Jump to content

Please help me get cleaned!


Recommended Posts

  • Staff

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

-screen317

Link to post
Share on other sites

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

-screen317

******************************************************************************************************************************Thanks for getting back to me and helping me out. Here are the logs.

Malwarebytes' Anti-Malware 1.51.0.1200

www.malwarebytes.org

Database version: 6875

Windows 6.1.7601 Service Pack 1

Internet Explorer 9.0.8112.16421

6/17/2011 6:44:14 AM

mbam-log-2011-06-17 (06-44-14).txt

Scan type: Quick scan

Objects scanned: 183890

Time elapsed: 4 minute(s), 34 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

******************************************************************************************************************************

ComboFix 11-06-16.02 - Spartacus 06/17/2011 8:12.4.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3957.2186 [GMT -4:00]

Running from: c:\users\Spartacus\Desktop\ComboFix.exe

AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((( Files Created from 2011-05-17 to 2011-06-17 )))))))))))))))))))))))))))))))

.

.

2011-06-17 12:19 . 2011-06-17 12:19 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-06-17 12:19 . 2011-06-17 12:19 -------- d-----w- c:\users\Administrator\AppData\Local\temp

2011-06-14 22:18 . 2011-06-14 22:18 -------- d-----w- c:\program files (x86)\Common Files\Symantec Shared

2011-06-14 16:18 . 2011-06-14 16:20 -------- d-----w- c:\program files\Symantec

2011-06-14 16:18 . 2011-06-14 16:20 174200 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS

2011-06-14 16:17 . 2011-06-14 16:17 -------- d-----w- c:\program files (x86)\Norton 360

2011-06-14 16:17 . 2011-06-14 16:17 -------- d-----w- c:\program files (x86)\NortonInstaller

2011-06-14 15:22 . 2011-06-14 15:22 -------- d-----w- c:\users\Spartacus\AppData\Roaming\Malwarebytes

2011-06-14 15:22 . 2011-05-29 13:11 39984 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys

2011-06-14 15:22 . 2011-06-14 15:22 -------- d-----w- c:\programdata\Malwarebytes

2011-06-14 15:22 . 2011-06-14 15:22 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2011-06-14 15:22 . 2011-05-29 13:11 25912 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-06-14 14:07 . 2011-06-14 14:07 -------- d-----w- c:\users\Spartacus\AppData\Roaming\SUPERAntiSpyware.com

2011-06-14 14:07 . 2011-06-14 14:07 -------- d-----w- c:\programdata\SUPERAntiSpyware.com

2011-06-14 14:07 . 2011-06-14 14:07 -------- d-----w- c:\programdata\!SASCORE

2011-06-14 14:07 . 2011-06-14 14:07 -------- d-----w- c:\program files\SUPERAntiSpyware

2011-06-14 13:48 . 2011-06-14 17:54 20040 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys

2011-06-14 13:45 . 2011-06-14 13:45 -------- d-----w- c:\program files\Hitman Pro 3.5

2011-06-14 13:45 . 2011-06-14 13:47 -------- d-----w- c:\programdata\Hitman Pro

2011-06-06 15:46 . 2011-06-06 15:46 -------- d-----w- c:\users\Spartacus\AppData\Roaming\Tific

2011-06-06 15:25 . 2011-06-06 15:25 -------- d-----w- c:\program files (x86)\PCPitstop

2011-06-05 13:34 . 2011-06-11 13:04 -------- d-----w- c:\users\Spartacus\AppData\Roaming\DVDVideoSoft

2011-06-05 13:31 . 2011-06-05 13:34 -------- d-----w- c:\program files (x86)\Common Files\DVDVideoSoft

2011-06-05 13:31 . 2011-06-05 13:34 -------- d-----w- c:\program files (x86)\DVDVideoSoft

2011-06-03 14:06 . 2011-04-22 22:15 27520 ----a-w- c:\windows\system32\drivers\Diskdump.sys

2011-05-24 23:14 . 2011-06-08 19:00 -------- d-----w- c:\program files\Dell Support Center

2011-05-19 17:01 . 2011-05-19 17:01 -------- d-----w- c:\program files (x86)\Common Files\Java

2011-05-19 16:07 . 2010-08-21 03:59 34152 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys

2011-05-19 16:06 . 2011-06-14 16:17 -------- d-----w- c:\windows\system32\drivers\N360x64\0501000.01D

2011-05-19 14:40 . 2011-05-19 14:40 -------- d-----w- c:\windows\SysWow64\Adobe

2011-05-19 14:40 . 2011-05-19 14:40 -------- d--h--w- c:\windows\AxInstSV

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-04-13 19:04 . 2011-04-13 19:04 45432 ----a-w- c:\windows\system32\drivers\point64.sys

2011-04-12 17:01 . 2011-04-12 17:01 52632 ----a-w- c:\windows\system32\drivers\dc3d.sys

2011-04-09 07:02 . 2011-05-11 17:40 5562240 ----a-w- c:\windows\system32\ntoskrnl.exe

2011-04-09 06:58 . 2011-05-11 17:40 142336 ----a-w- c:\windows\system32\poqexec.exe

2011-04-09 06:02 . 2011-05-11 17:40 3967872 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2011-04-09 06:02 . 2011-05-11 17:40 3912576 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2011-04-09 05:56 . 2011-05-11 17:40 123904 ----a-w- c:\windows\SysWow64\poqexec.exe

2011-04-09 03:00 . 2011-04-09 03:00 465920 ----a-w- c:\windows\system32\itpcoin815.dll

2011-04-09 03:00 . 2011-04-09 03:00 464896 ----a-w- c:\windows\system32\ipcoin815.dll

2011-04-07 13:42 . 2011-04-07 13:42 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe

2011-04-07 13:42 . 2011-04-07 13:42 161792 ----a-w- c:\windows\SysWow64\msls31.dll

2011-04-07 13:42 . 2011-04-07 13:42 1126912 ----a-w- c:\windows\SysWow64\wininet.dll

2011-04-07 13:42 . 2011-04-07 13:42 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll

2011-04-07 13:42 . 2011-04-07 13:42 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe

2011-04-07 13:42 . 2011-04-07 13:42 74752 ----a-w- c:\windows\SysWow64\iesetup.dll

2011-04-07 13:42 . 2011-04-07 13:42 63488 ----a-w- c:\windows\SysWow64\tdc.ocx

2011-04-07 13:42 . 2011-04-07 13:42 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll

2011-04-07 13:42 . 2011-04-07 13:42 420864 ----a-w- c:\windows\SysWow64\vbscript.dll

2011-04-07 13:42 . 2011-04-07 13:42 367104 ----a-w- c:\windows\SysWow64\html.iec

2011-04-07 13:42 . 2011-04-07 13:42 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll

2011-04-07 13:42 . 2011-04-07 13:42 1797632 ----a-w- c:\windows\SysWow64\jscript9.dll

2011-04-07 13:42 . 2011-04-07 13:42 152064 ----a-w- c:\windows\SysWow64\wextract.exe

2011-04-07 13:42 . 2011-04-07 13:42 150528 ----a-w- c:\windows\SysWow64\iexpress.exe

2011-04-07 13:42 . 2011-04-07 13:42 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl

2011-04-07 13:42 . 2011-04-07 13:42 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll

2011-04-07 13:41 . 2011-04-07 13:41 35840 ----a-w- c:\windows\SysWow64\imgutil.dll

2011-04-07 13:41 . 2011-04-07 13:41 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb

2011-04-07 13:41 . 2011-04-07 13:41 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe

2011-04-07 13:41 . 2011-04-07 13:41 11776 ----a-w- c:\windows\SysWow64\mshta.exe

2011-04-07 13:41 . 2011-04-07 13:41 101888 ----a-w- c:\windows\SysWow64\admparse.dll

2011-04-07 13:41 . 2011-04-07 13:41 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe

2011-04-07 13:41 . 2011-04-07 13:41 49664 ----a-w- c:\windows\system32\imgutil.dll

2011-04-07 13:41 . 2011-04-07 13:41 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2011-04-07 13:41 . 2011-04-07 13:41 2303488 ----a-w- c:\windows\system32\jscript9.dll

2011-04-07 13:41 . 2011-04-07 13:41 222208 ----a-w- c:\windows\system32\msls31.dll

2011-04-07 13:41 . 2011-04-07 13:41 173056 ----a-w- c:\windows\system32\ieUnatt.exe

2011-04-07 13:41 . 2011-04-07 13:41 1389056 ----a-w- c:\windows\system32\wininet.dll

2011-04-07 13:41 . 2011-04-07 13:41 135168 ----a-w- c:\windows\system32\IEAdvpack.dll

2011-04-07 13:41 . 2011-04-07 13:41 12288 ----a-w- c:\windows\system32\mshta.exe

2011-04-07 13:41 . 2011-04-07 13:41 114176 ----a-w- c:\windows\system32\admparse.dll

2011-04-07 13:41 . 2011-04-07 13:41 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

2011-04-07 13:41 . 2011-04-07 13:41 85504 ----a-w- c:\windows\system32\iesetup.dll

2011-04-07 13:41 . 2011-04-07 13:41 76800 ----a-w- c:\windows\system32\tdc.ocx

2011-04-07 13:41 . 2011-04-07 13:41 603648 ----a-w- c:\windows\system32\vbscript.dll

2011-04-07 13:41 . 2011-04-07 13:41 48640 ----a-w- c:\windows\system32\mshtmler.dll

2011-04-07 13:41 . 2011-04-07 13:41 448512 ----a-w- c:\windows\system32\html.iec

2011-04-07 13:41 . 2011-04-07 13:41 30720 ----a-w- c:\windows\system32\licmgr10.dll

2011-04-07 13:41 . 2011-04-07 13:41 165888 ----a-w- c:\windows\system32\iexpress.exe

2011-04-07 13:41 . 2011-04-07 13:41 160256 ----a-w- c:\windows\system32\wextract.exe

2011-04-07 13:41 . 2011-04-07 13:41 1492992 ----a-w- c:\windows\system32\inetcpl.cpl

2011-04-07 13:41 . 2011-04-07 13:41 111616 ----a-w- c:\windows\system32\iesysprep.dll

2011-04-06 20:26 . 2011-04-06 20:26 96544 ----a-w- c:\windows\system32\dnssd.dll

2011-04-06 20:26 . 2011-04-06 20:26 119584 ----a-w- c:\windows\system32\dns-sd.exe

2011-04-06 20:20 . 2011-04-06 20:20 91424 ----a-w- c:\windows\SysWow64\dnssd.dll

2011-04-06 20:20 . 2011-04-06 20:20 107808 ----a-w- c:\windows\SysWow64\dns-sd.exe

2011-03-25 03:29 . 2011-05-11 17:40 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys

2011-03-25 03:29 . 2011-05-11 17:40 98816 ----a-w- c:\windows\system32\drivers\usbccgp.sys

2011-03-25 03:29 . 2011-05-11 17:40 325120 ----a-w- c:\windows\system32\drivers\usbport.sys

2011-03-25 03:29 . 2011-05-11 17:40 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys

2011-03-25 03:29 . 2011-05-11 17:40 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys

2011-03-25 03:29 . 2011-05-11 17:40 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys

2011-03-25 03:28 . 2011-05-11 17:40 7936 ----a-w- c:\windows\system32\drivers\usbd.sys

2011-03-21 17:22 . 2011-03-21 17:22 74272 ----a-w- c:\windows\system32\RtNicProp64.dll

2011-03-21 17:22 . 2011-03-21 17:22 452200 ----a-w- c:\windows\system32\drivers\Rt64win7.sys

2011-03-21 17:22 . 2009-07-22 10:24 107552 ----a-w- c:\windows\system32\RTNUninst64.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{88836b34-ff60-42d0-a684-e58683fcc4b9}"= "c:\program files (x86)\Web_Developer\prxtbWeb_.dll" [2011-01-17 175912]

.

[HKEY_CLASSES_ROOT\clsid\{88836b34-ff60-42d0-a684-e58683fcc4b9}]

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]

2011-01-17 20:54 175912 ----a-w- c:\program files (x86)\ConduitEngine\prxConduitEngine.dll

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{88836b34-ff60-42d0-a684-e58683fcc4b9}]

2011-01-17 20:54 175912 ----a-w- c:\program files (x86)\Web_Developer\prxtbWeb_.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]

"{88836b34-ff60-42d0-a684-e58683fcc4b9}"= "c:\program files (x86)\Web_Developer\prxtbWeb_.dll" [2011-01-17 175912]

"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]

.

[HKEY_CLASSES_ROOT\clsid\{88836b34-ff60-42d0-a684-e58683fcc4b9}]

.

[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\Spartacus\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\Spartacus\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\Spartacus\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]

"googletalk"="c:\users\Spartacus\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-06-10 2988928]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-12-29 140520]

"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-12-16 498160]

"SSDMonitor"="c:\program files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [2010-12-14 112600]

"Monitor"="c:\program files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe" [2010-11-19 193880]

"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-11-11 288088]

"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]

"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-11 624248]

"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2010-02-09 1807680]

"Bing Bar"="c:\program files (x86)\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe" [2010-04-27 243544]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-04-27 421160]

"HTC Sync Loader"="c:\program files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2011-01-08 585728]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]

"c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2010-12-27 560128]

"Launcher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe" [2011-01-13 165184]

.

c:\users\Spartacus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]

Dropbox.lnk - c:\users\Spartacus\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]

OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2010-5-28 276328]

WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2010-11-8 4236288]

.

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 lxdiCATSCustConnectService;lxdiCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\lxdiserv.exe [2007-06-11 33712]

R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]

R3 FlyUsb;FLY Fusion;c:\windows\system32\DRIVERS\FlyUsb.sys [x]

R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x]

R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [x]

R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [x]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]

S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0501000.01D\SYMDS64.SYS [x]

S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0501000.01D\SYMEFA64.SYS [x]

S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20110616.003\BHDrvx64.sys [2011-05-19 1143416]

S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20110615.001\IDSvia64.sys [2011-06-03 488056]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2010-02-17 14920]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2010-02-17 12360]

S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0501000.01D\Ironx64.SYS [x]

S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\N360x64\0501000.01D\SYMNETS.SYS [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-05-04 128384]

S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-10-09 92160]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]

S2 lxdi_device;lxdi_device;c:\windows\system32\lxdicoms.exe [2007-06-11 876976]

S2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\5.1.0.29\ccSvcHst.exe [2011-04-17 130008]

S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2010-09-16 80896]

S2 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files (x86)\PCPitstop\PCPitstopScheduleService.exe [2010-09-13 86016]

S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [2010-12-14 632792]

S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-01-13 705856]

S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-09-30 2320920]

S2 WDDMService;WDDMService;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2010-11-08 288256]

S2 WDFME;WD File Management Engine;c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [2010-11-08 1060352]

S2 WDSC;WD File Management Shadow Engine;c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [2010-11-08 485376]

S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]

S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]

S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]

S3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc_x64.pkms [2011-05-12 25072]

S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - EECTRL

*NewlyCreated* - ERASERUTILDRVI11

*Deregistered* - EraserUtilDrvI11

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}]

2010-11-20 12:17 302592 ----a-w- c:\windows\System32\cmd.exe

.

Contents of the 'Scheduled Tasks' folder

.

2011-06-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-130964284-1154840403-1610244535-1000Core.job

- c:\users\Spartacus\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-11 14:07]

.

2011-06-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-130964284-1154840403-1610244535-1000UA.job

- c:\users\Spartacus\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-11 14:07]

.

2011-06-14 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job

- c:\program files\Dell Support Center\uaclauncher.exe [2011-05-16 22:16]

.

2011-06-16 c:\windows\Tasks\SystemToolsDailyTest.job

- c:\program files\Dell Support Center\uaclauncher.exe [2011-05-16 22:16]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 97792 ----a-w- c:\users\Spartacus\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 97792 ----a-w- c:\users\Spartacus\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 97792 ----a-w- c:\users\Spartacus\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-09-16 357376]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-09 8158240]

"Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4968960]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-04-13 2399632]

"lxdimon.exe"="c:\program files (x86)\Lexmark 3500-4500 Series\lxdimon.exe" [2007-07-16 434864]

"lxdiamon"="c:\program files (x86)\Lexmark 3500-4500 Series\lxdiamon.exe" [2007-07-16 25264]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.com/

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: Append to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert link target to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert link target to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert selected links to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert selected links to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert selection to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert selection to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000

IE: Free YouTube Download - c:\users\Spartacus\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm

IE: Free YouTube to MP3 Converter - c:\users\Spartacus\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

IE: Lookup on Merriam Webster

IE: Lookup on Wikipedia

IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a}

TCP: DhcpNameServer = 192.168.1.1 192.168.1.1

FF - ProfilePath - c:\users\Spartacus\AppData\Roaming\Mozilla\Firefox\Profiles\4d9kyfqm.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

Toolbar-{EA582743-9076-4178-9AA6-7393FDF4D5CE} - (no file)

WebBrowser-{88836B34-FF60-42D0-A684-E58683FCC4B9} - (no file)

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]

"ImagePath"="\"c:\program files (x86)\Norton 360\Engine\5.1.0.29\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\5.1.0.29\diMaster.dll\" /prefetch:1"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{1E208CE0-FB7451FF-06020101}_0]

"ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2011-06-17 08:22:49

ComboFix-quarantined-files.txt 2011-06-17 12:22

ComboFix2.txt 2011-06-17 11:53

ComboFix3.txt 2011-06-13 20:00

.

Pre-Run: 12,766,420,992 bytes free

Post-Run: 12,571,840,512 bytes free

.

- - End Of File - - EE9BDA5E3CFF4F99B1047EB56CBB8747

Link to post
Share on other sites

  • Staff

Hi,

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

-screen317

Link to post
Share on other sites

Eset online scan found 0 infected files and did not generate a txt file. Here is the log for the checkup file.

Results of screen317's Security Check version 0.99.14

Windows 7 (UAC is enabled)

Internet Explorer 8

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Enabled!

Adobe After Effects CS3 Presets

Norton 360

WMI entry may not exist for antivirus; attempting automatic update.

```````````````````````````````

Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware

Java 6 Update 24

Out of date Java installed!

Flash Player Out of Date!

Adobe Flash Player 10.2.159.1

Adobe Reader X (10.0.1) Adobe Reader Out of Date!

Mozilla Firefox (x86 en-US..)

````````````````````````````````

Process Check:

objlist.exe by Laurent

Norton ccSvcHst.exe

``````````End of Log````````````

I will check to see how it runs when I get to my office where I have the problem and post any issues.

Link to post
Share on other sites

  • Staff

Hi,

Sorry for the delay.

Navigate to Start --> Run, and type Combofix /uninstall in the box that appears. Click OK afterward. Notice the space between the X and the /uninstall

This uninstalls all of ComboFix's components.

Delete SecurityCheck.

After that, navigate to Start --> Control Panel --> Add or Remove Programs, and uninstall the following program (if present):

Java™ 6 Update 24

Adobe Flash Player 10.2.159.1

Adobe Reader X (10.0.1)

Restart your computer.

Get the latest version of Java, Adobe Reader, and Adobe Flash Player.

Let me know what issues remain.

-screen317

Link to post
Share on other sites

Hi screen317,

I have deleted and removed and reinstalled everything that you said. Rebooted and it seems to be fine. I do notice that now the menu bar for google.com is black, but not sure if that is something that they changed for the home page or not. Did you see where the problem was?

LuckyRhyno

Link to post
Share on other sites

  • Staff

Hi,

Could have been a number of things, really. Remnants of old infection, software error, etc. As long as everything's working fine now.. :)

I highly recommend the PRO version of MBAM; with it, it's likely that this issue would have been prevented in the first place.

Now that your computer seems to be in proper working order, please take the following steps to help prevent reinfection:

1) Download and install Javacool's SpywareBlaster, which will prevent malware from being installed on your computer. A tutorial on it can be found here.

2) Go to Windows Update frequently to get all of the latest updates (security or otherwise) for Windows.

3) Make sure your programs are up to date! Older versions may contain security risks. To find out what programs need to be updated, please run Secunia's Software Inspector.

4) WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:

  • Green to go
  • Yellow for caution
  • Red to stop

WOT has an addon available for both Firefox and IE.

5) Be sure to update your Antivirus and Antispyware programs often!

Finally, please also take the time to read Tony Klein's excellent article on: So How Did I Get Infected in the First Place?

Safe surfing,

-screen317

Link to post
Share on other sites

  • 1 month later...
  • Staff

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.