Jump to content

My Files disappeared (Malwarebytes' Anti-Malware log file)


Recommended Posts

Here is the contents of my most recent Malwarebytes' Anti-Malware log file and my dds.txt file below. The requested zip file is attached as well. Thanks in advance for your help!

--------------------------------------------------------------------------------------------------------------------------------------------------------

DDS (Ver_2011-07-14.01) - NTFS_x86

Internet Explorer: 8.0.7600.16385

Run by YARDEN at 20:35:19 on 2011-07-14

Microsoft Windows 7 Ultimate 6.1.7600.0.1255.972.1033.18.2045.1086 [GMT 3:00]

.

AV: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}

SP: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ================

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

C:\Windows\system32\taskhost.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Windows\system32\Dwm.exe

C:\Windows\AutoKMS\AutoKMS.exe

C:\Windows\Explorer.EXE

C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe

C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe

C:\Program Files\DellTPad\Apoint.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe

C:\Program Files\TeamViewer\Version6\TeamViewer.exe

C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\DellTPad\ApMsgFwd.exe

C:\Program Files\DellTPad\Apntex.exe

C:\Program Files\DellTPad\HidFind.exe

C:\Windows\system32\conhost.exe

C:\Program Files\TeamViewer\Version6\tv_w32.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\KMSEmulator.exe

C:\Windows\system32\conhost.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe

C:\Users\YARDEN\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\conhost.exe

C:\Users\YARDEN\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\System32\mobsync.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\svchost.exe -k hpdevmgmt

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\svchost.exe -k HPService

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

.

============== Pseudo HJT Report ===============

.

BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - c:\program files\windows live\companion\companioncore.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL

BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\6.3.2322.0\npwinext.dll

BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

TB: @c:\program files\msn toolbar\platform\6.3.2322.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\6.3.2322.0\npwinext.dll

EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll

EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll

uRun: [PowerSuite] "c:\program files\uniblue\powersuite\launcher.exe" delay 20000 -m

uRun: [DriverScanner] "c:\program files\uniblue\driverscanner\launcher.exe" delay 20000

mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe

mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice

mRun: [bCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices

mRun: [Apoint] c:\program files\delltpad\Apoint.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe

mPolicies-Explorer: NoDrives = dword:65536

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: &ייצוא אל Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000

IE: ש&לח אל OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105

IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: NameServer = 10.0.0.138

TCP: Interfaces\{0EFEE745-B979-414B-A484-3E6E261463B6} : DHCPNameServer = 10.0.0.138

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll

SSODL: WebCheck - <orphaned>

LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg pku2u livessp

mASetup: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "c:\program files\windows mail\WinMail.exe" OCInstallUserConfigOE

.

============= SERVICES / DRIVERS ===============

.

R2 eamonm;eamonm;c:\windows\system32\drivers\eamonm.sys [2010-6-24 136120]

R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2010-6-24 810144]

R2 epfwwfpr;epfwwfpr;c:\windows\system32\drivers\epfwwfpr.sys [2010-4-28 96896]

R2 TeamViewer6;TeamViewer 6;c:\program files\teamviewer\version6\TeamViewer_Service.exe [2011-6-1 2337144]

R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\tuneup utilities 2011\TuneUpUtilitiesService32.exe [2011-6-6 1524544]

R3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]

R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfslh.sys [2010-4-24 550760]

R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplaylh.sys [2010-4-24 195944]

R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvollh.sys [2010-4-24 19304]

R3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [2011-5-21 25088]

R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\tuneup utilities 2011\TuneUpUtilitiesDriver32.sys [2011-5-18 10064]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 cvhsvc;Client Virtualization Handler;c:\program files\common files\microsoft shared\virtualization handler\CVHSVC.EXE [2010-2-28 821664]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]

S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2011-6-13 39272]

S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]

S3 llrcmir;llrcmir;c:\windows\system32\drivers\llrcm.sys [2009-5-14 11808]

S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2010-12-2 137600]

S3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirlh.sys [2010-4-24 21864]

S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-5-2 1343400]

S4 sftlist;Application Virtualization Client;c:\program files\microsoft application virtualization client\sftlist.exe [2010-4-24 483688]

S4 sftvsa;Application Virtualization Service Agent;c:\program files\microsoft application virtualization client\sftvsa.exe [2010-4-24 209768]

S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]

.

=============== Created Last 30 ================

.

2011-07-14 17:35:09 151552 ----a-w- c:\windows\KMSEmulator.exe

2011-07-14 16:54:51 31552 ----a-w- c:\windows\system32\TURegOpt.exe

2011-07-14 16:54:47 29504 ----a-w- c:\windows\system32\uxtuneup.dll

2011-07-14 16:54:46 21312 ----a-w- c:\windows\system32\authuitu.dll

2011-07-14 16:54:27 -------- d-----w- c:\users\yarden\appdata\roaming\TuneUp Software

2011-07-14 16:54:17 -------- d-----w- c:\program files\TuneUp Utilities 2011

2011-07-14 16:53:52 -------- d-----w- c:\programdata\TuneUp Software

2011-07-14 16:53:32 -------- d-sh--w- c:\programdata\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}

2011-07-14 14:52:24 -------- d-----w- c:\users\yarden\appdata\local\ElevatedDiagnostics

2011-07-14 11:56:53 -------- d-----w- c:\programdata\Avira

2011-07-14 11:40:59 -------- d-----w- c:\users\yarden\appdata\roaming\Malwarebytes

2011-07-14 11:40:51 -------- d-----w- c:\programdata\Malwarebytes

2011-07-14 11:22:25 -------- d-----w- c:\program files\DellTPad

2011-07-14 11:22:13 -------- dc-h--w- c:\programdata\~0

2011-07-14 11:22:12 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll

2011-07-14 11:22:12 114616 ----a-w- c:\windows\system32\Vxdif.dll

2011-07-14 11:22:11 255096 ----a-w- c:\windows\system32\drivers\Apfiltr.sys

2011-07-14 11:20:48 -------- d-----w- c:\users\yarden\appdata\local\PackageAware

2011-07-14 11:19:05 -------- d-----w- c:\programdata\Uniblue

2011-07-14 11:14:55 -------- d-----w- c:\users\yarden\appdata\roaming\Uniblue

2011-07-13 19:51:36 7074640 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{395591ce-c88a-433f-8ddb-0488a1693d14}\mpengine.dll

2011-07-12 21:04:57 271872 ----a-w- c:\windows\system32\conhost.exe

2011-07-12 21:04:57 169984 ----a-w- c:\windows\system32\winsrv.dll

2011-07-12 21:04:39 2332672 ----a-w- c:\windows\system32\win32k.sys

2011-07-12 10:11:43 -------- d-----w- c:\program files\Microsoft Synchronization Services

2011-07-12 01:42:49 -------- d-----w- c:\users\yarden\appdata\local\HP

2011-07-11 12:51:55 -------- d-----w- c:\users\yarden\appdata\local\Adobe

2011-07-11 12:42:55 -------- d-----w- c:\users\yarden\appdata\roaming\{90140011-0061-040D-0000-0000000FF1CE}

2011-07-11 12:42:38 -------- d-----w- c:\programdata\Virtualized Applications

2011-07-09 19:40:42 224016 ----a-w- c:\windows\system32\TABCTL32.OCX

2011-07-09 19:14:25 -------- d-----w- c:\users\yarden\appdata\local\ESET

2011-07-09 15:33:55 -------- d-----w- c:\users\yarden\appdata\roaming\TeamViewer

2011-07-07 20:48:55 -------- d-----w- c:\program files\ESET

2011-07-07 17:35:03 -------- d-----w- c:\programdata\VirtualizedApplications

2011-07-07 13:21:04 -------- d-----w- c:\users\yarden\appdata\local\Microsoft Help

2011-07-07 13:08:18 -------- d-----w- c:\users\yarden\appdata\local\SoftGrid Client

2011-07-07 13:07:51 -------- d-----w- c:\users\yarden\appdata\roaming\SoftGrid Client

2011-07-07 13:06:25 -------- d-----w- c:\program files\Microsoft Application Virtualization Client

2011-07-07 13:05:38 -------- d-----w- c:\users\yarden\appdata\roaming\TP

2011-07-07 04:28:42 -------- d-----w- c:\users\yarden\appdata\local\VirtualStore

2011-07-02 16:21:13 -------- d-----w- c:\windows\AutoKMS

2011-06-29 04:19:07 86528 ----a-w- c:\windows\system32\SearchFilterHost.exe

2011-06-29 04:19:07 666624 ----a-w- c:\windows\system32\mssvp.dll

2011-06-29 04:19:07 59392 ----a-w- c:\windows\system32\msscntrs.dll

2011-06-29 04:19:07 428032 ----a-w- c:\windows\system32\SearchIndexer.exe

2011-06-29 04:19:07 337408 ----a-w- c:\windows\system32\mssph.dll

2011-06-29 04:19:07 197120 ----a-w- c:\windows\system32\mssphtb.dll

2011-06-29 04:19:07 164352 ----a-w- c:\windows\system32\SearchProtocolHost.exe

2011-06-29 04:19:07 1553920 ----a-w- c:\windows\system32\tquery.dll

2011-06-29 04:19:07 1401856 ----a-w- c:\windows\system32\mssrch.dll

2011-06-29 04:19:03 294912 ----a-w- c:\windows\system32\umpnpmgr.dll

2011-06-16 02:52:23 311296 ----a-w- c:\windows\system32\drivers\srv.sys

2011-06-16 02:52:23 309760 ----a-w- c:\windows\system32\drivers\srv2.sys

2011-06-16 02:52:23 114176 ----a-w- c:\windows\system32\drivers\srvnet.sys

2011-06-16 02:52:15 338944 ----a-w- c:\windows\system32\drivers\afd.sys

2011-06-16 02:52:15 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys

2011-06-16 02:52:06 571904 ----a-w- c:\windows\system32\oleaut32.dll

2011-06-16 02:52:02 78336 ----a-w- c:\windows\system32\drivers\dfsc.sys

.

==================== Find3M ====================

.

2011-06-02 05:58:05 290816 ----a-w- c:\windows\system32\KernelBase.dll

2011-06-02 03:45:49 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll

2011-06-02 03:45:49 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll

2011-06-02 03:45:49 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll

2011-06-02 03:45:49 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll

2011-05-28 03:00:02 1638912 ----a-w- c:\windows\system32\mshtml.tlb

2011-05-24 16:14:10 222080 ------w- c:\windows\system32\MpSigStub.exe

2011-05-23 11:21:41 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-05-04 02:43:59 222720 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

2011-05-04 02:43:48 96256 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys

2011-05-04 02:43:41 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-05-03 04:50:29 740864 ----a-w- c:\windows\system32\inetcomm.dll

2011-04-22 19:36:05 26496 ----a-w- c:\windows\system32\drivers\Diskdump.sys

2011-04-22 19:31:50 981504 ----a-w- c:\windows\system32\wininet.dll

2011-04-22 19:31:26 44544 ----a-w- c:\windows\system32\licmgr10.dll

2011-04-22 18:23:59 386048 ----a-w- c:\windows\system32\html.iec

.

============= FINISH: 20:36:36.33 ===============

attach.zip

Link to post
Share on other sites

Hi, and :welcome:

First of all, download and run unhide.exe and see if this restores your files.

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!

  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

Link to post
Share on other sites

If you wnat to reformat that is fine, however, at this point I see no need for it. If unhide.exe did not make your files visible, please continue with the steps below. NOTE: be sure you have actually run the file, otherwise you might lose some shortcuts.

COMBOFIX

---------------

Please download ComboFix from one of these locations:


Bleepingcomputer
ForoSpyware

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Query_RC.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC_successful.gif

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply.

Link to post
Share on other sites

It's the "C:\Combofix.txt":

--------------------------------------------------------------------------------------------------------------------------------------------------------

ComboFix 11-07-15.01 - YARDEN 07/15/2011 15:19:39.1.2 - x86

Microsoft Windows 7 Ultimate 6.1.7600.0.1255.972.1033.18.2045.1044 [GMT 3:00]

Running from: c:\users\YARDEN\Desktop\ComboFix.exe

AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}

SP: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((( Files Created from 2011-06-15 to 2011-07-15 )))))))))))))))))))))))))))))))

.

.

2011-07-15 12:25 . 2011-07-15 12:25 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-07-15 12:18 . 2011-07-15 12:18 -------- d-----w- C:\32788R22FWJFW

2011-07-15 10:49 . 2011-06-07 15:55 7074640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C6E37013-9CA1-41BC-9A64-5225C9B5AFCD}\mpengine.dll

2011-07-14 16:54 . 2011-06-06 15:29 31552 ----a-w- c:\windows\system32\TURegOpt.exe

2011-07-14 16:54 . 2011-06-06 15:23 29504 ----a-w- c:\windows\system32\uxtuneup.dll

2011-07-14 16:54 . 2011-06-06 15:24 21312 ----a-w- c:\windows\system32\authuitu.dll

2011-07-14 16:54 . 2011-07-14 16:54 -------- d-----w- c:\users\YARDEN\AppData\Roaming\TuneUp Software

2011-07-14 16:54 . 2011-07-14 16:54 -------- d-----w- c:\program files\TuneUp Utilities 2011

2011-07-14 16:53 . 2011-07-14 16:54 -------- d-----w- c:\programdata\TuneUp Software

2011-07-14 16:53 . 2011-07-14 16:53 -------- d-sh--w- c:\programdata\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}

2011-07-14 14:52 . 2011-07-14 14:52 -------- d-----w- c:\users\YARDEN\AppData\Local\ElevatedDiagnostics

2011-07-14 11:56 . 2011-07-14 15:38 -------- d-----w- c:\programdata\Avira

2011-07-14 11:40 . 2011-07-14 11:40 -------- d-----w- c:\users\YARDEN\AppData\Roaming\Malwarebytes

2011-07-14 11:40 . 2011-07-14 11:40 -------- d-----w- c:\programdata\Malwarebytes

2011-07-14 11:22 . 2011-07-14 11:22 -------- d-----w- c:\program files\DellTPad

2011-07-14 11:22 . 2011-07-14 17:10 -------- dc----w- c:\programdata\~0

2011-07-14 11:22 . 2011-07-14 11:22 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll

2011-07-14 11:22 . 2011-07-14 11:22 114616 ----a-w- c:\windows\system32\Vxdif.dll

2011-07-14 11:22 . 2011-07-14 11:22 255096 ----a-w- c:\windows\system32\drivers\Apfiltr.sys

2011-07-14 11:20 . 2011-07-14 11:20 -------- d-----w- c:\users\YARDEN\AppData\Local\PackageAware

2011-07-14 11:19 . 2011-07-14 11:19 -------- d-----w- c:\programdata\Uniblue

2011-07-14 11:14 . 2011-07-14 11:19 -------- d-----w- c:\users\YARDEN\AppData\Roaming\Uniblue

2011-07-12 21:04 . 2011-06-02 05:59 169984 ----a-w- c:\windows\system32\winsrv.dll

2011-07-12 21:04 . 2011-06-02 05:55 271872 ----a-w- c:\windows\system32\conhost.exe

2011-07-12 21:04 . 2011-06-11 02:37 2332672 ----a-w- c:\windows\system32\win32k.sys

2011-07-12 10:11 . 2011-07-12 10:11 -------- d-----w- c:\program files\Microsoft Synchronization Services

2011-07-12 01:42 . 2011-07-12 01:42 -------- d-----w- c:\users\YARDEN\AppData\Local\HP

2011-07-11 12:51 . 2011-07-11 12:51 -------- d-----w- c:\users\YARDEN\AppData\Local\Adobe

2011-07-11 12:42 . 2011-07-11 12:42 -------- d-----w- c:\users\YARDEN\AppData\Roaming\{90140011-0061-040D-0000-0000000FF1CE}

2011-07-07 13:07 . 2011-07-14 14:28 -------- d-----w- c:\users\YARDEN\AppData\Roaming\SoftGrid Client

2011-07-07 13:06 . 2011-07-09 00:01 -------- d-----w- c:\program files\Microsoft Application Virtualization Client

2011-07-07 13:05 . 2011-07-11 12:42 -------- d-----w- c:\users\YARDEN\AppData\Roaming\TP

2011-07-07 04:28 . 2011-07-07 04:28 -------- d-----w- c:\users\YARDEN\AppData\Local\VirtualStore

2011-07-02 16:21 . 2011-07-07 08:31 -------- d-----w- c:\windows\AutoKMS

2011-06-29 04:19 . 2011-05-04 04:53 1553920 ----a-w- c:\windows\system32\tquery.dll

2011-06-29 04:19 . 2011-05-04 04:52 666624 ----a-w- c:\windows\system32\mssvp.dll

2011-06-29 04:19 . 2011-05-04 04:52 59392 ----a-w- c:\windows\system32\msscntrs.dll

2011-06-29 04:19 . 2011-05-04 04:52 337408 ----a-w- c:\windows\system32\mssph.dll

2011-06-29 04:19 . 2011-05-04 04:52 197120 ----a-w- c:\windows\system32\mssphtb.dll

2011-06-29 04:19 . 2011-05-04 04:52 1401856 ----a-w- c:\windows\system32\mssrch.dll

2011-06-29 04:19 . 2011-05-04 04:52 86528 ----a-w- c:\windows\system32\SearchFilterHost.exe

2011-06-29 04:19 . 2011-05-04 04:52 428032 ----a-w- c:\windows\system32\SearchIndexer.exe

2011-06-29 04:19 . 2011-05-04 04:52 164352 ----a-w- c:\windows\system32\SearchProtocolHost.exe

2011-06-29 04:19 . 2011-05-24 10:35 294912 ----a-w- c:\windows\system32\umpnpmgr.dll

2011-06-16 02:52 . 2011-04-29 02:57 311296 ----a-w- c:\windows\system32\drivers\srv.sys

2011-06-16 02:52 . 2011-04-29 02:57 309760 ----a-w- c:\windows\system32\drivers\srv2.sys

2011-06-16 02:52 . 2011-04-29 02:57 114176 ----a-w- c:\windows\system32\drivers\srvnet.sys

2011-06-16 02:52 . 2011-04-25 04:56 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys

2011-06-16 02:52 . 2011-04-25 02:35 338944 ----a-w- c:\windows\system32\drivers\afd.sys

2011-06-16 02:52 . 2010-12-18 05:31 571904 ----a-w- c:\windows\system32\oleaut32.dll

2011-06-16 02:52 . 2011-04-27 02:33 78336 ----a-w- c:\windows\system32\drivers\dfsc.sys

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-06-13 10:53 . 2010-06-24 08:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2011-05-24 16:14 . 2011-04-30 08:06 222080 ------w- c:\windows\system32\MpSigStub.exe

2011-05-23 11:21 . 2011-05-23 11:21 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-05-01 12:38 . 2011-05-01 12:38 159080 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10138.bin

2011-04-22 19:36 . 2011-05-25 04:08 26496 ----a-w- c:\windows\system32\drivers\Diskdump.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]

"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-06-24 2202704]

"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]

"Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-07-14 292208]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"Google Update"="c:\users\YARDEN\AppData\Local\Google\Update\GoogleUpdate.exe" /c

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe"

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-27 821664]

R3 llrcmir;llrcmir;c:\windows\system32\DRIVERS\llrcm.sys [2009-05-14 11808]

R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]

R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2010-12-02 137600]

R3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2010-04-23 21864]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-05-01 1343400]

R4 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [2010-04-23 483688]

R4 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [2010-04-23 209768]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]

S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2010-04-28 114984]

S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2010-06-24 136120]

S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2010-06-24 810144]

S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2010-04-28 96896]

S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2011-06-01 2337144]

S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [2011-06-06 1524544]

S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2010-04-23 550760]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2010-04-23 195944]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2010-04-23 19304]

S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys [2011-03-30 25088]

S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [2011-05-18 10064]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - 33934400

*NewlyCreated* - 35474065

*NewlyCreated* - 39797378

*Deregistered* - 33934400

*Deregistered* - 35474065

*Deregistered* - 39797378

*Deregistered* - uxdiapob

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

HPService REG_MULTI_SZ HPSLPSVC

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

UxTuneUp

.

Contents of the 'Scheduled Tasks' folder

.

2011-07-14 c:\windows\Tasks\AutoKMS.job

- c:\windows\AutoKMS\AutoKMS.exe [2011-07-02 16:21]

.

2011-07-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2502045025-1503448730-3529293144-1001Core.job

- c:\users\YARDEN\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-01 08:51]

.

2011-07-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2502045025-1503448730-3529293144-1001UA.job

- c:\users\YARDEN\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-01 08:51]

.

.

------- Supplementary Scan -------

.

IE: &ייצוא אל Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000

IE: ש&לח אל OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105

TCP: DhcpNameServer = 10.0.0.138

.

- - - - ORPHANS REMOVED - - - -

.

HKCU-Run-PowerSuite - c:\program files\Uniblue\PowerSuite\launcher.exe

HKCU-Run-DriverScanner - c:\program files\Uniblue\DriverScanner\launcher.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-2502045025-1503448730-3529293144-1001_Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]

@Denied: (Full) (Everyone)

@Allowed: (Read) (RestrictedCode)

"scansk"=hex(0):ca,a0,ee,67,c3,dd,af,12,e8,4e,7f,15,ae,8a,c3,aa,14,a9,c6,2d,da,

da,2b,4a,64,df,37,42,da,ac,ee,fc,99,b9,79,7e,b0,8f,d8,71,00,00,00,00,00,00,\

.

[HKEY_USERS\S-1-5-21-2502045025-1503448730-3529293144-1001_Classes\CLSID\{6f750d4c-0799-4d36-bf72-66e06df9e76d}]

@Denied: (Full) (Everyone)

@Allowed: (Read) (RestrictedCode)

"Model"=dword:000000ae

"Therad"=dword:0000001e

"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,

38,95,44,3d,f6,71,65,13,40,c1,17,1d,a3,70,41,b0,ca,ef,58,3b,92,26,5c,fd,c9,\

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'Explorer.exe'(184)

c:\program files\TeamViewer\Version6\tv_w32.dll

.

Completion time: 2011-07-15 15:27:21

ComboFix-quarantined-files.txt 2011-07-15 12:27

.

Pre-Run: 48,991,006,720 bytes free

Post-Run: 49,524,776,960 bytes free

.

- - End Of File - - 1F3EA87DFE53513CDED035DACF7612F8

Link to post
Share on other sites

  • 4 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.