Solved Svchost.exe trojan removal

[Jrrthe1st]

I ran malware bytes and norton security and it didn't get rid of this. I also took the laptop to best buy and they said they removed it but it's still coming back up on malware bytes. Here's my logs. Thanks!


Malwarebytes Anti-Malware (Trial) 1.65.0.1400
www.malwarebytes.org

Database version: v2012.09.26.11

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Joe :: HENRIETTA [administrator]

Protection: Enabled

9/26/2012 2:24:58 PM
mbam-log-2012-09-26 (14-24-58).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 690673
Time elapsed: 1 hour(s), 32 minute(s), 20 second(s)

Memory Processes Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> 8084 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.

(end)

GMER didn't create a log

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.7.2
Run by Joe at 11:05:41 on 2012-10-10
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8169.5525 [GMT -5:00]
.
AV: Norton AntiVirus *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton AntiVirus *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Norton AntiVirus\Engine\19.9.0.9\ccSvcHst.exe
C:\Program Files (x86)\Norton Safe Web Lite\Engine\1.2.0.6\ccSvcHst.exe
C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Intel\TurboBoost\TurboBoost.exe
C:\ExpressGateUtil\VAWinService.exe
C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Norton AntiVirus\Engine\19.9.0.9\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\RunDll32.exe
C:\Program Files (x86)\Asus\ATK Package\ATK Media\DMedia.exe
C:\Program Files (x86)\Asus\ATK Package\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\Asus\Wireless Console 3\wcourier.exe
C:\Windows\AsScrPro.exe
C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe
C:\Program Files (x86)\Asus\Wireless Console 3\WimaxConsole.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files\P4G\BatteryLife.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Windows\SysWOW64\ACEngSvr.exe
C:\Program Files\HP\HP Deskjet 3050A J611 series\bin\HPNetworkCommunicator.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Joe\Downloads\0j908zdu.exe
C:\Windows\system32\RunDll32.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://asus.msn.com
mStart Page = hxxp://asus.msn.com
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe,
BHO: MRI_DISABLED - No File
BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton AntiVirus\Engine\19.9.0.9\IPS\IPSBHO.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Norton Safe Web Lite: {30ceeea2-3742-40e4-85dd-812bf1cbb83d} - C:\Program Files (x86)\Norton Safe Web Lite\Engine\1.2.0.6\coIEPlg.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll"
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
mRun: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
mRun: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe
mRun: [THX TruStudio NB Settings] "C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe" /r
mRun: [FLxHCIm] "C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe"
mRun: [<NO NAME>]
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
StartupFolder: C:\Users\Joe\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MONITO~1.LNK - C:\Windows\system32\RunDll32.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MRI_DI~1\Scrybe.lnk - C:\Windows\Installer\{147DFAD8-34C3-4DE1-9FCA-ACEFDE9EF810}\NewShortcut11_8ACB210B42E44145A8C31F8E3DD765A3.exe
uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 24.116.2.50 24.116.2.34
TCP: Interfaces\{3AEE893E-1396-4A33-A9B2-FE5F80EE9CA7} : DhcpNameServer = 24.116.2.50 24.116.2.34
TCP: Interfaces\{3AEE893E-1396-4A33-A9B2-FE5F80EE9CA7}\1353478602354702C41657E6462797 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{3AEE893E-1396-4A33-A9B2-FE5F80EE9CA7}\14C6567756C60284F6573756 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{3AEE893E-1396-4A33-A9B2-FE5F80EE9CA7}\24563747245797 : DhcpNameServer = 168.94.0.14 168.94.0.15
TCP: Interfaces\{3AEE893E-1396-4A33-A9B2-FE5F80EE9CA7}\84F6D6563747561646 : DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{3AEE893E-1396-4A33-A9B2-FE5F80EE9CA7}\861657470286F6573756 : DhcpNameServer = 192.168.1.1 24.116.2.50 24.116.2.34
TCP: Interfaces\{3AEE893E-1396-4A33-A9B2-FE5F80EE9CA7}\A4F6070796560245F677E6 : DhcpNameServer = 192.168.0.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: MRI_DISABLED - No File
BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
BHO-X64: Norton Vulnerability Protection - No File
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Norton Safe Web Lite BHO - No File
BHO-X64: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\19.9.0.9\IPS\IPSBHO.DLL
BHO-X64: Norton Vulnerability Protection - No File
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB-X64: Norton Safe Web Lite: {30CEEEA2-3742-40e4-85DD-812BF1CBB83D} - C:\Program Files (x86)\Norton Safe Web Lite\Engine\1.2.0.6\coIEPlg.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll"
mRun-x64: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
mRun-x64: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
mRun-x64: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
mRun-x64: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe
mRun-x64: [THX TruStudio NB Settings] "C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe" /r
mRun-x64: [FLxHCIm] "C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe"
mRun-x64: [(Default)]
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\chww36un.default\
FF - prefs.js: browser.startup.homepage - google.com
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll
FF - plugin: C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
---- FIREFOX POLICIES ----
FF - user.js: general.useragent.extra.brc - BRI/1
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\NAVx64\1309000.009\SYMDS64.SYS --> C:\Windows\system32\drivers\NAVx64\1309000.009\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NAVx64\1309000.009\SYMEFA64.SYS --> C:\Windows\system32\drivers\NAVx64\1309000.009\SYMEFA64.SYS [?]
R1 ATKWMIACPIIO;ATKWMIACPI Driver;C:\Program Files (x86)\Asus\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2010-7-26 17024]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.6.1.8\Definitions\BASHDefs\20120928.001\BHDrvx64.sys [2012-10-1 1385120]
R1 ccSet_NAV;Norton AntiVirus Settings Manager;C:\Windows\system32\drivers\NAVx64\1309000.009\ccSetx64.sys --> C:\Windows\system32\drivers\NAVx64\1309000.009\ccSetx64.sys [?]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.6.1.8\Definitions\IPSDefs\20121009.001\IDSviA64.sys [2012-10-9 513184]
R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\NAVx64\1309000.009\Ironx64.SYS --> C:\Windows\system32\drivers\NAVx64\1309000.009\Ironx64.SYS [?]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\NAVx64\1309000.009\SYMNETS.SYS --> C:\Windows\system32\Drivers\NAVx64\1309000.009\SYMNETS.SYS [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\Asus\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-2 15416]
R2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.EXE [2012-6-11 193616]
R2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [2010-9-1 408576]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-10-8 399432]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-10-8 676936]
R2 NAV;Norton AntiVirus;C:\Program Files (x86)\Norton AntiVirus\Engine\19.9.0.9\ccsvchst.exe [2012-10-1 138272]
R2 NSL;Norton Safe Web Lite;C:\Program Files (x86)\Norton Safe Web Lite\Engine\1.2.0.6\ccSvcHst.exe [2011-6-15 130000]
R2 ScrybeUpdater;Scrybe Updater;C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe [2011-5-27 1300264]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-2-29 382272]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?]
R2 TurboBoost;Intel(R) Turbo Boost Technology Monitor;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-4-16 134928]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-5-8 2655768]
R2 VideAceWindowsService;VideAceWindowsService;C:\ExpressGateUtil\VAWinService.exe [2010-8-20 77312]
R2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [2010-9-1 911872]
R3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.EXE [2012-6-11 240208]
R3 bpenum;bpenum;C:\Windows\system32\DRIVERS\bpenum.sys --> C:\Windows\system32\DRIVERS\bpenum.sys [?]
R3 bpmp;Intel(R) Centrino(R) WiMAX 6050 Series;C:\Windows\system32\DRIVERS\bpmp.sys --> C:\Windows\system32\DRIVERS\bpmp.sys [?]
R3 bpusb;bpusb;C:\Windows\system32\Drivers\bpusb.sys --> C:\Windows\system32\Drivers\bpusb.sys [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-8-9 138912]
R3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;C:\Windows\system32\DRIVERS\FLxHCIc.sys --> C:\Windows\system32\DRIVERS\FLxHCIc.sys [?]
R3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;C:\Windows\system32\DRIVERS\FLxHCIh.sys --> C:\Windows\system32\DRIVERS\FLxHCIh.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 MBfilt;MBfilt;C:\Windows\system32\drivers\MBfilt64.sys --> C:\Windows\system32\drivers\MBfilt64.sys [?]
R3 MEIx64;Intel(R) Management Engine Interface ;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-6-5 2348352]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-3-30 250808]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-5-8 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-5-8 79360]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-4 114144]
S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUVStor.sys --> C:\Windows\system32\Drivers\RtsUVStor.sys [?]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\system32\DRIVERS\SiSG664.sys --> C:\Windows\system32\DRIVERS\SiSG664.sys [?]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\system32\DRIVERS\ssadbus.sys --> C:\Windows\system32\DRIVERS\ssadbus.sys [?]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\system32\DRIVERS\ssadmdfl.sys --> C:\Windows\system32\DRIVERS\ssadmdfl.sys [?]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\system32\DRIVERS\ssadmdm.sys --> C:\Windows\system32\DRIVERS\ssadmdm.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]
S4 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-8-19 136176]
S4 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-8-19 136176]
S4 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-8-13 3064000]
S4 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-3 160944]
.
=============== Created Last 30 ================
.
2012-10-10 15:53:09 20480 ----a-w- C:\Windows\svchost.exe
2012-10-10 07:16:44 220160 ----a-w- C:\Windows\System32\wintrust.dll
2012-10-10 07:16:44 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-10-10 07:16:40 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-10-10 07:16:40 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-10-10 07:16:27 715776 ----a-w- C:\Windows\System32\kerberos.dll
2012-10-10 07:16:27 542208 ----a-w- C:\Windows\SysWow64\kerberos.dll
2012-10-10 07:16:21 1464320 ----a-w- C:\Windows\System32\crypt32.dll
2012-10-10 07:16:20 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-10-10 07:16:20 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-10-10 07:16:20 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-10-10 07:16:20 1159680 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-10-10 07:16:20 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-10-09 01:34:58 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-10-09 01:34:58 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-10-01 22:40:09 737952 ----a-w- C:\Windows\System32\drivers\NAVx64\1309000.009\srtsp64.sys
2012-10-01 22:40:09 451192 ----a-r- C:\Windows\System32\drivers\NAVx64\1309000.009\symds64.sys
2012-10-01 22:40:09 405624 ----a-w- C:\Windows\System32\drivers\NAVx64\1309000.009\symnets.sys
2012-10-01 22:40:09 37536 ----a-w- C:\Windows\System32\drivers\NAVx64\1309000.009\srtspx64.sys
2012-10-01 22:40:09 190072 ----a-w- C:\Windows\System32\drivers\NAVx64\1309000.009\ironx64.sys
2012-10-01 22:40:09 167072 ----a-w- C:\Windows\System32\drivers\NAVx64\1309000.009\ccsetx64.sys
2012-10-01 22:40:09 1129120 ----a-w- C:\Windows\System32\drivers\NAVx64\1309000.009\symefa64.sys
2012-10-01 22:40:02 -------- d-----w- C:\Windows\System32\drivers\NAVx64\1309000.009
2012-09-28 22:19:06 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys
2012-09-28 22:19:05 41472 ----a-w- C:\Windows\System32\drivers\RNDISMP.sys
2012-09-28 22:18:59 574464 ----a-w- C:\Windows\System32\d3d10level9.dll
2012-09-28 22:18:59 490496 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
2012-09-28 22:18:55 376688 ----a-w- C:\Windows\System32\drivers\netio.sys
2012-09-28 22:18:55 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2012-09-28 22:18:55 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-09-28 22:18:49 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe
2012-09-26 19:23:04 -------- d-----w- C:\Users\Joe\AppData\Roaming\Malwarebytes
2012-09-26 19:22:58 -------- d-----w- C:\ProgramData\Malwarebytes
2012-09-17 14:14:38 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-09-16 20:17:10 -------- d-----w- C:\Users\Joe\AppData\Local\{8DC79524-DD86-43DA-AEEA-267BD5E85FDD}
.
==================== Find3M ====================
.
2012-10-10 15:52:41 45056 ----a-w- C:\Windows\System32\acovcnt.exe
2012-10-09 03:45:36 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-09 03:45:36 696760 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-09-01 06:41:59 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-01 06:41:59 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-09-01 06:41:59 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-08-31 18:19:35 1659760 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2012-08-24 10:31:32 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-08-24 10:21:18 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-08-24 10:20:11 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-08-24 10:14:45 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-08-24 10:13:29 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-08-24 10:09:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-08-24 06:59:17 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-08-24 06:51:27 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-08-24 06:51:02 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-08-24 06:47:26 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-08-24 06:47:12 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-08-24 06:43:58 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-08-20 18:48:44 362496 ----a-w- C:\Windows\System32\wow64win.dll
2012-08-20 18:48:44 243200 ----a-w- C:\Windows\System32\wow64.dll
2012-08-20 18:48:44 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2012-08-20 18:48:43 215040 ----a-w- C:\Windows\System32\winsrv.dll
2012-08-20 18:48:37 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2012-08-20 18:48:35 424448 ----a-w- C:\Windows\System32\KernelBase.dll
2012-08-20 18:46:22 338432 ----a-w- C:\Windows\System32\conhost.exe
2012-08-20 17:40:21 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2012-08-20 17:38:44 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2012-08-20 17:38:26 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2012-08-20 17:37:19 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2012-08-20 17:37:18 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2012-08-20 15:38:21 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2012-08-20 15:38:20 2048 ----a-w- C:\Windows\SysWow64\user.exe
2012-08-20 15:33:28 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-08-20 15:33:28 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-20 15:33:28 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-08-20 15:33:28 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2012-07-18 18:15:06 3148800 ----a-w- C:\Windows\System32\win32k.sys
.
============= FINISH: 11:06:28.99 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 6/13/2011 5:08:04 PM
System Uptime: 10/10/2012 10:51:51 AM (1 hours ago)
.
Motherboard: ASUSTeK Computer Inc. | | G73Sw
Processor: Intel(R) Core(TM) i7-2630QM CPU @ 2.00GHz | CPU 1 | 2001/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 451 GiB total, 368.741 GiB free.
D: is FIXED (NTFS) - 699 GiB total, 82.208 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP131: 9/30/2012 12:57:08 AM - Windows Update
RP132: 10/7/2012 1:32:26 PM - Scheduled Checkpoint
RP133: 10/10/2012 3:00:19 AM - Windows Update
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
µTorrent
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Apple Application Support
Apple Software Update
ASUS AI Recovery
ASUS Live Update
ASUS SmartLogon
ASUS Splendid Video Enhancement Technology
ASUS Virtual Camera
Asus_G73_Screensaver
AsusVibe2.0
ATK Package
Best Buy pc app
Bing Bar
Bing Rewards Client Installer
Coupon Printer for Windows
CyberLink LabelPrint
CyberLink Power2Go
D3DX10
DirectX 9 Runtime
DivX Setup
ExpressGate Cloud
Google Chrome
Google Earth
Google Update Helper
Hoster
HP Deskjet 3050A J611 series Help
HP Photo Creations
HP Update
Intel(R) Control Center
Intel(R) Management Engine Components
Java 7 Update 7
Java Auto Updater
Java(TM) 6 Update 31
JavaFX 2.1.1
Junk Mail filter update
K-Lite Codec Pack 2.72 Full
Karaoke for DirectX (remove only)
Malwarebytes Anti-Malware version 1.65.0.1400
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 1.1
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2010
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Mozilla Firefox 15.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP3 Parser (KB2721691)
MSXML 4.0 SP3 Parser (KB973685)
Norton AntiVirus
Norton Safe Web Lite
Nuance PDF Reader
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
PCDJ VJ
QuickTime
Realtek Ethernet Controller Driver For Windows 7
Realtek High Definition Audio Driver
Realtek USB 2.0 Reader Driver
Roxio Activation Module
Roxio CinePlayer
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687314) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2687315) 32-Bit Edition
Skype Click to Call
Skype™ 5.10
Synaptics Gesture Suite featuring SYNAPTICS | Scrybe
THX TruStudio
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687407) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
uTorrentBar Toolbar
VC80CRTRedist - 8.0.50727.6195
VirtualDJ Home FREE
Winamp
Winamp Detector Plug-in
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinFlash
WinZip 15.5
Wireless Console 3
Yahoo! Messenger
Yawcam 0.3.8
.
==== Event Viewer Messages From Past Week ========
.
10/8/2012 12:56:58 PM, Error: Schannel [36887] - The following fatal alert was received: 20.
10/6/2012 8:39:41 PM, Error: Service Control Manager [7031] - The Norton Safe Web Lite service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
10/6/2012 8:39:40 PM, Error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
10/6/2012 8:24:15 PM, Error: Service Control Manager [7001] - The MBAMService service depends on the MBAMProtector service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
10/5/2012 7:27:28 PM, Error: Service Control Manager [7023] - The Superfetch service terminated with the following error: The data is invalid.
10/5/2012 10:19:53 AM, Error: Service Control Manager [7038] - The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: Logon failure: the specified account password has expired. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
10/3/2012 2:47:04 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000116 (0xfffffa800bf704e0, 0xfffff8800f4820dc, 0x0000000000000000, 0x000000000000000d). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 100312-23322-01.
10/10/2012 3:01:50 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Windows 7 for x64-based Systems (KB2724197).
10/10/2012 10:54:18 AM, Error: Service Control Manager [7038] - The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: Logon failure: unknown user name or bad password. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
10/10/2012 10:54:18 AM, Error: Service Control Manager [7000] - The NVIDIA Update Service Daemon service failed to start due to the following error: The service did not start due to a logon failure.
.
==== End Of File ===========================


Thanks again for your help, let me know if there's anything else I need to scan and post

 

[Jay Pfoutz]

Hello, and welcome to TechSpot.

Please see here for the board rules and other FAQ.

Please feel free to introduce yourself, after you follow the steps below to get started.

Information

• From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
• Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
• If you have already asked for help somewhere, please post the link to the topic you were helped.
• We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
• Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.

TDSSKiller Scan

Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

For Windows XP, double-click to start.
For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

------------------------

Click the Start Scan button.

-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue
If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue

----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.
Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

-------------------

Here's a summary of what to do if you would like to print it out:

If a suspicious object is detected, the default action will be Skip, click on Continue
If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

RogueKiller Scan

• Download RogueKiller and save it on your desktop.
• Quit all programs
• Start RogueKiller.exe.
• Wait until Prescan has finished ...
• Click on Scan

• Wait for the end of the scan.
• The report has been created on the desktop.
• Click on the Delete button.

• The report has been created on the desktop.

• Next click on the ShortcutsFix
  
  
  
• The report has been created on the desktop.

Please post:

All RKreport.txt text files located on your desktop.


avast! aswMBR

Please download aswMBR from here

• Save aswMBR.exe to your Desktop
• Double click aswMBR.exe to run it
• Uncheck "Trace disk IO calls".
• Click the Scan button to start the scan as illustrated below

Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives.

• Once the scan finishes click Save log to save the log to your Desktop
  
  
• Copy and paste the contents of aswMBR.txt back here for review
• Please also find MBR.dat on your Desktop, and rename it to MBR.txt. Upload that as well. Do not copy and paste MBR.dat/txt, it needs to be uploaded.

 

[Jrrthe1st]

Attaching a zip file for the tdss killer

 

[Jrrthe1st]

RogueKiller V8.1.1 [10/03/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: https://www.techspot.com/downloads/5562-roguekiller.html
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Joe [Admin rights]
Mode : Scan -- Date : 10/11/2012 08:52:08

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 15 ¤¤¤
[TASK][SUSP PATH] HP Photo Creations Communicator.job : C:\ProgramData\HP Photo Creations\Communicator.exe -> FOUND
[TASK][SUSP PATH] HP Photo Creations Communicator : C:\ProgramData\HP Photo Creations\Communicator.exe --auto -> FOUND
[TASK][BLPATH] HPCustParticipation HP Deskjet 3050A J611 series : "C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPCustPartic.exe" /UA 9.5 /DDV 0x0900 -> FOUND
[TASK][SUSP PATH] {BAE0A66A-2275-4444-A8E4-4C569B76C798} : C:\Windows\system32\pcalua.exe -a "C:\Users\Joe\AppData\Local\Temp\wz0c26\PCDJ VJ 5.1\Setup_VJ_5.1.exe" -d F:\ -> FOUND
[STARTUP][SUSP PATH] Best Buy pc app.lnk @Default : C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe -> FOUND
[STARTUP][SUSP PATH] Best Buy pc app.lnk @Default User : C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe -> FOUND
[STARTUP][BLACKLIST DLL] Monitor Ink Alerts - HP Deskjet 3050A J611 series (Network).lnk @Joe : C:\Windows\system32\RunDll32.exe|"C:\Program Files\HP\HP Deskjet 3050A J611 series\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN1AI4832X05PJ;CONNECTION=NW;MONITOR=1; -> FOUND
[STARTUP][SUSP PATH] Best Buy pc app.lnk @UpdatusUser : C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe -> FOUND
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts



¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST95005620AS +++++
--- User ---
[MBR] 2be15045cd22943f2d8f41e6349d9959
[BSP] bfb2c598baeb4fd4132b27fdd366ca6c : Windows 7 MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 63 | Size: 14676 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 30057615 | Size: 462260 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: ST9750420AS +++++
--- User ---
[MBR] 01be8b79708e913425321ad008a261f9
[BSP] 6fe1c81a55733c3ca19f8cc11417786a : Windows 7 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 715402 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt


RogueKiller V8.1.1 [10/03/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: https://www.techspot.com/downloads/5562-roguekiller.html
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Joe [Admin rights]
Mode : Remove -- Date : 10/11/2012 08:52:24

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 12 ¤¤¤
[TASK][SUSP PATH] HP Photo Creations Communicator.job : C:\ProgramData\HP Photo Creations\Communicator.exe -> DELETED
[TASK][SUSP PATH] HP Photo Creations Communicator : C:\ProgramData\HP Photo Creations\Communicator.exe --auto -> DELETED
[TASK][BLPATH] HPCustParticipation HP Deskjet 3050A J611 series : "C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPCustPartic.exe" /UA 9.5 /DDV 0x0900 -> DELETED
[TASK][SUSP PATH] {BAE0A66A-2275-4444-A8E4-4C569B76C798} : C:\Windows\system32\pcalua.exe -a "C:\Users\Joe\AppData\Local\Temp\wz0c26\PCDJ VJ 5.1\Setup_VJ_5.1.exe" -d F:\ -> DELETED
[STARTUP][SUSP PATH] Best Buy pc app.lnk @Default : C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe -> DELETED
[STARTUP][BLACKLIST DLL] Monitor Ink Alerts - HP Deskjet 3050A J611 series (Network).lnk @Joe : C:\Windows\system32\RunDll32.exe|"C:\Program Files\HP\HP Deskjet 3050A J611 series\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN1AI4832X05PJ;CONNECTION=NW;MONITOR=1; -> DELETED
[STARTUP][SUSP PATH] Best Buy pc app.lnk @UpdatusUser : C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe -> DELETED
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)
[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> REPLACED (1)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts



¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST95005620AS +++++
--- User ---
[MBR] 2be15045cd22943f2d8f41e6349d9959
[BSP] bfb2c598baeb4fd4132b27fdd366ca6c : Windows 7 MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 63 | Size: 14676 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 30057615 | Size: 462260 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: ST9750420AS +++++
--- User ---
[MBR] 01be8b79708e913425321ad008a261f9
[BSP] 6fe1c81a55733c3ca19f8cc11417786a : Windows 7 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 715402 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt


RogueKiller V8.1.1 [10/03/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: https://www.techspot.com/downloads/5562-roguekiller.html
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Joe [Admin rights]
Mode : Shortcuts HJfix -- Date : 10/11/2012 08:56:02

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ File attributes restored: ¤¤¤
Desktop: Success 1 / Fail 0
Quick launch: Success 1 / Fail 0
Programs: Success 5 / Fail 0
Start menu: Success 3 / Fail 0
User folder: Success 108 / Fail 0
My documents: Success 0 / Fail 0
My favorites: Success 0 / Fail 0
My pictures: Success 0 / Fail 0
My music: Success 4 / Fail 0
My videos: Success 0 / Fail 0
Local drives: Success 902 / Fail 117
Backup: [NOT FOUND]

Drives:
[C:] \Device\HarddiskVolume2 -- 0x3 --> Restored
[D:] \Device\HarddiskVolume3 -- 0x3 --> Restored
[E:] \Device\CdRom0 -- 0x5 --> Skipped

Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt


aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-10-11 08:56:30
-----------------------------
08:56:30.947 OS Version: Windows x64 6.1.7601 Service Pack 1
08:56:30.947 Number of processors: 8 586 0x2A07
08:56:30.947 ComputerName: HENRIETTA UserName: Joe
08:56:32.023 Initialize success
08:57:33.441 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
08:57:33.441 Disk 0 Vendor: ST950056 SD26 Size: 476940MB BusType: 3
08:57:33.441 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2
08:57:33.441 Disk 1 Vendor: ST975042 0002 Size: 715404MB BusType: 3
08:57:33.441 Disk 0 MBR read successfully
08:57:33.441 Disk 0 MBR scan
08:57:33.441 Disk 0 Windows 7 default MBR code
08:57:33.457 Disk 0 Partition 1 00 1C Hidd FAT32 LBA MSDOS5.0 14676 MB offset 63
08:57:33.457 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 462260 MB offset 30057615
08:57:33.457 Disk 0 scanning C:\Windows\system32\drivers
08:57:35.750 Service scanning
08:57:41.616 Modules scanning
08:57:41.616 Scan finished successfully
08:58:00.601 Disk 0 MBR has been saved successfully to "C:\Users\Joe\Desktop\MBR.dat"
08:58:00.601 The log file has been saved successfully to "C:\Users\Joe\Desktop\aswMBR.txt"

Ok I think that's everything. Thanks again!

 

[Jay Pfoutz]

Excellent work. That killed the boot infection, now time to lay siege to the other malware...

ComboFix scan

Please download ComboFix

by sUBs
From BleepingComputer.com

Please save the file to your Desktop.

Important information about ComboFix


After the download:

• Close any open browsers.
• Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
• WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
• Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
• If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.

Running ComboFix:

• Double click on ComboFix.exe & follow the prompts.
• When ComboFix finishes, it will produce a report for you.
• Please post the report, which will launch or be found at "C:\Combo-Fix.txt" in your next reply.

Troubleshooting ComboFix

Safe Mode:

If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

(To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
logo appears. A list of options will appear, select "Safe Mode.")

Re-downloading:

If this doesn't work either, try the same method (above method), but try to download it again, except name
ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

 

[Jrrthe1st]

Here's the report from combofix:

ComboFix 12-10-11.03 - Joe 10/11/2012 13:01:15.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8169.5925 [GMT -5:00]
Running from: c:\users\Joe\Desktop\ComboFix.exe
AV: Norton AntiVirus *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Norton AntiVirus *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SwSys1.bmp
c:\windows\SwSys2.bmp
c:\windows\SysWow64\C__Windows_system32_config_systemprofile_AppData_Local_Microsoft_Windows_Temporary Internet Files_Content.IE5_T0Y1L5V1_CASO1OTO.HTM
c:\windows\SysWow64\URTTemp
c:\windows\SysWow64\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-09-11 to 2012-10-11 )))))))))))))))))))))))))))))))
.
.
2012-10-11 18:05 . 2012-10-11 18:05--------d-----w-c:\users\UpdatusUser\AppData\Local\temp
2012-10-11 18:05 . 2012-10-11 18:05--------d-----w-c:\users\Default\AppData\Local\temp
2012-10-11 13:47 . 2012-10-11 13:47--------d-----w-C:\TDSSKiller_Quarantine
2012-10-10 07:16 . 2012-08-24 18:05220160----a-w-c:\windows\system32\wintrust.dll
2012-10-10 07:16 . 2012-08-24 16:57172544----a-w-c:\windows\SysWow64\wintrust.dll
2012-10-10 07:16 . 2012-09-14 19:192048----a-w-c:\windows\system32\tzres.dll
2012-10-10 07:16 . 2012-09-14 18:282048----a-w-c:\windows\SysWow64\tzres.dll
2012-10-10 07:16 . 2012-08-11 00:56715776----a-w-c:\windows\system32\kerberos.dll
2012-10-10 07:16 . 2012-08-10 23:56542208----a-w-c:\windows\SysWow64\kerberos.dll
2012-10-10 07:16 . 2012-06-02 05:411464320----a-w-c:\windows\system32\crypt32.dll
2012-10-10 07:16 . 2012-06-02 05:41184320----a-w-c:\windows\system32\cryptsvc.dll
2012-10-10 07:16 . 2012-06-02 05:41140288----a-w-c:\windows\system32\cryptnet.dll
2012-10-10 07:16 . 2012-06-02 04:36140288----a-w-c:\windows\SysWow64\cryptsvc.dll
2012-10-10 07:16 . 2012-06-02 04:361159680----a-w-c:\windows\SysWow64\crypt32.dll
2012-10-10 07:16 . 2012-06-02 04:36103936----a-w-c:\windows\SysWow64\cryptnet.dll
2012-10-09 01:34 . 2012-10-09 01:35--------d-----w-c:\program files (x86)\Malwarebytes' Anti-Malware
2012-10-09 01:34 . 2012-09-07 22:0425928----a-w-c:\windows\system32\drivers\mbam.sys
2012-10-08 12:51 . 2012-10-08 12:51--------d-----w-c:\users\Default\AppData\Roaming\Apple Computer
2012-10-08 12:51 . 2012-10-08 12:51--------d-----w-c:\users\Default\AppData\Local\Apple Computer
2012-10-01 22:40 . 2012-10-03 04:35--------d-----w-c:\windows\system32\drivers\NAVx64\1309000.009
2012-09-28 22:19 . 2012-08-22 18:12950128----a-w-c:\windows\system32\drivers\ndis.sys
2012-09-28 22:19 . 2012-07-04 20:2641472----a-w-c:\windows\system32\drivers\RNDISMP.sys
2012-09-28 22:18 . 2012-08-02 17:58574464----a-w-c:\windows\system32\d3d10level9.dll
2012-09-28 22:18 . 2012-08-02 16:57490496----a-w-c:\windows\SysWow64\d3d10level9.dll
2012-09-28 22:18 . 2012-08-22 18:121913200----a-w-c:\windows\system32\drivers\tcpip.sys
2012-09-28 22:18 . 2012-08-22 18:12376688----a-w-c:\windows\system32\drivers\netio.sys
2012-09-28 22:18 . 2012-08-22 18:12288624----a-w-c:\windows\system32\drivers\FWPKCLNT.SYS
2012-09-28 22:18 . 2012-08-21 21:01245760----a-w-c:\windows\system32\OxpsConverter.exe
2012-09-26 19:23 . 2012-09-26 19:23--------d-----w-c:\users\Joe\AppData\Roaming\Malwarebytes
2012-09-26 19:22 . 2012-09-26 19:22--------d-----w-c:\programdata\Malwarebytes
2012-09-17 14:14 . 2012-09-28 22:10--------d-----w-c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-11 13:49 . 2011-05-09 02:5545056----a-w-c:\windows\system32\acovcnt.exe
2012-10-10 08:01 . 2011-06-14 01:3665309168----a-w-c:\windows\system32\MRT.exe
2012-10-09 03:45 . 2012-03-30 15:43696760----a-w-c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-09 03:45 . 2011-06-21 23:4273656----a-w-c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-01 06:41 . 2012-09-01 06:4295208----a-w-c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-01 06:41 . 2012-08-03 21:15821736----a-w-c:\windows\SysWow64\npDeployJava1.dll
2012-09-01 06:41 . 2011-11-03 14:40746984----a-w-c:\windows\SysWow64\deployJava1.dll
2012-08-20 17:38 . 2012-10-10 07:1744032----a-w-c:\windows\apppatch\acwow64.dll
2012-07-18 18:15 . 2012-08-15 00:523148800----a-w-c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2012-02-23 59240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2010-09-23 1601536]
"ASUS Screen Saver Protector"="c:\windows\AsScrPro.exe" [2011-05-09 3058304]
"THX TruStudio NB Settings"="c:\program files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe" [2010-09-08 905216]
"FLxHCIm"="c:\program files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe" [2010-11-19 37888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-08 421776]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes Anti-Malware (cleanup)"="c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll" [2012-09-07 1089608]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\MRI_DISABLED
Scrybe.lnk - c:\windows\Installer\{147DFAD8-34C3-4DE1-9FCA-ACEFDE9EF810}\NewShortcut11_8ACB210B42E44145A8C31F8E3DD765A3.exe [2011-12-27 45056]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecuteREG_MULTI_SZ autocheck autochk /p \??\F:\0autocheck autochk *
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security PackagesREG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe [2012-06-11 193616]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-07 676936]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-03-01 2348352]
R2 VideAceWindowsService;VideAceWindowsService;c:\expressgateutil\VAWinService.exe [2010-08-21 77312]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-09 250808]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-05-09 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-05-09 79360]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-07 25928]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-07 114144]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys [2010-08-03 290920]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-05-13 157672]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-05-13 16872]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-05-13 177640]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-06-14 1255736]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]
R4 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-20 136176]
R4 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-20 136176]
R4 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-08-13 3064000]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-03 160944]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAVx64\1309000.009\SYMDS64.SYS [2012-01-17 451192]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAVx64\1309000.009\SYMEFA64.SYS [2012-05-22 1129120]
S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2010-07-26 17024]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.6.1.8\Definitions\BASHDefs\20120928.001\BHDrvx64.sys [2012-09-20 1385120]
S1 ccSet_NAV;Norton AntiVirus Settings Manager;c:\windows\system32\drivers\NAVx64\1309000.009\ccSetx64.sys [2012-06-07 167072]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.6.1.8\Definitions\IPSDefs\20121010.001\IDSvia64.sys [2012-09-28 513184]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAVx64\1309000.009\Ironx64.SYS [2012-04-18 190072]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NAVx64\1309000.009\SYMNETS.SYS [2012-04-18 405624]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]
S2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;c:\program files\Intel\WiMAX\Bin\DMAgent.exe [2010-09-01 408576]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-07 399432]
S2 NAV;Norton AntiVirus;c:\program files (x86)\Norton AntiVirus\Engine\19.9.0.9\ccSvcHst.exe [2012-06-16 138272]
S2 NSL;Norton Safe Web Lite;c:\program files (x86)\Norton Safe Web Lite\Engine\1.2.0.6\ccSvcHst.exe [2010-11-24 130000]
S2 ScrybeUpdater;Scrybe Updater;c:\program files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe [2011-05-27 1300264]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-29 382272]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-04-16 13832]
S2 TurboBoost;Intel(R) Turbo Boost Technology Monitor;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-04-16 134928]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-10-06 2655768]
S2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;c:\program files\Intel\WiMAX\Bin\AppSrv.exe [2010-09-01 911872]
S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe [2012-06-11 240208]
S3 bpenum;bpenum;c:\windows\system32\DRIVERS\bpenum.sys [2010-05-17 71168]
S3 bpmp;Intel(R) Centrino(R) WiMAX 6050 Series;c:\windows\system32\DRIVERS\bpmp.sys [2010-05-17 175104]
S3 bpusb;bpusb;c:\windows\system32\Drivers\bpusb.sys [2010-05-17 81920]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-08-09 138912]
S3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;c:\windows\system32\DRIVERS\FLxHCIc.sys [2010-11-19 210944]
S3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;c:\windows\system32\DRIVERS\FLxHCIh.sys [2010-11-19 49664]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys [2009-11-17 32344]
S3 MEIx64;Intel(R) Management Engine Interface ;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]
S3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [2010-08-09 7821312]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-01-17 188224]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-06-23 333928]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 03:45]
.
2012-10-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-20 03:47]
.
2012-10-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-20 03:47]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelWirelessWiMAX"="c:\program files\Intel\WiMAX\Bin\WiMAXCU.exe" [2010-09-01 1449984]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-22 11075176]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://asus.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 24.116.2.50 24.116.2.34
FF - ProfilePath - c:\users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\chww36un.default\
FF - prefs.js: browser.startup.homepage - google.com
FF - user.js: general.useragent.extra.brc - BRI/1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
SafeBoot-69453543.sys
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-SynAsusAcpi - c:\program files (x86)\Synaptics\SynTP\SynAsusAcpi.exe
AddRemove-{0886900B-B2F3-452C-B580-60F1253F7F80} - c:\programdata\{DCC412E7-393B-4016-91FB-9307F059AFB6}\Controller Editor Setup PC.exe
AddRemove-{0B8565BA-BAD5-4732-B122-5FD78EFC50A9} - c:\programdata\{C78336EC-F2EB-4640-99A4-DFE96581B90B}\Service Center Setup PC.exe
AddRemove-{24873332-B98B-4235-ABBA-CCDEACC62BB9} - c:\programdata\{11136A9B-503B-4922-9ECD-F2F94F4B73E6}\Traktor Audio 6 Setup PC.exe
AddRemove-{28F19F09-F228-49cb-8B90-F97DA7180DD4} - c:\programdata\{9047A3F7-FF2B-415B-8BDB-B182D0078FE4}\Traktor Kontrol S4 Setup PC.exe
AddRemove-{3054FEFA-4748-4cf0-8C3C-8DB887DE379F} - c:\programdata\{16E73CEB-85C7-40F6-870A-889C7551BAC8}\Traktor Audio 2 Setup PC.exe
AddRemove-{305CA7E5-C739-48e2-B247-584C0E1B717C} - c:\programdata\{254DBC1B-2DCE-4B89-B163-7C1937AE95F7}\Traktor Audio 10 Setup PC.exe
AddRemove-{A8EC0CC0-AD8D-4244-B080-424EDF7A7634} - c:\programdata\{1D11E9B5-801D-4DE3-8A18-77AC160788F6}\Traktor 2 Setup PC.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NAV]
"ImagePath"="\"c:\program files (x86)\Norton AntiVirus\Engine\19.9.0.9\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files (x86)\Norton AntiVirus\Engine\19.9.0.9\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NSL]
"ImagePath"="\"c:\program files (x86)\Norton Safe Web Lite\Engine\1.2.0.6\ccSvcHst.exe\" /s \"NSL\" /m \"c:\program files (x86)\Norton Safe Web Lite\Engine\1.2.0.6\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}"=hex:51,66,7a,6c,4c,1d,38,12,94,83,60,
bb,86,ad,dc,08,d0,28,de,c7,86,fa,1f,e8
"{30CEEEA2-3742-40E4-85DD-812BF1CBB83D}"=hex:51,66,7a,6c,4c,1d,38,12,cc,ed,dd,
34,70,79,8a,05,fa,cb,c2,6b,f4,95,fc,29
"{6D53EC84-6AAE-4787-AEEE-F4628F01010C}"=hex:51,66,7a,6c,4c,1d,38,12,ea,ef,40,
69,9c,24,e9,02,d1,f8,b7,22,8a,5f,45,18
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{9FDDE16B-836F-4806-AB1F-1455CBEFF289}"=hex:51,66,7a,6c,4c,1d,38,12,05,e2,ce,
9b,5d,cd,68,0d,d4,09,57,15,ce,b1,b6,9d
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:98,8b,b5,ea,a5,72,cd,01
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-10-11 13:08:15
ComboFix-quarantined-files.txt 2012-10-11 18:08
.
Pre-Run: 393,920,040,960 bytes free
Post-Run: 393,787,600,896 bytes free
.
- - End Of File - - B7AC8B5A0F7CDBB611B8708417A1D612
Thanks again!

 

[Jay Pfoutz]

Excellent work!

ESET Online Scan

Please run a free online scan with the ESET Online Scanner

• Tick the box next to YES, I accept the Terms of Use
• Click Start
• When asked, allow the ActiveX control to install, or it will ask to download an installer. Please do so an install it.
• Click Start or wait for the scanner to load.
• Make sure that the options Remove found threats and the option Scan unwanted applications are checked.
• Click Scan (This scan can take several hours, so please be patient)
• Once the scan is completed, there are a couple of things to keep in mind:
• 1. If NO threats were found, allow the scanner to Uninstall on close and then close the Window.
• 2. If threats WERE detected, click on List of Threats Found, Export to Text File...save it as ESET-Scan-Log.txt. Click the back button/link, put a checkmark to Uninstall Application on Close and then close the window.
• Open the logfile from wherever you saved it
• Copy and paste the contents in your next reply.

Any more issues?

We need to know any other issues that are plaguing your computer. Kindly give a summary so we know how to continue from here.

Many of the things to note for us would be:

• Slow computer
• Error messages
• Fake antivirus alerts or the icon in the system tray
• svchost.exe running at 100%
• System crashes or blue screen of death

 

[Jrrthe1st]

I'm running the scan now and will post the logs in a while. The computer was locking up and sometimes throwing the blue screen. It also was running up my bandwidth on my high speed internet 25gig past my 100gig data cap. I usually use less than 50gig per month. I was not getting any virus alerts on Norton 360, but I did get the svchost when I installed malwarebytes.
The computer is running much faster now and seems much more stable. Nothing comes up on malwarebytes anymore.
Although, for some reason now, internet explorer is acting funny. It's not loading web pages. Google Chrome and Firefox are working fine though.

 

[Jay Pfoutz]

Okie dokie, just waiting for scan logs then.

We will check out other issues after scan results.

 

[Jrrthe1st]

Here's the log from ESET:

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=b4a72c95adb72d4f9a7962f72c680ed5
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-10-13 12:14:21
# local_time=2012-10-12 07:14:21 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=3587 16777214 85 65 6969 168145812 0 0
# compatibility_mode=5893 16776574 66 85 41818110 101625076 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=484989
# found=5
# cleaned=5
# scan_time=5634
C:\TDSSKiller_Quarantine\11.10.2012_08.45.36\mbr0000\tdlfs0000\tsk0000.dtaa variant of Win32/Olmarik.AYI trojan (cleaned by deleting - quarantined)00000000000000000000000000000000C
C:\TDSSKiller_Quarantine\11.10.2012_08.45.36\mbr0000\tdlfs0000\tsk0003.dtaWin64/Olmarik.AL trojan (cleaned by deleting - quarantined)00000000000000000000000000000000C
C:\TDSSKiller_Quarantine\11.10.2012_08.45.36\mbr0000\tdlfs0000\tsk0009.dtaWin32/Olmarik.AFK trojan (cleaned by deleting - quarantined)00000000000000000000000000000000C
C:\TDSSKiller_Quarantine\11.10.2012_08.45.36\mbr0000\tdlfs0000\tsk0010.dtaWin64/Olmarik.AK trojan (cleaned by deleting - quarantined)00000000000000000000000000000000C
C:\TDSSKiller_Quarantine\11.10.2012_08.45.36\mbr0000\tdlfs0000\tsk0014.dtaa variant of Win32/Olmarik.AYI trojan (cleaned by deleting - quarantined)00000000000000000000000000000000C
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=b4a72c95adb72d4f9a7962f72c680ed5
# end=stopped
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-10-13 04:16:53
# local_time=2012-10-13 11:16:53 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=3587 16777214 85 65 70258 168209101 0 0
# compatibility_mode=5893 16776574 66 85 41881399 101688365 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=7788
# found=0
# cleaned=0
# scan_time=98
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=b4a72c95adb72d4f9a7962f72c680ed5
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-10-13 08:06:01
# local_time=2012-10-13 03:06:01 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=3587 16777214 85 65 70558 168209401 0 0
# compatibility_mode=5893 16776574 66 85 41881699 101688665 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=422050
# found=0
# cleaned=0
# scan_time=13546

 

[Jrrthe1st]

Those Trojans showed on the first run but after deleting them I ran it again and no infections were found.

 

[Jay Pfoutz]

Hi there. It all appears to be good, so we will finish up to make sure your computer is protected from malware in the future.

Clean up System Restore

Now, to get you off to a clean start, we will be creating a new Restore Point, then clearing the old ones to make sure you do not get reinfected, in case you need to "restore back."

To manually create a new Restore Point

• Go to Control Panel and select System and Maintenance
• Select System
• On the left select Advance System Settings and accept the warning if you get one
• Select System Protection Tab
• Select Create at the bottom
• Type in a name I.e. Clean
• Select Create

Now we can purge the infected ones

• Go back to the System and Maintenance page
• Select Performance Information and Tools
• On the left select Open Disk Cleanup
• Select Files from all users and accept the warning if you get one
• In the drop down box select your main drive I.e. C
• For a few moments the system will make some calculations:
  
  
• Select the More Options tab
  
  
• In the System Restore and Shadow Backups select Clean up
  
  
• Select Delete on the pop up
• Select OK
• Select Delete

Run OTC to remove our tools

To remove all of the tools we used and the files and folders they created, please do the following:
Please download OTC.exe by OldTimer:

• Save it to your Desktop.
• Double click OTC.exe.
• Click the CleanUp! button.
• If you are prompted to Reboot during the cleanup, select Yes.
• The tool will delete itself once it finishes.

Note:If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

Purge old temporary files

Download CCleaner Slim and save it to your Desktop - Alternate download link

When the file has been saved, go to your Desktop and double-click on ccsetupxxx_slim.exe
Follow the prompts to install the program.

* Double-click the CCleaner shortcut on the desktop to start the program.
* Click on the Options block on the left, then choose Cookies.
* Under Cookies to Delete, highlight any cookies you would like to retain permanently
* Click the right arrow > to move them to the Cookies to Keep window.
* Go into Options > Advanced & uncheck Only delete files in Windows Temp folders older than 48 hours
* Click Cleaner on the left then Run Cleaner on the right to run the program.
* Important: Make sure that ALL browser windows are closed before selecting Run Cleaner

Caution: Only use the Registry feature if you are very familiar with the registry.
Always back up your registry before making any changes. Exit CCleaner after it has completed it's process.

Security Check

Please download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.

• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

 

[Jay Pfoutz]

Topic marked solved.