Solved Virus detected dell optiplex 745
- Thread starter necee99
- Start date
necee99
Posts: 156 +1
Virus is back, please help. are you still there? I have windows vista. using internet explorer (version 9) the virus will not let me open chrome web browers, before it wouldn't let me open firefox. is the problem IE? is the problem windows vista? I noticed the message when I was entering data in a website called myfitnesspal.com, have you heard of any problems there? I am not going to any questionable sites other than yellowpages.com and myfitnesspal and youtube do you know of any threats with those?
Broni
Posts: 56,041 +516
Let's see if you got reinfected?
Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.
Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.
necee99
Posts: 156 +1
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Database version: v2013.11.19.12
Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
user :: DELL02439 [administrator]
11/19/2013 6:46:21 PM
mbam-log-2013-11-19 (18-46-21).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 203692
Time elapsed: 7 minute(s), 29 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
C:\Users\user\Desktop\Antivirus Security Pro support.url (Rogue.AntiVirusSecurity) -> Quarantined and deleted successfully.
(end)
www.malwarebytes.org
Database version: v2013.11.19.12
Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
user :: DELL02439 [administrator]
11/19/2013 6:46:21 PM
mbam-log-2013-11-19 (18-46-21).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 203692
Time elapsed: 7 minute(s), 29 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
C:\Users\user\Desktop\Antivirus Security Pro support.url (Rogue.AntiVirusSecurity) -> Quarantined and deleted successfully.
(end)
necee99
Posts: 156 +1
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista™ Business
Boot Device: \Device\HarddiskVolume1
Install Date: 1/19/2011 12:36:43 PM
System Uptime: 11/19/2013 6:36:34 PM (1 hours ago)
.
Motherboard: Dell Inc. | | 0MM599
Processor: Intel(R) Pentium(R) D CPU 3.40GHz | Microprocessor | 3391/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 75 GiB total, 34.674 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP303: 11/9/2013 7:40:36 AM - Scheduled Checkpoint
RP304: 11/10/2013 10:47:10 AM - Scheduled Checkpoint
RP305: 11/11/2013 2:51:18 PM - Scheduled Checkpoint
RP306: 11/12/2013 4:29:52 PM - Scheduled Checkpoint
RP307: 11/12/2013 8:48:49 PM - Windows Update
RP308: 11/13/2013 1:12:48 PM - Windows Update
RP309: 11/15/2013 5:54:52 PM - Scheduled Checkpoint
RP310: 11/15/2013 6:03:10 PM - Windows Update
RP311: 11/19/2013 2:57:16 PM - Windows Update
RP312: 11/19/2013 6:32:39 PM - Restore Operation
RP314: 11/19/2013 6:37:09 PM - avast! antivirus system restore point
RP315: 11/19/2013 6:46:02 PM - Windows Update
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.8)
Adobe Shockwave Player 11.6
Apple Application Support
Apple Software Update
Audacity 2.0.3
avast! Free Antivirus
BufferChm
Catalina Savings Printer
Citrix online plug-in - web
Citrix online plug-in (DV)
Citrix online plug-in (HDX)
Citrix online plug-in (USB)
Citrix online plug-in (Web)
Compatibility Pack for the 2007 Office system
Computer Requirements 1.0
Copy
Coupon Printer for Windows
D-Link DWA-130 Wireless N USB Adapter
Destinations
DeviceDiscovery
DJ_AIO_06_F2400_SW_Min
F2400
Fashion Dash
GameFly
Google Chrome
GPBaseService2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Customer Participation Program 13.0
HP Deskjet F2400 All-In-One Driver Software 13.0 Rel .6
HP Imaging Device Functions 13.0
HP Print Projects 1.0
HP Smart Web Printing 4.5
HP Solution Center 13.0
HP Update
HPPhotoGadget
hpPrintProjects
HPProductAssistant
HPSSupply
hpWLPGInstaller
ImgBurn
Intel(R) Graphics Media Accelerator Driver
Java 7 Update 45
Java Auto Updater
Malwarebytes Anti-Malware version 1.75.0.1300
MarketResearch
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Corporation
Microsoft LifeCam
Microsoft Office Excel Viewer
Microsoft Office Live Meeting 2007
Microsoft Office Word Viewer 2003
Microsoft PowerPoint Viewer
Microsoft Silverlight
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 8 Essentials
neroxml
OpenOffice.org 3.3
Picasa 3
PowerDVD DX
QuickTime
Scan
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2832407)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2861188)
Shop for HP Supplies
SmartWebPrinting
SolutionCenter
Status
swMSM
Toolbox
Tourist Trap - Build The Nations Greatest Vacations
TrayApp
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)
VCRedistSetup
VLC media player 2.0.1
Wah Assistant
Watchtower Library 2012 - English
Watchtower Library 2012 - español
WebReg
West At Home Gateway V2
WinZip 17.0
.
==== Event Viewer Messages From Past Week ========
.
11/19/2013 6:48:28 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Windows Defender - KB915597 (Definition 1.163.39.0).
11/19/2013 3:22:32 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.0.101 for the Network Card with network address 0019B946B69B has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
11/18/2013 9:10:00 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.0.100 for the Network Card with network address 0019B946B69B has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
11/18/2013 3:42:07 PM, Error: Schannel [36874] - An SSL connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.
11/13/2013 2:00:29 PM, Error: EventLog [6008] - The previous system shutdown at 1:58:25 PM on 11/13/2013 was unexpected.
.
==== End Of File ===========================
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16520 BrowserJavaVersion: 10.45.2
Run by user at 19:20:11 on 2013-11-19
Microsoft® Windows Vista™ Business 6.0.6002.2.1252.1.1033.18.2037.1030 [GMT -6:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\SLsvc.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\D-Link\DWA-130 revE\WlanWpsSvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\vVX3000.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Program Files\Citrix\ICA Client\concentr.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\WinZip\WZQKPICK32.EXE
C:\Program Files\D-Link\DWA-130 revE\wirelesscm.exe
C:\Program Files\Citrix\ICA Client\wfcrun32.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\notepad.exe
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://home.suddenlink.net/
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\nero\lib\NMBgMonitor.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [NeroFilterCheck] c:\program files\common files\nero\lib\NeroCheck.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"
mRun: [VX3000] c:\windows\vVX3000.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [Windows Mobile-based device management] c:\windows\windowsmobile\wmdSync.exe
mRun: [ConnectionCenter] "c:\program files\citrix\ica client\concentr.exe" /startup
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [AvastUI.exe] "c:\program files\avast software\avast\AvastUI.exe" /nogui
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
StartupFolder: c:\users\user\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK32.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\wirele~1.lnk - c:\program files\d-link\dwa-130 reve\wirelesscm.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {A084A130-28AE-4B32-B51A-1C8CE164BC88} - hxxp://www.convergysworkathome.com/AppHardT.CAB
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{78BC4006-4C18-4DA0-9865-4AF70C2CBF14} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{81EBC82A-76FE-4BFA-A713-9ED45586C876} : DHCPNameServer = 192.168.0.1
Notify: igfxcui - igfxdev.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2013-10-27 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2013-10-27 178304]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2013-10-27 774392]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswsp.sys [2013-10-27 403440]
R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [2009-9-8 65584]
R1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;c:\windows\system32\drivers\RtlProt.sys [2012-8-21 25896]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2013-10-27 35656]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-10-27 70384]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2013-10-27 50344]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 WlanWpsSvc;WlanWpsSvc;c:\program files\d-link\dwa-130 reve\WlanWpsSvc.exe [2012-8-21 167936]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2008-1-20 179712]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\drivers\RTL8192su.sys [2012-8-21 523264]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856]
.
=============== Created Last 30 ================
.
2013-11-20 00:44:2222856----a-w-c:\windows\system32\drivers\mbam.sys
2013-11-20 00:44:22--------d-----w-c:\program files\Malwarebytes' Anti-Malware
2013-11-20 00:30:28--------d-----w-c:\users\user\appdata\local\CrashDumps
2013-11-15 20:54:377796464------w-c:\programdata\microsoft\windows defender\definition updates\{640bc77e-b4b0-462e-98f8-64fbc3a905d2}\mpengine.dll
2013-11-13 02:51:58297984----a-w-c:\windows\system32\gdi32.dll
2013-11-13 02:51:48993792----a-w-c:\windows\system32\crypt32.dll
2013-11-13 02:51:42596480----a-w-c:\windows\system32\FWPUCLNT.DLL
2013-11-13 02:51:42444928----a-w-c:\windows\system32\IKEEXT.DLL
2013-11-01 15:35:02--------d-----w-c:\program files\Coupons
2013-10-29 22:59:0594632----a-w-c:\windows\system32\WindowsAccessBridge.dll
2013-10-29 01:50:35155648----a-w-c:\windows\system32\igfxres.dll
2013-10-29 01:23:42--------d-----w-c:\windows\ERUNT
2013-10-29 01:19:44--------d-----w-C:\AdwCleaner
2013-10-29 01:14:45--------d-sh--w-C:\$RECYCLE.BIN
2013-10-29 00:19:24--------d-----w-c:\users\user\appdata\local\temp
2013-10-28 19:11:00--------d-----w-c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-10-27 21:56:05--------d-----w-c:\users\user\appdata\roaming\Malwarebytes
2013-10-27 21:55:49--------d-----w-c:\programdata\Malwarebytes
2013-10-27 21:49:04--------d-----w-c:\users\user\appdata\roaming\AVAST Software
2013-10-27 21:46:23178304----a-w-c:\windows\system32\drivers\aswVmm.sys
2013-10-27 21:46:2149944----a-w-c:\windows\system32\drivers\aswRvrt.sys
2013-10-27 21:46:20774392----a-w-c:\windows\system32\drivers\aswSnx.sys
2013-10-27 21:46:1970384----a-w-c:\windows\system32\drivers\aswMonFlt.sys
2013-10-27 21:45:5343152----a-w-c:\windows\avastSS.scr
2013-10-27 21:44:25--------d-----w-c:\program files\AVAST Software
2013-10-27 21:43:21--------d-----w-c:\programdata\AVAST Software
2013-10-27 21:03:48--------d-----w-c:\programdata\lpgg3rg3
.
==================== Find3M ====================
.
2013-11-20 00:43:05692616----a-w-c:\windows\system32\FlashPlayerApp.exe
2013-11-20 00:43:0471048----a-w-c:\windows\system32\FlashPlayerCPLApp.cpl
2013-11-10 15:14:12403440----a-w-c:\windows\system32\drivers\aswsp.sys.1384908474
2013-10-13 09:48:061806848----a-w-c:\windows\system32\jscript9.dll
2013-10-13 09:35:521427968----a-w-c:\windows\system32\inetcpl.cpl
2013-10-13 09:35:381129472----a-w-c:\windows\system32\wininet.dll
2013-10-13 09:30:14142848----a-w-c:\windows\system32\ieUnatt.exe
2013-10-13 09:29:02420864----a-w-c:\windows\system32\vbscript.dll
2013-10-13 09:25:392382848----a-w-c:\windows\system32\mshtml.tlb
2013-09-03 19:35:12238872------w-c:\windows\system32\MpSigStub.exe
2013-08-29 07:36:042050048----a-w-c:\windows\system32\win32k.sys
2013-08-27 02:47:50219648----a-w-c:\windows\system32\d3d10_1core.dll
2013-08-27 02:47:50189952----a-w-c:\windows\system32\d3d10core.dll
2013-08-27 02:47:50160768----a-w-c:\windows\system32\d3d10_1.dll
2013-08-27 02:47:501029120----a-w-c:\windows\system32\d3d10.dll
2013-08-27 01:52:081172480----a-w-c:\windows\system32\d3d10warp.dll
2013-08-27 01:50:40486400----a-w-c:\windows\system32\d3d10level9.dll
2013-08-27 01:32:20683008----a-w-c:\windows\system32\d2d1.dll
2013-08-27 01:28:361069056----a-w-c:\windows\system32\DWrite.dll
2013-08-27 01:28:35798208----a-w-c:\windows\system32\FntCache.dll
.
============= FINISH: 19:20:38.25 ===============
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista™ Business
Boot Device: \Device\HarddiskVolume1
Install Date: 1/19/2011 12:36:43 PM
System Uptime: 11/19/2013 6:36:34 PM (1 hours ago)
.
Motherboard: Dell Inc. | | 0MM599
Processor: Intel(R) Pentium(R) D CPU 3.40GHz | Microprocessor | 3391/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 75 GiB total, 34.674 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP303: 11/9/2013 7:40:36 AM - Scheduled Checkpoint
RP304: 11/10/2013 10:47:10 AM - Scheduled Checkpoint
RP305: 11/11/2013 2:51:18 PM - Scheduled Checkpoint
RP306: 11/12/2013 4:29:52 PM - Scheduled Checkpoint
RP307: 11/12/2013 8:48:49 PM - Windows Update
RP308: 11/13/2013 1:12:48 PM - Windows Update
RP309: 11/15/2013 5:54:52 PM - Scheduled Checkpoint
RP310: 11/15/2013 6:03:10 PM - Windows Update
RP311: 11/19/2013 2:57:16 PM - Windows Update
RP312: 11/19/2013 6:32:39 PM - Restore Operation
RP314: 11/19/2013 6:37:09 PM - avast! antivirus system restore point
RP315: 11/19/2013 6:46:02 PM - Windows Update
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.8)
Adobe Shockwave Player 11.6
Apple Application Support
Apple Software Update
Audacity 2.0.3
avast! Free Antivirus
BufferChm
Catalina Savings Printer
Citrix online plug-in - web
Citrix online plug-in (DV)
Citrix online plug-in (HDX)
Citrix online plug-in (USB)
Citrix online plug-in (Web)
Compatibility Pack for the 2007 Office system
Computer Requirements 1.0
Copy
Coupon Printer for Windows
D-Link DWA-130 Wireless N USB Adapter
Destinations
DeviceDiscovery
DJ_AIO_06_F2400_SW_Min
F2400
Fashion Dash
GameFly
Google Chrome
GPBaseService2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Customer Participation Program 13.0
HP Deskjet F2400 All-In-One Driver Software 13.0 Rel .6
HP Imaging Device Functions 13.0
HP Print Projects 1.0
HP Smart Web Printing 4.5
HP Solution Center 13.0
HP Update
HPPhotoGadget
hpPrintProjects
HPProductAssistant
HPSSupply
hpWLPGInstaller
ImgBurn
Intel(R) Graphics Media Accelerator Driver
Java 7 Update 45
Java Auto Updater
Malwarebytes Anti-Malware version 1.75.0.1300
MarketResearch
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Corporation
Microsoft LifeCam
Microsoft Office Excel Viewer
Microsoft Office Live Meeting 2007
Microsoft Office Word Viewer 2003
Microsoft PowerPoint Viewer
Microsoft Silverlight
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 8 Essentials
neroxml
OpenOffice.org 3.3
Picasa 3
PowerDVD DX
QuickTime
Scan
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2832407)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2861188)
Shop for HP Supplies
SmartWebPrinting
SolutionCenter
Status
swMSM
Toolbox
Tourist Trap - Build The Nations Greatest Vacations
TrayApp
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)
VCRedistSetup
VLC media player 2.0.1
Wah Assistant
Watchtower Library 2012 - English
Watchtower Library 2012 - español
WebReg
West At Home Gateway V2
WinZip 17.0
.
==== Event Viewer Messages From Past Week ========
.
11/19/2013 6:48:28 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Windows Defender - KB915597 (Definition 1.163.39.0).
11/19/2013 3:22:32 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.0.101 for the Network Card with network address 0019B946B69B has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
11/18/2013 9:10:00 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.0.100 for the Network Card with network address 0019B946B69B has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
11/18/2013 3:42:07 PM, Error: Schannel [36874] - An SSL connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.
11/13/2013 2:00:29 PM, Error: EventLog [6008] - The previous system shutdown at 1:58:25 PM on 11/13/2013 was unexpected.
.
==== End Of File ===========================
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16520 BrowserJavaVersion: 10.45.2
Run by user at 19:20:11 on 2013-11-19
Microsoft® Windows Vista™ Business 6.0.6002.2.1252.1.1033.18.2037.1030 [GMT -6:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\SLsvc.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\D-Link\DWA-130 revE\WlanWpsSvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\vVX3000.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Program Files\Citrix\ICA Client\concentr.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\WinZip\WZQKPICK32.EXE
C:\Program Files\D-Link\DWA-130 revE\wirelesscm.exe
C:\Program Files\Citrix\ICA Client\wfcrun32.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\notepad.exe
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://home.suddenlink.net/
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\nero\lib\NMBgMonitor.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [NeroFilterCheck] c:\program files\common files\nero\lib\NeroCheck.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"
mRun: [VX3000] c:\windows\vVX3000.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [Windows Mobile-based device management] c:\windows\windowsmobile\wmdSync.exe
mRun: [ConnectionCenter] "c:\program files\citrix\ica client\concentr.exe" /startup
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [AvastUI.exe] "c:\program files\avast software\avast\AvastUI.exe" /nogui
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
StartupFolder: c:\users\user\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK32.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\wirele~1.lnk - c:\program files\d-link\dwa-130 reve\wirelesscm.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {A084A130-28AE-4B32-B51A-1C8CE164BC88} - hxxp://www.convergysworkathome.com/AppHardT.CAB
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{78BC4006-4C18-4DA0-9865-4AF70C2CBF14} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{81EBC82A-76FE-4BFA-A713-9ED45586C876} : DHCPNameServer = 192.168.0.1
Notify: igfxcui - igfxdev.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2013-10-27 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2013-10-27 178304]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2013-10-27 774392]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswsp.sys [2013-10-27 403440]
R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [2009-9-8 65584]
R1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;c:\windows\system32\drivers\RtlProt.sys [2012-8-21 25896]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2013-10-27 35656]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-10-27 70384]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2013-10-27 50344]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 WlanWpsSvc;WlanWpsSvc;c:\program files\d-link\dwa-130 reve\WlanWpsSvc.exe [2012-8-21 167936]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2008-1-20 179712]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\drivers\RTL8192su.sys [2012-8-21 523264]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856]
.
=============== Created Last 30 ================
.
2013-11-20 00:44:2222856----a-w-c:\windows\system32\drivers\mbam.sys
2013-11-20 00:44:22--------d-----w-c:\program files\Malwarebytes' Anti-Malware
2013-11-20 00:30:28--------d-----w-c:\users\user\appdata\local\CrashDumps
2013-11-15 20:54:377796464------w-c:\programdata\microsoft\windows defender\definition updates\{640bc77e-b4b0-462e-98f8-64fbc3a905d2}\mpengine.dll
2013-11-13 02:51:58297984----a-w-c:\windows\system32\gdi32.dll
2013-11-13 02:51:48993792----a-w-c:\windows\system32\crypt32.dll
2013-11-13 02:51:42596480----a-w-c:\windows\system32\FWPUCLNT.DLL
2013-11-13 02:51:42444928----a-w-c:\windows\system32\IKEEXT.DLL
2013-11-01 15:35:02--------d-----w-c:\program files\Coupons
2013-10-29 22:59:0594632----a-w-c:\windows\system32\WindowsAccessBridge.dll
2013-10-29 01:50:35155648----a-w-c:\windows\system32\igfxres.dll
2013-10-29 01:23:42--------d-----w-c:\windows\ERUNT
2013-10-29 01:19:44--------d-----w-C:\AdwCleaner
2013-10-29 01:14:45--------d-sh--w-C:\$RECYCLE.BIN
2013-10-29 00:19:24--------d-----w-c:\users\user\appdata\local\temp
2013-10-28 19:11:00--------d-----w-c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-10-27 21:56:05--------d-----w-c:\users\user\appdata\roaming\Malwarebytes
2013-10-27 21:55:49--------d-----w-c:\programdata\Malwarebytes
2013-10-27 21:49:04--------d-----w-c:\users\user\appdata\roaming\AVAST Software
2013-10-27 21:46:23178304----a-w-c:\windows\system32\drivers\aswVmm.sys
2013-10-27 21:46:2149944----a-w-c:\windows\system32\drivers\aswRvrt.sys
2013-10-27 21:46:20774392----a-w-c:\windows\system32\drivers\aswSnx.sys
2013-10-27 21:46:1970384----a-w-c:\windows\system32\drivers\aswMonFlt.sys
2013-10-27 21:45:5343152----a-w-c:\windows\avastSS.scr
2013-10-27 21:44:25--------d-----w-c:\program files\AVAST Software
2013-10-27 21:43:21--------d-----w-c:\programdata\AVAST Software
2013-10-27 21:03:48--------d-----w-c:\programdata\lpgg3rg3
.
==================== Find3M ====================
.
2013-11-20 00:43:05692616----a-w-c:\windows\system32\FlashPlayerApp.exe
2013-11-20 00:43:0471048----a-w-c:\windows\system32\FlashPlayerCPLApp.cpl
2013-11-10 15:14:12403440----a-w-c:\windows\system32\drivers\aswsp.sys.1384908474
2013-10-13 09:48:061806848----a-w-c:\windows\system32\jscript9.dll
2013-10-13 09:35:521427968----a-w-c:\windows\system32\inetcpl.cpl
2013-10-13 09:35:381129472----a-w-c:\windows\system32\wininet.dll
2013-10-13 09:30:14142848----a-w-c:\windows\system32\ieUnatt.exe
2013-10-13 09:29:02420864----a-w-c:\windows\system32\vbscript.dll
2013-10-13 09:25:392382848----a-w-c:\windows\system32\mshtml.tlb
2013-09-03 19:35:12238872------w-c:\windows\system32\MpSigStub.exe
2013-08-29 07:36:042050048----a-w-c:\windows\system32\win32k.sys
2013-08-27 02:47:50219648----a-w-c:\windows\system32\d3d10_1core.dll
2013-08-27 02:47:50189952----a-w-c:\windows\system32\d3d10core.dll
2013-08-27 02:47:50160768----a-w-c:\windows\system32\d3d10_1.dll
2013-08-27 02:47:501029120----a-w-c:\windows\system32\d3d10.dll
2013-08-27 01:52:081172480----a-w-c:\windows\system32\d3d10warp.dll
2013-08-27 01:50:40486400----a-w-c:\windows\system32\d3d10level9.dll
2013-08-27 01:32:20683008----a-w-c:\windows\system32\d2d1.dll
2013-08-27 01:28:361069056----a-w-c:\windows\system32\DWrite.dll
2013-08-27 01:28:35798208----a-w-c:\windows\system32\FntCache.dll
.
============= FINISH: 19:20:38.25 ===============
Broni
Posts: 56,041 +516
Yeah, you got reinfected with Rogue.AntiVirusSecurity.
Download RogueKiller for 32bit or Roguekiller for 64bit to your Desktop.
Create new restore point before proceeding with the next step....
How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/
Download Malwarebytes Anti-Rootkit (MBAR) from HERE
- Close all the running programs
- Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
- Otherwise just double-click on RogueKiller.exe
- Pre-scan will start. Let it finish.
- Click on SCAN button.
- Wait until the Status box shows Scan Finished
- Click on Delete.
- Wait until the Status box shows Deleting Finished.
- Click on Report and copy/paste the content of the Notepad into your next reply.
- RKreport.txt could also be found on your desktop.
- If more than one log is produced post all logs.
- If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again
How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/
Download Malwarebytes Anti-Rootkit (MBAR) from HERE
- Unzip downloaded file.
- Open the folder where the contents were unzipped and run mbar.exe
- Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
- Click on the Cleanup button to remove any threats and reboot if prompted to do so.
- Wait while the system shuts down and the cleanup process is performed.
- Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
- When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt
necee99
Posts: 156 +1
RogueKiller V8.7.8 [Nov 14 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/
Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : user [Admin rights]
Mode : Remove -- Date : 11/19/2013 20:04:24
| ARK || FAK || MBR |
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 5 ¤¤¤
[HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> DELETED
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK][PUM] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
¤¤¤ Scheduled tasks : 0 ¤¤¤
¤¤¤ Startup Entries : 0 ¤¤¤
¤¤¤ Web browsers : 0 ¤¤¤
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [LOADED] ¤¤¤
¤¤¤ External Hives: ¤¤¤
¤¤¤ Infection : ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST380815AS ATA Device +++++
--- User ---
[MBR] 654759455ab508964d64b3f05a2cd01b
[BSP] 040c3108d47f771e3b143b5521e73156 : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 76291 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[0]_D_11192013_200424.txt >>
RKreport[0]_S_11192013_200409.txt
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/
Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : user [Admin rights]
Mode : Remove -- Date : 11/19/2013 20:04:24
| ARK || FAK || MBR |
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 5 ¤¤¤
[HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> DELETED
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK][PUM] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
¤¤¤ Scheduled tasks : 0 ¤¤¤
¤¤¤ Startup Entries : 0 ¤¤¤
¤¤¤ Web browsers : 0 ¤¤¤
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [LOADED] ¤¤¤
¤¤¤ External Hives: ¤¤¤
¤¤¤ Infection : ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST380815AS ATA Device +++++
--- User ---
[MBR] 654759455ab508964d64b3f05a2cd01b
[BSP] 040c3108d47f771e3b143b5521e73156 : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 76291 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[0]_D_11192013_200424.txt >>
RKreport[0]_S_11192013_200409.txt
Broni
Posts: 56,041 +516
How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/
**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
- Never rename Combofix unless instructed.
- Close any open browsers.
- Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
- Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
- Close any open browsers.
- WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
- Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
- If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
If the connection is not there use restore point you created prior to running Combofix. - Double click on combofix.exe & follow the prompts.
NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.
- When finished, it will produce a report for you.
- Please post the "C:\ComboFix.txt"
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.
Make sure, you re-enable your security programs, when you're done with Combofix.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
NOTE.
If, for some reason, Combofix refuses to run, try the following...
Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.
rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/
Restart computer in safe mode
- Double-click on the Rkill desktop icon to run the tool.
- If using Vista or Windows 7 right-click on it and choose Run As Administrator.
- A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
- If not, delete the file, then download and use the one provided in Link 2.
- Do not reboot until instructed.
- If the tool does not run from any of the links provided, please let me know.
When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.
Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.
IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
necee99
Posts: 156 +1
ComboFix 13-11-19.01 - user 11/19/2013 21:02:20.3.2 - x86
Microsoft® Windows Vista™ Business 6.0.6002.2.1252.1.1033.18.2037.894 [GMT -6:00]
Running from: c:\users\user\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2013-10-20 to 2013-11-20 )))))))))))))))))))))))))))))))
.
.
2013-11-20 03:09 . 2013-11-20 03:09--------d-----w-c:\users\Default\AppData\Local\temp
2013-11-20 02:09 . 2013-11-20 02:09105176----a-w-c:\windows\system32\drivers\MBAMSwissArmy.sys
2013-11-20 02:08 . 2013-11-20 02:0875992----a-w-c:\windows\system32\drivers\mbamchameleon.sys
2013-11-20 00:54 . 2013-11-20 00:54--------d-----w-c:\programdata\WindowsSearch
2013-11-20 00:44 . 2013-11-20 00:44--------d-----w-c:\program files\Malwarebytes' Anti-Malware
2013-11-20 00:44 . 2013-04-04 20:5022856----a-w-c:\windows\system32\drivers\mbam.sys
2013-11-20 00:30 . 2013-11-20 00:31--------d-----w-c:\users\user\AppData\Local\CrashDumps
2013-11-15 20:54 . 2013-10-16 06:207796464------w-c:\programdata\Microsoft\Windows Defender\Definition Updates\{640BC77E-B4B0-462E-98F8-64FBC3A905D2}\mpengine.dll
2013-11-13 02:51 . 2013-10-03 12:45297984----a-w-c:\windows\system32\gdi32.dll
2013-11-13 02:51 . 2013-10-03 12:45993792----a-w-c:\windows\system32\crypt32.dll
2013-11-13 02:51 . 2013-10-11 02:08444928----a-w-c:\windows\system32\IKEEXT.DLL
2013-11-13 02:51 . 2013-10-11 02:07596480----a-w-c:\windows\system32\FWPUCLNT.DLL
2013-11-01 15:35 . 2013-11-01 15:35--------d-----w-c:\program files\Coupons
2013-10-29 22:59 . 2013-10-29 22:59--------d-----w-c:\program files\Common Files\Java
2013-10-29 22:59 . 2013-10-08 12:5094632----a-w-c:\windows\system32\WindowsAccessBridge.dll
2013-10-29 01:50 . 2006-12-12 15:01155648----a-w-c:\windows\system32\igfxres.dll
2013-10-29 01:23 . 2013-10-29 01:23--------d-----w-c:\windows\ERUNT
2013-10-29 01:19 . 2013-10-29 01:20--------d-----w-C:\AdwCleaner
2013-10-29 00:19 . 2013-11-20 03:09--------d-----w-c:\users\user\AppData\Local\temp
2013-10-28 19:11 . 2013-11-20 02:17--------d-----w-c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-10-27 21:56 . 2013-10-27 21:56--------d-----w-c:\users\user\AppData\Roaming\Malwarebytes
2013-10-27 21:55 . 2013-10-27 21:55--------d-----w-c:\programdata\Malwarebytes
2013-10-27 21:49 . 2013-10-27 21:49--------d-----w-c:\users\user\AppData\Roaming\AVAST Software
2013-10-27 21:46 . 2013-10-27 21:4657672----a-w-c:\windows\system32\drivers\aswTdi.sys
2013-10-27 21:46 . 2013-10-27 21:46178304----a-w-c:\windows\system32\drivers\aswVmm.sys
2013-10-27 21:46 . 2013-11-20 00:47403440----a-w-c:\windows\system32\drivers\aswsp.sys
2013-10-27 21:46 . 2013-10-27 21:4649944----a-w-c:\windows\system32\drivers\aswRvrt.sys
2013-10-27 21:46 . 2013-10-27 21:46774392----a-w-c:\windows\system32\drivers\aswSnx.sys
2013-10-27 21:46 . 2013-10-27 21:4670384----a-w-c:\windows\system32\drivers\aswMonFlt.sys
2013-10-27 21:46 . 2013-10-27 21:4635656----a-w-c:\windows\system32\drivers\aswFsBlk.sys
2013-10-27 21:46 . 2013-10-27 21:4654832----a-w-c:\windows\system32\drivers\aswRdr.sys
2013-10-27 21:46 . 2013-10-27 21:45269216----a-w-c:\windows\system32\aswBoot.exe
2013-10-27 21:45 . 2013-10-27 21:4543152----a-w-c:\windows\avastSS.scr
2013-10-27 21:44 . 2013-10-27 21:44--------d-----w-c:\program files\AVAST Software
2013-10-27 21:43 . 2013-10-27 21:43--------d-----w-c:\programdata\AVAST Software
2013-10-27 21:03 . 2013-11-19 22:49--------d-----w-c:\programdata\lpgg3rg3
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-11-20 00:43 . 2012-04-03 18:23692616----a-w-c:\windows\system32\FlashPlayerApp.exe
2013-11-20 00:43 . 2012-04-03 18:2371048----a-w-c:\windows\system32\FlashPlayerCPLApp.cpl
2013-11-10 15:14 . 2013-10-27 21:46403440----a-w-c:\windows\system32\drivers\aswsp.sys.1384908474
2013-09-03 19:35 . 2011-01-19 19:16238872------w-c:\windows\system32\MpSigStub.exe
2013-08-29 07:36 . 2013-10-08 23:562050048----a-w-c:\windows\system32\win32k.sys
2013-08-27 02:47 . 2013-10-08 23:56219648----a-w-c:\windows\system32\d3d10_1core.dll
2013-08-27 02:47 . 2013-10-08 23:56189952----a-w-c:\windows\system32\d3d10core.dll
2013-08-27 02:47 . 2013-10-08 23:56160768----a-w-c:\windows\system32\d3d10_1.dll
2013-08-27 02:47 . 2013-10-08 23:561029120----a-w-c:\windows\system32\d3d10.dll
2013-08-27 01:52 . 2013-10-08 23:561172480----a-w-c:\windows\system32\d3d10warp.dll
2013-08-27 01:50 . 2013-10-08 23:56486400----a-w-c:\windows\system32\d3d10level9.dll
2013-08-27 01:32 . 2013-10-08 23:56683008----a-w-c:\windows\system32\d2d1.dll
2013-08-27 01:28 . 2013-10-08 23:561069056----a-w-c:\windows\system32\DWrite.dll
2013-08-27 01:28 . 2013-10-08 23:56798208----a-w-c:\windows\system32\FntCache.dll
2009-09-13 04:05 . 2013-08-19 03:18124240----a-w-c:\program files\mozilla firefox\plugins\CCMSDK.dll
2009-09-13 04:06 . 2013-08-19 03:1813136----a-w-c:\program files\mozilla firefox\plugins\cgpcfg.dll
2009-09-13 04:06 . 2013-08-19 03:1870488----a-w-c:\program files\mozilla firefox\plugins\CgpCore.dll
2009-09-13 04:06 . 2013-08-19 03:1891480----a-w-c:\program files\mozilla firefox\plugins\confmgr.dll
2009-09-13 04:06 . 2013-08-19 03:1822360----a-w-c:\program files\mozilla firefox\plugins\ctxlogging.dll
2009-09-13 04:07 . 2013-08-19 03:18255312----a-w-c:\program files\mozilla firefox\plugins\ctxmui.dll
2009-09-13 04:06 . 2013-08-19 03:1831064----a-w-c:\program files\mozilla firefox\plugins\icafile.dll
2009-09-13 04:06 . 2013-08-19 03:1840280----a-w-c:\program files\mozilla firefox\plugins\icalogon.dll
2009-08-14 18:33 . 2013-08-19 03:18652640----a-w-c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2009-09-13 04:06 . 2013-08-19 03:1823896----a-w-c:\program files\mozilla firefox\plugins\TcpPServ.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-10-27 21:45321752----a-w-c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-10-15 202024]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-12-12 98304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-12-12 106496]
"Persistence"="c:\windows\system32\igfxpers.exe" [2006-12-12 81920]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-02-05 128232]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2010-05-20 119152]
"VX3000"="c:\windows\vVX3000.exe" [2010-05-20 762736]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-12 59280]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2008-01-21 215552]
"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2009-09-13 103768]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2013-10-27 3567800]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2013-04-04 532040]
.
c:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK32.EXE [2013-1-15 685936]
Wireless Connection Manager.lnk - c:\program files\D-Link\DWA-130 revE\wirelesscm.exe [2012-8-21 505152]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - TrueSight
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetworkREG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonationREG_MULTI_SZ FontCache
HPZ12REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmtREG_MULTI_SZ hpqcxs08 hpqddsvc
WindowsMobileREG_MULTI_SZ wcescomm rapimgr
LocalServiceRestrictedREG_MULTI_SZ WcesComm RapiMgr
.
Contents of the 'Scheduled Tasks' folder
.
2013-11-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 00:43]
.
2013-11-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1842632011-3021445339-23583493-1000Core1cd93628644616f.job
- c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-03 06:15]
.
2013-11-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1842632011-3021445339-23583493-1000UA1ce0d8ba529fe67.job
- c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-03 06:15]
.
2012-04-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-837330426-1965751672-950424987-1000Core.job
- c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-03 06:15]
.
2012-04-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-837330426-1965751672-950424987-1000UA.job
- c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-03 06:15]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://home.suddenlink.net/
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: DhcpNameServer = 192.168.0.1
DPF: {A084A130-28AE-4B32-B51A-1C8CE164BC88} - hxxp://www.convergysworkathome.com/AppHardT.CAB
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-WudfPf
SafeBoot-WudfRd
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-11-19 21:09
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_152_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_152_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2013-11-19 21:12:11
ComboFix-quarantined-files.txt 2013-11-20 03:12
.
Pre-Run: 37,579,481,088 bytes free
Post-Run: 37,476,945,920 bytes free
.
- - End Of File - - 9F2E5892B1E5EA4DAB7AD23B61534EA3
5C616939100B85E558DA92B899A0FC36
Microsoft® Windows Vista™ Business 6.0.6002.2.1252.1.1033.18.2037.894 [GMT -6:00]
Running from: c:\users\user\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2013-10-20 to 2013-11-20 )))))))))))))))))))))))))))))))
.
.
2013-11-20 03:09 . 2013-11-20 03:09--------d-----w-c:\users\Default\AppData\Local\temp
2013-11-20 02:09 . 2013-11-20 02:09105176----a-w-c:\windows\system32\drivers\MBAMSwissArmy.sys
2013-11-20 02:08 . 2013-11-20 02:0875992----a-w-c:\windows\system32\drivers\mbamchameleon.sys
2013-11-20 00:54 . 2013-11-20 00:54--------d-----w-c:\programdata\WindowsSearch
2013-11-20 00:44 . 2013-11-20 00:44--------d-----w-c:\program files\Malwarebytes' Anti-Malware
2013-11-20 00:44 . 2013-04-04 20:5022856----a-w-c:\windows\system32\drivers\mbam.sys
2013-11-20 00:30 . 2013-11-20 00:31--------d-----w-c:\users\user\AppData\Local\CrashDumps
2013-11-15 20:54 . 2013-10-16 06:207796464------w-c:\programdata\Microsoft\Windows Defender\Definition Updates\{640BC77E-B4B0-462E-98F8-64FBC3A905D2}\mpengine.dll
2013-11-13 02:51 . 2013-10-03 12:45297984----a-w-c:\windows\system32\gdi32.dll
2013-11-13 02:51 . 2013-10-03 12:45993792----a-w-c:\windows\system32\crypt32.dll
2013-11-13 02:51 . 2013-10-11 02:08444928----a-w-c:\windows\system32\IKEEXT.DLL
2013-11-13 02:51 . 2013-10-11 02:07596480----a-w-c:\windows\system32\FWPUCLNT.DLL
2013-11-01 15:35 . 2013-11-01 15:35--------d-----w-c:\program files\Coupons
2013-10-29 22:59 . 2013-10-29 22:59--------d-----w-c:\program files\Common Files\Java
2013-10-29 22:59 . 2013-10-08 12:5094632----a-w-c:\windows\system32\WindowsAccessBridge.dll
2013-10-29 01:50 . 2006-12-12 15:01155648----a-w-c:\windows\system32\igfxres.dll
2013-10-29 01:23 . 2013-10-29 01:23--------d-----w-c:\windows\ERUNT
2013-10-29 01:19 . 2013-10-29 01:20--------d-----w-C:\AdwCleaner
2013-10-29 00:19 . 2013-11-20 03:09--------d-----w-c:\users\user\AppData\Local\temp
2013-10-28 19:11 . 2013-11-20 02:17--------d-----w-c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-10-27 21:56 . 2013-10-27 21:56--------d-----w-c:\users\user\AppData\Roaming\Malwarebytes
2013-10-27 21:55 . 2013-10-27 21:55--------d-----w-c:\programdata\Malwarebytes
2013-10-27 21:49 . 2013-10-27 21:49--------d-----w-c:\users\user\AppData\Roaming\AVAST Software
2013-10-27 21:46 . 2013-10-27 21:4657672----a-w-c:\windows\system32\drivers\aswTdi.sys
2013-10-27 21:46 . 2013-10-27 21:46178304----a-w-c:\windows\system32\drivers\aswVmm.sys
2013-10-27 21:46 . 2013-11-20 00:47403440----a-w-c:\windows\system32\drivers\aswsp.sys
2013-10-27 21:46 . 2013-10-27 21:4649944----a-w-c:\windows\system32\drivers\aswRvrt.sys
2013-10-27 21:46 . 2013-10-27 21:46774392----a-w-c:\windows\system32\drivers\aswSnx.sys
2013-10-27 21:46 . 2013-10-27 21:4670384----a-w-c:\windows\system32\drivers\aswMonFlt.sys
2013-10-27 21:46 . 2013-10-27 21:4635656----a-w-c:\windows\system32\drivers\aswFsBlk.sys
2013-10-27 21:46 . 2013-10-27 21:4654832----a-w-c:\windows\system32\drivers\aswRdr.sys
2013-10-27 21:46 . 2013-10-27 21:45269216----a-w-c:\windows\system32\aswBoot.exe
2013-10-27 21:45 . 2013-10-27 21:4543152----a-w-c:\windows\avastSS.scr
2013-10-27 21:44 . 2013-10-27 21:44--------d-----w-c:\program files\AVAST Software
2013-10-27 21:43 . 2013-10-27 21:43--------d-----w-c:\programdata\AVAST Software
2013-10-27 21:03 . 2013-11-19 22:49--------d-----w-c:\programdata\lpgg3rg3
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-11-20 00:43 . 2012-04-03 18:23692616----a-w-c:\windows\system32\FlashPlayerApp.exe
2013-11-20 00:43 . 2012-04-03 18:2371048----a-w-c:\windows\system32\FlashPlayerCPLApp.cpl
2013-11-10 15:14 . 2013-10-27 21:46403440----a-w-c:\windows\system32\drivers\aswsp.sys.1384908474
2013-09-03 19:35 . 2011-01-19 19:16238872------w-c:\windows\system32\MpSigStub.exe
2013-08-29 07:36 . 2013-10-08 23:562050048----a-w-c:\windows\system32\win32k.sys
2013-08-27 02:47 . 2013-10-08 23:56219648----a-w-c:\windows\system32\d3d10_1core.dll
2013-08-27 02:47 . 2013-10-08 23:56189952----a-w-c:\windows\system32\d3d10core.dll
2013-08-27 02:47 . 2013-10-08 23:56160768----a-w-c:\windows\system32\d3d10_1.dll
2013-08-27 02:47 . 2013-10-08 23:561029120----a-w-c:\windows\system32\d3d10.dll
2013-08-27 01:52 . 2013-10-08 23:561172480----a-w-c:\windows\system32\d3d10warp.dll
2013-08-27 01:50 . 2013-10-08 23:56486400----a-w-c:\windows\system32\d3d10level9.dll
2013-08-27 01:32 . 2013-10-08 23:56683008----a-w-c:\windows\system32\d2d1.dll
2013-08-27 01:28 . 2013-10-08 23:561069056----a-w-c:\windows\system32\DWrite.dll
2013-08-27 01:28 . 2013-10-08 23:56798208----a-w-c:\windows\system32\FntCache.dll
2009-09-13 04:05 . 2013-08-19 03:18124240----a-w-c:\program files\mozilla firefox\plugins\CCMSDK.dll
2009-09-13 04:06 . 2013-08-19 03:1813136----a-w-c:\program files\mozilla firefox\plugins\cgpcfg.dll
2009-09-13 04:06 . 2013-08-19 03:1870488----a-w-c:\program files\mozilla firefox\plugins\CgpCore.dll
2009-09-13 04:06 . 2013-08-19 03:1891480----a-w-c:\program files\mozilla firefox\plugins\confmgr.dll
2009-09-13 04:06 . 2013-08-19 03:1822360----a-w-c:\program files\mozilla firefox\plugins\ctxlogging.dll
2009-09-13 04:07 . 2013-08-19 03:18255312----a-w-c:\program files\mozilla firefox\plugins\ctxmui.dll
2009-09-13 04:06 . 2013-08-19 03:1831064----a-w-c:\program files\mozilla firefox\plugins\icafile.dll
2009-09-13 04:06 . 2013-08-19 03:1840280----a-w-c:\program files\mozilla firefox\plugins\icalogon.dll
2009-08-14 18:33 . 2013-08-19 03:18652640----a-w-c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2009-09-13 04:06 . 2013-08-19 03:1823896----a-w-c:\program files\mozilla firefox\plugins\TcpPServ.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-10-27 21:45321752----a-w-c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-10-15 202024]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-12-12 98304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-12-12 106496]
"Persistence"="c:\windows\system32\igfxpers.exe" [2006-12-12 81920]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-02-05 128232]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2010-05-20 119152]
"VX3000"="c:\windows\vVX3000.exe" [2010-05-20 762736]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-12 59280]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2008-01-21 215552]
"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2009-09-13 103768]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2013-10-27 3567800]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2013-04-04 532040]
.
c:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK32.EXE [2013-1-15 685936]
Wireless Connection Manager.lnk - c:\program files\D-Link\DWA-130 revE\wirelesscm.exe [2012-8-21 505152]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - TrueSight
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetworkREG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonationREG_MULTI_SZ FontCache
HPZ12REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmtREG_MULTI_SZ hpqcxs08 hpqddsvc
WindowsMobileREG_MULTI_SZ wcescomm rapimgr
LocalServiceRestrictedREG_MULTI_SZ WcesComm RapiMgr
.
Contents of the 'Scheduled Tasks' folder
.
2013-11-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 00:43]
.
2013-11-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1842632011-3021445339-23583493-1000Core1cd93628644616f.job
- c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-03 06:15]
.
2013-11-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1842632011-3021445339-23583493-1000UA1ce0d8ba529fe67.job
- c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-03 06:15]
.
2012-04-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-837330426-1965751672-950424987-1000Core.job
- c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-03 06:15]
.
2012-04-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-837330426-1965751672-950424987-1000UA.job
- c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-03 06:15]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://home.suddenlink.net/
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: DhcpNameServer = 192.168.0.1
DPF: {A084A130-28AE-4B32-B51A-1C8CE164BC88} - hxxp://www.convergysworkathome.com/AppHardT.CAB
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-WudfPf
SafeBoot-WudfRd
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-11-19 21:09
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_152_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_152_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2013-11-19 21:12:11
ComboFix-quarantined-files.txt 2013-11-20 03:12
.
Pre-Run: 37,579,481,088 bytes free
Post-Run: 37,476,945,920 bytes free
.
- - End Of File - - 9F2E5892B1E5EA4DAB7AD23B61534EA3
5C616939100B85E558DA92B899A0FC36
necee99
Posts: 156 +1
Saved it to desktop and ran again. don't know if its any difference. computer seems to be better.
ComboFix 13-11-19.01 - user 11/19/2013 21:19:57.4.2 - x86
Microsoft® Windows Vista™ Business 6.0.6002.2.1252.1.1033.18.2037.1026 [GMT -6:00]
Running from: c:\users\user\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2013-10-20 to 2013-11-20 )))))))))))))))))))))))))))))))
.
.
2013-11-20 03:26 . 2013-11-20 03:26--------d-----w-c:\users\Default\AppData\Local\temp
2013-11-20 03:12 . 2013-11-20 03:26--------d-----w-c:\users\user\AppData\Local\temp
2013-11-20 02:09 . 2013-11-20 02:09105176----a-w-c:\windows\system32\drivers\MBAMSwissArmy.sys
2013-11-20 02:08 . 2013-11-20 02:0875992----a-w-c:\windows\system32\drivers\mbamchameleon.sys
2013-11-20 00:54 . 2013-11-20 00:54--------d-----w-c:\programdata\WindowsSearch
2013-11-20 00:44 . 2013-11-20 00:44--------d-----w-c:\program files\Malwarebytes' Anti-Malware
2013-11-20 00:44 . 2013-04-04 20:5022856----a-w-c:\windows\system32\drivers\mbam.sys
2013-11-20 00:30 . 2013-11-20 00:31--------d-----w-c:\users\user\AppData\Local\CrashDumps
2013-11-15 20:54 . 2013-10-16 06:207796464------w-c:\programdata\Microsoft\Windows Defender\Definition Updates\{640BC77E-B4B0-462E-98F8-64FBC3A905D2}\mpengine.dll
2013-11-13 02:51 . 2013-10-03 12:45297984----a-w-c:\windows\system32\gdi32.dll
2013-11-13 02:51 . 2013-10-03 12:45993792----a-w-c:\windows\system32\crypt32.dll
2013-11-13 02:51 . 2013-10-11 02:08444928----a-w-c:\windows\system32\IKEEXT.DLL
2013-11-13 02:51 . 2013-10-11 02:07596480----a-w-c:\windows\system32\FWPUCLNT.DLL
2013-11-01 15:35 . 2013-11-01 15:35--------d-----w-c:\program files\Coupons
2013-10-29 22:59 . 2013-10-29 22:59--------d-----w-c:\program files\Common Files\Java
2013-10-29 22:59 . 2013-10-08 12:5094632----a-w-c:\windows\system32\WindowsAccessBridge.dll
2013-10-29 01:50 . 2006-12-12 15:01155648----a-w-c:\windows\system32\igfxres.dll
2013-10-29 01:23 . 2013-10-29 01:23--------d-----w-c:\windows\ERUNT
2013-10-29 01:19 . 2013-10-29 01:20--------d-----w-C:\AdwCleaner
2013-10-28 19:11 . 2013-11-20 02:17--------d-----w-c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-10-27 21:56 . 2013-10-27 21:56--------d-----w-c:\users\user\AppData\Roaming\Malwarebytes
2013-10-27 21:55 . 2013-10-27 21:55--------d-----w-c:\programdata\Malwarebytes
2013-10-27 21:49 . 2013-10-27 21:49--------d-----w-c:\users\user\AppData\Roaming\AVAST Software
2013-10-27 21:46 . 2013-10-27 21:4657672----a-w-c:\windows\system32\drivers\aswTdi.sys
2013-10-27 21:46 . 2013-10-27 21:46178304----a-w-c:\windows\system32\drivers\aswVmm.sys
2013-10-27 21:46 . 2013-11-20 00:47403440----a-w-c:\windows\system32\drivers\aswsp.sys
2013-10-27 21:46 . 2013-10-27 21:4649944----a-w-c:\windows\system32\drivers\aswRvrt.sys
2013-10-27 21:46 . 2013-10-27 21:46774392----a-w-c:\windows\system32\drivers\aswSnx.sys
2013-10-27 21:46 . 2013-10-27 21:4670384----a-w-c:\windows\system32\drivers\aswMonFlt.sys
2013-10-27 21:46 . 2013-10-27 21:4635656----a-w-c:\windows\system32\drivers\aswFsBlk.sys
2013-10-27 21:46 . 2013-10-27 21:4654832----a-w-c:\windows\system32\drivers\aswRdr.sys
2013-10-27 21:46 . 2013-10-27 21:45269216----a-w-c:\windows\system32\aswBoot.exe
2013-10-27 21:45 . 2013-10-27 21:4543152----a-w-c:\windows\avastSS.scr
2013-10-27 21:44 . 2013-10-27 21:44--------d-----w-c:\program files\AVAST Software
2013-10-27 21:43 . 2013-10-27 21:43--------d-----w-c:\programdata\AVAST Software
2013-10-27 21:03 . 2013-11-19 22:49--------d-----w-c:\programdata\lpgg3rg3
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-11-20 00:43 . 2012-04-03 18:23692616----a-w-c:\windows\system32\FlashPlayerApp.exe
2013-11-20 00:43 . 2012-04-03 18:2371048----a-w-c:\windows\system32\FlashPlayerCPLApp.cpl
2013-11-10 15:14 . 2013-10-27 21:46403440----a-w-c:\windows\system32\drivers\aswsp.sys.1384908474
2013-09-03 19:35 . 2011-01-19 19:16238872------w-c:\windows\system32\MpSigStub.exe
2013-08-29 07:36 . 2013-10-08 23:562050048----a-w-c:\windows\system32\win32k.sys
2013-08-27 02:47 . 2013-10-08 23:56219648----a-w-c:\windows\system32\d3d10_1core.dll
2013-08-27 02:47 . 2013-10-08 23:56189952----a-w-c:\windows\system32\d3d10core.dll
2013-08-27 02:47 . 2013-10-08 23:56160768----a-w-c:\windows\system32\d3d10_1.dll
2013-08-27 02:47 . 2013-10-08 23:561029120----a-w-c:\windows\system32\d3d10.dll
2013-08-27 01:52 . 2013-10-08 23:561172480----a-w-c:\windows\system32\d3d10warp.dll
2013-08-27 01:50 . 2013-10-08 23:56486400----a-w-c:\windows\system32\d3d10level9.dll
2013-08-27 01:32 . 2013-10-08 23:56683008----a-w-c:\windows\system32\d2d1.dll
2013-08-27 01:28 . 2013-10-08 23:561069056----a-w-c:\windows\system32\DWrite.dll
2013-08-27 01:28 . 2013-10-08 23:56798208----a-w-c:\windows\system32\FntCache.dll
2009-09-13 04:05 . 2013-08-19 03:18124240----a-w-c:\program files\mozilla firefox\plugins\CCMSDK.dll
2009-09-13 04:06 . 2013-08-19 03:1813136----a-w-c:\program files\mozilla firefox\plugins\cgpcfg.dll
2009-09-13 04:06 . 2013-08-19 03:1870488----a-w-c:\program files\mozilla firefox\plugins\CgpCore.dll
2009-09-13 04:06 . 2013-08-19 03:1891480----a-w-c:\program files\mozilla firefox\plugins\confmgr.dll
2009-09-13 04:06 . 2013-08-19 03:1822360----a-w-c:\program files\mozilla firefox\plugins\ctxlogging.dll
2009-09-13 04:07 . 2013-08-19 03:18255312----a-w-c:\program files\mozilla firefox\plugins\ctxmui.dll
2009-09-13 04:06 . 2013-08-19 03:1831064----a-w-c:\program files\mozilla firefox\plugins\icafile.dll
2009-09-13 04:06 . 2013-08-19 03:1840280----a-w-c:\program files\mozilla firefox\plugins\icalogon.dll
2009-08-14 18:33 . 2013-08-19 03:18652640----a-w-c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2009-09-13 04:06 . 2013-08-19 03:1823896----a-w-c:\program files\mozilla firefox\plugins\TcpPServ.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-10-27 21:45321752----a-w-c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-10-15 202024]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-12-12 98304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-12-12 106496]
"Persistence"="c:\windows\system32\igfxpers.exe" [2006-12-12 81920]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-02-05 128232]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2010-05-20 119152]
"VX3000"="c:\windows\vVX3000.exe" [2010-05-20 762736]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-12 59280]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2008-01-21 215552]
"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2009-09-13 103768]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2013-10-27 3567800]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2013-04-04 532040]
.
c:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK32.EXE [2013-1-15 685936]
Wireless Connection Manager.lnk - c:\program files\D-Link\DWA-130 revE\wirelesscm.exe [2012-8-21 505152]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - TrueSight
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetworkREG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonationREG_MULTI_SZ FontCache
HPZ12REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmtREG_MULTI_SZ hpqcxs08 hpqddsvc
WindowsMobileREG_MULTI_SZ wcescomm rapimgr
LocalServiceRestrictedREG_MULTI_SZ WcesComm RapiMgr
.
Contents of the 'Scheduled Tasks' folder
.
2013-11-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 00:43]
.
2013-11-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1842632011-3021445339-23583493-1000Core1cd93628644616f.job
- c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-03 06:15]
.
2013-11-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1842632011-3021445339-23583493-1000UA1ce0d8ba529fe67.job
- c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-03 06:15]
.
2012-04-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-837330426-1965751672-950424987-1000Core.job
- c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-03 06:15]
.
2012-04-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-837330426-1965751672-950424987-1000UA.job
- c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-03 06:15]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://home.suddenlink.net/
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: DhcpNameServer = 192.168.0.1
DPF: {A084A130-28AE-4B32-B51A-1C8CE164BC88} - hxxp://www.convergysworkathome.com/AppHardT.CAB
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-11-19 21:26
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_152_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_152_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2013-11-19 21:28:23
ComboFix-quarantined-files.txt 2013-11-20 03:28
ComboFix2.txt 2013-11-20 03:12
.
Pre-Run: 37,498,429,440 bytes free
Post-Run: 37,465,530,368 bytes free
.
- - End Of File - - 8D97447EBB5AF9D10A8E4AD24C128AA2
5C616939100B85E558DA92B899A0FC36
ComboFix 13-11-19.01 - user 11/19/2013 21:19:57.4.2 - x86
Microsoft® Windows Vista™ Business 6.0.6002.2.1252.1.1033.18.2037.1026 [GMT -6:00]
Running from: c:\users\user\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2013-10-20 to 2013-11-20 )))))))))))))))))))))))))))))))
.
.
2013-11-20 03:26 . 2013-11-20 03:26--------d-----w-c:\users\Default\AppData\Local\temp
2013-11-20 03:12 . 2013-11-20 03:26--------d-----w-c:\users\user\AppData\Local\temp
2013-11-20 02:09 . 2013-11-20 02:09105176----a-w-c:\windows\system32\drivers\MBAMSwissArmy.sys
2013-11-20 02:08 . 2013-11-20 02:0875992----a-w-c:\windows\system32\drivers\mbamchameleon.sys
2013-11-20 00:54 . 2013-11-20 00:54--------d-----w-c:\programdata\WindowsSearch
2013-11-20 00:44 . 2013-11-20 00:44--------d-----w-c:\program files\Malwarebytes' Anti-Malware
2013-11-20 00:44 . 2013-04-04 20:5022856----a-w-c:\windows\system32\drivers\mbam.sys
2013-11-20 00:30 . 2013-11-20 00:31--------d-----w-c:\users\user\AppData\Local\CrashDumps
2013-11-15 20:54 . 2013-10-16 06:207796464------w-c:\programdata\Microsoft\Windows Defender\Definition Updates\{640BC77E-B4B0-462E-98F8-64FBC3A905D2}\mpengine.dll
2013-11-13 02:51 . 2013-10-03 12:45297984----a-w-c:\windows\system32\gdi32.dll
2013-11-13 02:51 . 2013-10-03 12:45993792----a-w-c:\windows\system32\crypt32.dll
2013-11-13 02:51 . 2013-10-11 02:08444928----a-w-c:\windows\system32\IKEEXT.DLL
2013-11-13 02:51 . 2013-10-11 02:07596480----a-w-c:\windows\system32\FWPUCLNT.DLL
2013-11-01 15:35 . 2013-11-01 15:35--------d-----w-c:\program files\Coupons
2013-10-29 22:59 . 2013-10-29 22:59--------d-----w-c:\program files\Common Files\Java
2013-10-29 22:59 . 2013-10-08 12:5094632----a-w-c:\windows\system32\WindowsAccessBridge.dll
2013-10-29 01:50 . 2006-12-12 15:01155648----a-w-c:\windows\system32\igfxres.dll
2013-10-29 01:23 . 2013-10-29 01:23--------d-----w-c:\windows\ERUNT
2013-10-29 01:19 . 2013-10-29 01:20--------d-----w-C:\AdwCleaner
2013-10-28 19:11 . 2013-11-20 02:17--------d-----w-c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-10-27 21:56 . 2013-10-27 21:56--------d-----w-c:\users\user\AppData\Roaming\Malwarebytes
2013-10-27 21:55 . 2013-10-27 21:55--------d-----w-c:\programdata\Malwarebytes
2013-10-27 21:49 . 2013-10-27 21:49--------d-----w-c:\users\user\AppData\Roaming\AVAST Software
2013-10-27 21:46 . 2013-10-27 21:4657672----a-w-c:\windows\system32\drivers\aswTdi.sys
2013-10-27 21:46 . 2013-10-27 21:46178304----a-w-c:\windows\system32\drivers\aswVmm.sys
2013-10-27 21:46 . 2013-11-20 00:47403440----a-w-c:\windows\system32\drivers\aswsp.sys
2013-10-27 21:46 . 2013-10-27 21:4649944----a-w-c:\windows\system32\drivers\aswRvrt.sys
2013-10-27 21:46 . 2013-10-27 21:46774392----a-w-c:\windows\system32\drivers\aswSnx.sys
2013-10-27 21:46 . 2013-10-27 21:4670384----a-w-c:\windows\system32\drivers\aswMonFlt.sys
2013-10-27 21:46 . 2013-10-27 21:4635656----a-w-c:\windows\system32\drivers\aswFsBlk.sys
2013-10-27 21:46 . 2013-10-27 21:4654832----a-w-c:\windows\system32\drivers\aswRdr.sys
2013-10-27 21:46 . 2013-10-27 21:45269216----a-w-c:\windows\system32\aswBoot.exe
2013-10-27 21:45 . 2013-10-27 21:4543152----a-w-c:\windows\avastSS.scr
2013-10-27 21:44 . 2013-10-27 21:44--------d-----w-c:\program files\AVAST Software
2013-10-27 21:43 . 2013-10-27 21:43--------d-----w-c:\programdata\AVAST Software
2013-10-27 21:03 . 2013-11-19 22:49--------d-----w-c:\programdata\lpgg3rg3
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-11-20 00:43 . 2012-04-03 18:23692616----a-w-c:\windows\system32\FlashPlayerApp.exe
2013-11-20 00:43 . 2012-04-03 18:2371048----a-w-c:\windows\system32\FlashPlayerCPLApp.cpl
2013-11-10 15:14 . 2013-10-27 21:46403440----a-w-c:\windows\system32\drivers\aswsp.sys.1384908474
2013-09-03 19:35 . 2011-01-19 19:16238872------w-c:\windows\system32\MpSigStub.exe
2013-08-29 07:36 . 2013-10-08 23:562050048----a-w-c:\windows\system32\win32k.sys
2013-08-27 02:47 . 2013-10-08 23:56219648----a-w-c:\windows\system32\d3d10_1core.dll
2013-08-27 02:47 . 2013-10-08 23:56189952----a-w-c:\windows\system32\d3d10core.dll
2013-08-27 02:47 . 2013-10-08 23:56160768----a-w-c:\windows\system32\d3d10_1.dll
2013-08-27 02:47 . 2013-10-08 23:561029120----a-w-c:\windows\system32\d3d10.dll
2013-08-27 01:52 . 2013-10-08 23:561172480----a-w-c:\windows\system32\d3d10warp.dll
2013-08-27 01:50 . 2013-10-08 23:56486400----a-w-c:\windows\system32\d3d10level9.dll
2013-08-27 01:32 . 2013-10-08 23:56683008----a-w-c:\windows\system32\d2d1.dll
2013-08-27 01:28 . 2013-10-08 23:561069056----a-w-c:\windows\system32\DWrite.dll
2013-08-27 01:28 . 2013-10-08 23:56798208----a-w-c:\windows\system32\FntCache.dll
2009-09-13 04:05 . 2013-08-19 03:18124240----a-w-c:\program files\mozilla firefox\plugins\CCMSDK.dll
2009-09-13 04:06 . 2013-08-19 03:1813136----a-w-c:\program files\mozilla firefox\plugins\cgpcfg.dll
2009-09-13 04:06 . 2013-08-19 03:1870488----a-w-c:\program files\mozilla firefox\plugins\CgpCore.dll
2009-09-13 04:06 . 2013-08-19 03:1891480----a-w-c:\program files\mozilla firefox\plugins\confmgr.dll
2009-09-13 04:06 . 2013-08-19 03:1822360----a-w-c:\program files\mozilla firefox\plugins\ctxlogging.dll
2009-09-13 04:07 . 2013-08-19 03:18255312----a-w-c:\program files\mozilla firefox\plugins\ctxmui.dll
2009-09-13 04:06 . 2013-08-19 03:1831064----a-w-c:\program files\mozilla firefox\plugins\icafile.dll
2009-09-13 04:06 . 2013-08-19 03:1840280----a-w-c:\program files\mozilla firefox\plugins\icalogon.dll
2009-08-14 18:33 . 2013-08-19 03:18652640----a-w-c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2009-09-13 04:06 . 2013-08-19 03:1823896----a-w-c:\program files\mozilla firefox\plugins\TcpPServ.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-10-27 21:45321752----a-w-c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-10-15 202024]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-12-12 98304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-12-12 106496]
"Persistence"="c:\windows\system32\igfxpers.exe" [2006-12-12 81920]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-02-05 128232]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2010-05-20 119152]
"VX3000"="c:\windows\vVX3000.exe" [2010-05-20 762736]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-12 59280]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2008-01-21 215552]
"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2009-09-13 103768]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2013-10-27 3567800]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2013-04-04 532040]
.
c:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK32.EXE [2013-1-15 685936]
Wireless Connection Manager.lnk - c:\program files\D-Link\DWA-130 revE\wirelesscm.exe [2012-8-21 505152]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - TrueSight
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetworkREG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonationREG_MULTI_SZ FontCache
HPZ12REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmtREG_MULTI_SZ hpqcxs08 hpqddsvc
WindowsMobileREG_MULTI_SZ wcescomm rapimgr
LocalServiceRestrictedREG_MULTI_SZ WcesComm RapiMgr
.
Contents of the 'Scheduled Tasks' folder
.
2013-11-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 00:43]
.
2013-11-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1842632011-3021445339-23583493-1000Core1cd93628644616f.job
- c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-03 06:15]
.
2013-11-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1842632011-3021445339-23583493-1000UA1ce0d8ba529fe67.job
- c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-03 06:15]
.
2012-04-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-837330426-1965751672-950424987-1000Core.job
- c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-03 06:15]
.
2012-04-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-837330426-1965751672-950424987-1000UA.job
- c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-03 06:15]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://home.suddenlink.net/
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: DhcpNameServer = 192.168.0.1
DPF: {A084A130-28AE-4B32-B51A-1C8CE164BC88} - hxxp://www.convergysworkathome.com/AppHardT.CAB
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-11-19 21:26
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_152_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_152_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2013-11-19 21:28:23
ComboFix-quarantined-files.txt 2013-11-20 03:28
ComboFix2.txt 2013-11-20 03:12
.
Pre-Run: 37,498,429,440 bytes free
Post-Run: 37,465,530,368 bytes free
.
- - End Of File - - 8D97447EBB5AF9D10A8E4AD24C128AA2
5C616939100B85E558DA92B899A0FC36
Similar threads
Latest posts
-
Gigabyte confirms "Ryzen 9000" branding for AMD's upcoming Zen 5 CPUs- antiproduct replied
-
Worry your friends with this $9,420 flamethrower robot dog- themastergoose replied
