-13 03:50 . 2014-01-11 15:32 24064 ----a-w- c:\windows\system32\drivers\tdtcp.sys.bak
2014-01-13 03:50 . 2014-01-11 15:32 17920 ----a-w- c:\windows\system32\drivers\tdpipe.sys.bak
2014-01-13 03:50 . 2014-01-11 15:32 20992 ----a-w- c:\windows\system32\drivers\tdi.sys.bak
2014-01-13 03:50 . 2014-01-11 15:32 34816 ----a-w- c:\windows\system32\drivers\tcpipreg.sys.bak
2014-01-13 03:50 . 2014-01-11 15:31 1285488 ----a-w- c:\windows\system32\drivers\tcpip.sys.bak
2014-01-13 03:50 . 2014-01-11 15:31 24576 ----a-w- c:\windows\system32\drivers\tape.sys.bak
2014-01-13 03:50 . 2014-01-11 15:31 12240 ----a-w- c:\windows\system32\drivers\swenum.sys.bak
2014-01-13 03:50 . 2014-01-11 15:31 53632 ----a-w- c:\windows\system32\drivers\stream.sys.bak
2014-01-13 03:50 . 2014-01-11 15:31 146304 ----a-w- c:\windows\system32\drivers\storport.sys.bak
2014-01-13 03:50 . 2014-01-11 15:31 21072 ----a-w- c:\windows\system32\drivers\stexstor.sys.bak
2014-01-13 03:50 . 2014-01-11 15:31 273168 ----a-w- c:\windows\system32\drivers\STAC97.sys.bak
2014-01-13 03:50 . 2014-01-11 15:31 114176 ----a-w- c:\windows\system32\drivers\srvnet.sys.bak
2014-01-13 03:50 . 2014-01-11 15:31 309760 ----a-w- c:\windows\system32\drivers\srv2.sys.bak
2014-01-13 03:50 . 2014-01-11 15:31 311296 ----a-w- c:\windows\system32\drivers\srv.sys.bak
2014-01-13 03:50 . 2014-01-11 15:31 405504 ----a-w- c:\windows\system32\drivers\spsys.sys.bak
2014-01-13 03:50 . 2014-01-11 15:31 17472 ----a-w- c:\windows\system32\drivers\spldr.sys.bak
2014-01-13 03:50 . 2014-01-11 15:31 17408 ----a-w- c:\windows\system32\drivers\smclib.sys.bak
2014-01-13 03:50 . 2014-01-11 15:31 71168 ----a-w- c:\windows\system32\drivers\smb.sys.bak
2014-01-13 03:50 . 2014-01-11 15:31 77888 ----a-w- c:\windows\system32\drivers\sisraid4.sys.bak
2014-01-13 03:50 . 2014-01-11 15:31 40016 ----a-w- c:\windows\system32\drivers\sisraid2.sys.bak
2014-01-13 03:50 . 2014-01-11 15:31 52304 ----a-w- c:\windows\system32\drivers\SISAGP.SYS.bak
2014-01-13 03:50 . 2014-01-11 15:31 13824 ----a-w- c:\windows\system32\drivers\sfloppy.sys.bak
2014-01-13 03:50 . 2014-01-11 15:31 12800 ----a-w- c:\windows\system32\drivers\sffp_sd.sys.bak
2014-01-13 03:50 . 2014-01-11 15:31 12288 ----a-w- c:\windows\system32\drivers\sffp_mmc.sys.bak
2014-01-13 03:50 . 2014-01-11 15:31 11264 ----a-w- c:\windows\system32\drivers\sffdisk.sys.bak
2014-01-13 03:50 . 2014-01-11 15:30 19968 ----a-w- c:\windows\system32\drivers\sermouse.sys.bak
2014-01-13 03:50 . 2014-01-11 15:30 83456 ----a-w- c:\windows\system32\drivers\serial.sys.bak
2014-01-13 03:50 . 2014-01-11 15:30 17920 ----a-w- c:\windows\system32\drivers\serenum.sys.bak
2014-01-13 03:50 . 2014-01-11 15:30 20480 ----a-w- c:\windows\system32\drivers\secdrv.sys.bak
2014-01-13 03:50 . 2014-01-11 15:30 140368 ----a-w- c:\windows\system32\drivers\scsiport.sys.bak
2014-01-13 03:50 . 2014-01-11 15:30 26624 ----a-w- c:\windows\system32\drivers\scfilter.sys.bak
2014-01-13 03:50 . 2014-01-11 15:30 85568 ----a-w- c:\windows\system32\drivers\sbp2port.sys.bak
2014-01-13 03:50 . 2014-01-11 15:30 60928 ----a-w- c:\windows\system32\drivers\rspndr.sys.bak
2014-01-13 03:50 . 2014-01-11 15:30 8192 ----a-w- c:\windows\system32\drivers\rootmdm.sys.bak
2014-01-13 03:50 . 2014-01-11 15:30 33280 ----a-w- c:\windows\system32\drivers\RNDISMP.sys.bak
2014-01-13 03:50 . 2014-01-11 15:30 117248 ----a-w- c:\windows\system32\drivers\rmcast.sys.bak
2014-01-13 03:50 . 2014-01-11 15:30 129536 ----a-w- c:\windows\system32\drivers\rfcomm.sys.bak
2014-01-13 03:50 . 2014-01-11 15:30 27192 ----a-w- c:\windows\system32\drivers\revoflt.sys.bak
2014-01-13 03:50 . 2014-01-11 15:30 173648 ----a-w- c:\windows\system32\drivers\rdyboost.sys.bak
2014-01-13 03:50 . 2014-01-11 15:30 177152 ----a-w- c:\windows\system32\drivers\rdpwd.sys.bak
2014-01-13 03:50 . 2014-01-11 15:30 7168 ----a-w- c:\windows\system32\drivers\RDPREFMP.sys.bak
2014-01-13 03:50 . 2014-01-11 15:30 6656 ----a-w- c:\windows\system32\drivers\RDPENCDD.sys.bak
2014-01-13 03:50 . 2014-01-11 15:30 6656 ----a-w- c:\windows\system32\drivers\RDPCDD.sys.bak
2014-01-13 03:50 . 2014-01-11 15:30 18944 ----a-w- c:\windows\system32\drivers\rdpbus.sys.bak
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2010-11-20 . 7660F01D3B38ACA1747E397D21D790AF . 376832 . . [6.1.7601.17514] . . c:\windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_6bd245e79c221747\rpcss.dll
[-] 2009-07-14 . 0668E05AB147C5D61805BE9E730FACCE . 376320 . . [6.1.7600.16385] . . c:\windows\System32\rpcss.dll
[-] 2009-07-14 01:16 . !HASH: COULD NOT OPEN FILE !!!!! . 376320 . . [------] . . c:\windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_69a1321f9f3393ad\rpcss.dll
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2011-03-02 15:23 68216 ----a-w- d:\utilities\IDMShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="d:\utilities\IDMan.exe" [2011-03-15 3278232]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-16 221184]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"USB2Check"="c:\windows\system32\PCLECoInst.dll" [2006-11-06 81920]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-01-13 131072]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-01-13 163840]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-01-13 135168]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKLM\~\startupfolder\C:^Users^Dave^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\Dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-30 04:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-09-07 22:58 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 16:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PrnStatusMX]
2007-08-29 21:06 1077248 ----a-w- c:\program files\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile-based device management]
2007-05-31 14:21 648072 ----a-w- c:\windows\WindowsMobile\wmdcBase.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe  -run [x]
R2 MBAMService;MBAMService;d:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
R3 cleanhlp;cleanhlp;f:\eek\Run\cleanhlp32.sys [x]
R3 gfiark;gfiark;c:\windows\system32\drivers\gfiark.sys [2013-05-23 43368]
R3 qcusbser;Qualcomm USB Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\qcusbser.sys [2004-11-02 64384]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 27192]
R3 SydexFDD;Sydex Diskette Driver;c:\windows\System32\drivers\sydexfdd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-11 1343400]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [2010-06-09 11352]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2010-04-22 22104]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2011-01-25 85768]
S2 MBAMScheduler;MBAMScheduler;d:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
S2 multikey;Virtual USB MultiKey;c:\windows\system32\DRIVERS\multikey.sys [2009-03-23 50176]
S3 GTIPCI21;GTIPCI21;c:\windows\system32\DRIVERS\gtipci21.sys [2006-09-14 88192]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-11-02 19984]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 22856]
S3 USBlyzer;USBlyzer Capture Driver;c:\windows\system32\DRIVERS\USBlyzer.sys [2010-03-24 88960]
S3 VST_DPV;VST_DPV;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
S3 VSTHWICH;VSTHWICH;c:\windows\system32\DRIVERS\VSTICH3.SYS [2009-07-13 242176]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - IDMWFP
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ    wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ    WcesComm RapiMgr
.
Contents of the 'Scheduled Tasks' folder
.
2014-01-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-09-12 23:29]
.
2014-01-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-09-12 23:29]
.
.
------- Supplementary Scan -------
.

IE: Download all links with IDM - d:\utilities\IEGetAll.htm
IE: Download FLV video content with IDM - d:\utilities\IEGetVL.htm
IE: Download with IDM - d:\utilities\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-CleanHlp
SafeBoot-CleanHlp.sys
MSConfigStartUp-DGBieYCfOwC - c:\users\Dave\AppData\Roaming\tvzKdSKFMej.exe
MSConfigStartUp-Google Update - c:\users\Dave\AppData\Local\Google\Update\GoogleUpdate.exe
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Common Files\Java\Java Update\jusched.exe
MSConfigStartUp-Zune Launcher - c:\program files\Zune\ZuneLauncher.exe
AddRemove-SIUSBXP&10C4&EA61 - c:\windows\system32\Silabs\DriverUninstaller.exe USBXpress\SIUSBXP&10C4&EA61
AddRemove-SLABCOMM&10C4&EA60 - c:\windows\system32\Silabs\DriverUninstaller.exe VCP CP210x Cardinal\SLABCOMM&10C4&EA60
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TrueSight]
"ImagePath"="\??\"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2498604805-1792745340-2404885984-1000_Classes\CLSID\{20e5c607-f2b3-45c9-8fca-e1c569cf56b4}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000005
"Therad"=dword:0000001e
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
   38,95,44,e6,4e,41,10,c4,2c,98,b2,df,7b,ad,34,74,cf,94,30,42,2d,58,8e,14,1a,\
.
[HKEY_USERS\S-1-5-21-2498604805-1792745340-2404885984-1000_Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):f2,b6,4e,1a,bc,f9,87,85,f2,16,3a,e5,77,8f,a8,ef,60,3d,4a,ae,ad,
   f0,8f,55,3e,4e,6d,6e,fd,ac,33,c6,2a,52,41,a9,ab,47,c8,bf,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-2498604805-1792745340-2404885984-1000_Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):12,c0,93,08,60,e1,c1,33,5e,21,2a,61,fd,4a,c2,8b,2f,98,16,0d,1c,
   13,41,2d,fb,88,79,ac,be,1b,89,49,83,ef,1e,bb,10,dc,46,eb,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-2498604805-1792745340-2404885984-1000_Classes\CLSID\{ff825e20-f30f-4dd0-a442-5fd6f2630918}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:0000007f
"Therad"=dword:00000015
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
   1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2014-01-20  18:19:14 - machine was rebooted
ComboFix-quarantined-files.txt  2014-01-20 23:19
.
Pre-Run: 530,034,688 bytes free
Post-Run: 879,259,648 bytes free
.
- - End Of File - - 02ECEECB44F32A43DCCCC25CD2DCE9D5
A36C5E4F47E84449FF07ED3517B43A31
 

Link to post
Share on other sites

ComboFix 14-01-16.03 - Dave 01/21/2014  20:38:00.2.1 - x86
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.1.1033.18.1015.480 [GMT -5:00]
Running from: c:\users\Dave\Desktop\ComboFix.exe
Command switches used :: c:\users\Dave\Desktop\cfscript.txt
AV: Kaspersky Internet Security *Disabled/Outdated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
FW: Kaspersky Internet Security *Disabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}
SP: Kaspersky Internet Security *Disabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
- REDUCED FUNCTIONALITY MODE -
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\drivers\multikey.sys
.
.
--------------- FCopy ---------------
.
c:\windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_6bd245e79c221747\rpcss.dll --> c:\windows\System32\rpcss.dll
.
(((((((((((((((((((((((((   Files Created from 2013-12-22 to 2014-01-22  )))))))))))))))))))))))))))))))
.
.
2014-01-22 01:40 . 2014-01-22 01:42 -------- d-----w- c:\users\Dave\AppData\Local\temp
2014-01-22 01:40 . 2014-01-22 01:40 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-01-22 01:40 . 2014-01-22 01:40 -------- d-----w- c:\users\Arlene\AppData\Local\temp
2014-01-17 22:19 . 2013-04-04 19:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-01-17 02:20 . 2014-01-17 02:53 -------- d-----w- c:\users\Dave\AppData\Roaming\Wise Registry Cleaner
2014-01-16 23:33 . 2014-01-16 23:33 -------- d-----w- c:\windows\ERUNT
2014-01-10 23:24 . 2014-01-10 23:31 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-01-10 22:35 . 2014-01-11 15:00 -------- d-----w- C:\TDSSKiller_Quarantine
2014-01-10 22:21 . 2014-01-10 22:21 -------- d-----w- c:\users\Dave\AppData\Local\VS Revo Group
2014-01-10 22:21 . 2014-01-10 22:21 -------- d-----w- c:\programdata\VS Revo Group
2014-01-10 22:21 . 2009-12-30 15:21 27192 ----a-w- c:\windows\system32\drivers\revoflt.sys
2014-01-10 00:49 . 2014-01-19 01:52 -------- d-----w- C:\AdwCleaner
2014-01-07 01:36 . 2014-01-17 22:15 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2013-12-30 03:25 . 2014-01-13 02:14 -------- d-----w- c:\users\Dave\AppData\Local\CrashDumps
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-01-13 03:51 . 2014-01-11 15:34 132224 ----a-w- c:\windows\system32\drivers\WUDFRd.sys.bak
2014-01-13 03:51 . 2014-01-11 15:34 92672 ----a-w- c:\windows\system32\drivers\WUDFPf.sys.bak
2014-01-13 03:51 . 2014-01-11 15:34 16384 ----a-w- c:\windows\system32\drivers\ws2ifsl.sys.bak
2014-01-13 03:51 . 2014-01-11 15:34 14912 ----a-w- c:\windows\system32\drivers\wmilib.sys.bak
2014-01-13 03:51 . 2014-01-11 15:34 11264 ----a-w- c:\windows\system32\drivers\wmiacpi.sys.bak
2014-01-13 03:51 . 2014-01-11 15:34 34944 ----a-w- c:\windows\system32\drivers\winusb.sys.bak
2014-01-13 03:51 . 2014-01-11 15:34 19008 ----a-w- c:\windows\system32\drivers\wimmount.sys.bak
2014-01-13 03:51 . 2014-01-11 15:34 9728 ----a-w- c:\windows\system32\drivers\wfplwf.sys.bak
2014-01-13 03:51 . 2014-01-11 15:34 38480 ----a-w- c:\windows\system32\drivers\WdfLdr.sys.bak
2014-01-13 03:51 . 2014-01-11 15:34 445008 ----a-w- c:\windows\system32\drivers\Wdf01000.sys.bak
2014-01-13 03:51 . 2014-01-11 15:34 19024 ----a-w- c:\windows\system32\drivers\wd.sys.bak
2014-01-13 03:51 . 2014-01-11 15:34 35328 ----a-w- c:\windows\system32\drivers\watchdog.sys.bak
2014-01-13 03:51 . 2014-01-11 15:34 63488 ----a-w- c:\windows\system32\drivers\wanarp.sys.bak
2014-01-13 03:51 . 2014-01-11 15:34 21632 ----a-w- c:\windows\system32\drivers\wacompen.sys.bak
2014-01-13 03:51 . 2014-01-11 15:34 14336 ----a-w- c:\windows\system32\drivers\vwifimp.sys.bak
2014-01-13 03:51 . 2014-01-11 15:34 48128 ----a-w- c:\windows\system32\drivers\vwififlt.sys.bak
2014-01-13 03:51 . 2014-01-11 15:34 19968 ----a-w- c:\windows\system32\drivers\vwifibus.sys.bak
2014-01-13 03:51 . 2014-01-11 15:34 242176 ----a-w- c:\windows\system32\drivers\VSTICH3.SYS.bak
2014-01-13 03:51 . 2014-01-11 15:34 980992 ----a-w- c:\windows\system32\drivers\VSTDPV3.SYS.bak
2014-01-13 03:51 . 2014-01-11 15:34 661504 ----a-w- c:\windows\system32\drivers\VSTCNXT3.SYS.bak
2014-01-13 03:51 . 2014-01-11 15:34 141904 ----a-w- c:\windows\system32\drivers\vsmraid.sys.bak
2014-01-13 03:51 . 2014-01-11 15:34 245328 ----a-w- c:\windows\system32\drivers\volsnap.sys.bak
2014-01-13 03:51 . 2014-01-11 15:34 297040 ----a-w- c:\windows\system32\drivers\volmgrx.sys.bak
2014-01-13 03:51 . 2014-01-11 15:34 53312 ----a-w- c:\windows\system32\drivers\volmgr.sys.bak
2014-01-13 03:51 . 2014-01-11 15:34 111616 ----a-w- c:\windows\system32\drivers\videoprt.sys.bak
2014-01-13 03:51 . 2014-01-11 15:34 16976 ----a-w- c:\windows\system32\drivers\viaide.sys.bak
2014-01-13 03:51 . 2014-01-11 15:34 52736 ----a-w- c:\windows\system32\drivers\viac7.sys.bak
2014-01-13 03:51 . 2014-01-11 15:34 53328 ----a-w- c:\windows\system32\drivers\VIAAGP.SYS.bak
2014-01-13 03:51 . 2014-01-11 15:33 159824 ----a-w- c:\windows\system32\drivers\vhdmp.sys.bak
2014-01-13 03:51 . 2014-01-11 15:33 26112 ----a-w- c:\windows\system32\drivers\vgapnp.sys.bak
2014-01-13 03:51 . 2014-01-11 15:33 25088 ----a-w- c:\windows\system32\drivers\vga.sys.bak
2014-01-13 03:51 . 2014-01-11 15:33 32832 ----a-w- c:\windows\system32\drivers\vdrvroot.sys.bak
2014-01-13 03:51 . 2014-01-11 15:33 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys.bak
2014-01-13 03:51 . 2014-01-11 15:33 75776 ----a-w- c:\windows\system32\drivers\USBSTOR.SYS.bak
2014-01-13 03:51 . 2014-01-11 15:33 26112 ----a-w- c:\windows\system32\drivers\usbrpm.sys.bak
2014-01-13 03:51 . 2014-01-11 15:33 19968 ----a-w- c:\windows\system32\drivers\usbprint.sys.bak
2014-01-13 03:51 . 2014-01-11 15:33 284160 ----a-w- c:\windows\system32\drivers\usbport.sys.bak
2014-01-13 03:51 . 2014-01-11 15:33 20480 ----a-w- c:\windows\system32\drivers\usbohci.sys.bak
2014-01-13 03:51 . 2014-01-11 15:33 88960 ----a-w- c:\windows\system32\drivers\USBlyzer.sys.bak
2014-01-13 03:51 . 2014-01-11 15:33 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys.bak
2014-01-13 03:50 . 2014-01-11 15:33 43008 ----a-w- c:\windows\system32\drivers\usbehci.sys.bak
2014-01-13 03:50 . 2014-01-11 15:33 5888 ----a-w- c:\windows\system32\drivers\usbd.sys.bak
2014-01-13 03:50 . 2014-01-11 15:33 86016 ----a-w- c:\windows\system32\drivers\usbcir.sys.bak
2014-01-13 03:50 . 2014-01-11 15:33 75776 ----a-w- c:\windows\system32\drivers\usbccgp.sys.bak
2014-01-13 03:50 . 2014-01-11 15:33 25856 ----a-w- c:\windows\system32\drivers\USBCAMD2.sys.bak
2014-01-13 03:50 . 2014-01-11 15:33 25856 ----a-w- c:\windows\system32\drivers\USBCAMD.sys.bak
2014-01-13 03:50 . 2014-01-11 15:33 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys.bak
2014-01-13 03:50 . 2014-01-11 15:33 8192 ----a-w- c:\windows\system32\drivers\umpass.sys.bak
2014-01-13 03:50 . 2014-01-11 15:33 39936 ----a-w- c:\windows\system32\drivers\umbus.sys.bak
2014-01-13 03:50 . 2014-01-11 15:33 57424 ----a-w- c:\windows\system32\drivers\ULIAGPKX.SYS.bak
2014-01-13 03:50 . 2014-01-11 15:33 246784 ----a-w- c:\windows\system32\drivers\udfs.sys.bak
2014-01-13 03:50 . 2014-01-11 15:32 55888 ----a-w- c:\windows\system32\drivers\UAGP35.SYS.bak
2014-01-13 03:50 . 2014-01-11 15:32 108544 ----a-w- c:\windows\system32\drivers\tunnel.sys.bak
2014-01-13 03:50 . 2014-01-11 15:32 30208 ----a-w- c:\windows\system32\drivers\tssecsrv.sys.bak
2014-01-13 03:50 . 2014-01-11 15:32 51776 ----a-w- c:\windows\system32\drivers\termdd.sys.bak
2014-01-13 03:50 . 2014-01-11 15:32 74240 ----a-w- c:\windows\system32\drivers\tdx.sys.bak
2014-01-13 03:50 . 2014-01-11 15:32 24064 ----a-w- c:\windows\system32\drivers\tdtcp.sys.bak
2014-01-13 03:50 . 2014-01-11 15:32 17920 ----a-w- c:\windows\system32\drivers\tdpipe.sys.bak
2014-01-13 03:50 . 2014-01-11 15:32 20992 ----a-w- c:\windows\system32\drivers\tdi.sys.bak
2014-01-13 03:50 . 2014-01-11 15:32 34816 ----a-w- c:\windows\system32\drivers\tcpipreg.sys.bak
2014-01-13 03:50 . 2014-01-11 15:31 1285488 ----a-w- c:\windows\system32\drivers\tcpip.sys.bak
2014-01-13 03:50 . 2014-01-11 15:31 24576 ----a-w- c:\windows\system32\drivers\tape.sys.bak
2014-01-13 03:50 . 2014-01-11 15:31 12240 ----a-w- c:\windows\system32\drivers\swenum.sys.bak
2014-01-13 03:50 . 2014-01-11 15:31 53632 ----a-w- c:\windows\system32\drivers\stream.sys.bak
2014-01-13 03:50 . 2014-01-11 15:31 146304 ----a-w- c:\windows\system32\drivers\storport.sys.bak
2014-01-13 03:50 . 2014-01-11 15:31 21072 ----a-w- c:\windows\system32\drivers\stexstor.sys.bak
2014-01-13 03:50 . 2014-01-11 15:31 273168 ----a-w- c:\windows\system32\drivers\STAC97.sys.bak
2014-01-13 03:50 . 2014-01-11 15:31 114176 ----a-w- c:\windows\system32\drivers\srvnet.sys.bak
2014-01-13 03:50 . 2014-01-11 15:31 309760 ----a-w- c:\windows\system32\drivers\srv2.sys.bak
2014-01-13 03:50 . 2014-01-11 15:31 311296 ----a-w- c:\windows\system32\drivers\srv.sys.bak
2014-01-13 03:50 . 2014-01-11 15:31 405504 ----a-w- c:\windows\system32\drivers\spsys.sys.bak
2014-01-13 03:50 . 2014-01-11 15:31 17472 ----a-w- c:\windows\system32\drivers\spldr.sys.bak
2014-01-13 03:50 . 2014-01-11 15:31 17408 ----a-w- c:\windows\system32\drivers\smclib.sys.bak
2014-01-13 03:50 . 2014-01-11 15:31 71168 ----a-w- c:\windows\system32\drivers\smb.sys.bak
2014-01-13 03:50 . 2014-01-11 15:31 77888 ----a-w- c:\windows\system32\drivers\sisraid4.sys.bak
2014-01-13 03:50 . 2014-01-11 15:31 40016 ----a-w- c:\windows\system32\drivers\sisraid2.sys.bak
2014-01-13 03:50 . 2014-01-11 15:31 52304 ----a-w- c:\windows\system32\drivers\SISAGP.SYS.bak
2014-01-13 03:50 . 2014-01-11 15:31 13824 ----a-w- c:\windows\system32\drivers\sfloppy.sys.bak
2014-01-13 03:50 . 2014-01-11 15:31 12800 ----a-w- c:\windows\system32\drivers\sffp_sd.sys.bak
2014-01-13 03:50 . 2014-01-11 15:31 12288 ----a-w- c:\windows\system32\drivers\sffp_mmc.sys.bak
2014-01-13 03:50 . 2014-01-11 15:31 11264 ----a-w- c:\windows\system32\drivers\sffdisk.sys.bak
2014-01-13 03:50 . 2014-01-11 15:30 19968 ----a-w- c:\windows\system32\drivers\sermouse.sys.bak
2014-01-13 03:50 . 2014-01-11 15:30 83456 ----a-w- c:\windows\system32\drivers\serial.sys.bak
2014-01-13 03:50 . 2014-01-11 15:30 17920 ----a-w- c:\windows\system32\drivers\serenum.sys.bak
2014-01-13 03:50 . 2014-01-11 15:30 20480 ----a-w- c:\windows\system32\drivers\secdrv.sys.bak
2014-01-13 03:50 . 2014-01-11 15:30 140368 ----a-w- c:\windows\system32\drivers\scsiport.sys.bak
2014-01-13 03:50 . 2014-01-11 15:30 26624 ----a-w- c:\windows\system32\drivers\scfilter.sys.bak
2014-01-13 03:50 . 2014-01-11 15:30 85568 ----a-w- c:\windows\system32\drivers\sbp2port.sys.bak
2014-01-13 03:50 . 2014-01-11 15:30 60928 ----a-w- c:\windows\system32\drivers\rspndr.sys.bak
2014-01-13 03:50 . 2014-01-11 15:30 8192 ----a-w- c:\windows\system32\drivers\rootmdm.sys.bak
2014-01-13 03:50 . 2014-01-11 15:30 33280 ----a-w- c:\windows\system32\drivers\RNDISMP.sys.bak
2014-01-13 03:50 . 2014-01-11 15:30 117248 ----a-w- c:\windows\system32\drivers\rmcast.sys.bak
2014-01-13 03:50 . 2014-01-11 15:30 129536 ----a-w- c:\windows\system32\drivers\rfcomm.sys.bak
2014-01-13 03:50 . 2014-01-11 15:30 27192 ----a-w- c:\windows\system32\drivers\revoflt.sys.bak
2014-01-13 03:50 . 2014-01-11 15:30 173648 ----a-w- c:\windows\system32\drivers\rdyboost.sys.bak
2014-01-13 03:50 . 2014-01-11 15:30 177152 ----a-w- c:\windows\system32\drivers\rdpwd.sys.bak
2014-01-13 03:50 . 2014-01-11 15:30 7168 ----a-w- c:\windows\system32\drivers\RDPREFMP.sys.bak
2014-01-13 03:50 . 2014-01-11 15:30 6656 ----a-w- c:\windows\system32\drivers\RDPENCDD.sys.bak
2014-01-13 03:50 . 2014-01-11 15:30 6656 ----a-w- c:\windows\system32\drivers\RDPCDD.sys.bak
2014-01-13 03:50 . 2014-01-11 15:30 18944 ----a-w- c:\windows\system32\drivers\rdpbus.sys.bak
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2011-03-02 15:23 68216 ----a-w- d:\utilities\IDMShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="d:\utilities\IDMan.exe" [2011-03-15 3278232]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-16 221184]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"USB2Check"="c:\windows\system32\PCLECoInst.dll" [2006-11-06 81920]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-01-13 131072]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-01-13 163840]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-01-13 135168]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKLM\~\startupfolder\C:^Users^Dave^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\Dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-30 04:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-09-07 22:58 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 16:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PrnStatusMX]
2007-08-29 21:06 1077248 ----a-w- c:\program files\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile-based device management]
2007-05-31 14:21 648072 ----a-w- c:\windows\WindowsMobile\wmdcBase.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe  -run [x]
R2 MBAMService;MBAMService;d:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
R2 multikey;Virtual USB MultiKey;c:\windows\system32\DRIVERS\multikey.sys [x]
R3 cleanhlp;cleanhlp;f:\eek\Run\cleanhlp32.sys [x]
R3 gfiark;gfiark;c:\windows\system32\drivers\gfiark.sys [2013-05-23 43368]
R3 qcusbser;Qualcomm USB Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\qcusbser.sys [2004-11-02 64384]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 27192]
R3 SydexFDD;Sydex Diskette Driver;c:\windows\System32\drivers\sydexfdd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-11 1343400]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [2010-06-09 11352]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2010-04-22 22104]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2011-01-25 85768]
S2 MBAMScheduler;MBAMScheduler;d:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
S3 GTIPCI21;GTIPCI21;c:\windows\system32\DRIVERS\gtipci21.sys [2006-09-14 88192]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-11-02 19984]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 22856]
S3 USBlyzer;USBlyzer Capture Driver;c:\windows\system32\DRIVERS\USBlyzer.sys [2010-03-24 88960]
S3 VST_DPV;VST_DPV;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
S3 VSTHWICH;VSTHWICH;c:\windows\system32\DRIVERS\VSTICH3.SYS [2009-07-13 242176]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ    wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ    WcesComm RapiMgr
.
Contents of the 'Scheduled Tasks' folder
.
2014-01-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-09-12 23:29]
.
2014-01-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-09-12 23:29]
.
.
------- Supplementary Scan -------
.

IE: Download all links with IDM - d:\utilities\IEGetAll.htm
IE: Download FLV video content with IDM - d:\utilities\IEGetVL.htm
IE: Download with IDM - d:\utilities\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 192.168.1.1
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TrueSight]
"ImagePath"="\??\"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2498604805-1792745340-2404885984-1000_Classes\CLSID\{20e5c607-f2b3-45c9-8fca-e1c569cf56b4}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000005
"Therad"=dword:0000001e
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
   38,95,44,e6,4e,41,10,c4,2c,98,b2,df,7b,ad,34,74,cf,94,30,42,2d,58,8e,14,1a,\
.
[HKEY_USERS\S-1-5-21-2498604805-1792745340-2404885984-1000_Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):f2,b6,4e,1a,bc,f9,87,85,f2,16,3a,e5,77,8f,a8,ef,60,3d,4a,ae,ad,
   f0,8f,55,3e,4e,6d,6e,fd,ac,33,c6,2a,52,41,a9,ab,47,c8,bf,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-2498604805-1792745340-2404885984-1000_Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):12,c0,93,08,60,e1,c1,33,5e,21,2a,61,fd,4a,c2,8b,2f,98,16,0d,1c,
   13,41,2d,fb,88,79,ac,be,1b,89,49,83,ef,1e,bb,10,dc,46,eb,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-2498604805-1792745340-2404885984-1000_Classes\CLSID\{ff825e20-f30f-4dd0-a442-5fd6f2630918}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:0000007f
"Therad"=dword:00000015
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
   1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\taskhost.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\conhost.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2014-01-21  20:47:03 - machine was rebooted
ComboFix-quarantined-files.txt  2014-01-22 01:47
ComboFix2.txt  2014-01-20 23:19
.
Pre-Run: 614,002,688 bytes free
Post-Run: 562,835,456 bytes free
.
- - End Of File - - 3343E56F282ECDA9068890CA152C804C
A36C5E4F47E84449FF07ED3517B43A31
 

Link to post
Share on other sites

The script was posted with instructions and now it has been removed from this thread. Please do not call me a liar. I will post the script if you would like and perhaps it will jog one of the moderators memory

or this site has been hacked. In any event my problem has been solved by whoever posted that script for me to run. I can't donate to them can I?

 

Odlaw

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.