Jump to content


Photo

Browser Redirects Malware Problem


  • This topic is locked This topic is locked
20 replies to this topic

#1 CrackedSpork

CrackedSpork

    Member

  • Full Member
  • Pip
  • 11 posts

Posted 01 November 2012 - 04:24 PM

Hi all,
I have read the Instructions for posting requested logs and think I got a handle on what's needed.

Problem: My browser periodically, but persistently redirects to hxxp://answers.nixxie.com/s.php?k=goodluck%20buy&adid=13183&ts=1001SMA_A07&subid=263328-179594-4737-27681&click=1606607115-4148.2773.5092dd92.1082&ref=http://topmarket-search.com/index.php?search=goodluck%20buy and hxxp://63.209.69.107/search/web/spywareinfoforum/C10/ecn/46351-8911_1234/v5

I ran a full system scan with Malwarebytes Anti-Malware before coming here and it found:
***


Malwarebytes Anti-Malware (Trial) 1.65.1.1000
www.malwarebytes.org

Database version: v2012.11.01.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Bill :: BILL-PC [administrator]

Protection: Enabled

11/1/2012 11:21:40 AM
mbam-log-2012-11-01 (11-21-40).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 376706
Time elapsed: 19 minute(s), 24 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Windows\System32\InstallShield\_isdel.exe (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Windows\winsxs\wow64_microsoft-windows-i..llshield-wow64-main_31bf3856ad364e35_6.1.7600.16385_none_ca61f601a4548b8e\_isdel.exe (Trojan.Zbot) -> Quarantined and deleted successfully.

(end)


***
I deleted the two files and restarted my computer, but the redirect still persist. So, I came here to in hopes that someone could help me out?
Thank You











Malwarebytes Anti-Malware (Trial) 1.65.1.1000
www.malwarebytes.org

Database version: v2012.11.01.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Bill :: BILL-PC [administrator]

Protection: Enabled

11/1/2012 12:58:16 PM
mbam-log-2012-11-01 (12-58-16).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 204950
Time elapsed: 1 minute(s), 2 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)



***


DDS (Ver_2012-10-19.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by Bill at 12:45:07 on 2012-11-01
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3983.1730 [GMT -8:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
c:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe
C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
c:\Program Files\Intel\Intel® Smart Connect Technology Agent\ISCTHidMonitor.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Cypress\TrackPad\CyCpIo.exe
C:\Program Files\Cypress\TrackPad\CyHidWin.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\HP Officejet 6600\Bin\ScanToPCActivationApp.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Belkin Storage Manager\StorageManager.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\HP\HP Officejet 6600\Bin\HPNetworkCommunicator.exe
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - <orphaned>
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: DeLorme Send To GPS: {FBAAD182-3C7A-4BC4-A5E9-207B8E0F02FD} - C:\Program Files (x86)\DeLorme\SendToGPS\PNPluginForIE.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
EB: <No Name>: {555D4D79-4BD2-4094-A395-CFC534424A05} - LocalServer32 - <no file>
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [HP Officejet 6600 (NET)] "C:\Program Files\HP\HP Officejet 6600\Bin\ScanToPCActivationApp.exe" -deviceID "CN23G2B0WC05RN:NW" -scfn "HP Officejet 6600 (NET)" -AutoStart 1
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [Belkin Storage Manager] "C:\Program Files (x86)\Belkin Storage Manager\StorageManager.exe"
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab
TCP: NameServer = 192.168.2.1 192.168.2.1
TCP: Interfaces\{225E38B0-7734-4F79-AA7A-770E0F5A9DC1} : DHCPNameServer = 13.36.0.103
TCP: Interfaces\{DF4BB926-DA86-4258-9373-857BDEAE9D9D} : DHCPNameServer = 192.168.2.1 192.168.2.1
TCP: Interfaces\{DF4BB926-DA86-4258-9373-857BDEAE9D9D}\1487563737D465430303 : DHCPNameServer = 192.168.0.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg pku2u livessp
x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: DeLorme Send To GPS: {FBAAD182-3C7A-4BC4-A5E9-207B8E0F02FD} - C:\Program Files\DeLorme\SendToGPS\PNPluginForIE-x64.dll
x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /MAXX4
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [IntelPAN] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PAN Tray
x64-Run: [BTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
x64-Run: [CyCpIo] C:\Program Files\Cypress\TrackPad\CyCpIo.exe
x64-Run: [CyHidWin] C:\Program Files\Cypress\TrackPad\CyHidWin.exe
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Bill\AppData\Roaming\Mozilla\Firefox\Profiles\hbb0yj3z.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.http - 188.93.20.179
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\DeLorme\SendToGPS\nppnplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
.
---- FIREFOX POLICIES ----
FF - user.js: general.useragent.extra.brc -
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2012-3-24 969200]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2012-3-24 359464]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2012-2-25 98208]
R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-9-15 1166848]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2012-3-24 25232]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2012-3-24 71600]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-8-22 44808]
R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-10-18 936272]
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2011-10-18 1001808]
R2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-6-3 134928]
R2 ISCTAgent;ISCT Always Updated Agent;C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [2011-11-10 121856]
R2 jhi_service;Intel® Identity Protection Technology Host Interface Service;C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe [2011-9-28 212944]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-11-1 399432]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-11-1 676936]
R2 RtkAudioService;Realtek Audio Service;C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [2012-2-25 199272]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-3-24 1153368]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-2-24 2656536]
R3 acpials;ALS Sensor Filter;C:\Windows\System32\drivers\acpials.sys [2010-11-20 9728]
R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;C:\Windows\System32\drivers\AmpPal.sys [2011-9-15 299008]
R3 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2011-10-18 1354064]
R3 btmaux;Intel Bluetooth Auxiliary Service;C:\Windows\System32\drivers\btmaux.sys [2011-8-29 53760]
R3 btmhsf;btmhsf;C:\Windows\System32\drivers\btmhsf.sys [2011-11-15 327168]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2012-2-24 176096]
R3 cyhid;Cypress Input Device;C:\Windows\System32\drivers\cyhid.sys [2012-9-20 117248]
R3 cykbfltrService;Cypress Keyboard Filter Driver;C:\Windows\System32\drivers\cykbfltr.sys [2012-9-20 13824]
R3 cymfltrService;Cypress Trackpad Filter Driver;C:\Windows\System32\drivers\cymfltr.sys [2012-9-20 79872]
R3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;C:\Windows\System32\drivers\FLxHCIc.sys [2012-2-25 215296]
R3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;C:\Windows\System32\drivers\FLxHCIh.sys [2012-2-25 70912]
R3 iBtFltCoex;iBtFltCoex;C:\Windows\System32\drivers\iBtFltCoex.sys [2011-12-9 60416]
R3 ikbevent;Intel Upper keyboard Class Filter Driver;C:\Windows\System32\drivers\ikbevent.sys [2011-11-10 25024]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-2-25 317440]
R3 irstrtdv;Intel® Rapid Start Technology Driver;C:\Windows\System32\drivers\irstrtdv.sys [2012-2-25 26504]
R3 ISCT;Intel® Smart Connect Technology Device Driver;C:\Windows\System32\drivers\ISCTD64.sys [2011-11-10 44992]
R3 iwdbus;IWD Bus Enumerator;C:\Windows\System32\drivers\iwdbus.sys [2011-9-8 25496]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-11-1 25928]
R3 MEIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2012-2-25 56344]
R3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers\NETwNs64.sys [2012-2-25 8604672]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\System32\drivers\vwifimp.sys [2009-7-13 17920]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-3-24 136176]
S2 irstrtsv;Intel® Rapid Start Technology Service;C:\Windows\SysWOW64\irstrtsv.exe [2012-2-24 184320]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-11 250808]
S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;C:\Windows\System32\drivers\AmpPal.sys [2011-9-15 299008]
S3 AX88178;ASIX AX88178 USB2.0 to Gigabit Ethernet Adapter;C:\Windows\System32\drivers\ax88178.sys [2012-2-25 56320]
S3 FACAP;facap, FastAccess Video Capture;C:\Windows\System32\drivers\facap.sys [2008-9-24 238848]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-3-24 136176]
S3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2012-2-25 158976]
S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\Windows\System32\drivers\intelaud.sys [2011-9-8 34200]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-11 115168]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-9-15 340240]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2011-4-27 84864]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-10-29 19456]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-10-29 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2012-10-29 30208]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-3-24 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-11-01 19:20:42 -------- d-----w- C:\Users\Bill\AppData\Roaming\Malwarebytes
2012-11-01 19:20:38 -------- d-----w- C:\ProgramData\Malwarebytes
2012-11-01 19:20:37 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-11-01 19:20:37 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-10-30 15:25:58 9291768 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A0DD7F27-CBCB-4290-8E16-CBA827B574F8}\mpengine.dll
2012-10-27 20:09:25 96224 ----a-w- C:\Program Files (x86)\Mozilla Firefox\webapprt-stub.exe
2012-10-27 20:08:19 -------- d-----w- C:\Windows\Hewlett-Packard
2012-10-27 20:00:59 778088 ------w- C:\Windows\System32\HPDiscoPM5D12.dll
2012-10-27 20:00:36 -------- d-----w- C:\Program Files\HP
2012-10-17 02:19:46 33240 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
2012-10-17 02:19:27 -------- d-----w- C:\Program Files\iPod
2012-10-17 02:19:26 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-10-17 02:19:26 -------- d-----w- C:\Program Files\iTunes
2012-10-17 02:19:26 -------- d-----w- C:\Program Files (x86)\iTunes
2012-10-10 03:56:57 220160 ----a-w- C:\Windows\System32\wintrust.dll
2012-10-10 03:56:57 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-10-10 03:56:46 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-10-10 03:56:46 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-10-10 03:56:33 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe
2012-10-10 03:56:30 715776 ----a-w- C:\Windows\System32\kerberos.dll
2012-10-10 03:56:30 542208 ----a-w- C:\Windows\SysWow64\kerberos.dll
2012-10-10 03:56:20 1464320 ----a-w- C:\Windows\System32\crypt32.dll
2012-10-10 03:56:19 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-10-10 03:56:19 1159680 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-10-10 03:56:18 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-10-10 03:56:18 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-10-10 03:56:18 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
.
==================== Find3M ====================
.
2012-10-10 04:34:13 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-10 04:34:13 696760 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-09-23 04:56:03 74703 ----a-w- C:\Windows\SysWow64\mfc45.dll
2012-08-31 18:19:35 1659760 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2012-08-30 18:03:45 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-08-30 17:12:02 3968880 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-08-30 17:12:02 3914096 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-08-24 18:13:17 154480 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-08-24 18:09:34 458712 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-08-24 18:05:03 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-08-24 18:04:18 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-08-24 18:03:09 1448448 ----a-w- C:\Windows\System32\lsasrv.dll
2012-08-24 16:57:40 247808 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-08-24 16:57:40 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-08-24 16:57:37 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-08-24 16:53:35 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2012-08-24 10:31:32 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-08-24 10:21:18 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-08-24 10:20:11 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-08-24 10:14:45 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-08-24 10:13:29 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-08-24 10:09:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-08-24 06:59:17 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-08-24 06:51:27 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-08-24 06:51:02 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-08-24 06:47:26 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-08-24 06:47:12 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-08-24 06:43:58 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-08-23 14:13:11 243200 ----a-w- C:\Windows\System32\rdpudd.dll
2012-08-23 14:10:20 19456 ----a-w- C:\Windows\System32\drivers\rdpvideominiport.sys
2012-08-23 14:08:26 30208 ----a-w- C:\Windows\System32\drivers\TsUsbGD.sys
2012-08-23 14:07:35 57856 ----a-w- C:\Windows\System32\drivers\TsUsbFlt.sys
2012-08-23 13:47:20 46592 ----a-w- C:\Windows\SysWow64\MsRdpWebAccess.dll
2012-08-23 13:46:20 16896 ----a-w- C:\Windows\SysWow64\wksprtPS.dll
2012-08-23 13:41:52 13312 ----a-w- C:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe
2012-08-23 13:40:56 13312 ----a-w- C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll
2012-08-23 13:24:57 15360 ----a-w- C:\Windows\System32\RdpGroupPolicyExtension.dll
2012-08-23 13:20:40 54272 ----a-w- C:\Windows\System32\MsRdpWebAccess.dll
2012-08-23 13:18:14 37376 ----a-w- C:\Windows\SysWow64\tsgqec.dll
2012-08-23 13:17:54 18432 ----a-w- C:\Windows\System32\wksprtPS.dll
2012-08-23 13:06:58 43520 ----a-w- C:\Windows\System32\TsUsbGDCoInstaller.dll
2012-08-23 12:52:53 44032 ----a-w- C:\Windows\System32\tsgqec.dll
2012-08-23 11:20:06 62976 ----a-w- C:\Windows\System32\TSWbPrxy.exe
2012-08-23 11:15:57 269312 ----a-w- C:\Windows\SysWow64\aaclient.dll
2012-08-23 11:14:09 384000 ----a-w- C:\Windows\System32\wksprt.exe
2012-08-23 11:12:17 192000 ----a-w- C:\Windows\SysWow64\rdpendp_winip.dll
2012-08-23 10:54:24 322560 ----a-w- C:\Windows\System32\aaclient.dll
2012-08-23 10:51:14 228864 ----a-w- C:\Windows\System32\rdpendp_winip.dll
2012-08-23 10:39:24 1048064 ----a-w- C:\Windows\SysWow64\mstsc.exe
2012-08-23 10:22:22 1123840 ----a-w- C:\Windows\System32\mstsc.exe
2012-08-23 09:51:57 3174912 ----a-w- C:\Windows\System32\rdpcorets.dll
2012-08-23 08:19:01 4916224 ----a-w- C:\Windows\SysWow64\mstscax.dll
2012-08-23 08:13:07 5773824 ----a-w- C:\Windows\System32\mstscax.dll
2012-08-22 18:12:50 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-08-22 18:12:40 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys
2012-08-22 18:12:40 376688 ----a-w- C:\Windows\System32\drivers\netio.sys
2012-08-22 18:12:33 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2012-08-21 21:01:20 125872 ----a-w- C:\Windows\System32\GEARAspi64.dll
2012-08-21 21:01:20 106928 ----a-w- C:\Windows\SysWow64\GEARAspi.dll
2012-08-21 09:13:13 969200 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2012-08-21 09:13:12 71600 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2012-08-21 09:13:12 54072 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2012-08-21 09:12:33 41224 ----a-w- C:\Windows\avastSS.scr
2012-08-20 18:48:44 362496 ----a-w- C:\Windows\System32\wow64win.dll
2012-08-20 18:48:44 243200 ----a-w- C:\Windows\System32\wow64.dll
2012-08-20 18:48:44 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2012-08-20 18:48:43 215040 ----a-w- C:\Windows\System32\winsrv.dll
2012-08-20 18:48:37 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2012-08-20 18:48:35 424448 ----a-w- C:\Windows\System32\KernelBase.dll
2012-08-20 18:46:22 338432 ----a-w- C:\Windows\System32\conhost.exe
2012-08-20 17:40:21 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2012-08-20 17:38:44 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2012-08-20 17:38:26 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2012-08-20 17:37:19 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2012-08-20 17:37:18 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2012-08-20 15:38:21 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2012-08-20 15:38:20 2048 ----a-w- C:\Windows\SysWow64\user.exe
2012-08-20 15:33:28 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-08-20 15:33:28 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-20 15:33:28 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-08-20 15:33:28 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
.
============= FINISH: 12:45:24.57 ===============



***



Results of screen317's Security Check version 0.99.54
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Spybot - Search & Destroy
Malwarebytes Anti-Malware version 1.65.1.1000
Java™ 6 Update 31
Java version out of Date!
Adobe Flash Player 11.4.402.287
Adobe Reader X (10.1.4)
Mozilla Firefox (16.0.2)
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````



***



Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:16:31 PM, on 11/1/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16450)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Belkin Storage Manager\StorageManager.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe
C:\Users\Bill\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USCON/1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: PNBHO - {FBAAD182-3C7A-4BC4-A5E9-207B8E0F02FD} - C:\Program Files (x86)\DeLorme\SendToGPS\PNPluginForIE.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [Belkin Storage Manager] "C:\Program Files (x86)\Belkin Storage Manager\StorageManager.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [HP Officejet 6600 (NET)] "C:\Program Files\HP\HP Officejet 6600\Bin\ScanToPCActivationApp.exe" -deviceID "CN23G2B0WC05RN:NW" -scfn "HP Officejet 6600 (NET)" -AutoStart 1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://ccfiles.creat...102/CTSUEng.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creat...10926/CTPID.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service (AMPPALR3) - Intel Corporation - C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bluetooth Device Monitor - Intel Corporation - C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
O23 - Service: Bluetooth Media Service - Intel Corporation - C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
O23 - Service: Bluetooth OBEX Service - Intel Corporation - C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service (BTHSSecurityMgr) - Intel® Corporation - C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel® Rapid Start Technology Service (irstrtsv) - Intel Corporation - C:\Windows\SysWOW64\irstrtsv.exe
O23 - Service: ISCT Always Updated Agent (ISCTAgent) - Unknown owner - c:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe
O23 - Service: Intel® Identity Protection Technology Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files (x86)\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: Realtek Audio Service (RtkAudioService) - Realtek Semiconductor - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12485 bytes

Edited by cnm, 01 November 2012 - 06:40 PM.
disabled malware links


#2 ler

ler

    SWI Junkie

  • Helper Trainee+
  • PipPipPipPip
  • 318 posts

Posted 01 November 2012 - 05:13 PM

Hello CrackedSpork,

We are currently studying your logs and will be back to you as soon as possible. Thank you for your patience.

#3 CrackedSpork

CrackedSpork

    Member

  • Full Member
  • Pip
  • 11 posts

Posted 01 November 2012 - 05:14 PM

Hello CrackedSpork,

We are currently studying your logs and will be back to you as soon as possible. Thank you for your patience.


Thanks for the help.

#4 ler

ler

    SWI Junkie

  • Helper Trainee+
  • PipPipPipPip
  • 318 posts

Posted 03 November 2012 - 12:19 PM

Hi CrackedSpork - Welcome to SWI. :hi:

I'm sorry to have kept you waiting.

Files Detected: 2
C:\Windows\System32\InstallShield\_isdel.exe (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Windows\winsxs\wow64_microsoft-windows-i..llshield-wow64-main_31bf3856ad364e35_6.1.7600.16385_none_ca61f601a4548b8e\_isdel.exe (Trojan.Zbot) -> Quarantined and deleted successfully.


MBAM picked up two false positives. You can find more information about it here.

Please start MBAM, go to Quarantine, select C:\Windows\System32\InstallShield\_isdel.exe and click the Restore button.

=====

I notice that you have Spybot's TeaTimer running. It can interfere with some of the tools we use here at SWI. Please disable TeaTimer by doing the following:
1) Run Spybot-S&D
2) Go to the Mode menu, and make sure Advanced Mode is selected
3) On the left hand side, choose Tools -> Resident
4) Uncheck Resident TeaTimer and OK any prompts
You can re-enable TeaTimer once your system is clean.

=====

Download ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please go here to see a list of programs that should be disabled.

Note: **Do not mouseclick ComboFix's window while it's running. That may cause it to stall**
Note: **If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.**

=====

Please download to the Desktop RogueKiller (by tigzy).
  • Please quit all programs.
  • Start RogueKiller.exe.
  • Wait until Prescan has finished.
  • Click on Scan.
  • Click on Report and copy/paste the contents of the report in your next reply.

=====

Please download TDSSKiller.exe to your Desktop

>>> TDSSKiller: Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure. Instead, choose SKIP, then click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

=====

In your next post, please
  • Include the ComboFix log (located at C:\ComboFix.txt)
  • Include the RogueKiller log
  • Include the TDSSKiller log


#5 CrackedSpork

CrackedSpork

    Member

  • Full Member
  • Pip
  • 11 posts

Posted 03 November 2012 - 03:03 PM

I did as instructed with this
Please start MBAM, go to Quarantine, select C:\Windows\System32\InstallShield\_isdel.exe and click the Restore button.
I did not see anything and added a screen shot below for your reference.
Also, I was unable to secure/deactive Windows Defender.
-Thank you

ComboFix 12-11-03.02 - Bill 11/03/2012 11:44:58.5.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3983.2445 [GMT -8:00]
Running from: c:\users\Bill\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-10-03 to 2012-11-03 )))))))))))))))))))))))))))))))
.
.
2012-11-03 19:49 . 2012-11-03 19:49 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-11-03 19:49 . 2012-11-03 19:49 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-02 15:44 . 2012-10-12 07:19 9291768 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6B8FD911-9AC1-4CA0-8073-ABE024E91367}\mpengine.dll
2012-11-01 19:20 . 2012-11-01 19:20 -------- d-----w- c:\users\Bill\AppData\Roaming\Malwarebytes
2012-11-01 19:20 . 2012-11-01 19:20 -------- d-----w- c:\programdata\Malwarebytes
2012-11-01 19:20 . 2012-11-01 20:17 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-11-01 19:20 . 2012-09-30 03:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-10-27 20:08 . 2012-10-27 20:08 -------- d-----w- c:\windows\Hewlett-Packard
2012-10-27 20:00 . 2011-09-10 00:22 778088 ------w- c:\windows\system32\HPDiscoPM5D12.dll
2012-10-27 20:00 . 2012-10-27 20:00 -------- d-----w- c:\program files\HP
2012-10-17 02:19 . 2012-08-21 21:01 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-10-17 02:19 . 2012-10-17 02:19 -------- d-----w- c:\program files\iPod
2012-10-17 02:19 . 2012-10-17 02:19 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-10-17 02:19 . 2012-10-17 02:19 -------- d-----w- c:\program files\iTunes
2012-10-17 02:19 . 2012-10-17 02:19 -------- d-----w- c:\program files (x86)\iTunes
2012-10-10 03:56 . 2012-08-24 18:05 220160 ----a-w- c:\windows\system32\wintrust.dll
2012-10-10 03:56 . 2012-08-24 16:57 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-10-10 03:56 . 2012-09-14 19:19 2048 ----a-w- c:\windows\system32\tzres.dll
2012-10-10 03:56 . 2012-09-14 18:28 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-10-10 03:56 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-10-10 03:56 . 2012-08-11 00:56 715776 ----a-w- c:\windows\system32\kerberos.dll
2012-10-10 03:56 . 2012-08-10 23:56 542208 ----a-w- c:\windows\SysWow64\kerberos.dll
2012-10-10 03:56 . 2012-06-02 05:41 1464320 ----a-w- c:\windows\system32\crypt32.dll
2012-10-10 03:56 . 2012-06-02 05:41 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-10-10 03:56 . 2012-06-02 04:36 1159680 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-10-10 03:56 . 2012-06-02 05:41 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-10-10 03:56 . 2012-06-02 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-10-10 03:56 . 2012-06-02 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-30 22:51 . 2012-03-25 00:36 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-10-30 22:51 . 2012-03-25 00:36 984144 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-10-30 22:51 . 2012-03-25 00:36 71600 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-10-30 22:51 . 2012-03-25 00:36 370288 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-10-30 22:51 . 2012-03-25 00:36 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-10-30 22:51 . 2012-03-25 00:36 41224 ----a-w- c:\windows\avastSS.scr
2012-10-30 22:50 . 2012-03-25 00:36 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-10-30 22:50 . 2012-03-25 00:36 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-10-15 15:59 . 2012-03-25 00:36 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-10-10 04:34 . 2012-04-11 15:50 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-10 04:34 . 2012-02-25 07:13 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-10 04:09 . 2012-03-24 23:59 65309168 ----a-w- c:\windows\system32\MRT.exe
2012-09-23 04:56 . 2012-09-23 04:56 74703 ----a-w- c:\windows\SysWow64\mfc45.dll
2012-08-24 11:15 . 2012-09-22 00:42 17810944 ----a-w- c:\windows\system32\mshtml.dll
2012-08-24 10:39 . 2012-09-22 00:42 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-08-24 10:31 . 2012-09-22 00:42 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-08-24 10:22 . 2012-09-22 00:42 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-08-24 10:21 . 2012-09-22 00:42 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-08-24 10:20 . 2012-09-22 00:42 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-24 10:18 . 2012-09-22 00:42 237056 ----a-w- c:\windows\system32\url.dll
2012-08-24 10:17 . 2012-09-22 00:42 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-08-24 10:14 . 2012-09-22 00:42 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-08-24 10:14 . 2012-09-22 00:42 816640 ----a-w- c:\windows\system32\jscript.dll
2012-08-24 10:13 . 2012-09-22 00:42 599040 ----a-w- c:\windows\system32\vbscript.dll
2012-08-24 10:12 . 2012-09-22 00:42 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-08-24 10:11 . 2012-09-22 00:42 729088 ----a-w- c:\windows\system32\msfeeds.dll
2012-08-24 10:10 . 2012-09-22 00:42 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-08-24 10:09 . 2012-09-22 00:42 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-08-24 10:04 . 2012-09-22 00:42 248320 ----a-w- c:\windows\system32\ieui.dll
2012-08-24 06:59 . 2012-09-22 00:42 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-08-24 06:51 . 2012-09-22 00:42 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-08-24 06:51 . 2012-09-22 00:42 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-08-24 06:47 . 2012-09-22 00:42 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-08-24 06:47 . 2012-09-22 00:42 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-08-24 06:43 . 2012-09-22 00:42 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-08-22 18:12 . 2012-09-15 01:48 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-08-22 18:12 . 2012-09-15 01:48 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-08-22 18:12 . 2012-09-15 01:48 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-08-22 18:12 . 2012-09-15 01:48 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-21 21:01 . 2012-03-25 06:21 125872 ----a-w- c:\windows\system32\GEARAspi64.dll
2012-08-21 21:01 . 2012-03-25 06:21 106928 ----a-w- c:\windows\SysWow64\GEARAspi.dll
2012-08-20 17:38 . 2012-10-10 03:57 44032 ----a-w- c:\windows\apppatch\acwow64.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Officejet 6600 (NET)"="c:\program files\HP\HP Officejet 6600\Bin\ScanToPCActivationApp.exe" [2011-09-10 2676584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
"Belkin Storage Manager"="c:\program files (x86)\Belkin Storage Manager\StorageManager.exe" [2009-02-04 858624]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 irstrtsv;Intel® Rapid Start Technology Service;c:\windows\SysWOW64\irstrtsv.exe [2011-07-07 184320]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-30 676936]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys [2011-09-15 299008]
R3 AX88178;ASIX AX88178 USB2.0 to Gigabit Ethernet Adapter;c:\windows\system32\DRIVERS\ax88178.sys [2009-10-02 56320]
R3 FACAP;facap, FastAccess Video Capture;c:\windows\system32\DRIVERS\facap.sys [2008-09-25 238848]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-02-27 158976]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys [2011-09-08 34200]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-30 25928]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-09-16 340240]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 84864]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 TDKLIB;TDKLIB;c:\users\Bill\AppData\Local\Temp\ExtactTemp\TdkLib64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-25 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-09-15 1166848]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-30 71600]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-10-18 936272]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [2011-10-18 1001808]
S2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-06-03 134928]
S2 ISCTAgent;ISCT Always Updated Agent;c:\program files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [2011-11-10 121856]
S2 jhi_service;Intel® Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [2011-09-28 212944]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-30 399432]
S2 RtkAudioService;Realtek Audio Service;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe [2011-05-18 199272]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-05-04 2656536]
S3 acpials;ALS Sensor Filter;c:\windows\system32\DRIVERS\acpials.sys [2009-07-14 9728]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [2011-09-15 299008]
S3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2011-10-18 1354064]
S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [2011-08-29 53760]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [2011-11-15 327168]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2011-01-20 176096]
S3 cyhid;Cypress Input Device;c:\windows\system32\DRIVERS\cyhid.sys [2011-12-09 117248]
S3 cykbfltrService;Cypress Keyboard Filter Driver;c:\windows\system32\DRIVERS\cykbfltr.sys [2011-12-09 13824]
S3 cymfltrService;Cypress Trackpad Filter Driver;c:\windows\system32\DRIVERS\cymfltr.sys [2011-12-09 79872]
S3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;c:\windows\system32\DRIVERS\FLxHCIc.sys [2011-10-04 215296]
S3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;c:\windows\system32\DRIVERS\FLxHCIh.sys [2011-10-04 70912]
S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [2011-12-10 60416]
S3 ikbevent;Intel Upper keyboard Class Filter Driver;c:\windows\system32\DRIVERS\ikbevent.sys [2011-11-10 25024]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
S3 irstrtdv;Intel® Rapid Start Technology Driver;c:\windows\system32\DRIVERS\irstrtdv.sys [2011-06-16 26504]
S3 ISCT;Intel® Smart Connect Technology Device Driver;c:\windows\system32\DRIVERS\ISCTD64.sys [2011-11-10 44992]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys [2011-09-08 25496]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 84122699
*Deregistered* - 84122699
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-11 04:34]
.
2012-11-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-25 00:36]
.
2012-11-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-25 00:36]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-11-09 6414440]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-11-04 1156712]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-10-27 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-10-27 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-10-27 416024]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-09-16 1935120]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-10-18 10357008]
"CyCpIo"="c:\program files\Cypress\TrackPad\CyCpIo.exe" [2011-11-08 2375168]
"CyHidWin"="c:\program files\Cypress\TrackPad\CyHidWin.exe" [2011-10-19 2354176]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1 192.168.2.1
FF - ProfilePath - c:\users\Bill\AppData\Roaming\Mozilla\Firefox\Profiles\hbb0yj3z.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.http - 188.93.20.179
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.type - 0
FF - user.js: general.useragent.extra.brc -
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-11-03 11:51:19
ComboFix-quarantined-files.txt 2012-11-03 19:51
ComboFix2.txt 2012-11-03 19:40
ComboFix3.txt 2012-11-03 19:24
ComboFix4.txt 2012-09-22 00:53
ComboFix5.txt 2012-11-03 19:44
.
Pre-Run: 169,734,574,080 bytes free
Post-Run: 169,681,289,216 bytes free
.
- - End Of File - - 239FCBA35744BFBE94C50D9E45EE31E4







RogueKiller V8.2.2 [11/03/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Website: http://tigzy.geeksto...roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Bill [Admin rights]
Mode : Scan -- Date : 11/03/2012 11:41:44

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 6 ¤¤¤
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowUser (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: SAMSUNG SSD PM830 mSATA +++++
--- User ---
[MBR] 8ee50071d34e1152ba5ff2f767a13f29
[BSP] a7892e65478c3b57845cd1b32dda07c6 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 18686 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 38350848 | Size: 217273 Mo
3 - [XXXXXX] OS/2-HIBER (0x84) [HIDDEN!] Offset (sectors): 483325952 | Size: 8198 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1]_S_11032012_02d1141.txt >>
RKreport[1]_S_11032012_02d1141.txt







11:42:29.0234 5964 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
11:42:29.0930 5964 ============================================================
11:42:29.0930 5964 Current date / time: 2012/11/03 11:42:29.0930
11:42:29.0930 5964 SystemInfo:
11:42:29.0930 5964
11:42:29.0930 5964 OS Version: 6.1.7601 ServicePack: 1.0
11:42:29.0930 5964 Product type: Workstation
11:42:29.0930 5964 ComputerName: BILL-PC
11:42:29.0930 5964 UserName: Bill
11:42:29.0930 5964 Windows directory: C:\Windows
11:42:29.0930 5964 System windows directory: C:\Windows
11:42:29.0930 5964 Running under WOW64
11:42:29.0930 5964 Processor architecture: Intel x64
11:42:29.0930 5964 Number of processors: 4
11:42:29.0930 5964 Page size: 0x1000
11:42:29.0930 5964 Boot type: Normal boot
11:42:29.0930 5964 ============================================================
11:42:30.0163 5964 Drive \Device\Harddisk0\DR0 - Size: 0x3B9E656000 (238.47 Gb), SectorSize: 0x200, Cylinders: 0x799A, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
11:42:30.0169 5964 ============================================================
11:42:30.0169 5964 \Device\Harddisk0\DR0:
11:42:30.0169 5964 MBR partitions:
11:42:30.0169 5964 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x247F000
11:42:30.0169 5964 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2493000, BlocksNum 0x1A85C800
11:42:30.0169 5964 ============================================================
11:42:30.0171 5964 C: <-> \Device\Harddisk0\DR0\Partition2
11:42:30.0171 5964 ============================================================
11:42:30.0171 5964 Initialize success
11:42:30.0171 5964 ============================================================
11:42:32.0095 4492 ============================================================
11:42:32.0095 4492 Scan started
11:42:32.0095 4492 Mode: Manual;
11:42:32.0096 4492 ============================================================
11:42:32.0273 4492 ================ Scan system memory ========================
11:42:32.0273 4492 System memory - ok
11:42:32.0273 4492 ================ Scan services =============================
11:42:32.0305 4492 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
11:42:32.0307 4492 1394ohci - ok
11:42:32.0315 4492 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
11:42:32.0317 4492 ACPI - ok
11:42:32.0321 4492 [ 12C5274CD87449A2A37A607CDB321922 ] acpials C:\Windows\system32\DRIVERS\acpials.sys
11:42:32.0322 4492 acpials - ok
11:42:32.0325 4492 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
11:42:32.0326 4492 AcpiPmi - ok
11:42:32.0331 4492 [ 5DDC0A8D2CD60BDA593DDAF45821CE08 ] Adobe LM Service C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
11:42:32.0332 4492 Adobe LM Service - ok
11:42:32.0337 4492 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
11:42:32.0337 4492 AdobeARMservice - ok
11:42:32.0353 4492 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
11:42:32.0355 4492 AdobeFlashPlayerUpdateSvc - ok
11:42:32.0364 4492 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
11:42:32.0367 4492 adp94xx - ok
11:42:32.0375 4492 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
11:42:32.0378 4492 adpahci - ok
11:42:32.0384 4492 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
11:42:32.0385 4492 adpu320 - ok
11:42:32.0393 4492 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
11:42:32.0394 4492 AeLookupSvc - ok
11:42:32.0401 4492 [ D1E343BC00136CE03C4D403194D06A80 ] AERTFilters C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
11:42:32.0402 4492 AERTFilters - ok
11:42:32.0411 4492 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
11:42:32.0415 4492 AFD - ok
11:42:32.0420 4492 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
11:42:32.0421 4492 agp440 - ok
11:42:32.0426 4492 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
11:42:32.0427 4492 ALG - ok
11:42:32.0431 4492 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
11:42:32.0431 4492 aliide - ok
11:42:32.0437 4492 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
11:42:32.0437 4492 amdide - ok
11:42:32.0442 4492 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
11:42:32.0443 4492 AmdK8 - ok
11:42:32.0448 4492 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
11:42:32.0449 4492 AmdPPM - ok
11:42:32.0455 4492 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
11:42:32.0456 4492 amdsata - ok
11:42:32.0461 4492 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
11:42:32.0463 4492 amdsbs - ok
11:42:32.0467 4492 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
11:42:32.0468 4492 amdxata - ok
11:42:32.0474 4492 [ 3BC90482A834F998C3B7A9C934A20342 ] AMPPAL C:\Windows\system32\DRIVERS\AMPPAL.sys
11:42:32.0477 4492 AMPPAL - ok
11:42:32.0483 4492 [ 3BC90482A834F998C3B7A9C934A20342 ] AMPPALP C:\Windows\system32\DRIVERS\amppal.sys
11:42:32.0485 4492 AMPPALP - ok
11:42:32.0501 4492 [ A47D7FEBD9381D34DDB4FF38B15A67FE ] AMPPALR3 C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
11:42:32.0509 4492 AMPPALR3 - ok
11:42:32.0513 4492 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
11:42:32.0514 4492 AppID - ok
11:42:32.0517 4492 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
11:42:32.0518 4492 AppIDSvc - ok
11:42:32.0523 4492 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
11:42:32.0524 4492 Appinfo - ok
11:42:32.0530 4492 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
11:42:32.0531 4492 Apple Mobile Device - ok
11:42:32.0538 4492 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
11:42:32.0540 4492 arc - ok
11:42:32.0544 4492 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
11:42:32.0545 4492 arcsas - ok
11:42:32.0557 4492 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
11:42:32.0558 4492 aspnet_state - ok
11:42:32.0562 4492 [ 4FCAEF0C5BE7629AEB878998E0FE959B ] aswFsBlk C:\Windows\system32\drivers\aswFsBlk.sys
11:42:32.0563 4492 aswFsBlk - ok
11:42:32.0567 4492 [ B50CDD87772D6A11CB90924AAD399DF8 ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys
11:42:32.0568 4492 aswMonFlt - ok
11:42:32.0572 4492 [ 57768C7DB4681F2510F247F82EF31D4F ] aswRdr C:\Windows\System32\Drivers\aswrdr2.sys
11:42:32.0573 4492 aswRdr - ok
11:42:32.0587 4492 [ E71D826A1F3CE9C9DE3E77F2D02AFFBF ] aswSnx C:\Windows\system32\drivers\aswSnx.sys
11:42:32.0594 4492 aswSnx - ok
11:42:32.0602 4492 [ 538A32E2C99BF073D4CA76C30BEDAA60 ] aswSP C:\Windows\system32\drivers\aswSP.sys
11:42:32.0605 4492 aswSP - ok
11:42:32.0609 4492 [ 6EDC79D73745FD44C41B55B2D13D0B70 ] aswTdi C:\Windows\system32\drivers\aswTdi.sys
11:42:32.0610 4492 aswTdi - ok
11:42:32.0613 4492 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
11:42:32.0614 4492 AsyncMac - ok
11:42:32.0618 4492 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
11:42:32.0618 4492 atapi - ok
11:42:32.0629 4492 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
11:42:32.0634 4492 AudioEndpointBuilder - ok
11:42:32.0644 4492 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
11:42:32.0649 4492 AudioSrv - ok
11:42:32.0655 4492 [ 8FA553E9AE69808D99C164733A0F9590 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
11:42:32.0656 4492 avast! Antivirus - ok
11:42:32.0660 4492 [ CAEBC32C72C6E454CA0F0931A049CA25 ] AX88178 C:\Windows\system32\DRIVERS\ax88178.sys
11:42:32.0660 4492 AX88178 - ok
11:42:32.0666 4492 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
11:42:32.0667 4492 AxInstSV - ok
11:42:32.0676 4492 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
11:42:32.0679 4492 b06bdrv - ok
11:42:32.0687 4492 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
11:42:32.0690 4492 b57nd60a - ok
11:42:32.0696 4492 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
11:42:32.0697 4492 BDESVC - ok
11:42:32.0700 4492 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
11:42:32.0701 4492 Beep - ok
11:42:32.0713 4492 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
11:42:32.0718 4492 BFE - ok
11:42:32.0731 4492 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
11:42:32.0739 4492 BITS - ok
11:42:32.0743 4492 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
11:42:32.0744 4492 blbdrive - ok
11:42:32.0759 4492 [ 0F46D2845BD7DDACA52340ECC2B65DA3 ] Bluetooth Device Monitor C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
11:42:32.0765 4492 Bluetooth Device Monitor - ok
11:42:32.0782 4492 [ 3341DE556EC28252D603277609EEF8BF ] Bluetooth Media Service C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
11:42:32.0791 4492 Bluetooth Media Service - ok
11:42:32.0805 4492 [ 5D5C3EC9BE1107DEDF0FEB55B7F3BD77 ] Bluetooth OBEX Service C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
11:42:32.0811 4492 Bluetooth OBEX Service - ok
11:42:32.0820 4492 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
11:42:32.0824 4492 Bonjour Service - ok
11:42:32.0828 4492 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
11:42:32.0829 4492 bowser - ok
11:42:32.0833 4492 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
11:42:32.0834 4492 BrFiltLo - ok
11:42:32.0838 4492 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
11:42:32.0838 4492 BrFiltUp - ok
11:42:32.0844 4492 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
11:42:32.0845 4492 BridgeMP - ok
11:42:32.0851 4492 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
11:42:32.0852 4492 Browser - ok
11:42:32.0858 4492 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
11:42:32.0861 4492 Brserid - ok
11:42:32.0865 4492 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
11:42:32.0866 4492 BrSerWdm - ok
11:42:32.0869 4492 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
11:42:32.0870 4492 BrUsbMdm - ok
11:42:32.0874 4492 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
11:42:32.0875 4492 BrUsbSer - ok
11:42:32.0879 4492 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
11:42:32.0880 4492 BthEnum - ok
11:42:32.0884 4492 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
11:42:32.0885 4492 BTHMODEM - ok
11:42:32.0889 4492 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
11:42:32.0891 4492 BthPan - ok
11:42:32.0900 4492 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
11:42:32.0904 4492 BTHPORT - ok
11:42:32.0908 4492 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
11:42:32.0910 4492 bthserv - ok
11:42:32.0915 4492 [ 9E2AF97302B9F4BF97E952A865EB31AE ] BTHSSecurityMgr C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
11:42:32.0917 4492 BTHSSecurityMgr - ok
11:42:32.0921 4492 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
11:42:32.0922 4492 BTHUSB - ok
11:42:32.0927 4492 [ AB0A33001FE7EBB209D9D52CED11BE1A ] btmaux C:\Windows\system32\DRIVERS\btmaux.sys
11:42:32.0927 4492 btmaux - ok
11:42:32.0935 4492 [ 40C6FEC49D1CC4D112368A2BCD2BCBB7 ] btmhsf C:\Windows\system32\DRIVERS\btmhsf.sys
11:42:32.0938 4492 btmhsf - ok
11:42:32.0941 4492 catchme - ok
11:42:32.0946 4492 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
11:42:32.0947 4492 cdfs - ok
11:42:32.0952 4492 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
11:42:32.0954 4492 cdrom - ok
11:42:32.0958 4492 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
11:42:32.0960 4492 CertPropSvc - ok
11:42:32.0963 4492 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
11:42:32.0964 4492 circlass - ok
11:42:32.0972 4492 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
11:42:32.0975 4492 CLFS - ok
11:42:32.0981 4492 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:42:32.0982 4492 clr_optimization_v2.0.50727_32 - ok
11:42:32.0987 4492 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
11:42:32.0989 4492 clr_optimization_v2.0.50727_64 - ok
11:42:32.0997 4492 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:42:32.0999 4492 clr_optimization_v4.0.30319_32 - ok
11:42:33.0003 4492 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
11:42:33.0005 4492 clr_optimization_v4.0.30319_64 - ok
11:42:33.0009 4492 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
11:42:33.0010 4492 CmBatt - ok
11:42:33.0013 4492 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
11:42:33.0014 4492 cmdide - ok
11:42:33.0022 4492 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\Windows\system32\Drivers\cng.sys
11:42:33.0026 4492 CNG - ok
11:42:33.0030 4492 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
11:42:33.0030 4492 Compbatt - ok
11:42:33.0034 4492 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
11:42:33.0035 4492 CompositeBus - ok
11:42:33.0038 4492 COMSysApp - ok
11:42:33.0043 4492 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
11:42:33.0044 4492 crcdisk - ok
11:42:33.0051 4492 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
11:42:33.0053 4492 CryptSvc - ok
11:42:33.0059 4492 [ BC3D4F90978CD7C8EABD1BAF3BF7873A ] CtClsFlt C:\Windows\system32\DRIVERS\CtClsFlt.sys
11:42:33.0060 4492 CtClsFlt - ok
11:42:33.0065 4492 [ 5858111FF43B8E87EDD13667E5B29E51 ] cyhid C:\Windows\system32\DRIVERS\cyhid.sys
11:42:33.0067 4492 cyhid - ok
11:42:33.0070 4492 [ 903C161E91A7F2678E7E8D775D3512B2 ] cykbfltrService C:\Windows\system32\DRIVERS\cykbfltr.sys
11:42:33.0071 4492 cykbfltrService - ok
11:42:33.0076 4492 [ EF5A7A27AC58672CF3B5CE91E99C43DC ] cymfltrService C:\Windows\system32\DRIVERS\cymfltr.sys
11:42:33.0077 4492 cymfltrService - ok
11:42:33.0087 4492 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
11:42:33.0093 4492 DcomLaunch - ok
11:42:33.0100 4492 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
11:42:33.0103 4492 defragsvc - ok
11:42:33.0108 4492 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
11:42:33.0109 4492 DfsC - ok
11:42:33.0116 4492 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
11:42:33.0119 4492 Dhcp - ok
11:42:33.0123 4492 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
11:42:33.0124 4492 discache - ok
11:42:33.0128 4492 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
11:42:33.0129 4492 Disk - ok
11:42:33.0135 4492 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
11:42:33.0137 4492 Dnscache - ok
11:42:33.0144 4492 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
11:42:33.0146 4492 dot3svc - ok
11:42:33.0152 4492 [ B42ED0320C6E41102FDE0005154849BB ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys
11:42:33.0153 4492 Dot4 - ok
11:42:33.0157 4492 [ E9F5969233C5D89F3C35E3A66A52A361 ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys
11:42:33.0158 4492 Dot4Print - ok
11:42:33.0161 4492 [ FD05A02B0370BC3000F402E543CA5814 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
11:42:33.0162 4492 dot4usb - ok
11:42:33.0168 4492 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
11:42:33.0170 4492 DPS - ok
11:42:33.0174 4492 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
11:42:33.0174 4492 drmkaud - ok
11:42:33.0189 4492 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
11:42:33.0195 4492 DXGKrnl - ok
11:42:33.0200 4492 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
11:42:33.0202 4492 EapHost - ok
11:42:33.0239 4492 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
11:42:33.0259 4492 ebdrv - ok
11:42:33.0263 4492 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
11:42:33.0266 4492 EFS - ok
11:42:33.0278 4492 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
11:42:33.0282 4492 ehRecvr - ok
11:42:33.0287 4492 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
11:42:33.0288 4492 ehSched - ok
11:42:33.0298 4492 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
11:42:33.0302 4492 elxstor - ok
11:42:33.0305 4492 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
11:42:33.0306 4492 ErrDev - ok
11:42:33.0317 4492 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
11:42:33.0321 4492 EventSystem - ok
11:42:33.0342 4492 [ B20A788579E443F768AAB1A24F705D0A ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe
11:42:33.0351 4492 EvtEng - ok
11:42:33.0357 4492 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
11:42:33.0359 4492 exfat - ok
11:42:33.0365 4492 [ 2C1D443E14F376E8331F52F135DCA9EF ] FACAP C:\Windows\system32\DRIVERS\facap.sys
11:42:33.0367 4492 FACAP - ok
11:42:33.0373 4492 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
11:42:33.0375 4492 fastfat - ok
11:42:33.0386 4492 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
11:42:33.0392 4492 Fax - ok
11:42:33.0396 4492 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
11:42:33.0396 4492 fdc - ok
11:42:33.0400 4492 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
11:42:33.0402 4492 fdPHost - ok
11:42:33.0405 4492 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
11:42:33.0407 4492 FDResPub - ok
11:42:33.0411 4492 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
11:42:33.0412 4492 FileInfo - ok
11:42:33.0416 4492 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
11:42:33.0417 4492 Filetrace - ok
11:42:33.0420 4492 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
11:42:33.0421 4492 flpydisk - ok
11:42:33.0428 4492 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
11:42:33.0430 4492 FltMgr - ok
11:42:33.0436 4492 [ 170338BC55B02486212B71D2A68C4291 ] FLxHCIc C:\Windows\system32\DRIVERS\FLxHCIc.sys
11:42:33.0438 4492 FLxHCIc - ok
11:42:33.0443 4492 [ 3B793F95A12898EEE764EE5254E416C4 ] FLxHCIh C:\Windows\system32\DRIVERS\FLxHCIh.sys
11:42:33.0444 4492 FLxHCIh - ok
11:42:33.0460 4492 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
11:42:33.0468 4492 FontCache - ok
11:42:33.0472 4492 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
11:42:33.0473 4492 FontCache3.0.0.0 - ok
11:42:33.0477 4492 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
11:42:33.0478 4492 FsDepends - ok
11:42:33.0482 4492 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
11:42:33.0483 4492 Fs_Rec - ok
11:42:33.0487 4492 [ 35FD2BB5131714E657B7AB3A78642854 ] FTDIBUS C:\Windows\system32\drivers\ftdibus.sys
11:42:33.0488 4492 FTDIBUS - ok
11:42:33.0493 4492 [ 196C9BDDBEF9B6D0973F398BEF5B2EEE ] FTSER2K C:\Windows\system32\drivers\ftser2k.sys
11:42:33.0495 4492 FTSER2K - ok
11:42:33.0500 4492 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
11:42:33.0502 4492 fvevol - ok
11:42:33.0506 4492 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
11:42:33.0508 4492 gagp30kx - ok
11:42:33.0512 4492 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
11:42:33.0512 4492 GEARAspiWDM - ok
11:42:33.0525 4492 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
11:42:33.0531 4492 gpsvc - ok
11:42:33.0536 4492 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
11:42:33.0537 4492 gupdate - ok
11:42:33.0541 4492 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
11:42:33.0542 4492 gupdatem - ok
11:42:33.0546 4492 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
11:42:33.0547 4492 hcw85cir - ok
11:42:33.0551 4492 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
11:42:33.0553 4492 HDAudBus - ok
11:42:33.0556 4492 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
11:42:33.0557 4492 HidBatt - ok
11:42:33.0562 4492 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
11:42:33.0563 4492 HidBth - ok
11:42:33.0567 4492 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
11:42:33.0568 4492 HidIr - ok
11:42:33.0572 4492 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
11:42:33.0574 4492 hidserv - ok
11:42:33.0578 4492 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
11:42:33.0579 4492 HidUsb - ok
11:42:33.0583 4492 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
11:42:33.0586 4492 hkmsvc - ok
11:42:33.0592 4492 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
11:42:33.0596 4492 HomeGroupListener - ok
11:42:33.0602 4492 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
11:42:33.0606 4492 HomeGroupProvider - ok
11:42:33.0610 4492 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
11:42:33.0611 4492 HpSAMD - ok
11:42:33.0624 4492 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
11:42:33.0630 4492 HTTP - ok
11:42:33.0633 4492 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
11:42:33.0634 4492 hwpolicy - ok
11:42:33.0639 4492 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
11:42:33.0640 4492 i8042prt - ok
11:42:33.0652 4492 [ 2FDAEC4B02729C48C0FD1B0B4695995B ] iaStor C:\Windows\system32\drivers\iaStor.sys
11:42:33.0656 4492 iaStor - ok
11:42:33.0664 4492 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
11:42:33.0667 4492 iaStorV - ok
11:42:33.0671 4492 [ FC47F5CF561BF0FD897EFD1A9604DCCF ] iBtFltCoex C:\Windows\system32\DRIVERS\iBtFltCoex.sys
11:42:33.0672 4492 iBtFltCoex - ok
11:42:33.0686 4492 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
11:42:33.0691 4492 idsvc - ok
11:42:33.0845 4492 [ 0BD58366C86EF9DDC4F61AFED0CADA99 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
11:42:33.0934 4492 igfx - ok
11:42:33.0941 4492 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
11:42:33.0942 4492 iirsp - ok
11:42:33.0945 4492 [ F6DB46FAAAAFCF14B9207425E67CEC8C ] ikbevent C:\Windows\system32\DRIVERS\ikbevent.sys
11:42:33.0946 4492 ikbevent - ok
11:42:33.0959 4492 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
11:42:33.0966 4492 IKEEXT - ok
11:42:33.0971 4492 [ DD587A55390ED2295BCE6D36AD567DA9 ] Impcd C:\Windows\system32\drivers\Impcd.sys
11:42:33.0972 4492 Impcd - ok
11:42:33.0978 4492 [ CADDF0927DAC63EDAE48F5C35A61D87D ] intaud_WaveExtensible C:\Windows\system32\drivers\intelaud.sys
11:42:33.0979 4492 intaud_WaveExtensible - ok
11:42:34.0016 4492 [ C90545464654215B186B3CBE4AD0701D ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
11:42:34.0060 4492 IntcAzAudAddService - ok
11:42:34.0073 4492 [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
11:42:34.0075 4492 IntcDAud - ok
11:42:34.0080 4492 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
11:42:34.0080 4492 intelide - ok
11:42:34.0085 4492 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
11:42:34.0086 4492 intelppm - ok
11:42:34.0090 4492 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
11:42:34.0093 4492 IPBusEnum - ok
11:42:34.0097 4492 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:42:34.0098 4492 IpFilterDriver - ok
11:42:34.0109 4492 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
11:42:34.0114 4492 iphlpsvc - ok
11:42:34.0118 4492 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
11:42:34.0119 4492 IPMIDRV - ok
11:42:34.0124 4492 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
11:42:34.0125 4492 IPNAT - ok
11:42:34.0140 4492 [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
11:42:34.0146 4492 iPod Service - ok
11:42:34.0150 4492 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
11:42:34.0151 4492 IRENUM - ok
11:42:34.0154 4492 [ 6DC22BDAA595BE00F19696E72F2F3312 ] irstrtdv C:\Windows\system32\DRIVERS\irstrtdv.sys
11:42:34.0155 4492 irstrtdv - ok
11:42:34.0178 4492 [ 9877087146E094D790BB03ECA0FBC445 ] irstrtsv C:\Windows\SysWOW64\irstrtsv.exe
11:42:34.0180 4492 irstrtsv - ok
11:42:34.0184 4492 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
11:42:34.0185 4492 isapnp - ok
11:42:34.0191 4492 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
11:42:34.0194 4492 iScsiPrt - ok
11:42:34.0198 4492 [ 970995B7C36F4408ED31C3BF204FE1F5 ] ISCT C:\Windows\system32\DRIVERS\ISCTD64.sys
11:42:34.0199 4492 ISCT - ok
11:42:34.0204 4492 [ 3800264CED0BB5CC5EEE5DD550CB23D6 ] ISCTAgent c:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe
11:42:34.0205 4492 ISCTAgent - ok
11:42:34.0209 4492 [ 716F66336F10885D935B08174DC54242 ] iwdbus C:\Windows\system32\DRIVERS\iwdbus.sys
11:42:34.0210 4492 iwdbus - ok
11:42:34.0216 4492 [ 5A9894E80575647DC77A7D1954B05CE7 ] jhi_service C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
11:42:34.0218 4492 jhi_service - ok
11:42:34.0222 4492 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
11:42:34.0223 4492 kbdclass - ok
11:42:34.0227 4492 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
11:42:34.0227 4492 kbdhid - ok
11:42:34.0231 4492 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
11:42:34.0234 4492 KeyIso - ok
11:42:34.0238 4492 [ 97A7070AEA4C058B6418519E869A63

Attached Thumbnails

  • MWss.JPG


#6 ler

ler

    SWI Junkie

  • Helper Trainee+
  • PipPipPipPip
  • 318 posts

Posted 03 November 2012 - 06:08 PM

Hi again CrackedSpork,

Please download SystemLook and save it to your Desktop.
  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:

    :filefind
    _isdel.exe
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

=====

Please follow these instructions to remove the remaining malicious entries:
  • Please close any open browsers.
  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix.
  • Open Notepad and copy/paste the text in the quotebox below into it:
Please Note: Do not use any other text editor than Notepad or the CFScript will fail.

Driver::
TDKLIB

File::
c:\users\Bill\AppData\Local\Temp\ExtactTemp\TdkLib64.sys

Firefox::
FF - ProfilePath - c:\users\Bill\AppData\Roaming\Mozilla\Firefox\Profiles\hbb0yj3z.default\
FF - prefs.js: network.proxy.http - 188.93.20.179
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.type - 0

ClearJavaCache::


Save this as CFScript.txt, in the same location as ComboFix.exe

Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I shall require in your next reply.

=====

Please download AdwCleaner by Xplode onto your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A logfile will automatically open after the scan has finished.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[R1].txt as well.

=====

Please scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer.
      Save it to your Desktop.
    • Double click on the Posted Image to download the ESET Smart Installer. icon on your Desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

=====
In your next post, please
  • Include the Systemlook log
  • Include the ComboFix log (located at C:\ComboFix.txt)
  • Include the AdwCleaner log
  • Let me know if you're still experiencing redirects


#7 CrackedSpork

CrackedSpork

    Member

  • Full Member
  • Pip
  • 11 posts

Posted 03 November 2012 - 07:03 PM

Here are the request
-Thanks again


SystemLook 30.07.11 by jpshortstuff
Log created at 15:11 on 03/11/2012 by Bill
Administrator - Elevation successful

========== filefind ==========

Searching for "_isdel.exe"
No files found.

-= EOF =-




ComboFix 12-11-04.01 - Bill 11/03/2012 15:18:42.6.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3983.2630 [GMT -8:00]
Running from: c:\users\Bill\Desktop\ComboFix.exe
Command switches used :: c:\users\Bill\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\users\Bill\AppData\Local\Temp\ExtactTemp\TdkLib64.sys"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_TDKLIB
-------\Service_TDKLIB
.
.
((((((((((((((((((((((((( Files Created from 2012-10-03 to 2012-11-03 )))))))))))))))))))))))))))))))
.
.
2012-11-03 23:22 . 2012-11-03 23:22 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-11-03 23:22 . 2012-11-03 23:22 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-03 20:40 . 2012-11-03 20:40 -------- d-----w- c:\programdata\Visan
2012-11-03 20:40 . 2012-11-03 20:40 -------- d-----w- c:\programdata\HP Photo Creations
2012-11-03 20:40 . 2012-11-03 20:40 -------- d-----w- c:\program files (x86)\HP Photo Creations
2012-11-02 15:44 . 2012-10-12 07:19 9291768 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6B8FD911-9AC1-4CA0-8073-ABE024E91367}\mpengine.dll
2012-11-01 19:20 . 2012-11-01 19:20 -------- d-----w- c:\users\Bill\AppData\Roaming\Malwarebytes
2012-11-01 19:20 . 2012-11-01 19:20 -------- d-----w- c:\programdata\Malwarebytes
2012-11-01 19:20 . 2012-11-01 20:17 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-11-01 19:20 . 2012-09-30 03:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-10-27 20:08 . 2012-10-27 20:08 -------- d-----w- c:\windows\Hewlett-Packard
2012-10-27 20:00 . 2011-09-10 00:22 778088 ------w- c:\windows\system32\HPDiscoPM5D12.dll
2012-10-27 20:00 . 2012-10-27 20:00 -------- d-----w- c:\program files\HP
2012-10-17 02:19 . 2012-08-21 21:01 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-10-17 02:19 . 2012-10-17 02:19 -------- d-----w- c:\program files\iPod
2012-10-17 02:19 . 2012-10-17 02:19 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-10-17 02:19 . 2012-10-17 02:19 -------- d-----w- c:\program files\iTunes
2012-10-17 02:19 . 2012-10-17 02:19 -------- d-----w- c:\program files (x86)\iTunes
2012-10-10 03:56 . 2012-08-24 18:05 220160 ----a-w- c:\windows\system32\wintrust.dll
2012-10-10 03:56 . 2012-08-24 16:57 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-10-10 03:56 . 2012-09-14 19:19 2048 ----a-w- c:\windows\system32\tzres.dll
2012-10-10 03:56 . 2012-09-14 18:28 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-10-10 03:56 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-10-10 03:56 . 2012-08-11 00:56 715776 ----a-w- c:\windows\system32\kerberos.dll
2012-10-10 03:56 . 2012-08-10 23:56 542208 ----a-w- c:\windows\SysWow64\kerberos.dll
2012-10-10 03:56 . 2012-06-02 05:41 1464320 ----a-w- c:\windows\system32\crypt32.dll
2012-10-10 03:56 . 2012-06-02 05:41 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-10-10 03:56 . 2012-06-02 04:36 1159680 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-10-10 03:56 . 2012-06-02 05:41 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-10-10 03:56 . 2012-06-02 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-10-10 03:56 . 2012-06-02 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-30 22:51 . 2012-03-25 00:36 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-10-30 22:51 . 2012-03-25 00:36 984144 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-10-30 22:51 . 2012-03-25 00:36 71600 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-10-30 22:51 . 2012-03-25 00:36 370288 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-10-30 22:51 . 2012-03-25 00:36 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-10-30 22:51 . 2012-03-25 00:36 41224 ----a-w- c:\windows\avastSS.scr
2012-10-30 22:50 . 2012-03-25 00:36 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-10-30 22:50 . 2012-03-25 00:36 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-10-15 15:59 . 2012-03-25 00:36 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-10-10 04:34 . 2012-04-11 15:50 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-10 04:34 . 2012-02-25 07:13 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-10 04:09 . 2012-03-24 23:59 65309168 ----a-w- c:\windows\system32\MRT.exe
2012-09-23 04:56 . 2012-09-23 04:56 74703 ----a-w- c:\windows\SysWow64\mfc45.dll
2012-08-24 11:15 . 2012-09-22 00:42 17810944 ----a-w- c:\windows\system32\mshtml.dll
2012-08-24 10:39 . 2012-09-22 00:42 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-08-24 10:31 . 2012-09-22 00:42 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-08-24 10:22 . 2012-09-22 00:42 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-08-24 10:21 . 2012-09-22 00:42 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-08-24 10:20 . 2012-09-22 00:42 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-24 10:18 . 2012-09-22 00:42 237056 ----a-w- c:\windows\system32\url.dll
2012-08-24 10:17 . 2012-09-22 00:42 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-08-24 10:14 . 2012-09-22 00:42 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-08-24 10:14 . 2012-09-22 00:42 816640 ----a-w- c:\windows\system32\jscript.dll
2012-08-24 10:13 . 2012-09-22 00:42 599040 ----a-w- c:\windows\system32\vbscript.dll
2012-08-24 10:12 . 2012-09-22 00:42 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-08-24 10:11 . 2012-09-22 00:42 729088 ----a-w- c:\windows\system32\msfeeds.dll
2012-08-24 10:10 . 2012-09-22 00:42 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-08-24 10:09 . 2012-09-22 00:42 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-08-24 10:04 . 2012-09-22 00:42 248320 ----a-w- c:\windows\system32\ieui.dll
2012-08-24 06:59 . 2012-09-22 00:42 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-08-24 06:51 . 2012-09-22 00:42 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-08-24 06:51 . 2012-09-22 00:42 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-08-24 06:47 . 2012-09-22 00:42 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-08-24 06:47 . 2012-09-22 00:42 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-08-24 06:43 . 2012-09-22 00:42 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-08-22 18:12 . 2012-09-15 01:48 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-08-22 18:12 . 2012-09-15 01:48 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-08-22 18:12 . 2012-09-15 01:48 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-08-22 18:12 . 2012-09-15 01:48 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-21 21:01 . 2012-03-25 06:21 125872 ----a-w- c:\windows\system32\GEARAspi64.dll
2012-08-21 21:01 . 2012-03-25 06:21 106928 ----a-w- c:\windows\SysWow64\GEARAspi.dll
2012-08-20 17:38 . 2012-10-10 03:57 44032 ----a-w- c:\windows\apppatch\acwow64.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Officejet 6600 (NET)"="c:\program files\HP\HP Officejet 6600\Bin\ScanToPCActivationApp.exe" [2011-09-10 2676584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
"Belkin Storage Manager"="c:\program files (x86)\Belkin Storage Manager\StorageManager.exe" [2009-02-04 858624]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-05-04 2656536]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys [2011-09-15 299008]
R3 AX88178;ASIX AX88178 USB2.0 to Gigabit Ethernet Adapter;c:\windows\system32\DRIVERS\ax88178.sys [2009-10-02 56320]
R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2011-10-18 1354064]
R3 FACAP;facap, FastAccess Video Capture;c:\windows\system32\DRIVERS\facap.sys [2008-09-25 238848]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-02-27 158976]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys [2011-09-08 34200]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-09-16 340240]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 84864]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-25 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-09-15 1166848]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-30 71600]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-10-18 936272]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [2011-10-18 1001808]
S2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-06-03 134928]
S2 irstrtsv;Intel® Rapid Start Technology Service;c:\windows\SysWOW64\irstrtsv.exe [2011-07-07 184320]
S2 ISCTAgent;ISCT Always Updated Agent;c:\program files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [2011-11-10 121856]
S2 jhi_service;Intel® Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [2011-09-28 212944]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-30 399432]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-30 676936]
S2 RtkAudioService;Realtek Audio Service;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe [2011-05-18 199272]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 acpials;ALS Sensor Filter;c:\windows\system32\DRIVERS\acpials.sys [2009-07-14 9728]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [2011-09-15 299008]
S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [2011-08-29 53760]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [2011-11-15 327168]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2011-01-20 176096]
S3 cyhid;Cypress Input Device;c:\windows\system32\DRIVERS\cyhid.sys [2011-12-09 117248]
S3 cykbfltrService;Cypress Keyboard Filter Driver;c:\windows\system32\DRIVERS\cykbfltr.sys [2011-12-09 13824]
S3 cymfltrService;Cypress Trackpad Filter Driver;c:\windows\system32\DRIVERS\cymfltr.sys [2011-12-09 79872]
S3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;c:\windows\system32\DRIVERS\FLxHCIc.sys [2011-10-04 215296]
S3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;c:\windows\system32\DRIVERS\FLxHCIh.sys [2011-10-04 70912]
S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [2011-12-10 60416]
S3 ikbevent;Intel Upper keyboard Class Filter Driver;c:\windows\system32\DRIVERS\ikbevent.sys [2011-11-10 25024]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
S3 irstrtdv;Intel® Rapid Start Technology Driver;c:\windows\system32\DRIVERS\irstrtdv.sys [2011-06-16 26504]
S3 ISCT;Intel® Smart Connect Technology Device Driver;c:\windows\system32\DRIVERS\ISCTD64.sys [2011-11-10 44992]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys [2011-09-08 25496]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-30 25928]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-11 04:34]
.
2012-11-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-25 00:36]
.
2012-11-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-25 00:36]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-11-09 6414440]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-11-04 1156712]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-10-27 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-10-27 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-10-27 416024]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-09-16 1935120]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-10-18 10357008]
"CyCpIo"="c:\program files\Cypress\TrackPad\CyCpIo.exe" [2011-11-08 2375168]
"CyHidWin"="c:\program files\Cypress\TrackPad\CyHidWin.exe" [2011-10-19 2354176]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1 192.168.2.1
FF - ProfilePath - c:\users\Bill\AppData\Roaming\Mozilla\Firefox\Profiles\hbb0yj3z.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - user.js: general.useragent.extra.brc -
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
.
**************************************************************************
.
Completion time: 2012-11-03 15:25:21 - machine was rebooted
ComboFix-quarantined-files.txt 2012-11-03 23:25
ComboFix2.txt 2012-11-03 19:51
ComboFix3.txt 2012-11-03 19:40
ComboFix4.txt 2012-11-03 19:24
ComboFix5.txt 2012-11-03 23:17
.
Pre-Run: 169,508,315,136 bytes free
Post-Run: 169,243,021,312 bytes free
.
- - End Of File - - C61CDF3AB27A483237AA1B52F3BB7AB7





ComboFix 12-11-04.01 - Bill 11/03/2012 15:18:42.6.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3983.2630 [GMT -8:00]
Running from: c:\users\Bill\Desktop\ComboFix.exe
Command switches used :: c:\users\Bill\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\users\Bill\AppData\Local\Temp\ExtactTemp\TdkLib64.sys"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_TDKLIB
-------\Service_TDKLIB
.
.
((((((((((((((((((((((((( Files Created from 2012-10-03 to 2012-11-03 )))))))))))))))))))))))))))))))
.
.
2012-11-03 23:22 . 2012-11-03 23:22 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-11-03 23:22 . 2012-11-03 23:22 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-03 20:40 . 2012-11-03 20:40 -------- d-----w- c:\programdata\Visan
2012-11-03 20:40 . 2012-11-03 20:40 -------- d-----w- c:\programdata\HP Photo Creations
2012-11-03 20:40 . 2012-11-03 20:40 -------- d-----w- c:\program files (x86)\HP Photo Creations
2012-11-02 15:44 . 2012-10-12 07:19 9291768 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6B8FD911-9AC1-4CA0-8073-ABE024E91367}\mpengine.dll
2012-11-01 19:20 . 2012-11-01 19:20 -------- d-----w- c:\users\Bill\AppData\Roaming\Malwarebytes
2012-11-01 19:20 . 2012-11-01 19:20 -------- d-----w- c:\programdata\Malwarebytes
2012-11-01 19:20 . 2012-11-01 20:17 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-11-01 19:20 . 2012-09-30 03:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-10-27 20:08 . 2012-10-27 20:08 -------- d-----w- c:\windows\Hewlett-Packard
2012-10-27 20:00 . 2011-09-10 00:22 778088 ------w- c:\windows\system32\HPDiscoPM5D12.dll
2012-10-27 20:00 . 2012-10-27 20:00 -------- d-----w- c:\program files\HP
2012-10-17 02:19 . 2012-08-21 21:01 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-10-17 02:19 . 2012-10-17 02:19 -------- d-----w- c:\program files\iPod
2012-10-17 02:19 . 2012-10-17 02:19 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-10-17 02:19 . 2012-10-17 02:19 -------- d-----w- c:\program files\iTunes
2012-10-17 02:19 . 2012-10-17 02:19 -------- d-----w- c:\program files (x86)\iTunes
2012-10-10 03:56 . 2012-08-24 18:05 220160 ----a-w- c:\windows\system32\wintrust.dll
2012-10-10 03:56 . 2012-08-24 16:57 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-10-10 03:56 . 2012-09-14 19:19 2048 ----a-w- c:\windows\system32\tzres.dll
2012-10-10 03:56 . 2012-09-14 18:28 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-10-10 03:56 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-10-10 03:56 . 2012-08-11 00:56 715776 ----a-w- c:\windows\system32\kerberos.dll
2012-10-10 03:56 . 2012-08-10 23:56 542208 ----a-w- c:\windows\SysWow64\kerberos.dll
2012-10-10 03:56 . 2012-06-02 05:41 1464320 ----a-w- c:\windows\system32\crypt32.dll
2012-10-10 03:56 . 2012-06-02 05:41 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-10-10 03:56 . 2012-06-02 04:36 1159680 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-10-10 03:56 . 2012-06-02 05:41 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-10-10 03:56 . 2012-06-02 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-10-10 03:56 . 2012-06-02 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-30 22:51 . 2012-03-25 00:36 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-10-30 22:51 . 2012-03-25 00:36 984144 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-10-30 22:51 . 2012-03-25 00:36 71600 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-10-30 22:51 . 2012-03-25 00:36 370288 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-10-30 22:51 . 2012-03-25 00:36 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-10-30 22:51 . 2012-03-25 00:36 41224 ----a-w- c:\windows\avastSS.scr
2012-10-30 22:50 . 2012-03-25 00:36 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-10-30 22:50 . 2012-03-25 00:36 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-10-15 15:59 . 2012-03-25 00:36 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-10-10 04:34 . 2012-04-11 15:50 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-10 04:34 . 2012-02-25 07:13 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-10 04:09 . 2012-03-24 23:59 65309168 ----a-w- c:\windows\system32\MRT.exe
2012-09-23 04:56 . 2012-09-23 04:56 74703 ----a-w- c:\windows\SysWow64\mfc45.dll
2012-08-24 11:15 . 2012-09-22 00:42 17810944 ----a-w- c:\windows\system32\mshtml.dll
2012-08-24 10:39 . 2012-09-22 00:42 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-08-24 10:31 . 2012-09-22 00:42 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-08-24 10:22 . 2012-09-22 00:42 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-08-24 10:21 . 2012-09-22 00:42 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-08-24 10:20 . 2012-09-22 00:42 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-24 10:18 . 2012-09-22 00:42 237056 ----a-w- c:\windows\system32\url.dll
2012-08-24 10:17 . 2012-09-22 00:42 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-08-24 10:14 . 2012-09-22 00:42 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-08-24 10:14 . 2012-09-22 00:42 816640 ----a-w- c:\windows\system32\jscript.dll
2012-08-24 10:13 . 2012-09-22 00:42 599040 ----a-w- c:\windows\system32\vbscript.dll
2012-08-24 10:12 . 2012-09-22 00:42 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-08-24 10:11 . 2012-09-22 00:42 729088 ----a-w- c:\windows\system32\msfeeds.dll
2012-08-24 10:10 . 2012-09-22 00:42 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-08-24 10:09 . 2012-09-22 00:42 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-08-24 10:04 . 2012-09-22 00:42 248320 ----a-w- c:\windows\system32\ieui.dll
2012-08-24 06:59 . 2012-09-22 00:42 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-08-24 06:51 . 2012-09-22 00:42 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-08-24 06:51 . 2012-09-22 00:42 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-08-24 06:47 . 2012-09-22 00:42 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-08-24 06:47 . 2012-09-22 00:42 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-08-24 06:43 . 2012-09-22 00:42 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-08-22 18:12 . 2012-09-15 01:48 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-08-22 18:12 . 2012-09-15 01:48 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-08-22 18:12 . 2012-09-15 01:48 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-08-22 18:12 . 2012-09-15 01:48 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-21 21:01 . 2012-03-25 06:21 125872 ----a-w- c:\windows\system32\GEARAspi64.dll
2012-08-21 21:01 . 2012-03-25 06:21 106928 ----a-w- c:\windows\SysWow64\GEARAspi.dll
2012-08-20 17:38 . 2012-10-10 03:57 44032 ----a-w- c:\windows\apppatch\acwow64.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Officejet 6600 (NET)"="c:\program files\HP\HP Officejet 6600\Bin\ScanToPCActivationApp.exe" [2011-09-10 2676584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
"Belkin Storage Manager"="c:\program files (x86)\Belkin Storage Manager\StorageManager.exe" [2009-02-04 858624]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-05-04 2656536]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys [2011-09-15 299008]
R3 AX88178;ASIX AX88178 USB2.0 to Gigabit Ethernet Adapter;c:\windows\system32\DRIVERS\ax88178.sys [2009-10-02 56320]
R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2011-10-18 1354064]
R3 FACAP;facap, FastAccess Video Capture;c:\windows\system32\DRIVERS\facap.sys [2008-09-25 238848]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-02-27 158976]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys [2011-09-08 34200]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-09-16 340240]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 84864]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-25 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-09-15 1166848]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-30 71600]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-10-18 936272]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [2011-10-18 1001808]
S2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-06-03 134928]
S2 irstrtsv;Intel® Rapid Start Technology Service;c:\windows\SysWOW64\irstrtsv.exe [2011-07-07 184320]
S2 ISCTAgent;ISCT Always Updated Agent;c:\program files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [2011-11-10 121856]
S2 jhi_service;Intel® Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [2011-09-28 212944]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-30 399432]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-30 676936]
S2 RtkAudioService;Realtek Audio Service;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe [2011-05-18 199272]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 acpials;ALS Sensor Filter;c:\windows\system32\DRIVERS\acpials.sys [2009-07-14 9728]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [2011-09-15 299008]
S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [2011-08-29 53760]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [2011-11-15 327168]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2011-01-20 176096]
S3 cyhid;Cypress Input Device;c:\windows\system32\DRIVERS\cyhid.sys [2011-12-09 117248]
S3 cykbfltrService;Cypress Keyboard Filter Driver;c:\windows\system32\DRIVERS\cykbfltr.sys [2011-12-09 13824]
S3 cymfltrService;Cypress Trackpad Filter Driver;c:\windows\system32\DRIVERS\cymfltr.sys [2011-12-09 79872]
S3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;c:\windows\system32\DRIVERS\FLxHCIc.sys [2011-10-04 215296]
S3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;c:\windows\system32\DRIVERS\FLxHCIh.sys [2011-10-04 70912]
S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [2011-12-10 60416]
S3 ikbevent;Intel Upper keyboard Class Filter Driver;c:\windows\system32\DRIVERS\ikbevent.sys [2011-11-10 25024]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
S3 irstrtdv;Intel® Rapid Start Technology Driver;c:\windows\system32\DRIVERS\irstrtdv.sys [2011-06-16 26504]
S3 ISCT;Intel® Smart Connect Technology Device Driver;c:\windows\system32\DRIVERS\ISCTD64.sys [2011-11-10 44992]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys [2011-09-08 25496]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-30 25928]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-11 04:34]
.
2012-11-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-25 00:36]
.
2012-11-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-25 00:36]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-11-09 6414440]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-11-04 1156712]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-10-27 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-10-27 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-10-27 416024]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-09-16 1935120]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-10-18 10357008]
"CyCpIo"="c:\program files\Cypress\TrackPad\CyCpIo.exe" [2011-11-08 2375168]
"CyHidWin"="c:\program files\Cypress\TrackPad\CyHidWin.exe" [2011-10-19 2354176]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1 192.168.2.1
FF - ProfilePath - c:\users\Bill\AppData\Roaming\Mozilla\Firefox\Profiles\hbb0yj3z.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - user.js: general.useragent.extra.brc -
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
.
**************************************************************************
.
Completion time: 2012-11-03 15:25:21 - machine was rebooted
ComboFix-quarantined-files.txt 2012-11-03 23:25
ComboFix2.txt 2012-11-03 19:51
ComboFix3.txt 2012-11-03 19:40
ComboFix4.txt 2012-11-03 19:24
ComboFix5.txt 2012-11-03 23:17
.
Pre-Run: 169,508,315,136 bytes free
Post-Run: 169,243,021,312 bytes free
.
- - End Of File - - C61CDF3AB27A483237AA1B52F3BB7AB7

#8 CrackedSpork

CrackedSpork

    Member

  • Full Member
  • Pip
  • 11 posts

Posted 03 November 2012 - 07:23 PM

It's still redirecting. Does anybody have a link to where I can order Windows 7 Home Premium (Not the upgrade version) that ships USPS for a reasonable deal? This is so aggravating! I wish the manufactures would send the OS disk out with the purchase of a laptop like they did back in the day. Is their anything else I can do?

Thanks for the help.

Edited by CrackedSpork, 03 November 2012 - 07:25 PM.


#9 CrackedSpork

CrackedSpork

    Member

  • Full Member
  • Pip
  • 11 posts

Posted 03 November 2012 - 08:19 PM

Oops, now I embarrassed. I posted before letting ESET completing the scan and it found three trojans with your help. Thank you very much...I'll report back if their are any further redirects unless you have any other instructions.

On a philosophical question, why would anybody create something so annoying as if anybody would follow the redirect?!?

Thanks again!

Posted Image

Edited by CrackedSpork, 03 November 2012 - 08:22 PM.


#10 ler

ler

    SWI Junkie

  • Helper Trainee+
  • PipPipPipPip
  • 318 posts

Posted 05 November 2012 - 02:12 AM

Hi,

I'll report back if their are any further redirects

If so, please let me know if you experience redirects in all your browsers or just in Firefox.

This is so aggravating! I wish the manufactures would send the OS disk out with the purchase of a laptop like they did back in the day.

You might find this article interesting.


I'm sorry, I forgot to ask for the ESET log in my last post. Did you save it? If so, please post it.

=====

Please download the attached file _isdel.zip to your Desktop.
Please right-click _isdel.zip, click Extract All, and then follow the instructions. You will find a new folder named _isdel on your Desktop.

  • Please close any open browsers.
  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix.
  • Open Notepad and copy/paste the text in the quotebox below into it:
Please Note: Do not use any other text editor than Notepad or the CFScript will fail.

FCopy::
c:\users\Bill\Desktop\_isdel\_isdel.exe | C:\Windows\System32\InstallShield\_isdel.exe

DDS::
uInternet Settings,ProxyOverride = *.local


Save this as CFScript.txt, in the same location as ComboFix.exe

Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I shall require in your next reply.

=====

Please follow the instructions above and run AdwCleaner. :thumbup:

=====

In your next post, please
  • Include the ComboFix log
  • Include the AdwCleaner log
  • Include the ESET log (if available)
  • Let me know if there are any further issues

Attached Files



#11 CrackedSpork

CrackedSpork

    Member

  • Full Member
  • Pip
  • 11 posts

Posted 05 November 2012 - 12:49 PM

I'm sorry, I did not save/notice the ESET log.
Thanks again

#12 ler

ler

    SWI Junkie

  • Helper Trainee+
  • PipPipPipPip
  • 318 posts

Posted 08 November 2012 - 02:46 PM

Are you still with me CrackedSpork? :think:

#13 CrackedSpork

CrackedSpork

    Member

  • Full Member
  • Pip
  • 11 posts

Posted 08 November 2012 - 03:51 PM

My apologizes for the delay. Here is the requested information:

omboFix 12-11-08.01 - Bill 11/08/2012 11:42:43.7.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3983.2573 [GMT -9:00]
Running from: c:\users\Bill\Desktop\ComboFix.exe
Command switches used :: c:\users\Bill\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-10-08 to 2012-11-08 )))))))))))))))))))))))))))))))
.
.
2012-11-08 20:47 . 2012-11-08 20:47 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-11-08 20:47 . 2012-11-08 20:47 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-07 23:30 . 2012-11-07 23:30 916456 ----a-w- c:\windows\system32\deployJava1.dll
2012-11-07 23:30 . 2012-11-07 23:30 289768 ----a-w- c:\windows\system32\javaws.exe
2012-11-07 23:30 . 2012-11-07 23:30 1034216 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-11-07 23:30 . 2012-11-07 23:30 108008 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2012-11-07 23:30 . 2012-11-07 23:30 189416 ----a-w- c:\windows\system32\javaw.exe
2012-11-07 23:30 . 2012-11-07 23:30 188904 ----a-w- c:\windows\system32\java.exe
2012-11-07 23:30 . 2012-11-07 23:30 -------- d-----w- c:\program files\Java
2012-11-07 22:46 . 2012-11-07 22:46 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-11-07 22:46 . 2012-11-07 22:46 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-11-07 22:46 . 2012-11-07 22:46 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-11-06 17:25 . 2012-10-12 07:19 9291768 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F5C5CE8C-03D7-4526-B3FD-898720C7E903}\mpengine.dll
2012-11-03 20:40 . 2012-11-03 20:40 -------- d-----w- c:\programdata\Visan
2012-11-03 20:40 . 2012-11-03 20:40 -------- d-----w- c:\programdata\HP Photo Creations
2012-11-03 20:40 . 2012-11-03 20:40 -------- d-----w- c:\program files (x86)\HP Photo Creations
2012-11-01 19:20 . 2012-11-01 19:20 -------- d-----w- c:\users\Bill\AppData\Roaming\Malwarebytes
2012-11-01 19:20 . 2012-11-01 19:20 -------- d-----w- c:\programdata\Malwarebytes
2012-11-01 19:20 . 2012-11-01 20:17 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-11-01 19:20 . 2012-09-30 03:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-10-27 20:08 . 2012-10-27 20:08 -------- d-----w- c:\windows\Hewlett-Packard
2012-10-27 20:00 . 2011-09-10 00:22 778088 ------w- c:\windows\system32\HPDiscoPM5D12.dll
2012-10-27 20:00 . 2012-10-27 20:00 -------- d-----w- c:\program files\HP
2012-10-17 02:19 . 2012-08-21 21:01 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-10-17 02:19 . 2012-10-17 02:19 -------- d-----w- c:\program files\iPod
2012-10-17 02:19 . 2012-10-17 02:19 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-10-17 02:19 . 2012-10-17 02:19 -------- d-----w- c:\program files\iTunes
2012-10-17 02:19 . 2012-10-17 02:19 -------- d-----w- c:\program files (x86)\iTunes
2012-10-10 03:56 . 2012-08-24 18:05 220160 ----a-w- c:\windows\system32\wintrust.dll
2012-10-10 03:56 . 2012-08-24 16:57 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-10-10 03:56 . 2012-09-14 19:19 2048 ----a-w- c:\windows\system32\tzres.dll
2012-10-10 03:56 . 2012-09-14 18:28 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-10-10 03:56 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-10-10 03:56 . 2012-08-11 00:56 715776 ----a-w- c:\windows\system32\kerberos.dll
2012-10-10 03:56 . 2012-08-10 23:56 542208 ----a-w- c:\windows\SysWow64\kerberos.dll
2012-10-10 03:56 . 2012-06-02 05:41 1464320 ----a-w- c:\windows\system32\crypt32.dll
2012-10-10 03:56 . 2012-06-02 05:41 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-10-10 03:56 . 2012-06-02 04:36 1159680 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-10-10 03:56 . 2012-06-02 05:41 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-10-10 03:56 . 2012-06-02 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-10-10 03:56 . 2012-06-02 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-07 22:46 . 2012-04-19 17:12 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-10-30 22:51 . 2012-03-25 00:36 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-10-30 22:51 . 2012-03-25 00:36 984144 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-10-30 22:51 . 2012-03-25 00:36 71600 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-10-30 22:51 . 2012-03-25 00:36 370288 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-10-30 22:51 . 2012-03-25 00:36 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-10-30 22:51 . 2012-03-25 00:36 41224 ----a-w- c:\windows\avastSS.scr
2012-10-30 22:50 . 2012-03-25 00:36 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-10-30 22:50 . 2012-03-25 00:36 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-10-15 15:59 . 2012-03-25 00:36 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-10-10 04:34 . 2012-04-11 15:50 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-10 04:34 . 2012-02-25 07:13 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-10 04:09 . 2012-03-24 23:59 65309168 ----a-w- c:\windows\system32\MRT.exe
2012-09-23 04:56 . 2012-09-23 04:56 74703 ----a-w- c:\windows\SysWow64\mfc45.dll
2012-08-24 11:15 . 2012-09-22 00:42 17810944 ----a-w- c:\windows\system32\mshtml.dll
2012-08-24 10:39 . 2012-09-22 00:42 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-08-24 10:31 . 2012-09-22 00:42 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-08-24 10:22 . 2012-09-22 00:42 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-08-24 10:21 . 2012-09-22 00:42 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-08-24 10:20 . 2012-09-22 00:42 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-24 10:18 . 2012-09-22 00:42 237056 ----a-w- c:\windows\system32\url.dll
2012-08-24 10:17 . 2012-09-22 00:42 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-08-24 10:14 . 2012-09-22 00:42 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-08-24 10:14 . 2012-09-22 00:42 816640 ----a-w- c:\windows\system32\jscript.dll
2012-08-24 10:13 . 2012-09-22 00:42 599040 ----a-w- c:\windows\system32\vbscript.dll
2012-08-24 10:12 . 2012-09-22 00:42 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-08-24 10:11 . 2012-09-22 00:42 729088 ----a-w- c:\windows\system32\msfeeds.dll
2012-08-24 10:10 . 2012-09-22 00:42 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-08-24 10:09 . 2012-09-22 00:42 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-08-24 10:04 . 2012-09-22 00:42 248320 ----a-w- c:\windows\system32\ieui.dll
2012-08-24 06:59 . 2012-09-22 00:42 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-08-24 06:51 . 2012-09-22 00:42 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-08-24 06:51 . 2012-09-22 00:42 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-08-24 06:47 . 2012-09-22 00:42 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-08-24 06:47 . 2012-09-22 00:42 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-08-24 06:43 . 2012-09-22 00:42 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-08-22 18:12 . 2012-09-15 01:48 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-08-22 18:12 . 2012-09-15 01:48 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-08-22 18:12 . 2012-09-15 01:48 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-08-22 18:12 . 2012-09-15 01:48 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-21 21:01 . 2012-03-25 06:21 125872 ----a-w- c:\windows\system32\GEARAspi64.dll
2012-08-21 21:01 . 2012-03-25 06:21 106928 ----a-w- c:\windows\SysWow64\GEARAspi.dll
2012-08-20 17:38 . 2012-10-10 03:57 44032 ----a-w- c:\windows\apppatch\acwow64.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-06 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
"Belkin Storage Manager"="c:\program files (x86)\Belkin Storage Manager\StorageManager.exe" [2009-02-04 858624]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-30 676936]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys [2011-09-15 299008]
R3 AX88178;ASIX AX88178 USB2.0 to Gigabit Ethernet Adapter;c:\windows\system32\DRIVERS\ax88178.sys [2009-10-02 56320]
R3 FACAP;facap, FastAccess Video Capture;c:\windows\system32\DRIVERS\facap.sys [2008-09-25 238848]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-02-27 158976]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys [2011-09-08 34200]
R3 libusb0;libusb-win32 - Kernel Driver 07/29/2010 1.2.1.0;c:\windows\system32\DRIVERS\libusb0.sys [2010-09-10 42944]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-30 25928]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-09-16 340240]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 84864]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-25 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-09-15 1166848]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-30 71600]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-10-18 936272]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [2011-10-18 1001808]
S2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-06-03 134928]
S2 irstrtsv;Intel® Rapid Start Technology Service;c:\windows\SysWOW64\irstrtsv.exe [2011-07-07 184320]
S2 ISCTAgent;ISCT Always Updated Agent;c:\program files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [2011-11-10 121856]
S2 jhi_service;Intel® Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [2011-09-28 212944]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-30 399432]
S2 RtkAudioService;Realtek Audio Service;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe [2011-05-18 199272]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-05-04 2656536]
S3 acpials;ALS Sensor Filter;c:\windows\system32\DRIVERS\acpials.sys [2009-07-14 9728]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [2011-09-15 299008]
S3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2011-10-18 1354064]
S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [2011-08-29 53760]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [2011-11-15 327168]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2011-01-20 176096]
S3 cyhid;Cypress Input Device;c:\windows\system32\DRIVERS\cyhid.sys [2011-12-09 117248]
S3 cykbfltrService;Cypress Keyboard Filter Driver;c:\windows\system32\DRIVERS\cykbfltr.sys [2011-12-09 13824]
S3 cymfltrService;Cypress Trackpad Filter Driver;c:\windows\system32\DRIVERS\cymfltr.sys [2011-12-09 79872]
S3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;c:\windows\system32\DRIVERS\FLxHCIc.sys [2011-10-04 215296]
S3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;c:\windows\system32\DRIVERS\FLxHCIh.sys [2011-10-04 70912]
S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [2011-12-10 60416]
S3 ikbevent;Intel Upper keyboard Class Filter Driver;c:\windows\system32\DRIVERS\ikbevent.sys [2011-11-10 25024]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
S3 irstrtdv;Intel® Rapid Start Technology Driver;c:\windows\system32\DRIVERS\irstrtdv.sys [2011-06-16 26504]
S3 ISCT;Intel® Smart Connect Technology Device Driver;c:\windows\system32\DRIVERS\ISCTD64.sys [2011-11-10 44992]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys [2011-09-08 25496]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-11 04:34]
.
2012-11-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-25 00:36]
.
2012-11-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-25 00:36]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-11-09 6414440]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-11-04 1156712]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-10-27 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-10-27 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-10-27 416024]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-09-16 1935120]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-10-18 10357008]
"CyCpIo"="c:\program files\Cypress\TrackPad\CyCpIo.exe" [2011-11-08 2375168]
"CyHidWin"="c:\program files\Cypress\TrackPad\CyHidWin.exe" [2011-10-19 2354176]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1 192.168.2.1
FF - ProfilePath - c:\users\Bill\AppData\Roaming\Mozilla\Firefox\Profiles\hbb0yj3z.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - ExtSQL: 2012-11-03 17:28; tineye@ideeinc.com; c:\users\Bill\AppData\Roaming\Mozilla\Firefox\Profiles\hbb0yj3z.default\extensions\tineye@ideeinc.com.xpi
FF - user.js: general.useragent.extra.brc -
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-11-08 11:48:53
ComboFix-quarantined-files.txt 2012-11-08 20:48
ComboFix2.txt 2012-11-03 23:25
ComboFix3.txt 2012-11-03 19:51
ComboFix4.txt 2012-11-03 19:40
ComboFix5.txt 2012-11-08 20:41
.
Pre-Run: 168,338,034,688 bytes free
Post-Run: 168,046,804,992 bytes free
.
- - End Of File - - AED7CF40CAFDC0E78BB5EE521736FFD2







# AdwCleaner v2.007 - Logfile created 11/08/2012 at 11:49:49
# Updated 06/11/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Bill - KATABATIC
# Boot Mode : Normal
# Running from : C:\Users\Bill\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v16.0.2 (en-US)

Profile name : default
File : C:\Users\Bill\AppData\Roaming\Mozilla\Firefox\Profiles\hbb0yj3z.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1016 octets] - [03/11/2012 14:58:13]
AdwCleaner[R2].txt - [904 octets] - [08/11/2012 11:49:49]

########## EOF - C:\AdwCleaner[R2].txt - [963 octets] ##########

#14 ler

ler

    SWI Junkie

  • Helper Trainee+
  • PipPipPipPip
  • 318 posts

Posted 09 November 2012 - 05:22 PM

Hi again CrackedSpork,

  • Please double-click SystemLook.exe on your Desktop to run it.
  • Copy the content of the following codebox into the main textfield:

    :filefind
    _isdel.exe
    
    :folderfind
    _isdel
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

=====

Your version of Java is out of date. It's important to remove older versions of Java since it does not do so automatically and older versions can leave you vulnerable.

Please follow the instructions below to update Java:
  • Please go to the below link and download the latest version:
http://www.java.com/en/download/manual.jsp

  • Save it to your Desktop.
  • Please go to Start>Control Panel >Programs and Features>Programs.
  • Navigate to any versions of Java (J2SE Runtime Environment) you have installed. They will have this icon next to them: Posted Image
  • Select Remove.
  • Please double-click the installer and follow the prompts to install the latest version once all the previous versions have been successfully removed.

Please let me know if there are there any further problems with your computer. :thumbup:

#15 CrackedSpork

CrackedSpork

    Member

  • Full Member
  • Pip
  • 11 posts

Posted 09 November 2012 - 06:05 PM

I believe I have the most current version of Java now. FYI - I noticed after installing Malwarebytes I am no longer able to access this URL: (http://rcsearch.info....schlot#catalog) Could this be the source of my problems?
Thanks


SystemLook 30.07.11 by jpshortstuff
Log created at 13:58 on 09/11/2012 by Bill
Administrator - Elevation successful

========== filefind ==========

Searching for "_isdel.exe"
No files found.

========== folderfind ==========

Searching for "_isdel"
No folders found.

-= EOF =-




Here is a ss of what happens when I open that URL mention above.

Posted Image

Edited by CrackedSpork, 09 November 2012 - 06:08 PM.


#16 ler

ler

    SWI Junkie

  • Helper Trainee+
  • PipPipPipPip
  • 318 posts

Posted 10 November 2012 - 10:30 AM

I noticed after installing Malwarebytes I am no longer able to access this URL: (http://rcsearch.info....schlot#catalog) Could this be the source of my problems?


Your screenshot shows MBAM blocking the access to this site. The MBAM developers blacklisted the server's ip address. They think this server is source of malicious activity.

Please be careful using sites that offer freebies. They rarely come without string attached.

However, if you think this site is safe you might consider posting at the False Positives subforum at malwarebytes.org. You might want to ask for the reason of the ip block there as well :thumbup:

====

Looks like the missing file was not copied successfully.

Please download the attached file _isdel.zip from my previous post to your Desktop one more time.
Please right-click _isdel.zip, click Extract All, and then follow the instructions.

If you do not see a new folder named _isdel on your Desktop please stop here and let me know.

====

  • Please close any open browsers.
  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix.
  • Open Notepad and copy/paste the text in the quotebox below into it:
Please Note: Do not use any other text editor than Notepad or the CFScript will fail.

FCopy::
c:\users\Bill\Desktop\_isdel\_isdel.exe | C:\Windows\System32\InstallShield\_isdel.exe


Save this as CFScript.txt, in the same location as ComboFix.exe

Posted Image

Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I shall require in your next reply.

#17 CrackedSpork

CrackedSpork

    Member

  • Full Member
  • Pip
  • 11 posts

Posted 10 November 2012 - 12:37 PM

_isdel and CF ran and log requested

ComboFix 12-11-09.02 - Bill 11/10/2012 8:29.8.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3983.2462 [GMT -9:00]
Running from: c:\users\Bill\Downloads\ComboFix.exe
Command switches used :: c:\users\Bill\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-10-10 to 2012-11-10 )))))))))))))))))))))))))))))))
.
.
2012-11-10 17:33 . 2012-11-10 17:33 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-11-10 17:33 . 2012-11-10 17:33 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-09 16:38 . 2012-10-12 07:19 9291768 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6912102A-2B62-40E8-8D02-9610D2FE32C2}\mpengine.dll
2012-11-07 23:30 . 2012-11-07 23:30 916456 ----a-w- c:\windows\system32\deployJava1.dll
2012-11-07 23:30 . 2012-11-07 23:30 289768 ----a-w- c:\windows\system32\javaws.exe
2012-11-07 23:30 . 2012-11-07 23:30 1034216 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-11-07 23:30 . 2012-11-07 23:30 108008 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2012-11-07 23:30 . 2012-11-07 23:30 189416 ----a-w- c:\windows\system32\javaw.exe
2012-11-07 23:30 . 2012-11-07 23:30 188904 ----a-w- c:\windows\system32\java.exe
2012-11-07 23:30 . 2012-11-07 23:30 -------- d-----w- c:\program files\Java
2012-11-07 22:46 . 2012-11-07 22:46 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-11-07 22:46 . 2012-11-07 22:46 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-11-07 22:46 . 2012-11-07 22:46 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-11-03 20:40 . 2012-11-03 20:40 -------- d-----w- c:\programdata\Visan
2012-11-03 20:40 . 2012-11-03 20:40 -------- d-----w- c:\programdata\HP Photo Creations
2012-11-03 20:40 . 2012-11-03 20:40 -------- d-----w- c:\program files (x86)\HP Photo Creations
2012-11-01 19:20 . 2012-11-01 19:20 -------- d-----w- c:\users\Bill\AppData\Roaming\Malwarebytes
2012-11-01 19:20 . 2012-11-01 19:20 -------- d-----w- c:\programdata\Malwarebytes
2012-11-01 19:20 . 2012-11-01 20:17 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-11-01 19:20 . 2012-09-30 03:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-10-27 20:08 . 2012-10-27 20:08 -------- d-----w- c:\windows\Hewlett-Packard
2012-10-27 20:00 . 2011-09-10 00:22 778088 ------w- c:\windows\system32\HPDiscoPM5D12.dll
2012-10-27 20:00 . 2012-10-27 20:00 -------- d-----w- c:\program files\HP
2012-10-17 02:19 . 2012-08-21 21:01 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-10-17 02:19 . 2012-10-17 02:19 -------- d-----w- c:\program files\iPod
2012-10-17 02:19 . 2012-10-17 02:19 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-10-17 02:19 . 2012-10-17 02:19 -------- d-----w- c:\program files\iTunes
2012-10-17 02:19 . 2012-10-17 02:19 -------- d-----w- c:\program files (x86)\iTunes
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-07 22:46 . 2012-04-19 17:12 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-10-30 22:51 . 2012-03-25 00:36 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-10-30 22:51 . 2012-03-25 00:36 984144 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-10-30 22:51 . 2012-03-25 00:36 71600 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-10-30 22:51 . 2012-03-25 00:36 370288 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-10-30 22:51 . 2012-03-25 00:36 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-10-30 22:51 . 2012-03-25 00:36 41224 ----a-w- c:\windows\avastSS.scr
2012-10-30 22:50 . 2012-03-25 00:36 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-10-30 22:50 . 2012-03-25 00:36 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-10-15 15:59 . 2012-03-25 00:36 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-10-10 04:34 . 2012-04-11 15:50 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-10 04:34 . 2012-02-25 07:13 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-10 04:09 . 2012-03-24 23:59 65309168 ----a-w- c:\windows\system32\MRT.exe
2012-09-23 04:56 . 2012-09-23 04:56 74703 ----a-w- c:\windows\SysWow64\mfc45.dll
2012-09-14 19:19 . 2012-10-10 03:56 2048 ----a-w- c:\windows\system32\tzres.dll
2012-09-14 18:28 . 2012-10-10 03:56 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-08-31 18:19 . 2012-10-10 03:57 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-08-30 18:03 . 2012-10-10 03:57 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-30 17:12 . 2012-10-10 03:57 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-08-30 17:12 . 2012-10-10 03:57 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-08-24 18:05 . 2012-10-10 03:56 220160 ----a-w- c:\windows\system32\wintrust.dll
2012-08-24 16:57 . 2012-10-10 03:56 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-08-24 11:15 . 2012-09-22 00:42 17810944 ----a-w- c:\windows\system32\mshtml.dll
2012-08-24 10:39 . 2012-09-22 00:42 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-08-24 10:31 . 2012-09-22 00:42 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-08-24 10:22 . 2012-09-22 00:42 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-08-24 10:21 . 2012-09-22 00:42 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-08-24 10:20 . 2012-09-22 00:42 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-24 10:18 . 2012-09-22 00:42 237056 ----a-w- c:\windows\system32\url.dll
2012-08-24 10:17 . 2012-09-22 00:42 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-08-24 10:14 . 2012-09-22 00:42 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-08-24 10:14 . 2012-09-22 00:42 816640 ----a-w- c:\windows\system32\jscript.dll
2012-08-24 10:13 . 2012-09-22 00:42 599040 ----a-w- c:\windows\system32\vbscript.dll
2012-08-24 10:12 . 2012-09-22 00:42 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-08-24 10:11 . 2012-09-22 00:42 729088 ----a-w- c:\windows\system32\msfeeds.dll
2012-08-24 10:10 . 2012-09-22 00:42 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-08-24 10:09 . 2012-09-22 00:42 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-08-24 10:04 . 2012-09-22 00:42 248320 ----a-w- c:\windows\system32\ieui.dll
2012-08-24 06:59 . 2012-09-22 00:42 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-08-24 06:51 . 2012-09-22 00:42 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-08-24 06:51 . 2012-09-22 00:42 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-08-24 06:47 . 2012-09-22 00:42 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-08-24 06:47 . 2012-09-22 00:42 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-08-24 06:43 . 2012-09-22 00:42 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-08-22 18:12 . 2012-09-15 01:48 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-08-22 18:12 . 2012-09-15 01:48 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-08-22 18:12 . 2012-09-15 01:48 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-08-22 18:12 . 2012-09-15 01:48 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-21 21:01 . 2012-03-25 06:21 125872 ----a-w- c:\windows\system32\GEARAspi64.dll
2012-08-21 21:01 . 2012-03-25 06:21 106928 ----a-w- c:\windows\SysWow64\GEARAspi.dll
2012-08-21 21:01 . 2012-10-10 03:56 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-08-20 18:48 . 2012-10-10 03:57 243200 ----a-w- c:\windows\system32\wow64.dll
2012-08-20 18:48 . 2012-10-10 03:57 362496 ----a-w- c:\windows\system32\wow64win.dll
2012-08-20 18:48 . 2012-10-10 03:57 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2012-08-20 18:48 . 2012-10-10 03:57 215040 ----a-w- c:\windows\system32\winsrv.dll
2012-08-20 18:48 . 2012-10-10 03:57 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2012-08-20 18:48 . 2012-10-10 03:57 424448 ----a-w- c:\windows\system32\KernelBase.dll
2012-08-20 18:48 . 2012-10-10 03:57 1162240 ----a-w- c:\windows\system32\kernel32.dll
2012-08-20 18:46 . 2012-10-10 03:57 338432 ----a-w- c:\windows\system32\conhost.exe
2012-08-20 18:38 . 2012-10-10 03:57 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 03:57 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 03:57 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 03:57 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 03:57 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 03:57 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 03:57 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 03:57 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 03:57 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 03:57 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 03:57 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 03:57 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 03:57 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 03:57 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 03:57 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 03:57 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 03:57 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 03:57 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 03:57 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 03:57 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 03:57 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 03:57 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 03:57 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 03:57 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 03:57 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 03:57 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 03:57 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 03:57 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2012-08-20 17:40 . 2012-10-10 03:57 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2012-08-20 17:38 . 2012-10-10 03:57 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-08-20 17:38 . 2012-10-10 03:57 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2012-08-20 17:37 . 2012-10-10 03:57 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2012-08-20 17:37 . 2012-10-10 03:57 274944 ----a-w- c:\windows\SysWow64\KernelBase.dll
2012-08-20 17:32 . 2012-10-10 03:57 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 03:57 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 03:57 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 03:57 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 03:57 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 03:57 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 03:57 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 03:57 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-06 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
"Belkin Storage Manager"="c:\program files (x86)\Belkin Storage Manager\StorageManager.exe" [2009-02-04 858624]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-30 676936]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys [2011-09-15 299008]
R3 AX88178;ASIX AX88178 USB2.0 to Gigabit Ethernet Adapter;c:\windows\system32\DRIVERS\ax88178.sys [2009-10-02 56320]
R3 FACAP;facap, FastAccess Video Capture;c:\windows\system32\DRIVERS\facap.sys [2008-09-25 238848]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-02-27 158976]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys [2011-09-08 34200]
R3 libusb0;libusb-win32 - Kernel Driver 07/29/2010 1.2.1.0;c:\windows\system32\DRIVERS\libusb0.sys [2010-09-10 42944]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-30 25928]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-09-16 340240]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 84864]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-25 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-09-15 1166848]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-30 71600]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-10-18 936272]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [2011-10-18 1001808]
S2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-06-03 134928]
S2 irstrtsv;Intel® Rapid Start Technology Service;c:\windows\SysWOW64\irstrtsv.exe [2011-07-07 184320]
S2 ISCTAgent;ISCT Always Updated Agent;c:\program files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [2011-11-10 121856]
S2 jhi_service;Intel® Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [2011-09-28 212944]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-30 399432]
S2 RtkAudioService;Realtek Audio Service;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe [2011-05-18 199272]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-05-04 2656536]
S3 acpials;ALS Sensor Filter;c:\windows\system32\DRIVERS\acpials.sys [2009-07-14 9728]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [2011-09-15 299008]
S3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2011-10-18 1354064]
S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [2011-08-29 53760]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [2011-11-15 327168]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2011-01-20 176096]
S3 cyhid;Cypress Input Device;c:\windows\system32\DRIVERS\cyhid.sys [2011-12-09 117248]
S3 cykbfltrService;Cypress Keyboard Filter Driver;c:\windows\system32\DRIVERS\cykbfltr.sys [2011-12-09 13824]
S3 cymfltrService;Cypress Trackpad Filter Driver;c:\windows\system32\DRIVERS\cymfltr.sys [2011-12-09 79872]
S3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;c:\windows\system32\DRIVERS\FLxHCIc.sys [2011-10-04 215296]
S3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;c:\windows\system32\DRIVERS\FLxHCIh.sys [2011-10-04 70912]
S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [2011-12-10 60416]
S3 ikbevent;Intel Upper keyboard Class Filter Driver;c:\windows\system32\DRIVERS\ikbevent.sys [2011-11-10 25024]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
S3 irstrtdv;Intel® Rapid Start Technology Driver;c:\windows\system32\DRIVERS\irstrtdv.sys [2011-06-16 26504]
S3 ISCT;Intel® Smart Connect Technology Device Driver;c:\windows\system32\DRIVERS\ISCTD64.sys [2011-11-10 44992]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys [2011-09-08 25496]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-11 04:34]
.
2012-11-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-25 00:36]
.
2012-11-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-25 00:36]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-11-09 6414440]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-11-04 1156712]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-10-27 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-10-27 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-10-27 416024]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-09-16 1935120]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-10-18 10357008]
"CyCpIo"="c:\program files\Cypress\TrackPad\CyCpIo.exe" [2011-11-08 2375168]
"CyHidWin"="c:\program files\Cypress\TrackPad\CyHidWin.exe" [2011-10-19 2354176]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1 192.168.2.1
FF - ProfilePath - c:\users\Bill\AppData\Roaming\Mozilla\Firefox\Profiles\hbb0yj3z.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - ExtSQL: 2012-11-03 17:28; tineye@ideeinc.com; c:\users\Bill\AppData\Roaming\Mozilla\Firefox\Profiles\hbb0yj3z.default\extensions\tineye@ideeinc.com.xpi
FF - user.js: general.useragent.extra.brc -
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-11-10 08:35:40
ComboFix-quarantined-files.txt 2012-11-10 17:35
ComboFix2.txt 2012-11-08 20:48
ComboFix3.txt 2012-11-03 23:25
ComboFix4.txt 2012-11-03 19:51
ComboFix5.txt 2012-11-10 17:27
.
Pre-Run: 166,877,483,008 bytes free
Post-Run: 167,604,191,232 bytes free
.
- - End Of File - - 3037867C7EAD7F4D3E0D22567A9BA70A

#18 ler

ler

    SWI Junkie

  • Helper Trainee+
  • PipPipPipPip
  • 318 posts

Posted 12 November 2012 - 06:32 AM

Hi CrackedSpork,

Please open Notepad and copy and paste following code into it.

copy "c:\users\Bill\Desktop\_isdel\_isdel.exe" "C:\Windows\System32\InstallShield\_isdel.exe" > "log.txt"
dir "c:\users\Bill\Desktop" >> "log.txt"
dir "c:\users\Bill\Desktop\_isdel" >> "log.txt"

Please save the file to script.bat to your Desktop and execute it via double click.

You might see a dark window popping up and disappearing immediately. That's perfectly normal :thumbup:

The script creates a new file named log.txt on your Desktop. Please post its content in your reply.

#19 CrackedSpork

CrackedSpork

    Member

  • Full Member
  • Pip
  • 11 posts

Posted 12 November 2012 - 12:20 PM

Posted as requested


The system cannot find the path specified.
Volume in drive C is OS
Volume Serial Number is A613-C2BA

Directory of c:\users\Bill\Desktop

11/12/2012 08:19 AM <DIR> .
11/12/2012 08:19 AM <DIR> ..
11/12/2012 08:12 AM 120,231 beacon.jpg
11/12/2012 08:19 AM 44 log.txt
11/12/2012 07:40 AM 3,473,198 photo.JPG
11/12/2012 08:19 AM 202 script.bat
4 File(s) 3,593,675 bytes
2 Dir(s) 166,369,988,608 bytes free
Volume in drive C is OS
Volume Serial Number is A613-C2BA

Directory of c:\users\Bill\Desktop

#20 ler

ler

    SWI Junkie

  • Helper Trainee+
  • PipPipPipPip
  • 318 posts

Posted 14 November 2012 - 02:48 AM

Hi CrackedSpork,

Sorry for the delay.

The log shows that the folder _isdel is not present on your Desktop. We need it in order to transfer the missing file.

Please go to this post one more time. Right click the link to the attached file and choose Save Link As. Navigate to your Desktop and choose Save.

You will find a new file named _isdel.zip on your Desktop. Please right click it, choose Extract All, and then follow the instructions. You will find a new folder named _isdel on your Desktop.

Then please re-run script.bat and post the log file :thumbup:

#21 ler

ler

    SWI Junkie

  • Helper Trainee+
  • PipPipPipPip
  • 318 posts

Posted 15 December 2012 - 03:52 AM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button