Jump to content

IXstalker

Members
  • Posts

    11
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Database version: v2012.08.19.07 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 8.0.7601.17514 Kara :: KPC [administrator] 8/19/2012 6:12:39 PM mbam-log-2012-08-19 (18-12-39).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 181644 Time elapsed: 2 minute(s), 52 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) Thank you SO MUCH! Everything seems to be working fine now.
  2. ComboFix 12-08-18.03 - Kara 08/19/2012 18:01:47.2.2 - x86 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3070.1979 [GMT -5:00] Running from: c:\users\Kara\Desktop\ComboFix.exe Command switches used :: c:\users\Kara\Desktop\CFScript.txt AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . . --------------- FCopy --------------- . c:\windows.old.000\Windows\System32\spoolsv.exe --> c:\windows\System32\spoolsv.exe . ((((((((((((((((((((((((( Files Created from 2012-07-19 to 2012-08-19 ))))))))))))))))))))))))))))))) . . 2012-08-19 23:05 . 2012-08-19 23:05 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-08-19 23:01 . 2010-11-20 21:29 317440 ----a-w- c:\windows\system32\spoolsv.exe 2012-08-19 21:15 . 2012-08-19 21:59 -------- d-----w- C:\TDSSKiller_Quarantine 2012-08-07 03:40 . 2012-08-07 03:40 -------- d-----w- c:\windows\Sun 2012-07-29 01:17 . 2012-07-29 01:17 -------- d-----w- c:\users\Kara\AppData\Roaming\Malwarebytes 2012-07-29 01:17 . 2012-07-29 01:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-07-29 01:17 . 2012-07-29 01:17 -------- d-----w- c:\programdata\Malwarebytes 2012-07-29 01:17 . 2012-07-03 18:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-07-28 17:22 . 2012-07-28 17:22 110080 ----a-r- c:\users\Kara\AppData\Roaming\Microsoft\Installer\{CC1F6DA0-21D2-425A-B1B6-5B164A598450}\IconF7A21AF7.exe 2012-07-28 17:22 . 2012-07-28 17:22 110080 ----a-r- c:\users\Kara\AppData\Roaming\Microsoft\Installer\{CC1F6DA0-21D2-425A-B1B6-5B164A598450}\IconD7F16134.exe 2012-07-28 17:22 . 2012-07-28 17:22 110080 ----a-r- c:\users\Kara\AppData\Roaming\Microsoft\Installer\{CC1F6DA0-21D2-425A-B1B6-5B164A598450}\IconCF33A0CE.exe 2012-07-28 17:22 . 2012-07-28 17:30 -------- d-----w- C:\sh4ldr 2012-07-28 17:21 . 2012-08-08 05:39 -------- d-----w- c:\windows\CC1F6DA021D2425AB1B65B164A598450.TMP 2012-07-28 17:21 . 2012-07-28 17:21 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2012-07-28 17:04 . 2012-07-28 17:04 -------- d-----w- c:\users\Kara\AppData\Roaming\SpeedyPC Software 2012-07-28 17:04 . 2012-07-28 17:04 -------- d-----w- c:\users\Kara\AppData\Roaming\DriverCure 2012-07-28 17:03 . 2012-07-28 17:03 -------- d-----w- c:\programdata\SpeedyPC Software 2012-07-28 17:03 . 2012-07-28 17:03 -------- d-----w- c:\program files\Common Files\SpeedyPC Software 2012-07-28 16:02 . 2012-07-28 16:02 -------- d-----w- c:\users\Kara\How+Remove+Trojan+horse+Patched_c+LYU+Manually_files 2012-07-28 03:31 . 2012-07-28 03:34 -------- d-----w- c:\users\Kara\AppData\Roaming\AVG 2012-07-27 23:22 . 2012-08-19 14:25 -------- d-----w- c:\windows\system32\drivers\AVG 2012-07-27 23:22 . 2012-08-19 14:19 -------- d-----w- c:\programdata\AVG2012 2012-07-27 23:22 . 2012-07-27 23:22 -------- d-----w- C:\$AVG 2012-07-27 21:50 . 2012-07-27 21:50 -------- d-sh--w- c:\windows\system32\%APPDATA% . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-07-27 21:46 . 2012-06-03 09:21 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-07-27 21:46 . 2012-06-03 09:21 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-07-19 02:22 . 2012-06-01 00:56 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{28387537-e3f9-4ed7-860c-11e69af4a8a0}] 2012-02-27 08:49 89008 ----a-w- c:\progra~1\IMESHA~1\MediaBar\Datamngr\ToolBar\wincoreimdtx.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{28387537-e3f9-4ed7-860c-11e69af4a8a0}"= "c:\progra~1\IMESHA~1\MediaBar\Datamngr\ToolBar\wincoreimdtx.dll" [2012-02-27 89008] . [HKEY_CLASSES_ROOT\clsid\{28387537-e3f9-4ed7-860c-11e69af4a8a0}] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Spotify Web Helper"="c:\users\Kara\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-07-23 1192664] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296] "AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux1"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart . R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\avgidsagent.exe [x] R2 UDisk Monitor;UDisk Monitor;c:\program files\Froyo_Android_Driver\Bin\MonServiceUDisk.exe [x] R3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;c:\program files\BitComet\tools\BitCometService.exe [x] R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x] R3 Generalusbserialser20675;USB Legacy Serial Communication 20675;c:\windows\system32\DRIVERS\CT_U_USBSER.sys [x] R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x] R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x] S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys [x] S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [x] S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [x] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x] S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [x] S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdriverx.sys [x] S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfilterx.sys [x] S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys [x] S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL . Contents of the 'Scheduled Tasks' folder . 2012-08-19 c:\windows\Tasks\SpeedyPC Registration3.job - c:\program files\Common Files\SpeedyPC Software\UUS3\UUS3.dll [2012-01-30 22:17] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.ask.com/?l=dis&o=14196 TCP: DhcpNameServer = 192.168.2.1 FF - ProfilePath - c:\users\Kara\AppData\Roaming\Mozilla\Firefox\Profiles\gsz9u1lh.default\ FF - prefs.js: network.proxy.type - 0 . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2012-08-19 18:07:10 ComboFix-quarantined-files.txt 2012-08-19 23:07 ComboFix2.txt 2012-08-19 22:16 . Pre-Run: 164,169,498,624 bytes free Post-Run: 164,123,623,424 bytes free . - - End Of File - - 84B5EC814FEB7BA71F275064D9C161F9
  3. SystemLook 30.07.11 by jpshortstuff Log created at 17:32 on 19/08/2012 by Kara Administrator - Elevation successful ========== Filefind ========== Searching for "spoolsv.exe" C:\Windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7601.17514_none_d8530d0d1fcade21\spoolsv.exe --a---- 317440 bytes [21:29 20/11/2010] [21:29 20/11/2010] 866A43013535DC8587C258E43579C764 C:\Windows.old\Windows\System32\spoolsv.exe --a---- 267776 bytes [21:11 14/09/2010] [14:04 17/08/2010] 92E6738D25C2123BE9515C0EAC0776CD C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.0.6001.18000_none_326a3ea579e6364c\spoolsv.exe --a---- 267264 bytes [02:49 21/01/2008] [02:49 21/01/2008] E6519A9E756D74DC51C697BA62162F51 C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.0.6001.18511_none_3260788179ed5d57\spoolsv.exe --a---- 267776 bytes [21:11 14/09/2010] [14:04 17/08/2010] 92E6738D25C2123BE9515C0EAC0776CD C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.0.6001.22743_none_32cba802932180c9\spoolsv.exe --a---- 270848 bytes [21:11 14/09/2010] [14:02 17/08/2010] 7F59AA690212241B398D6DBE4071EE3C C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.0.6002.18294_none_33f36be77751de08\spoolsv.exe --a---- 273920 bytes [21:11 14/09/2010] [14:54 17/08/2010] F66FF751E7EFC816D266977939EF5DC3 C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.0.6002.22468_none_34a17b8490538c82\spoolsv.exe --a---- 273920 bytes [21:11 14/09/2010] [14:54 17/08/2010] 439017BE66398AB809D81B3AE8393883 C:\Windows.old.000\Windows\System32\spoolsv.exe --a---- 317440 bytes [21:29 20/11/2010] [21:29 20/11/2010] 866A43013535DC8587C258E43579C764 C:\Windows.old.000\Windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7601.17514_none_d8530d0d1fcade21\spoolsv.exe --a---- 317440 bytes [21:29 20/11/2010] [21:29 20/11/2010] 866A43013535DC8587C258E43579C764 -= EOF =- My windows.old is my old vista data from when I updated to 7, if that helps.
  4. ComboFix 12-08-18.03 - Kara 08/19/2012 17:05:16.1.2 - x86 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3070.2364 [GMT -5:00] Running from: c:\users\Kara\Desktop\ComboFix.exe SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Public\sdelevURL.tmp . . ((((((((((((((((((((((((( Files Created from 2012-07-19 to 2012-08-19 ))))))))))))))))))))))))))))))) . . 2012-08-19 22:58 . 2012-08-19 22:59 -------- d-----w- C:\FRST 2012-08-19 21:15 . 2012-08-19 21:59 -------- d-----w- C:\TDSSKiller_Quarantine 2012-08-07 03:40 . 2012-08-07 03:40 -------- d-----w- c:\windows\Sun 2012-07-29 01:17 . 2012-07-29 01:17 -------- d-----w- c:\users\Kara\AppData\Roaming\Malwarebytes 2012-07-29 01:17 . 2012-07-29 01:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-07-29 01:17 . 2012-07-29 01:17 -------- d-----w- c:\programdata\Malwarebytes 2012-07-29 01:17 . 2012-07-03 18:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-07-28 17:22 . 2012-07-28 17:22 110080 ----a-r- c:\users\Kara\AppData\Roaming\Microsoft\Installer\{CC1F6DA0-21D2-425A-B1B6-5B164A598450}\IconF7A21AF7.exe 2012-07-28 17:22 . 2012-07-28 17:22 110080 ----a-r- c:\users\Kara\AppData\Roaming\Microsoft\Installer\{CC1F6DA0-21D2-425A-B1B6-5B164A598450}\IconD7F16134.exe 2012-07-28 17:22 . 2012-07-28 17:22 110080 ----a-r- c:\users\Kara\AppData\Roaming\Microsoft\Installer\{CC1F6DA0-21D2-425A-B1B6-5B164A598450}\IconCF33A0CE.exe 2012-07-28 17:22 . 2012-07-28 17:30 -------- d-----w- C:\sh4ldr 2012-07-28 17:21 . 2012-08-08 05:39 -------- d-----w- c:\windows\CC1F6DA021D2425AB1B65B164A598450.TMP 2012-07-28 17:21 . 2012-07-28 17:21 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2012-07-28 17:04 . 2012-07-28 17:04 -------- d-----w- c:\users\Kara\AppData\Roaming\SpeedyPC Software 2012-07-28 17:04 . 2012-07-28 17:04 -------- d-----w- c:\users\Kara\AppData\Roaming\DriverCure 2012-07-28 17:03 . 2012-07-28 17:03 -------- d-----w- c:\programdata\SpeedyPC Software 2012-07-28 17:03 . 2012-07-28 17:03 -------- d-----w- c:\program files\Common Files\SpeedyPC Software 2012-07-28 16:02 . 2012-07-28 16:02 -------- d-----w- c:\users\Kara\How+Remove+Trojan+horse+Patched_c+LYU+Manually_files 2012-07-28 03:31 . 2012-07-28 03:34 -------- d-----w- c:\users\Kara\AppData\Roaming\AVG 2012-07-27 23:22 . 2012-08-19 14:25 -------- d-----w- c:\windows\system32\drivers\AVG 2012-07-27 23:22 . 2012-08-19 14:19 -------- d-----w- c:\programdata\AVG2012 2012-07-27 23:22 . 2012-07-27 23:22 -------- d-----w- C:\$AVG 2012-07-27 21:50 . 2012-07-27 21:50 -------- d-sh--w- c:\windows\system32\%APPDATA% . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-07-27 21:46 . 2012-06-03 09:21 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-07-27 21:46 . 2012-06-03 09:21 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-07-19 02:22 . 2012-06-01 00:56 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . [7] 2010-11-20 . 866A43013535DC8587C258E43579C764 . 317440 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7601.17514_none_d8530d0d1fcade21\spoolsv.exe . c:\windows\System32\spoolsv.exe ... is missing !! . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{28387537-e3f9-4ed7-860c-11e69af4a8a0}] 2012-02-27 08:49 89008 ----a-w- c:\progra~1\IMESHA~1\MediaBar\Datamngr\ToolBar\wincoreimdtx.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{28387537-e3f9-4ed7-860c-11e69af4a8a0}"= "c:\progra~1\IMESHA~1\MediaBar\Datamngr\ToolBar\wincoreimdtx.dll" [2012-02-27 89008] . [HKEY_CLASSES_ROOT\clsid\{28387537-e3f9-4ed7-860c-11e69af4a8a0}] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Spotify Web Helper"="c:\users\Kara\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-07-23 1192664] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296] "AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux1"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart . R3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;c:\program files\BitComet\tools\BitCometService.exe [x] R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x] R3 Generalusbserialser20675;USB Legacy Serial Communication 20675;c:\windows\system32\DRIVERS\CT_U_USBSER.sys [x] R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x] R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x] S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys [x] S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [x] S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [x] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x] S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\avgidsagent.exe [x] S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [x] S2 UDisk Monitor;UDisk Monitor;c:\program files\Froyo_Android_Driver\Bin\MonServiceUDisk.exe [x] S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdriverx.sys [x] S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfilterx.sys [x] S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys [x] S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL . Contents of the 'Scheduled Tasks' folder . 2012-08-05 c:\windows\Tasks\SpeedyPC Registration3.job - c:\program files\Common Files\SpeedyPC Software\UUS3\UUS3.dll [2012-01-30 22:17] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.ask.com/?l=dis&o=14196 TCP: DhcpNameServer = 192.168.2.1 FF - ProfilePath - c:\users\Kara\AppData\Roaming\Mozilla\Firefox\Profiles\gsz9u1lh.default\ FF - prefs.js: network.proxy.type - 0 . - - - - ORPHANS REMOVED - - - - . SafeBoot-61724736.sys AddRemove-{604CD5A1-4520-4844-B064-A3D884B77E91} - c:\program files\SpeedyPC Software\SpeedyPC\uninstall.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\progra~1\AVG\AVG2012\avgrsx.exe c:\program files\AVG\AVG2012\avgcsrvx.exe c:\windows\system32\taskhost.exe c:\windows\System32\rundll32.exe c:\windows\system32\conhost.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\windows\system32\sppsvc.exe c:\windows\system32\taskhost.exe . ************************************************************************** . Completion time: 2012-08-19 17:16:16 - machine was rebooted ComboFix-quarantined-files.txt 2012-08-19 22:16 . Pre-Run: 164,273,336,320 bytes free Post-Run: 164,496,556,032 bytes free . - - End Of File - - 2A6A1CF6E96D030D4E2454A1C492D185
  5. TDSSkiller logs TDSSKiller.2.8.6.0_19.08.2012_16.12.19_log.txt TDSSKiller.2.8.6.0_19.08.2012_16.13.08_log.txt
  6. Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 19-08-2012 Ran by SYSTEM at 2012-08-19 15:56:00 Run:1 Running from F:\ ============================================== C:\Windows\Installer\{e1c3cda2-4c7f-dbf8-e5d8-7a8df2cad91c} moved successfully. C:\Users\Kara\AppData\Local\{e1c3cda2-4c7f-dbf8-e5d8-7a8df2cad91c} moved successfully. C:\Windows\assembly\GAC\Desktop.ini moved successfully. C:\Windows\System32\services.exe moved successfully. C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe copied successfully to C:\Windows\System32\services.exe ==== End of Fixlog ====
  7. Farbar Recovery Scan Tool Version: 19-08-2012 Ran by SYSTEM at 2012-08-19 15:20:05 Running from F:\ ================== Search: "services.exe" =================== C:\Windows.old.000\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe [2009-07-13 15:11] - [2009-07-13 17:14] - 0259072 ____A (Microsoft Corporation) 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 C:\Windows.old.000\Windows\System32\services.exe [2009-07-13 15:11] - [2009-07-13 17:14] - 0259072 ____A (Microsoft Corporation) 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 C:\Windows.old\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe [2008-01-20 18:50] - [2008-01-20 18:50] - 0279040 ____A (Microsoft Corporation) 2B336AB6286D6C81FA02CBAB914E3C6C C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_2b7e5beb85a67240\services.exe [2008-01-20 18:49] - [2008-01-20 18:49] - 0384512 ____A (Microsoft Corporation) DFAC660F0F139276CC9299812DE42719 C:\Windows.old\Windows\SysWOW64\services.exe [2008-01-20 18:50] - [2008-01-20 18:50] - 0279040 ____A (Microsoft Corporation) 2B336AB6286D6C81FA02CBAB914E3C6C C:\Windows.old\Windows\System32\services.exe [2008-01-20 18:49] - [2008-01-20 18:49] - 0384512 ____A (Microsoft Corporation) DFAC660F0F139276CC9299812DE42719 C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe [2009-07-13 15:11] - [2009-07-13 17:14] - 0259072 ____A (Microsoft Corporation) 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 C:\Windows\System32\services.exe [2009-07-13 15:11] - [2009-07-13 17:14] - 0259072 ____A (Microsoft Corporation) A302BBFF2A7278C0E239EE5D471D86A9 === End Of Search ===
  8. Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 19-08-2012 Ran by SYSTEM at 19-08-2012 14:59:03 Running from F:\ Windows 7 Ultimate Service Pack 1 (X86) OS Language: English(US) The current controlset is ControlSet001 ========================== Registry (Whitelisted) ============= HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-04-03] (Adobe Systems Incorporated) HKLM\...\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [252296 2012-01-17] (Sun Microsystems, Inc.) HKLM\...\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe" [2587008 2012-04-05] (AVG Technologies CZ, s.r.o.) HKU\Default\...\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe [1174016 2010-11-20] (Microsoft Corporation) HKU\Default User\...\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe [1174016 2010-11-20] (Microsoft Corporation) HKU\Kara\...\Run: [spotify Web Helper] "C:\Users\Kara\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [1192664 2012-07-23] () HKU\Kara\...\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.) HKLM\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript [1085000 2012-07-03] (Malwarebytes Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 ================================ Services (Whitelisted) ================== 2 AVGIDSAgent; "C:\Program Files\AVG\AVG2012\avgidsagent.exe" [5160568 2012-07-04] (AVG Technologies CZ, s.r.o.) 2 avgwd; "C:\Program Files\AVG\AVG2012\avgwdsvc.exe" [193288 2012-02-14] (AVG Technologies CZ, s.r.o.) 3 BITCOMET_HELPER_SERVICE; C:\Program Files\BitComet\tools\BitCometService.exe -service [1296728 2010-12-28] (www.BitComet.com) 2 eventlog; C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [20992 2009-07-13] (Microsoft Corporation) 2 UDisk Monitor; C:\Program Files\Froyo_Android_Driver\Bin\MonServiceUDisk.exe [512000 2011-05-12] () 2 Spooler; C:\Windows\System32\spoolsv.exe [x] ========================== Drivers (Whitelisted) ============= 3 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [139856 2011-12-23] (AVG Technologies CZ, s.r.o. ) 3 AVGIDSFilter; C:\Windows\System32\DRIVERS\avgidsfilterx.sys [24144 2011-12-23] (AVG Technologies CZ, s.r.o. ) 0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [24896 2012-04-19] (AVG Technologies CZ, s.r.o. ) 3 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [17232 2011-12-23] (AVG Technologies CZ, s.r.o. ) 1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [235216 2012-02-22] (AVG Technologies CZ, s.r.o.) 1 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [41040 2011-12-23] (AVG Technologies CZ, s.r.o.) 0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [31952 2012-01-31] (AVG Technologies CZ, s.r.o.) 3 Generalusbserialser20675; C:\Windows\System32\DRIVERS\CT_U_USBSER.sys [106496 2011-05-09] (Incorporated) 0 snhgjdr; C:\Windows\System32\drivers\tiln.sys [54016 2012-08-19] () 3 VGPU; C:\Windows\System32\drivers\rdvgkmd.sys [x] ========================== NetSvcs (Whitelisted) =========== ============ One Month Created Files and Folders ============== 2012-08-19 14:58 - 2012-08-19 14:59 - 00000000 ____D C:\FRST 2012-08-19 11:07 - 2012-08-19 11:07 - 00002531 ____A C:\Users\Kara\Desktop\RKreport[1].txt 2012-08-19 11:06 - 2012-08-19 11:07 - 00000000 ____D C:\Users\Kara\Desktop\RK_Quarantine 2012-08-19 11:05 - 2012-08-19 11:05 - 01558528 ____A C:\Users\Kara\Downloads\RogueKiller.exe 2012-08-19 07:00 - 2012-08-19 07:00 - 00007750 ____A C:\Users\Kara\Documents\Attach.txt 2012-08-19 06:54 - 2012-08-19 06:54 - 00009743 ____A C:\Users\Kara\Documents\DDS.txt 2012-08-19 06:48 - 2012-08-19 06:48 - 00054016 ____A C:\Windows\System32\Drivers\tiln.sys 2012-08-19 06:39 - 2012-08-19 06:40 - 00607260 ____R (Swearware) C:\Users\Kara\Downloads\dds.scr 2012-08-19 06:22 - 2012-08-19 06:23 - 00000000 ____D C:\Users\Kara\Desktop\New folder 2012-08-19 06:21 - 2012-08-19 06:22 - 00898318 ____A (Farbar) C:\Users\Kara\Downloads\FRST.exe 2012-08-07 19:04 - 2012-08-07 19:05 - 00143680 ____A C:\Windows\Minidump\080712-51573-01.dmp 2012-08-06 19:40 - 2012-08-06 19:40 - 00000000 ____D C:\Windows\Sun 2012-07-28 17:17 - 2012-07-28 17:17 - 00001078 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2012-07-28 17:17 - 2012-07-28 17:17 - 00000000 ____D C:\Users\Kara\AppData\Roaming\Malwarebytes 2012-07-28 17:17 - 2012-07-28 17:17 - 00000000 ____D C:\Users\All Users\Malwarebytes 2012-07-28 17:17 - 2012-07-28 17:17 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware 2012-07-28 17:17 - 2012-07-03 10:46 - 00022344 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys 2012-07-28 17:09 - 2012-07-28 17:12 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Kara\Downloads\mbam-setup-1.62.0.1300.exe 2012-07-28 09:22 - 2012-07-28 09:30 - 00000000 ____D C:\sh4ldr 2012-07-28 09:21 - 2012-08-07 21:39 - 00000000 ____D C:\Windows\CC1F6DA021D2425AB1B65B164A598450.TMP 2012-07-28 09:21 - 2012-07-28 09:21 - 00000000 ____D C:\Program Files\Common Files\Wise Installation Wizard 2012-07-28 09:04 - 2012-08-04 20:54 - 00000466 ____A C:\Windows\Tasks\SpeedyPC Registration3.job 2012-07-28 09:04 - 2012-07-28 09:05 - 00725440 ____A (Enigma Software Group USA, LLC.) C:\Users\Kara\Downloads\SpyHunter-Installer.exe 2012-07-28 09:04 - 2012-07-28 09:04 - 00000000 ____D C:\Users\Kara\AppData\Roaming\SpeedyPC Software 2012-07-28 09:04 - 2012-07-28 09:04 - 00000000 ____D C:\Users\Kara\AppData\Roaming\DriverCure 2012-07-28 09:03 - 2012-07-28 09:03 - 00000000 ____D C:\Users\All Users\SpeedyPC Software 2012-07-28 09:03 - 2012-07-28 09:03 - 00000000 ____D C:\Program Files\Common Files\SpeedyPC Software 2012-07-28 09:01 - 2012-07-28 09:02 - 04819616 ____A (SpeedyPC Software Inc.) C:\Users\Kara\Downloads\SpeedyPC Pro Installer.exe 2012-07-28 09:00 - 2012-07-28 09:00 - 00001205 ____A C:\Users\Kara\Downloads\FixNCR.reg 2012-07-28 08:35 - 2012-07-28 08:35 - 00000369 ____A C:\Users\Kara\Desktop\exefix.reg 2012-07-28 08:34 - 2012-07-28 08:34 - 00000000 ____A C:\Users\Kara\Desktop\New Text Document (3).txt 2012-07-28 08:30 - 2012-07-28 08:34 - 00001328 ____A C:\Users\Kara\Desktop\New Text Document (2).txt 2012-07-28 08:02 - 2012-07-28 08:02 - 00061705 ____A C:\Users\Kara\How+Remove+Trojan+horse+Patched_c+LYU+Manually.htm 2012-07-28 08:02 - 2012-07-28 08:02 - 00000000 ____D C:\Users\Kara\How+Remove+Trojan+horse+Patched_c+LYU+Manually_files 2012-07-27 19:31 - 2012-07-27 19:34 - 00000000 ____D C:\Users\Kara\AppData\Roaming\AVG 2012-07-27 19:30 - 2012-07-27 19:30 - 00001111 ____A C:\Users\Kara\Desktop\AVG PC Tuneup 2011.lnk 2012-07-27 19:27 - 2012-07-27 19:29 - 08351056 ____A (AVG ) C:\Users\Kara\Downloads\avg_pct_stf_all_10_27_c1.exe 2012-07-27 18:22 - 2012-07-27 18:22 - 00003304 ____N C:\bootsqm.dat 2012-07-27 17:10 - 2012-07-28 08:17 - 00019558 ____A C:\Users\Kara\Desktop\avgrep.txt 2012-07-27 17:09 - 2012-07-27 17:09 - 00149856 ____A C:\Windows\Minidump\072712-36270-01.dmp 2012-07-27 16:20 - 2012-07-27 16:20 - 00149856 ____A C:\Windows\Minidump\072712-37128-01.dmp 2012-07-27 15:23 - 2012-07-27 15:23 - 00000000 ____D C:\Users\Kara\AppData\Roaming\AVG2012 2012-07-27 15:22 - 2012-08-19 06:25 - 00000000 ____D C:\Windows\System32\Drivers\AVG 2012-07-27 15:22 - 2012-08-19 06:19 - 00000000 ____D C:\Users\All Users\AVG2012 2012-07-27 15:22 - 2012-07-27 15:22 - 00000946 ____A C:\Users\Public\Desktop\AVG 2012.lnk 2012-07-27 15:22 - 2012-07-27 15:22 - 00000000 ___HD C:\$AVG 2012-07-27 13:50 - 2012-07-27 13:50 - 00000000 __SHD C:\Windows\System32\%APPDATA% ============ 3 Months Modified Files ======================== 2012-08-19 11:07 - 2012-08-19 11:07 - 00002531 ____A C:\Users\Kara\Desktop\RKreport[1].txt 2012-08-19 11:05 - 2012-08-19 11:05 - 01558528 ____A C:\Users\Kara\Downloads\RogueKiller.exe 2012-08-19 07:00 - 2012-08-19 07:00 - 00007750 ____A C:\Users\Kara\Documents\Attach.txt 2012-08-19 06:54 - 2012-08-19 06:54 - 00009743 ____A C:\Users\Kara\Documents\DDS.txt 2012-08-19 06:48 - 2012-08-19 06:48 - 00054016 ____A C:\Windows\System32\Drivers\tiln.sys 2012-08-19 06:40 - 2012-08-19 06:39 - 00607260 ____R (Swearware) C:\Users\Kara\Downloads\dds.scr 2012-08-19 06:39 - 2009-07-13 20:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2012-08-19 06:38 - 2009-07-13 20:53 - 00029404 ____A C:\Windows\Tasks\SCHEDLGU.TXT 2012-08-19 06:27 - 2010-11-20 13:01 - 00747786 ____A C:\Windows\System32\PerfStringBackup.INI 2012-08-19 06:26 - 2009-07-13 20:34 - 00023680 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2012-08-19 06:26 - 2009-07-13 20:34 - 00023680 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2012-08-19 06:22 - 2012-08-19 06:21 - 00898318 ____A (Farbar) C:\Users\Kara\Downloads\FRST.exe 2012-08-19 06:19 - 2009-07-13 20:39 - 00031401 ____A C:\Windows\setupact.log 2012-08-18 21:16 - 2010-11-20 13:48 - 00020122 ____A C:\Windows\PFRO.log 2012-08-07 19:05 - 2012-08-07 19:04 - 00143680 ____A C:\Windows\Minidump\080712-51573-01.dmp 2012-08-07 19:04 - 2012-06-02 17:38 - 226631109 ____A C:\Windows\MEMORY.DMP 2012-08-04 20:54 - 2012-07-28 09:04 - 00000466 ____A C:\Windows\Tasks\SpeedyPC Registration3.job 2012-07-28 17:17 - 2012-07-28 17:17 - 00001078 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2012-07-28 17:12 - 2012-07-28 17:09 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Kara\Downloads\mbam-setup-1.62.0.1300.exe 2012-07-28 09:05 - 2012-07-28 09:04 - 00725440 ____A (Enigma Software Group USA, LLC.) C:\Users\Kara\Downloads\SpyHunter-Installer.exe 2012-07-28 09:02 - 2012-07-28 09:01 - 04819616 ____A (SpeedyPC Software Inc.) C:\Users\Kara\Downloads\SpeedyPC Pro Installer.exe 2012-07-28 09:00 - 2012-07-28 09:00 - 00001205 ____A C:\Users\Kara\Downloads\FixNCR.reg 2012-07-28 08:35 - 2012-07-28 08:35 - 00000369 ____A C:\Users\Kara\Desktop\exefix.reg 2012-07-28 08:34 - 2012-07-28 08:34 - 00000000 ____A C:\Users\Kara\Desktop\New Text Document (3).txt 2012-07-28 08:34 - 2012-07-28 08:30 - 00001328 ____A C:\Users\Kara\Desktop\New Text Document (2).txt 2012-07-28 08:17 - 2012-07-27 17:10 - 00019558 ____A C:\Users\Kara\Desktop\avgrep.txt 2012-07-28 08:02 - 2012-07-28 08:02 - 00061705 ____A C:\Users\Kara\How+Remove+Trojan+horse+Patched_c+LYU+Manually.htm 2012-07-27 19:30 - 2012-07-27 19:30 - 00001111 ____A C:\Users\Kara\Desktop\AVG PC Tuneup 2011.lnk 2012-07-27 19:29 - 2012-07-27 19:27 - 08351056 ____A (AVG ) C:\Users\Kara\Downloads\avg_pct_stf_all_10_27_c1.exe 2012-07-27 18:22 - 2012-07-27 18:22 - 00003304 ____N C:\bootsqm.dat 2012-07-27 17:09 - 2012-07-27 17:09 - 00149856 ____A C:\Windows\Minidump\072712-36270-01.dmp 2012-07-27 16:20 - 2012-07-27 16:20 - 00149856 ____A C:\Windows\Minidump\072712-37128-01.dmp 2012-07-27 15:22 - 2012-07-27 15:22 - 00000946 ____A C:\Users\Public\Desktop\AVG 2012.lnk 2012-07-27 13:46 - 2012-06-03 01:21 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe 2012-07-27 13:46 - 2012-06-03 01:21 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl 2012-07-27 13:45 - 2012-05-31 18:30 - 00439080 ____A C:\Windows\WindowsUpdate.log 2012-07-03 10:46 - 2012-07-28 17:17 - 00022344 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys 2012-07-02 08:32 - 2012-06-04 23:17 - 00001761 ____A C:\Users\Kara\.lmmsrc.xml 2012-06-19 21:51 - 2012-06-19 21:51 - 00020919 ____A C:\Users\Kara\Downloads\hydrocal.zip 2012-06-18 05:30 - 2012-06-17 18:01 - 00001142 ____A C:\Users\Kara\Desktop\New Text Document.txt 2012-06-07 15:56 - 2012-06-07 15:41 - 00001196 ____A C:\Users\Kara\Desktop\FrostWire 5.3.6.lnk 2012-06-07 15:51 - 2012-06-07 15:51 - 00174024 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe 2012-06-07 15:51 - 2012-06-07 15:51 - 00174024 ____A (Oracle Corporation) C:\Windows\System32\java.exe 2012-06-07 15:48 - 2012-06-07 15:47 - 00892912 ____A (Oracle Corporation) C:\Users\Kara\Downloads\jre-7u4-windows-i586-iftw.exe 2012-06-07 15:38 - 2012-06-07 15:36 - 07840560 ____A (FrostWire Team) C:\Users\Kara\Downloads\frostwire-5.3.6.windows(1).exe 2012-06-07 15:35 - 2012-06-07 15:34 - 07840560 ____A (FrostWire Team) C:\Users\Kara\Downloads\frostwire-5.3.6.windows.exe 2012-06-07 05:47 - 2012-06-07 05:46 - 06955968 ____A (Microsoft Corporation) C:\Users\Kara\Downloads\Silverlight(1).exe 2012-06-07 05:45 - 2012-06-07 05:45 - 06955968 ____A (Microsoft Corporation) C:\Users\Kara\Downloads\Silverlight.exe 2012-06-06 10:38 - 2012-06-06 10:38 - 00001786 ____A C:\Users\Public\Desktop\Mixxx.lnk 2012-06-06 10:35 - 2012-06-06 10:32 - 20031304 ____A C:\Users\Kara\Downloads\mixxx-1.10.0-win32.exe 2012-06-06 06:22 - 2012-06-06 06:22 - 00002000 ____A C:\Users\Public\Desktop\Adobe Reader X.lnk 2012-06-06 06:01 - 2012-06-06 06:01 - 01506653 ____A C:\Users\Kara\Downloads\wrar411.exe 2012-06-06 04:02 - 2012-06-06 04:02 - 00057560 ____A C:\Users\Kara\AppData\Local\GDIPFONTCACHEV1.DAT 2012-06-06 04:01 - 2012-06-06 04:01 - 00000976 ____A C:\Users\Public\Desktop\BitComet.lnk 2012-06-06 03:59 - 2012-06-06 03:58 - 09505616 ____A C:\Users\Kara\Downloads\BitComet_1.32_x86_setup.exe 2012-06-06 03:57 - 2012-06-06 03:57 - 00010731 ____A C:\Users\Kara\Downloads\ArtyTorrent_Pack_61-Ueberschall_House_Essentials_Vocals_1-WAV.4029042.TPB.torrent 2012-06-04 20:59 - 2012-06-04 20:56 - 22653670 ____A C:\Users\Kara\Downloads\lmms-0.4.13-win32.exe 2012-06-04 20:54 - 2012-06-04 20:54 - 03879712 ____A (AVG Technologies) C:\Users\Kara\Downloads\avg_free_stb_all_2012_2178_cnet(1).exe 2012-06-04 19:26 - 2012-06-04 19:26 - 00001227 ____A C:\Users\Kara\Desktop\Spybot - Search & Destroy.lnk 2012-06-04 19:24 - 2012-06-04 19:22 - 16409960 ____A (Safer Networking Limited ) C:\Users\Kara\Downloads\spybotsd162.exe 2012-06-03 23:51 - 2012-06-03 23:51 - 00149856 ____A C:\Windows\Minidump\060412-43820-01.dmp 2012-06-03 17:44 - 2012-06-03 17:44 - 00001807 ____A C:\Users\Kara\Desktop\Spotify.lnk 2012-06-03 17:41 - 2012-06-03 17:41 - 00085784 ____A (Spotify Ltd) C:\Users\Kara\Downloads\SpotifySetup.exe 2012-06-03 17:41 - 2012-06-03 17:41 - 00085784 ____A (Spotify Ltd) C:\Users\Kara\Downloads\SpotifySetup(1).exe 2012-06-02 18:31 - 2012-06-02 18:31 - 02428472 ____A (iMesh Inc. ) C:\Users\Kara\Downloads\iMeshV11.exe 2012-06-02 17:39 - 2012-06-02 17:39 - 00149856 ____A C:\Windows\Minidump\060212-47408-01.dmp 2012-06-02 16:54 - 2012-06-02 16:53 - 08351056 ____A (AVG ) C:\Users\Kara\Downloads\avg_pct_stf_all_10_27_c5(1).exe 2012-06-02 16:51 - 2012-06-02 16:51 - 08351056 ____A (AVG ) C:\Users\Kara\Downloads\avg_pct_stf_all_10_27_c5.exe 2012-05-31 19:26 - 2009-07-13 20:57 - 00025600 __ASH C:\Windows\System32\config\BCD-Template.LOG 2012-05-31 19:26 - 2009-07-13 20:52 - 00028672 ____A C:\Windows\System32\config\BCD-Template 2012-05-31 19:26 - 2008-08-14 11:27 - 00008192 _RASH C:\BOOTSECT.BAK 2012-05-31 18:33 - 2009-07-13 20:33 - 00266808 ____A C:\Windows\System32\FNTCACHE.DAT 2012-05-31 18:31 - 2012-05-31 18:27 - 00001355 ____A C:\Windows\TSSysprep.log 2012-05-31 18:30 - 2012-05-31 18:30 - 00000000 ____A C:\Windows\System32\atiicdxx.dat 2012-05-31 18:30 - 2012-05-31 18:30 - 00000000 ____A C:\Windows\ativpsrm.bin 2012-05-31 18:29 - 2012-05-31 18:29 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdFs_01_09_00.Wdf 2012-05-31 18:27 - 2009-07-13 20:34 - 00002790 ____A C:\Windows\DtcInstall.log 2012-05-31 17:26 - 2012-05-31 17:25 - 03006984 ____A C:\Users\Kara\Downloads\aresregular218_installer.exe 2012-05-31 17:22 - 2012-05-31 17:22 - 00000074 ____A C:\Users\Public\sdelevURL.tmp 2012-05-31 16:57 - 2012-05-31 16:57 - 03879712 ____A (AVG Technologies) C:\Users\Kara\Downloads\avg_free_stb_all_2012_2178_cnet.exe 2012-05-31 16:56 - 2012-05-31 16:56 - 00001099 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk 2012-05-31 16:55 - 2012-05-31 16:55 - 16339280 ____A (Mozilla) C:\Users\Kara\Downloads\Firefox Setup 12.0.exe 2012-05-31 16:48 - 2012-05-31 16:48 - 00000020 ___SH C:\Users\Kara\ntuser.ini 2012-05-31 16:47 - 2012-05-31 16:47 - 00000000 _RASH C:\win7ldr 2012-05-31 15:34 - 2012-05-31 16:47 - 00206312 _RASH C:\grldr ZeroAccess: C:\Windows\Installer\{e1c3cda2-4c7f-dbf8-e5d8-7a8df2cad91c} C:\Windows\Installer\{e1c3cda2-4c7f-dbf8-e5d8-7a8df2cad91c}\@ C:\Windows\Installer\{e1c3cda2-4c7f-dbf8-e5d8-7a8df2cad91c}\L C:\Windows\Installer\{e1c3cda2-4c7f-dbf8-e5d8-7a8df2cad91c}\U C:\Windows\Installer\{e1c3cda2-4c7f-dbf8-e5d8-7a8df2cad91c}\L\00000004.@ C:\Windows\Installer\{e1c3cda2-4c7f-dbf8-e5d8-7a8df2cad91c}\L\201d3dde C:\Windows\Installer\{e1c3cda2-4c7f-dbf8-e5d8-7a8df2cad91c}\U\00000004.@ C:\Windows\Installer\{e1c3cda2-4c7f-dbf8-e5d8-7a8df2cad91c}\U\00000008.@ C:\Windows\Installer\{e1c3cda2-4c7f-dbf8-e5d8-7a8df2cad91c}\U\000000cb.@ C:\Windows\Installer\{e1c3cda2-4c7f-dbf8-e5d8-7a8df2cad91c}\U\80000000.@ C:\Windows\Installer\{e1c3cda2-4c7f-dbf8-e5d8-7a8df2cad91c}\U\80000032.@ ZeroAccess: C:\Users\Kara\AppData\Local\{e1c3cda2-4c7f-dbf8-e5d8-7a8df2cad91c} C:\Users\Kara\AppData\Local\{e1c3cda2-4c7f-dbf8-e5d8-7a8df2cad91c}\@ C:\Users\Kara\AppData\Local\{e1c3cda2-4c7f-dbf8-e5d8-7a8df2cad91c}\L C:\Users\Kara\AppData\Local\{e1c3cda2-4c7f-dbf8-e5d8-7a8df2cad91c}\U ZeroAccess: C:\Windows\assembly\GAC\Desktop.ini ========================= Known DLLs (Whitelisted) ============ ========================= Bamital & volsnap Check ============ C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe A302BBFF2A7278C0E239EE5D471D86A9 ZeroAccess <==== ATTENTION!. C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ========================= Memory info ====================== Percentage of memory in use: 10% Total physical RAM: 4093.99 MB Available physical RAM: 3652.74 MB Total Pagefile: 4092.28 MB Available Pagefile: 3657.19 MB Total Virtual: 2047.88 MB Available Virtual: 1970.29 MB ======================= Partitions ========================= 1 Drive c: (SQ004830V03) (Fixed) (Total:288.69 GB) (Free:153.51 GB) NTFS ==>[Drive with boot components (obtained from BCD)] 2 Drive d: (TOSHIBA SYSTEM VOLUME) (Fixed) (Total:1.46 GB) (Free:1.3 GB) NTFS 3 Drive e: (THE_HANGOVER) (CDROM) (Total:7.5 GB) (Free:0 GB) UDF 4 Drive f: () (Removable) (Total:7.65 GB) (Free:7.58 GB) NTFS 5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS Disk ### Status Size Free Dyn Gpt -------- ------------- ------- ------- --- --- Disk 0 Online 298 GB 0 B Disk 1 Online 7839 MB 0 B Partitions of Disk 0: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Recovery 1500 MB 1024 KB Partition 2 Primary 288 GB 1501 MB Partition 3 Primary 8122 MB 290 GB ================================================================================== Disk: 0 Partition 1 Type : 27 Hidden: Yes Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 2 D TOSHIBA SYS NTFS Partition 1500 MB Healthy Hidden ================================================================================== Disk: 0 Partition 2 Type : 07 Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 1 C SQ004830V03 NTFS Partition 288 GB Healthy ================================================================================== Disk: 0 Partition 3 Type : 17 (Suspicious Type) Hidden: Yes Active: No There is no volume associated with this partition. ================================================================================== Partitions of Disk 1: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 7835 MB 31 KB ================================================================================== Disk: 1 Partition 1 Type : 07 Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 3 F NTFS Removable 7835 MB Healthy ================================================================================== Last Boot: 2012-07-08 13:27 ======================= End Of Log ==========================
  9. Thanks for the help, heres the log: RogueKiller V7.6.6 [08/10/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7601 Service Pack 1) 32 bits version Started in : Normal mode User: Kara [Admin rights] Mode: Scan -- Date: 08/19/2012 14:07:54 ¤¤¤ Bad processes: 0 ¤¤¤ ¤¤¤ Registry Entries: 2 ¤¤¤ [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ [ZeroAccess][FILE] @ : c:\windows\installer\{e1c3cda2-4c7f-dbf8-e5d8-7a8df2cad91c}\@ --> FOUND [ZeroAccess][FOLDER] U : c:\windows\installer\{e1c3cda2-4c7f-dbf8-e5d8-7a8df2cad91c}\U --> FOUND [ZeroAccess][FOLDER] L : c:\windows\installer\{e1c3cda2-4c7f-dbf8-e5d8-7a8df2cad91c}\L --> FOUND [ZeroAccess][FILE] @ : c:\users\kara\appdata\local\{e1c3cda2-4c7f-dbf8-e5d8-7a8df2cad91c}\@ --> FOUND [ZeroAccess][FOLDER] U : c:\users\kara\appdata\local\{e1c3cda2-4c7f-dbf8-e5d8-7a8df2cad91c}\U --> FOUND [ZeroAccess][FOLDER] L : c:\users\kara\appdata\local\{e1c3cda2-4c7f-dbf8-e5d8-7a8df2cad91c}\L --> FOUND [ZeroAccess][FILE] Desktop.ini : c:\windows\assembly\gac\desktop.ini --> FOUND [susp.ASLR][ASLR WIPED-OFF] services.exe : c:\windows\system32\services.exe --> FOUND [ZeroAccess][sig found] services.exe : c:\windows\system32\services.exe --> FOUND ¤¤¤ Driver: [LOADED] ¤¤¤ ¤¤¤ Infection : ZeroAccess|Root.MBR ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: FUJITSU MHZ2320BH G1 ATA Device +++++ --- User --- [MBR] e170a1015a771beaf8f0fe48bb30065f [bSP] a4c6be7887a9e2071ffb018efd3f21ea : Windows 7 MBR Code Partition table: 0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 295622 Mo 2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 608507904 | Size: 8122 Mo User = LL1 ... OK! User != LL2 ... KO! --- LL2 --- [MBR] 87a6f986055495c12edf224cbb509716 [bSP] a4c6be7887a9e2071ffb018efd3f21ea : Windows 7 MBR Code Partition table: 1 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo 2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 295622 Mo 3 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 608507904 | Size: 8122 Mo Finished : << RKreport[1].txt >> RKreport[1].txt
  10. So I started getting my links redirected with no proxy changes to my browser so I scanned for a virus and hey what do you know. So now I cannot figure out for the life of me how to remove them, but then agin I am a newb. Can someone please help? Everytime I use a anti-virus to remove them they come back on restart, even when I scan in safe mode after changeing their reg values. Logs: Malwarebytes log (quickscan because it finds the same trojans and I didn't save full scan log, sorry!): Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Database version: v2012.08.19.01 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 8.0.7601.17514 Kara :: KPC [administrator] 8/19/2012 9:38:43 AM mbam-log-2012-08-19 (09-38-43).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 179813 Time elapsed: 4 minute(s), 38 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 6 C:\Windows\assembly\GAC\Desktop.ini (Trojan.0access) -> Delete on reboot. C:\Windows\Installer\{e1c3cda2-4c7f-dbf8-e5d8-7a8df2cad91c}\U\00000004.@ (Rootkit.Zaccess) -> Quarantined and deleted successfully. C:\Windows\Installer\{e1c3cda2-4c7f-dbf8-e5d8-7a8df2cad91c}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully. C:\Windows\Installer\{e1c3cda2-4c7f-dbf8-e5d8-7a8df2cad91c}\U\000000cb.@ (Rootkit.0Access) -> Quarantined and deleted successfully. C:\Windows\Installer\{e1c3cda2-4c7f-dbf8-e5d8-7a8df2cad91c}\U\80000000.@ (Rootkit.0Access) -> Quarantined and deleted successfully. C:\Windows\Installer\{e1c3cda2-4c7f-dbf8-e5d8-7a8df2cad91c}\U\80000032.@ (Rootkit.0Access) -> Quarantined and deleted successfully. (end) DDS Log: . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 10.4.1 Run by Kara at 9:51:31 on 2012-08-19 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3070.1598 [GMT -5:00] . SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Windows\system32\taskhost.exe C:\Program Files\AVG\AVG2012\avgwdsvc.exe C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Froyo_Android_Driver\Bin\MonServiceUDisk.exe C:\Program Files\AVG\AVG2012\avgtray.exe C:\Users\Kara\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\WUDFHost.exe C:\Program Files\AVG\AVG2012\avgcfgex.exe C:\Windows\system32\svchost.exe -k netsvcs "C:\Windows\System32\svchost.exe" -k LocalServiceDns C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.ask.com/?l=dis&o=14196 BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat \activex\AcroIEHelperShim.dll BHO: Wincore Mediabar: {28387537-e3f9-4ed7-860c-11e69af4a8a0} - c:\progra~1\imesha~1\mediabar\datamngr\toolbar \wincoreimdtx.dll BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - c:\program files\avg\avg2012\avgdtiex.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll TB: Wincore Mediabar: {28387537-e3f9-4ed7-860c-11e69af4a8a0} - c:\progra~1\imesha~1\mediabar\datamngr\toolbar \wincoreimdtx.dll uRun: [spotify Web Helper] "c:\users\kara\appdata\roaming\spotify\data\SpotifyWebHelper.exe" uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe" mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "c:\programdata\malwarebytes\malwarebytes' anti- malware\cleanup.dll",ProcessCleanupScript mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files\avg \avg2012\avgdtiex.dll IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c: \progra~1\spybot~1\SDHelper.dll LSP: mswsock.dll DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab TCP: DhcpNameServer = 192.168.2.1 TCP: Interfaces\{041D37FA-8B15-475C-B229-179F30E2BDF1} : DhcpNameServer = 192.168.2.1 TCP: Interfaces\{041D37FA-8B15-475C-B229-179F30E2BDF1}\D696D696 : DhcpNameServer = 192.168.0.1 192.168.0.1 192.168.1.1 192.168.0.1 192.168.0.1 Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\users\kara\appdata\roaming\mozilla\firefox\profiles\gsz9u1lh.default\ FF - prefs.js: network.proxy.type - 0 FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll FF - plugin: c:\program files\oracle\javafx 2.1 runtime\bin\plugin2\npjp2.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_235.dll FF - plugin: c:\windows\system32\npDeployJava1.dll FF - plugin: c:\windows\system32\npmproxy.dll . ============= SERVICES / DRIVERS =============== . R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 24896] R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-1-31 31952] R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-2-22 235216] R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-12-23 41040] R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-4-4 63928] R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2012-2-14 193288] R2 UDisk Monitor;UDisk Monitor;c:\program files\froyo_android_driver\bin\MonServiceUDisk.exe [2012-6-8 512000] R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 139856] R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [2011-12-23 24144] R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 17232] R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows \system32\drivers\netw5v32.sys [2009-6-10 4231168] R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-6-10 139776] S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\avgidsagent.exe [2012-7-4 5160568] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888] S3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;c:\program files\bitcomet\tools\bitcometservice.exe - service --> c:\program files\bitcomet\tools\BitCometService.exe -service [?] S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2011-4-11 62464] S3 Generalusbserialser20675;USB Legacy Serial Communication 20675;c:\windows\system32\drivers\CT_U_USBSER.sys [2012-6-8 106496] S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service \maintenanceservice.exe [2012-5-31 113120] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010- 11-20 15872] S3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\Synth3dVsc.sys [2011-4-11 77184] S3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2011-4-11 25600] S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-20 52224] S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264] S3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2011-4-11 112640] . =============== Created Last 30 ================ . 2012-08-19 14:48:37 54016 ----a-w- c:\windows\system32\drivers\tiln.sys 2012-07-29 01:17:55 -------- d-----w- c:\users\kara\appdata\roaming\Malwarebytes 2012-07-29 01:17:42 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-07-29 01:17:42 -------- d-----w- c:\programdata\Malwarebytes 2012-07-29 01:17:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-07-28 17:22:35 110080 ----a-r- c:\users\kara\appdata\roaming\microsoft\installer\{cc1f6da0-21d2- 425a-b1b6-5b164a598450}\IconF7A21AF7.exe 2012-07-28 17:22:35 110080 ----a-r- c:\users\kara\appdata\roaming\microsoft\installer\{cc1f6da0-21d2- 425a-b1b6-5b164a598450}\IconD7F16134.exe 2012-07-28 17:22:35 110080 ----a-r- c:\users\kara\appdata\roaming\microsoft\installer\{cc1f6da0-21d2- 425a-b1b6-5b164a598450}\IconCF33A0CE.exe 2012-07-28 17:22:34 -------- d-----w- C:\sh4ldr 2012-07-28 17:21:52 -------- d-----w- c:\windows\CC1F6DA021D2425AB1B65B164A598450.TMP 2012-07-28 17:21:51 -------- d-----w- c:\program files\common files\Wise Installation Wizard 2012-07-28 17:04:02 -------- d-----w- c:\users\kara\appdata\roaming\SpeedyPC Software 2012-07-28 17:04:02 -------- d-----w- c:\users\kara\appdata\roaming\DriverCure 2012-07-28 17:03:53 -------- d-----w- c:\programdata\SpeedyPC Software 2012-07-28 17:03:53 -------- d-----w- c:\program files\common files\SpeedyPC Software 2012-07-28 16:02:07 -------- d-----w- c:\users\kara\How+Remove+Trojan+horse+Patched_c+LYU +Manually_files 2012-07-28 03:31:44 -------- d-----w- c:\users\kara\appdata\roaming\AVG 2012-07-27 23:23:32 -------- d-----w- c:\users\kara\appdata\roaming\AVG2012 2012-07-27 23:22:03 -------- d--h--w- C:\$AVG 2012-07-27 23:22:03 -------- d-----w- c:\windows\system32\drivers\AVG 2012-07-27 23:22:03 -------- d-----w- c:\programdata\AVG2012 2012-07-27 21:50:59 -------- d-sh--w- c:\windows\system32\%APPDATA% . ==================== Find3M ==================== . 2012-07-27 21:46:27 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-07-27 21:46:27 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-06-01 02:30:15 0 ----a-w- c:\windows\ativpsrm.bin . ============= FINISH: 9:52:21.78 =============== Attach log:. UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Ultimate Boot Device: \Device\HarddiskVolume2 Install Date: 5/31/2012 7:47:24 PM System Uptime: 8/19/2012 9:18:28 AM (0 hours ago) . Motherboard: TOSHIBA | | Portable PC Processor: Intel® Core2 Duo CPU T6400 @ 2.00GHz | CPU | 2000/800mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 289 GiB total, 153.655 GiB free. D: is CDROM (UDF) E: is Removable . ==== Disabled Device Manager Items ============= . Class GUID: Description: Base System Device Device ID: PCI\VEN_1180&DEV_0592&SUBSYS_FF1E1179&REV_12\4&22FF54F3&0&33F0 Manufacturer: Name: Base System Device PNP Device ID: PCI\VEN_1180&DEV_0592&SUBSYS_FF1E1179&REV_12\4&22FF54F3&0&33F0 Service: . Class GUID: Description: Base System Device Device ID: PCI\VEN_1180&DEV_0843&SUBSYS_FF1E1179&REV_12\4&22FF54F3&0&32F0 Manufacturer: Name: Base System Device PNP Device ID: PCI\VEN_1180&DEV_0843&SUBSYS_FF1E1179&REV_12\4&22FF54F3&0&32F0 Service: . Class GUID: Description: Device ID: ACPI\TOS1900\2&DABA3FF&2 Manufacturer: Name: PNP Device ID: ACPI\TOS1900\2&DABA3FF&2 Service: . Class GUID: Description: Base System Device Device ID: PCI\VEN_1180&DEV_0852&SUBSYS_FF1E1179&REV_12\4&22FF54F3&0&34F0 Manufacturer: Name: Base System Device PNP Device ID: PCI\VEN_1180&DEV_0852&SUBSYS_FF1E1179&REV_12\4&22FF54F3&0&34F0 Service: . Class GUID: Description: Device ID: ACPI\TOS1901\2&DABA3FF&2 Manufacturer: Name: PNP Device ID: ACPI\TOS1901\2&DABA3FF&2 Service: . ==== System Restore Points =================== . No restore point in system. . ==== Installed Programs ====================== . Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader X (10.1.3) Android USB Driver AVG 2012 AVG PC Tuneup BitComet 1.32 FrostWire 5.3.6 Java Auto Updater Java 7 Update 4 JavaFX 2.1.0 LMMS 0.4.13 Malwarebytes Anti-Malware version 1.62.0.1300 Microsoft Silverlight Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 Mixxx 1.10.0 Mozilla Firefox 14.0.1 (x86 en-US) Mozilla Maintenance Service SpeedyPC Pro Spotify Spybot - Search & Destroy SpyHunter Wincore MediaBar WinRAR 4.11 (32-bit) . ==== Event Viewer Messages From Past Week ======== . 8/19/2012 9:38:58 AM, Error: Service Control Manager [7034] - The Application Information service terminated unexpectedly. It has done this 1 time(s). 8/19/2012 9:38:58 AM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 8/19/2012 9:38:58 AM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 8/19/2012 9:38:58 AM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 8/19/2012 9:38:58 AM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 8/19/2012 9:38:58 AM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 8/19/2012 9:38:58 AM, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 8/19/2012 9:38:58 AM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 8/19/2012 9:38:58 AM, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 8/19/2012 9:38:58 AM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 8/19/2012 9:38:58 AM, Error: Service Control Manager [7031] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 8/19/2012 9:38:58 AM, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 8/19/2012 9:20:10 AM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891 8/19/2012 9:20:10 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891 8/19/2012 9:19:25 AM, Error: Service Control Manager [7000] - The Spooler service failed to start due to the following error: The system cannot find the file specified. 8/18/2012 10:57:57 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046} 8/18/2012 10:53:30 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start. 8/18/2012 10:53:30 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 8/18/2012 10:53:30 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 8/18/2012 10:53:24 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 8/18/2012 10:53:17 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Avgldx86 Avgmfx86 discache spldr Wanarpv6 8/18/2012 10:53:16 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} 8/12/2012 3:33:25 PM, Error: Service Control Manager [7043] - The Group Policy Client service did not shut down properly after receiving a preshutdown control. 8/12/2012 2:34:21 PM, Error: AeLookupSvc [1] - The Application Experience Lookup service failed to initialize. . ==== End Of File =========================== Thank you for your time.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.