eximious redirect virus

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

a23kiki23

Thread Starter
Joined
Oct 31, 2011
Messages
9
Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Starter, 32 bit
Processor: Intel(R) Atom(TM) CPU N450 @ 1.66GHz, x64 Family 6 Model 28 Stepping 10
Processor Count: 2
RAM: 1013 Mb
Graphics Card: Intel(R) Graphics Media Accelerator 3150, 256 Mb
Hard Drives: C: Total - 226080 MB, Free - 202883 MB;
Motherboard: Acer, AO532h
Antivirus: None

I have AVG running on this computer.

When I ran HJT I got the following error message:
"For some reason your system denied write access to the Hosts file. If any hijacked domains are in this file, HijackThis may NOT be able to fix this.
If that happens, you need to edit the file yourself. To do this, click Start, Run and type:
notepad C:\Windows\System32\drivers\etc\host
and press Enter. Find the line(s) HijackThis reports and delete them. Save the file as 'hosts.' (with quotes), and reboot.
For vista: simply, exit HijackThis, right click on the HijackThis icon, choose 'Run as administrator'."

Also, http://gmer.net/index.php was not loading at the time of this posting. Not sure if the site is down or not, but I couldn't access it.


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:06:45 PM, on 10/31/2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe
C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\WhatPulse\WhatPulse.exe
C:\Program Files\Acer\Acer VCM\AcerVCM.exe
C:\Users\ktolsen\AppData\Local\Google\Update\1.3.21.79\GoogleCrashHandler.exe
C:\Program Files\Evernote\Evernote\EvernoteClipper.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\system32\igfxext.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Users\ktolsen\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ktolsen\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ktolsen\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ktolsen\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ktolsen\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ktolsen\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ktolsen\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Users\ktolsen\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ktolsen\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=ao532h&r=27b51011w505l0474ww45w64l2r782
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=ao532h&r=27b51011w505l0474ww45w64l2r782
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=ao532h&r=27b51011w505l0474ww45w64l2r782
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Partner BHO Class - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
O4 - HKLM\..\Run: [EgisTecLiveUpdate] "C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe"
O4 - HKLM\..\Run: [mwlDaemon] C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NortonOnlineBackupReminder] "C:\Program Files\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Acer Assist Launcher] C:\Program Files\Acer\Acer Assist\launcher.exe
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [emsisoft anti-malware] "C:\Program Files\Emsisoft Anti-Malware\a2guard.exe" /d=60
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\ktolsen\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [WhatPulse] C:\Program Files\WhatPulse\WhatPulse.exe
O4 - Startup: EvernoteClipper.lnk = C:\Program Files\Evernote\Evernote\EvernoteClipper.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Acer VCM.lnk = ?
O8 - Extra context menu item: Add to Evernote 4.0 - res://C:\Program Files\Evernote\Evernote\EvernoteIE.dll/204
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
O9 - Extra 'Tools' menuitem: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Acer\Acer VCM\Skype4COM.dll
O23 - Service: Emsisoft Anti-Malware 6.0 - Service (a2AntiMalware) - Unknown owner - C:\Program Files\Emsisoft Anti-Malware\a2service.exe
O23 - Service: AVGIDSAgent - Unknown owner - C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe
O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files\Launch Manager\dsiwmis.exe
O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\Acer Games\Acer Game Console\GameConsoleService.exe
O23 - Service: GRegService (Greg_Service) - Acer Incorporated - C:\Program Files\Acer\Registration\GregHSRW.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: MyWinLocker Service (MWLService) - Egis Technology Inc. - C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe
O23 - Service: Partner Service - Google Inc. - C:\ProgramData\Partner\Partner.exe
O23 - Service: Raw Socket Service (RS_Service) - Acer Incorporated - C:\Program Files\Acer\Acer VCM\RS_Service.exe
O23 - Service: Updater Service - Acer - C:\Program Files\Acer\Acer Updater\UpdaterService.exe

--
End of file - 9394 bytes




.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by ktolsen at 16:56:45 on 2011-10-31
Microsoft Windows 7 Starter 6.1.7600.0.1252.1.1033.18.1013.183 [GMT -5:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\3426840871:3633233459.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Launch Manager\dsiwmis.exe
C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Acer\Registration\GregHSRW.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe
C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\WhatPulse\WhatPulse.exe
C:\Program Files\Acer\Acer VCM\AcerVCM.exe
C:\Users\ktolsen\AppData\Local\Google\Update\1.3.21.79\GoogleCrashHandler.exe
C:\Program Files\Evernote\Evernote\EvernoteClipper.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\system32\igfxext.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Users\ktolsen\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ktolsen\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ktolsen\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ktolsen\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ktolsen\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Users\ktolsen\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ktolsen\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Users\ktolsen\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\msiexec.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=ao532h&r=27b51011w505l0474ww45w64l2r782
uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=ao532h&r=27b51011w505l0474ww45w64l2r782
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=ao532h&r=27b51011w505l0474ww45w64l2r782
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Partner BHO Class: {83ff80f4-8c74-4b80-b5ba-c8ddd434e5c4} - c:\programdata\partner\Partner.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Google Update] "c:\users\ktolsen\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [WhatPulse] c:\program files\whatpulse\WhatPulse.exe
mRun: [LManager] c:\program files\launch manager\LManager.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [Acer ePower Management] c:\program files\acer\acer epower management\ePowerTray.exe
mRun: [EgisTecLiveUpdate] "c:\program files\egistec egis software update\EgisUpdate.exe"
mRun: [mwlDaemon] c:\program files\egistec\mywinlocker 3\x86\mwlDaemon.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [NortonOnlineBackupReminder] "c:\program files\symantec\norton online backup\activation\NobuActivation.exe" UNATTENDED
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Acer Assist Launcher] c:\program files\acer\acer assist\launcher.exe
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [emsisoft anti-malware] "c:\program files\emsisoft anti-malware\a2guard.exe" /d=60
StartupFolder: c:\users\ktolsen\appdata\roaming\micros~1\windows\startm~1\programs\startup\everno~1.lnk - c:\program files\evernote\evernote\EvernoteClipper.exe
StartupFolder: c:\users\ktolsen\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\acervc~1.lnk - c:\program files\acer\acer vcm\AcerVCM.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Evernote 4.0 - c:\program files\evernote\evernote\EvernoteIE.dll/204
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://c:\program files\evernote\evernote\EvernoteIE.dll/204
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: mswsock.dll
TCP: DhcpNameServer = 192.168.7.254
TCP: Interfaces\{9DC33528-B535-42ED-B067-337E18BFBF9F} : DhcpNameServer = 192.168.7.254
TCP: Interfaces\{9DC33528-B535-42ED-B067-337E18BFBF9F}\5575E45647 : DhcpNameServer = 144.92.254.254 128.104.254.254
TCP: Interfaces\{9DC33528-B535-42ED-B067-337E18BFBF9F}\94D602F6E602160226F61647 : DhcpNameServer = 24.196.64.53 68.113.206.10 24.178.162.3
TCP: Interfaces\{9DC33528-B535-42ED-B067-337E18BFBF9F}\B45667F623 : DhcpNameServer = 192.168.1.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\acer\acer vcm\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 32592]
R1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files\emsisoft anti-malware\a2ddax86.sys [2011-10-31 17904]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-7-11 229840]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]
R1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\drivers\mwlPSDFilter.sys [2009-6-2 18992]
R1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\drivers\mwlPSDNserv.sys [2009-6-2 16432]
R1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\drivers\mwlPSDVDisk.sys [2009-6-2 60976]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 DsiWMIService;Dritek WMI Service;c:\program files\launch manager\dsiwmis.exe [2010-1-8 107016]
R2 ePowerSvc;Acer ePower Service;c:\program files\acer\acer epower management\ePowerSvc.exe [2010-1-8 727584]
R2 Greg_Service;GRegService;c:\program files\acer\registration\GregHSRW.exe [2009-8-28 1150496]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134736]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-7-11 16720]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\drivers\L1C62x86.sys [2010-1-8 54784]
S2 a2AntiMalware;Emsisoft Anti-Malware 6.0 - Service;c:\program files\emsisoft anti-malware\a2service.exe [2011-10-31 3074040]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-9-12 5265248]
S2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-10-25 135664]
S2 RS_Service;Raw Socket Service;c:\program files\acer\acer vcm\RS_Service.exe [2010-1-8 253952]
S2 Updater Service;Updater Service;c:\program files\acer\acer updater\UpdaterService.exe [2010-1-8 240160]
S3 a2acc;a2acc;c:\program files\emsisoft anti-malware\a2accx86.sys [2011-10-31 51632]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 EUCR;EUCR;c:\windows\system32\drivers\EUCR6SK.sys [2010-1-8 103296]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-10-25 135664]
S3 MWLService;MyWinLocker Service;c:\program files\egistec\mywinlocker 3\x86\MWLService.exe [2009-9-10 305448]
S3 Partner Service;Partner Service;c:\programdata\partner\Partner.exe [2010-1-8 332272]
.
=============== Created Last 30 ================
.
2011-10-31 21:56:50 41680 ----a-w- c:\windows\system32\drivers\hoxbgkwk.sys
2011-10-31 21:52:25 388096 ----a-r- c:\users\ktolsen\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-10-31 21:52:25 -------- d-----w- c:\program files\Trend Micro
2011-10-31 21:40:17 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{7b9bc85c-9ab2-4667-a7fb-a40b4d681712}\offreg.dll
2011-10-31 21:21:38 -------- d-----w- c:\program files\Emsisoft Anti-Malware
2011-10-31 07:46:28 -------- d-----w- c:\users\ktolsen\appdata\roaming\TestApp
2011-10-31 07:10:36 6668624 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{7b9bc85c-9ab2-4667-a7fb-a40b4d681712}\mpengine.dll
2011-10-31 07:10:34 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-10-31 05:02:54 -------- d-----w- c:\windows\system32\SPReview
2011-10-31 05:01:31 -------- d-----w- c:\windows\system32\EventProviders
2011-10-31 04:49:46 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-10-31 04:49:28 -------- d-----w- c:\users\ktolsen\appdata\roaming\Malwarebytes
2011-10-31 04:49:12 -------- d-----w- c:\programdata\Malwarebytes
2011-10-31 04:49:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-10-30 23:59:19 48016 --sha-w- c:\windows\system32\c_43734.nl_
2011-10-27 15:31:24 -------- d-----w- C:\cb5d62e224cdaf4a97bfc586
2011-10-27 15:27:29 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2011-10-27 15:27:29 49472 ----a-w- c:\windows\system32\netfxperf.dll
2011-10-27 15:27:29 297808 ----a-w- c:\windows\system32\mscoree.dll
2011-10-27 15:27:29 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2011-10-27 15:27:29 1130824 ----a-w- c:\windows\system32\dfshim.dll
2011-10-27 14:43:10 190976 ----a-w- c:\windows\system32\drivers\ks.sys
2011-10-27 14:43:10 146304 ----a-w- c:\windows\system32\drivers\usbvideo.sys
2011-10-27 14:42:22 276992 ----a-w- c:\windows\system32\wcncsvc.dll
2011-10-27 03:55:42 280064 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\hpzppw71.dll
2011-10-27 03:22:18 739840 ----a-w- c:\windows\system32\d2d1.dll
2011-10-27 03:22:17 802304 ----a-w- c:\windows\system32\FntCache.dll
2011-10-27 03:22:17 1074176 ----a-w- c:\windows\system32\DWrite.dll
2011-10-26 18:18:40 -------- d-sh--w- c:\windows\system32\%APPDATA%
2011-10-26 18:03:34 -------- d--h--w- C:\$AVG
2011-10-26 17:58:19 -------- d-sh--w- c:\users\ktolsen\appdata\local\277141cc
2011-10-26 14:14:55 -------- d-----w- c:\users\ktolsen\appdata\roaming\WhatPulse
2011-10-26 14:14:50 -------- d-----w- c:\program files\WhatPulse
2011-10-26 11:40:23 -------- d-----w- C:\DEVICE
2011-10-26 09:41:04 204288 ----a-w- c:\windows\system32\upnp.dll
2011-10-26 09:41:01 1389568 ----a-w- c:\windows\system32\msxml6.dll
2011-10-26 09:40:58 1236992 ----a-w- c:\windows\system32\msxml3.dll
2011-10-26 09:40:57 80384 ----a-w- c:\windows\system32\davclnt.dll
2011-10-26 09:40:57 350720 ----a-w- c:\windows\system32\winhttp.dll
2011-10-26 09:40:57 204800 ----a-w- c:\windows\system32\WebClnt.dll
2011-10-26 09:40:56 73728 ----a-w- c:\windows\system32\wscsvc.dll
2011-10-26 09:40:56 51200 ----a-w- c:\windows\system32\wscapi.dll
2011-10-26 09:40:56 14336 ----a-w- c:\windows\system32\slwga.dll
2011-10-26 09:40:38 4247040 ----a-w- c:\program files\windows nt\accessories\wordpad.exe
2011-10-26 09:40:37 1413632 ----a-w- c:\windows\system32\ole32.dll
2011-10-26 09:39:00 194488 ----a-w- c:\windows\system32\drivers\fvevol.sys
2011-10-26 09:38:48 311296 ----a-w- c:\windows\system32\drivers\srv.sys
2011-10-26 09:38:45 309760 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-10-26 09:38:43 114176 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-10-26 09:38:23 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2011-10-26 09:38:14 316928 ----a-w- c:\windows\system32\spoolsv.exe
2011-10-26 09:37:56 31232 ----a-w- c:\windows\system32\prevhost.exe
2011-10-26 09:36:38 82944 ----a-w- c:\windows\system32\iccvid.dll
2011-10-26 09:36:38 197632 ----a-w- c:\windows\system32\ir32_32.dll
2011-10-26 09:36:26 132608 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-10-26 09:36:24 28672 ----a-w- c:\windows\system32\dnscacheugc.exe
2011-10-26 09:36:04 3957120 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-26 09:36:04 3902336 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-26 09:35:23 294912 ----a-w- c:\windows\system32\atmfd.dll
2011-10-26 09:35:21 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-10-26 09:34:56 285696 ----a-w- c:\windows\system32\winlogon.exe
2011-10-26 09:34:49 109056 ----a-w- c:\windows\system32\t2embed.dll
2011-10-26 09:34:44 516096 ----a-w- c:\program files\windows mail\wab.exe
2011-10-26 09:33:33 75776 ----a-w- c:\windows\system32\psisrndr.ax
2011-10-26 09:33:32 465408 ----a-w- c:\windows\system32\psisdecd.dll
2011-10-26 09:33:31 204288 ----a-w- c:\windows\system32\MSNP.ax
2011-10-26 09:33:30 72704 ----a-w- c:\windows\system32\Mpeg2Data.ax
2011-10-26 09:33:30 59904 ----a-w- c:\windows\system32\MSDvbNP.ax
2011-10-26 09:33:21 224256 ----a-w- c:\windows\system32\schannel.dll
2011-10-26 09:33:04 294912 ----a-w- c:\windows\system32\umpnpmgr.dll
2011-10-26 09:32:44 749056 ----a-w- c:\windows\system32\schedsvc.dll
2011-10-26 09:32:43 496128 ----a-w- c:\windows\system32\taskschd.dll
2011-10-26 09:32:42 351232 ----a-w- c:\windows\system32\wmicmiplugin.dll
2011-10-26 09:32:42 305152 ----a-w- c:\windows\system32\taskcomp.dll
2011-10-26 09:32:42 192000 ----a-w- c:\windows\system32\taskeng.exe
2011-10-26 09:32:41 179712 ----a-w- c:\windows\system32\schtasks.exe
2011-10-26 09:32:22 133720 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2011-10-26 09:32:22 1037312 ----a-w- c:\windows\system32\lsasrv.dll
2011-10-26 09:32:15 37376 ----a-w- c:\windows\system32\rtutils.dll
2011-10-26 09:32:02 1619968 ----a-w- c:\program files\windows mail\msoe.dll
2011-10-26 09:31:46 541184 ----a-w- c:\windows\system32\kerberos.dll
2011-10-26 09:31:28 222720 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-10-26 09:31:25 96256 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-10-26 09:31:25 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-10-26 09:31:11 571904 ----a-w- c:\windows\system32\oleaut32.dll
2011-10-26 09:31:11 233472 ----a-w- c:\windows\system32\oleacc.dll
2011-10-26 09:30:39 573440 ----a-w- c:\windows\system32\odbc32.dll
2011-10-26 09:30:35 987136 ----a-w- c:\program files\common files\system\ado\msado15.dll
2011-10-26 09:30:34 372736 ----a-w- c:\program files\common files\system\ado\msadox.dll
2011-10-26 09:30:33 352256 ----a-w- c:\program files\common files\system\ado\msadomd.dll
2011-10-26 09:30:33 208896 ----a-w- c:\program files\common files\system\msadc\msadco.dll
2011-10-26 09:30:03 2048 ----a-w- c:\windows\system32\tzres.dll
2011-10-26 09:27:54 78336 ----a-w- c:\windows\system32\drivers\dfsc.sys
2011-10-26 09:27:41 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-10-26 09:27:23 740864 ----a-w- c:\windows\system32\inetcomm.dll
2011-10-26 09:27:12 67584 ----a-w- c:\windows\system32\asycfilt.dll
2011-10-26 09:27:02 530432 ----a-w- c:\windows\system32\comctl32.dll
2011-10-26 09:26:53 954752 ----a-w- c:\windows\system32\mfc40.dll
2011-10-26 09:26:53 954288 ----a-w- c:\windows\system32\mfc40u.dll
2011-10-26 09:26:42 2332672 ----a-w- c:\windows\system32\win32k.sys
2011-10-26 09:24:50 1401856 ----a-w- c:\windows\system32\mssrch.dll
2011-10-26 09:24:49 1553920 ----a-w- c:\windows\system32\tquery.dll
2011-10-26 09:24:44 666624 ----a-w- c:\windows\system32\mssvp.dll
2011-10-26 09:24:44 428032 ----a-w- c:\windows\system32\SearchIndexer.exe
2011-10-26 09:24:43 337408 ----a-w- c:\windows\system32\mssph.dll
2011-10-26 09:24:42 197120 ----a-w- c:\windows\system32\mssphtb.dll
2011-10-26 09:24:42 164352 ----a-w- c:\windows\system32\SearchProtocolHost.exe
2011-10-26 09:24:41 86528 ----a-w- c:\windows\system32\SearchFilterHost.exe
2011-10-26 09:24:41 59392 ----a-w- c:\windows\system32\msscntrs.dll
2011-10-26 09:24:23 191488 ----a-w- c:\windows\system32\FXSCOVER.exe
2011-10-26 09:24:12 70656 ----a-w- c:\windows\system32\fontsub.dll
2011-10-26 09:24:05 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-10-26 09:22:41 2614784 ----a-w- c:\windows\explorer.exe
2011-10-26 09:22:30 314368 ----a-w- c:\windows\system32\webio.dll
2011-10-26 09:18:08 86016 ----a-w- c:\windows\system32\odbccu32.dll
2011-10-26 09:18:08 81920 ----a-w- c:\windows\system32\odbccr32.dll
2011-10-26 09:18:08 319488 ----a-w- c:\windows\system32\odbcjt32.dll
2011-10-26 09:18:08 122880 ----a-w- c:\windows\system32\odbccp32.dll
2011-10-26 09:18:07 94208 ----a-w- c:\program files\common files\system\ole db\msdaosp.dll
2011-10-26 09:18:06 163840 ----a-w- c:\windows\system32\odbctrac.dll
2011-10-26 09:16:55 1289536 ----a-w- c:\windows\system32\ntdll.dll
2011-10-26 09:16:38 168448 ----a-w- c:\windows\system32\srvsvc.dll
2011-10-26 09:16:27 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2011-10-26 09:16:04 1170944 ----a-w- c:\windows\system32\d3d10warp.dll
2011-10-26 09:16:01 3181568 ----a-w- c:\windows\system32\mf.dll
2011-10-26 09:15:56 1619456 ----a-w- c:\windows\system32\WMVDECOD.DLL
2011-10-26 09:15:55 218624 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-10-26 09:15:55 196608 ----a-w- c:\windows\system32\mfreadwrite.dll
2011-10-26 09:15:55 1495040 ----a-w- c:\windows\system32\ExplorerFrame.dll
2011-10-26 09:15:54 135168 ----a-w- c:\windows\system32\XpsRasterService.dll
2011-10-26 09:15:21 101760 ----a-w- c:\windows\system32\consent.exe
2011-10-26 09:14:52 369152 ----a-w- c:\windows\system32\secproc.dll
2011-10-26 09:14:52 365568 ----a-w- c:\windows\system32\secproc_isv.dll
2011-10-26 09:14:36 85504 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2011-10-26 09:14:36 324608 ----a-w- c:\windows\system32\RMActivate_isv.exe
2011-10-26 09:14:36 320512 ----a-w- c:\windows\system32\RMActivate.exe
2011-10-26 09:14:35 85504 ----a-w- c:\windows\system32\secproc_ssp.dll
2011-10-26 09:14:30 280064 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2011-10-26 09:14:30 277504 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2011-10-26 09:14:07 1137664 ----a-w- c:\windows\system32\mfc42.dll
2011-10-26 09:14:05 1164288 ----a-w- c:\windows\system32\mfc42u.dll
2011-10-26 09:12:54 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
2011-10-26 09:12:41 363520 ----a-w- c:\windows\system32\StructuredQuery.dll
2011-10-26 09:12:12 123904 ----a-w- c:\windows\system32\poqexec.exe
2011-10-26 09:11:58 26496 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-10-26 08:22:33 728448 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2011-10-26 08:22:30 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2011-10-26 08:22:29 107520 ----a-w- c:\windows\system32\cdd.dll
2011-10-26 00:19:02 -------- d-----w- c:\windows\NAPP_Dism_Log
2011-10-25 23:26:10 -------- d-----w- c:\windows\system32\Lang
2011-10-25 23:26:09 1002008 ----a-w- c:\windows\system32\igxpun.exe
2011-10-25 22:49:34 -------- d-----r- c:\program files\Skype
2011-10-25 22:40:05 -------- d-----w- c:\users\ktolsen\appdata\local\Evernote
2011-10-25 22:39:25 -------- d-----w- c:\program files\Evernote
2011-10-25 22:34:00 -------- d-----w- c:\users\ktolsen\appdata\roaming\AVG2012
2011-10-25 22:31:53 -------- d-----w- c:\windows\system32\drivers\AVG
2011-10-25 22:31:53 -------- d-----w- c:\programdata\AVG2012
2011-10-25 22:30:35 -------- d-----w- c:\program files\AVG
2011-10-25 22:24:32 -------- d--h--w- c:\programdata\Common Files
2011-10-25 22:24:12 -------- d-----w- c:\programdata\MFAData
2011-10-25 22:16:26 -------- d-----w- c:\users\ktolsen\appdata\local\Apps
2011-10-25 22:16:24 -------- d-----w- c:\users\ktolsen\appdata\local\Deployment
2011-10-25 22:12:12 -------- d-----w- c:\users\ktolsen\appdata\local\Google
2011-10-25 21:51:11 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2011-10-25 21:50:25 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2011-10-25 21:49:14 -------- d-----w- c:\program files\Microsoft
2011-10-25 21:48:48 -------- d-----w- c:\program files\Windows Live SkyDrive
2011-10-25 21:47:46 74520 ----a-w- c:\program files\common files\windows live\.cache\bb4d28591cc935f\DSETUP.dll
2011-10-25 21:47:46 484632 ----a-w- c:\program files\common files\windows live\.cache\bb4d28591cc935f\DXSETUP.exe
2011-10-25 21:47:46 1670936 ----a-w- c:\program files\common files\windows live\.cache\bb4d28591cc935f\dsetup32.dll
2011-10-25 21:46:46 141402440 ----a-w- c:\program files\common files\windows live\.cache\wlc5977.tmp
2011-10-25 21:46:16 -------- d-----w- c:\program files\common files\Windows Live
2011-10-25 21:44:35 106496 ----a-w- c:\windows\FixUVC.exe
2011-10-25 21:42:45 -------- d-----w- c:\program files\Synaptics
2011-10-25 21:39:13 -------- d---a-w- C:\book
2011-10-25 21:39:13 -------- d-----w- c:\programdata\McQcModifier-5c47-a7b0
2011-10-25 21:39:09 -------- d-----w- c:\users\ktolsen\appdata\roaming\Acer
2011-10-25 21:38:56 -------- d-----w- c:\users\ktolsen\appdata\local\EgisTec
2011-10-25 21:36:29 -------- d-----w- c:\program files\OEM
2011-10-25 21:36:16 -------- d-----w- c:\programdata\OEM_E471269A730D
2011-10-25 21:36:07 172032 ----a-w- c:\windows\system32\wintrust.dll
2011-10-25 21:36:05 132608 ----a-w- c:\windows\system32\cabview.dll
.
==================== Find3M ====================
.
2011-10-25 23:26:43 6 ----a-w- c:\windows\system32\PLD_Framework.cmd
2011-09-13 11:30:10 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
.
============= FINISH: 16:59:36.69 ===============




.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Starter
Boot Device: \Device\HarddiskVolume2
Install Date: 10/25/2011 4:32:36 PM
System Uptime: 10/31/2011 4:37:13 PM (0 hours ago)
.
Motherboard: Acer | | AO532h
Processor: Intel(R) Atom(TM) CPU N450 @ 1.66GHz | CPU | 999/667mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 221 GiB total, 198.137 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP15: 10/31/2011 12:02:32 AM - Windows 7 Service Pack 1
RP16: 10/31/2011 2:09:53 AM - Windows Update
RP18: 10/31/2011 2:23:22 AM - Windows Defender Checkpoint
RP19: 10/31/2011 2:51:38 AM - Windows Modules Installer
RP20: 10/31/2011 4:51:30 PM - Installed HiJackThis
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
2007 Microsoft Office Suite Service Pack 2 (SP2)
Acer Assist
Acer Crystal Eye webcam Ver:1.1.121.1113
Acer ePower Management
Acer eRecovery Management
Acer Games
Acer Registration
Acer ScreenSaver
Acer Updater
Acer VCM
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 9.1 MUI
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
AVG 2012
Compatibility Pack for the 2007 Office system
eBay Worldwide
Emsisoft Anti-Malware
eSobi v2
Evernote v. 4.5.1
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
HiJackThis
Identity Card
Intel(R) Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
Junk Mail filter update
Launch Manager
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
MSVCRT
MyWinLocker
Norton Online Backup
Realtek High Definition Audio Driver
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2553074)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft Office Excel 2007 (KB2553073)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Skype™ 5.5
Synaptics Pointing Device Driver
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Welcome Center
WhatPulse 1.7
Windows Driver Package - ENE (EUCR) USB (11/23/2009 5.89.0.62)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
.
==== Event Viewer Messages From Past Week ========
.
10/31/2011 9:49:11 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.
10/31/2011 4:40:06 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect.
10/31/2011 4:39:11 PM, Error: Service Control Manager [7000] - The Emsisoft Anti-Malware 6.0 - Service service failed to start due to the following error: Access is denied.
10/31/2011 4:37:56 PM, Error: Service Control Manager [7000] - The AVGIDSAgent service failed to start due to the following error: Access is denied.
10/31/2011 4:37:55 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Updater Service service to connect.
10/31/2011 4:37:55 PM, Error: Service Control Manager [7000] - The Updater Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/31/2011 4:37:40 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Raw Socket Service service to connect.
10/31/2011 4:37:40 PM, Error: Service Control Manager [7000] - The Raw Socket Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/31/2011 4:37:39 PM, Error: Service Control Manager [7000] - The AVG WatchDog service failed to start due to the following error: Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
10/31/2011 4:34:31 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
10/31/2011 4:34:31 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
10/31/2011 4:34:31 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
10/31/2011 4:34:30 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
10/31/2011 4:34:30 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
10/31/2011 4:34:29 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
10/31/2011 4:34:23 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
10/31/2011 4:34:17 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Avgldx86 Avgmfx86 Avgtdix DfsC discache mwlPSDFilter mwlPSDNServ mwlPSDVDisk NetBIOS NetBT nsiproxy Psched rdbss spldr Tcpip tdx vwififlt Wanarpv6 WfpLwf
10/31/2011 4:34:17 PM, Error: Service Control Manager [7001] - The TCP/IP Registry Compatibility service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
10/31/2011 4:34:17 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
10/31/2011 4:34:17 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
10/31/2011 4:34:17 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
10/31/2011 4:34:17 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
10/31/2011 4:34:17 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
10/31/2011 4:34:16 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
10/31/2011 4:34:16 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
10/31/2011 4:34:16 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
10/31/2011 4:34:16 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
10/31/2011 4:34:16 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
10/31/2011 4:28:59 PM, Error: Service Control Manager [7031] - The Emsisoft Anti-Malware 6.0 - Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
10/31/2011 3:16:31 AM, Error: Service Control Manager [7034] - The ThreatFire service terminated unexpectedly. It has done this 1 time(s).
10/31/2011 3:16:18 AM, Error: Service Control Manager [7030] - The ThreatFire service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
10/31/2011 2:50:57 PM, Error: Service Control Manager [7000] - The ThreatFire service failed to start due to the following error: Access is denied.
10/31/2011 1:36:53 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
10/31/2011 1:13:09 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Windows 7 (KB982018).
10/31/2011 1:13:09 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Windows 7 (KB2529073).
10/31/2011 1:13:09 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Windows 7 (KB2492386).
10/31/2011 1:13:09 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Windows 7 (KB2532531).
10/31/2011 1:08:13 AM, Error: Service Control Manager [7001] - The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error: The dependency service or group failed to start.
10/30/2011 8:46:19 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0xa607d7b0, 0x00000002, 0x00000000, 0x81eac6fd). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 103011-24382-01.
10/30/2011 8:34:48 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0xa4c16800, 0x00000002, 0x00000000, 0x81ea56fd). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 103011-24180-01.
10/30/2011 11:34:18 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0816: Update for Windows 7 (KB982018).
10/30/2011 11:34:18 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0816: Update for Windows 7 (KB2529073).
10/30/2011 11:34:18 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0816: Update for Windows 7 (KB2492386).
10/30/2011 11:34:18 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0816: Security Update for Windows 7 (KB2532531).
10/28/2011 11:24:11 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0xc1d8e008, 0x00000002, 0x00000000, 0x81e7b6fd). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 102811-47861-01.
10/28/2011 10:22:10 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Visual C++ 2008 Service Pack 1 Redistributable Package (KB2538243).
10/27/2011 4:00:34 PM, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{9DC33528-B535-42ED-B067-337E18BFBF9F} because another computer on the network has the same name. The server could not start.
10/27/2011 11:38:36 AM, Error: Service Control Manager [7023] -
10/27/2011 11:35:25 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the avgwd service.
10/26/2011 12:59:02 PM, Error: Service Control Manager [7034] - The AVGIDSAgent service terminated unexpectedly. It has done this 1 time(s).
10/25/2011 6:25:24 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom
10/25/2011 6:03:19 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the mcmscsvc service.
10/25/2011 6:03:19 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.
10/25/2011 10:40:24 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
.
==== End Of File ===========================
 

a23kiki23

Thread Starter
Joined
Oct 31, 2011
Messages
9
Anytime I search using google I am redirected to other sites, predominantly eximious search or something like that. I have tried running AVG and Emsisoft, however, neither of them have found anything on the computer.
 

kevinf80

Kevin
Malware Specialist
Joined
Mar 21, 2006
Messages
11,470
Do the following :-

Delete any versions of Combofix that you may have on your Desktop, download a fresh copy from either of the following links :-

Link 1
Link 2

  • Ensure that Combofix is saved directly to the Desktop <--- Very important

    Before saving Combofix to the Desktop re-name to Gotcha.exe as below:



  • Disable all security programs as they will have a negative effect on Combofix, instructions available Here if required. Be aware the list may not have all programs listed, if you need more help please ask.
  • Close any open browsers and any other programs you might have running
  • Double click the
    icon to run the tool (Vista or Windows 7 users right click and select "Run as Administrator)
  • Instructions for running Combofix available Here if required.
  • If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?" Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
  • When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" for further review

****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read Here why disabling autoruns is recommended.

*EXTRA NOTES*
  • If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
  • If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
  • If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

Post the log in next reply please...

Kevin
 

a23kiki23

Thread Starter
Joined
Oct 31, 2011
Messages
9
ComboFix 11-10-30.04 - ktolsen 10/31/2011 20:33:34.1.2 - x86
Microsoft Windows 7 Starter 6.1.7600.0.1252.1.1033.18.1013.438 [GMT -5:00]
Running from: c:\users\ktolsen\Desktop\Gotcha.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\$NtUninstallKB39234$\4184926521
c:\windows\$NtUninstallKB39234$\661733836\@
c:\windows\$NtUninstallKB39234$\661733836\L\xadqgnnk
c:\windows\$NtUninstallKB39234$\661733836\loader.tlb
c:\windows\$NtUninstallKB39234$\661733836\U\@00000001
c:\windows\$NtUninstallKB39234$\661733836\U\@000000c0
c:\windows\$NtUninstallKB39234$\661733836\U\@000000cb
c:\windows\$NtUninstallKB39234$\661733836\U\@000000cf
c:\windows\$NtUninstallKB39234$\661733836\U\@80000000
c:\windows\$NtUninstallKB39234$\661733836\U\@800000c0
c:\windows\$NtUninstallKB39234$\661733836\U\@800000cb
c:\windows\$NtUninstallKB39234$\661733836\U\@800000cf
c:\windows\system32\c_43734.nls
c:\windows\$NtUninstallKB39234$ . . . . Failed to delete
.
Infected copy of c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe was found and disinfected
Restored copy from - c:\windows\winsxs\x86_netfx-mscorsvw_exe_b03f5f7f11d50a3a_6.1.7600.16385_none_f47d7472a4c4e67e\mscorsvw.exe
.
Infected copy of c:\program files\AVG\AVG2012\avgwdsvc.exe was found and disinfected
Restored copy from - c:\program files\AVG\AVG2012\
.
Infected copy of c:\program files\Launch Manager\dsiwmis.exe was found and disinfected
Restored copy from - c:\program files\Launch Manager\
.
c:\program files\Acer\Acer ePower Management\ePowerSvc.exe . . . is infected!!
c:\program files\Acer\Acer ePower Management\ePowerSvc.exe . . . was deleted!! You should re-install the program it pertains to
.
Infected copy of c:\program files\Acer\Registration\GregHSRW.exe was found and disinfected
Restored copy from - c:\program files\Acer\Registration\
.
Infected copy of c:\program files\Google\Update\GoogleUpdate.exe was found and disinfected
Restored copy from - c:\program files\Google\Update\
.
Infected copy of c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe was found and disinfected
Restored copy from - c:\program files\Intel\Intel Matrix Storage Manager\
.
Infected copy of c:\program files\Acer\Acer VCM\RS_Service.exe was found and disinfected
Restored copy from - c:\program files\Acer\Acer VCM\
.
Infected copy of c:\program files\Acer\Acer Updater\UpdaterService.exe was found and disinfected
Restored copy from - c:\program files\Acer\Acer Updater\
.
.
((((((((((((((((((((((((( Files Created from 2011-10-01 to 2011-11-01 )))))))))))))))))))))))))))))))
.
.
2011-11-01 01:50 . 2011-11-01 01:50 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-01 01:35 . 2011-11-01 01:35 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7B9BC85C-9AB2-4667-A7FB-A40B4D681712}\offreg.dll
2011-11-01 01:29 . 2011-04-25 02:35 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2011-10-31 21:52 . 2011-10-31 21:52 -------- d-----w- c:\program files\Trend Micro
2011-10-31 21:21 . 2011-10-31 21:25 -------- d-----w- c:\program files\Emsisoft Anti-Malware
2011-10-31 07:10 . 2011-10-18 07:28 6668624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7B9BC85C-9AB2-4667-A7FB-A40B4D681712}\mpengine.dll
2011-10-31 07:10 . 2011-05-25 00:14 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-10-31 05:02 . 2011-10-31 05:02 -------- d-----w- c:\windows\system32\SPReview
2011-10-31 05:01 . 2011-10-31 05:01 -------- d-----w- c:\windows\system32\EventProviders
2011-10-31 04:49 . 2011-10-31 07:38 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-10-31 04:49 . 2011-10-31 04:49 -------- d-----w- c:\programdata\Malwarebytes
2011-10-31 04:49 . 2011-10-31 07:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-10-30 23:59 . 2011-10-31 21:34 48016 --sha-w- c:\windows\system32\c_43734.nl_
2011-10-27 15:31 . 2011-10-27 15:36 -------- d-----w- C:\cb5d62e224cdaf4a97bfc586
2011-10-27 15:27 . 2009-11-25 17:47 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2011-10-27 15:27 . 2009-11-25 17:47 49472 ----a-w- c:\windows\system32\netfxperf.dll
2011-10-27 15:27 . 2009-11-25 17:47 297808 ----a-w- c:\windows\system32\mscoree.dll
2011-10-27 15:27 . 2009-11-25 17:47 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2011-10-27 15:27 . 2009-11-25 17:47 1130824 ----a-w- c:\windows\system32\dfshim.dll
2011-10-27 14:55 . 2011-10-27 14:55 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2011-10-27 14:43 . 2010-03-04 04:04 146304 ----a-w- c:\windows\system32\drivers\usbvideo.sys
2011-10-27 14:43 . 2010-03-04 03:57 190976 ----a-w- c:\windows\system32\drivers\ks.sys
2011-10-27 14:42 . 2010-09-14 06:07 276992 ----a-w- c:\windows\system32\wcncsvc.dll
2011-10-27 03:55 . 2011-10-27 03:55 -------- d-----w- c:\programdata\Hewlett-Packard
2011-10-27 03:55 . 2009-07-14 01:15 280064 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpzppw71.dll
2011-10-27 03:22 . 2011-02-19 05:32 739840 ----a-w- c:\windows\system32\d2d1.dll
2011-10-27 03:22 . 2011-02-19 05:33 802304 ----a-w- c:\windows\system32\FntCache.dll
2011-10-27 03:22 . 2011-02-19 05:32 1074176 ----a-w- c:\windows\system32\DWrite.dll
2011-10-26 18:18 . 2011-10-26 18:18 -------- d-sh--w- c:\windows\system32\%APPDATA%
2011-10-26 18:03 . 2011-10-26 18:03 -------- d-----w- C:\$AVG
2011-10-26 14:14 . 2011-10-26 14:15 -------- d-----w- c:\program files\WhatPulse
2011-10-26 11:40 . 2011-10-26 11:40 -------- d-----w- C:\DEVICE
2011-10-26 09:41 . 2010-12-21 05:38 204288 ----a-w- c:\windows\system32\upnp.dll
2011-10-26 09:41 . 2010-12-21 05:36 1389568 ----a-w- c:\windows\system32\msxml6.dll
2011-10-26 09:40 . 2010-12-21 05:36 1236992 ----a-w- c:\windows\system32\msxml3.dll
2011-10-26 09:40 . 2010-12-21 05:38 350720 ----a-w- c:\windows\system32\winhttp.dll
2011-10-26 09:40 . 2010-12-21 05:38 204800 ----a-w- c:\windows\system32\WebClnt.dll
2011-10-26 09:40 . 2010-12-21 05:34 80384 ----a-w- c:\windows\system32\davclnt.dll
2011-10-26 09:40 . 2010-12-21 05:38 73728 ----a-w- c:\windows\system32\wscsvc.dll
2011-10-26 09:40 . 2010-12-21 05:38 51200 ----a-w- c:\windows\system32\wscapi.dll
2011-10-26 09:40 . 2010-12-21 05:38 14336 ----a-w- c:\windows\system32\slwga.dll
2011-10-26 09:40 . 2010-06-29 04:57 4247040 ----a-w- c:\program files\Windows NT\Accessories\wordpad.exe
2011-10-26 09:40 . 2010-06-29 05:02 1413632 ----a-w- c:\windows\system32\ole32.dll
2011-10-26 09:39 . 2009-09-26 05:58 194488 ----a-w- c:\windows\system32\drivers\fvevol.sys
2011-10-26 09:38 . 2011-04-29 02:57 311296 ----a-w- c:\windows\system32\drivers\srv.sys
2011-10-26 09:38 . 2011-04-29 02:57 309760 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-10-26 09:38 . 2011-04-29 02:57 114176 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-10-26 09:38 . 2010-08-21 05:32 316928 ----a-w- c:\windows\system32\spoolsv.exe
2011-10-26 09:37 . 2011-02-18 05:33 31232 ----a-w- c:\windows\system32\prevhost.exe
2011-10-26 09:36 . 2010-07-29 06:30 197632 ----a-w- c:\windows\system32\ir32_32.dll
2011-10-26 09:36 . 2010-07-29 06:30 82944 ----a-w- c:\windows\system32\iccvid.dll
2011-10-26 09:36 . 2011-03-03 05:29 132608 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-10-26 09:36 . 2011-03-03 05:27 28672 ----a-w- c:\windows\system32\dnscacheugc.exe
2011-10-26 09:36 . 2011-06-23 04:38 3957120 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-26 09:36 . 2011-06-23 04:38 3902336 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-26 09:35 . 2011-02-19 03:37 294912 ----a-w- c:\windows\system32\atmfd.dll
2011-10-26 09:35 . 2011-02-19 05:32 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-10-26 09:34 . 2009-10-28 06:17 285696 ----a-w- c:\windows\system32\winlogon.exe
2011-10-26 09:34 . 2010-08-26 04:39 109056 ----a-w- c:\windows\system32\t2embed.dll
2011-10-26 09:34 . 2010-10-12 04:25 516096 ----a-w- c:\program files\Windows Mail\wab.exe
2011-10-26 09:33 . 2011-08-17 04:22 75776 ----a-w- c:\windows\system32\psisrndr.ax
2011-10-26 09:33 . 2011-08-17 04:26 465408 ----a-w- c:\windows\system32\psisdecd.dll
2011-10-26 09:33 . 2011-08-17 04:22 204288 ----a-w- c:\windows\system32\MSNP.ax
2011-10-26 09:33 . 2011-08-17 04:22 72704 ----a-w- c:\windows\system32\Mpeg2Data.ax
2011-10-26 09:33 . 2011-08-17 04:22 59904 ----a-w- c:\windows\system32\MSDvbNP.ax
2011-10-26 09:33 . 2010-08-21 05:36 224256 ----a-w- c:\windows\system32\schannel.dll
2011-10-26 09:33 . 2011-05-24 10:35 294912 ----a-w- c:\windows\system32\umpnpmgr.dll
2011-10-26 09:32 . 2010-11-02 04:39 749056 ----a-w- c:\windows\system32\schedsvc.dll
2011-10-26 09:32 . 2010-11-02 04:40 496128 ----a-w- c:\windows\system32\taskschd.dll
2011-10-26 09:32 . 2010-11-02 04:41 351232 ----a-w- c:\windows\system32\wmicmiplugin.dll
2011-10-26 09:32 . 2010-11-02 04:40 305152 ----a-w- c:\windows\system32\taskcomp.dll
2011-10-26 09:32 . 2010-11-02 04:34 192000 ----a-w- c:\windows\system32\taskeng.exe
2011-10-26 09:32 . 2010-11-02 04:34 179712 ----a-w- c:\windows\system32\schtasks.exe
2011-10-26 09:32 . 2009-12-11 07:44 133720 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2011-10-26 09:32 . 2009-12-11 07:38 1037312 ----a-w- c:\windows\system32\lsasrv.dll
2011-10-26 09:32 . 2010-06-19 06:23 37376 ----a-w- c:\windows\system32\rtutils.dll
2011-10-26 09:32 . 2010-03-04 07:33 1619968 ----a-w- c:\program files\Windows Mail\msoe.dll
2011-10-26 09:31 . 2010-12-18 05:29 541184 ----a-w- c:\windows\system32\kerberos.dll
2011-10-26 09:31 . 2011-07-09 02:26 222720 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-10-26 09:31 . 2011-05-04 02:43 96256 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-10-26 09:31 . 2011-05-04 02:43 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-10-26 09:31 . 2011-08-27 04:43 571904 ----a-w- c:\windows\system32\oleaut32.dll
2011-10-26 09:31 . 2011-08-27 04:43 233472 ----a-w- c:\windows\system32\oleacc.dll
2011-10-26 09:30 . 2010-10-16 04:34 573440 ----a-w- c:\windows\system32\odbc32.dll
2011-10-26 09:30 . 2010-10-16 04:33 987136 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2011-10-26 09:30 . 2010-10-16 04:33 372736 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
2011-10-26 09:30 . 2010-10-16 04:33 352256 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll
2011-10-26 09:30 . 2010-10-16 04:33 208896 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll
2011-10-26 09:30 . 2011-07-09 04:30 2048 ----a-w- c:\windows\system32\tzres.dll
2011-10-26 09:27 . 2011-04-27 02:33 78336 ----a-w- c:\windows\system32\drivers\dfsc.sys
2011-10-26 09:27 . 2011-06-21 05:39 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-10-26 09:27 . 2011-05-03 04:50 740864 ----a-w- c:\windows\system32\inetcomm.dll
2011-10-26 09:27 . 2010-03-05 07:42 67584 ----a-w- c:\windows\system32\asycfilt.dll
2011-10-26 09:27 . 2010-08-21 05:33 530432 ----a-w- c:\windows\system32\comctl32.dll
2011-10-26 09:26 . 2010-08-31 04:32 954752 ----a-w- c:\windows\system32\mfc40.dll
2011-10-26 09:26 . 2010-08-31 04:32 954288 ----a-w- c:\windows\system32\mfc40u.dll
2011-10-26 09:26 . 2011-09-06 02:38 2332672 ----a-w- c:\windows\system32\win32k.sys
2011-10-26 09:24 . 2011-05-04 04:52 1401856 ----a-w- c:\windows\system32\mssrch.dll
2011-10-26 09:24 . 2011-05-04 04:53 1553920 ----a-w- c:\windows\system32\tquery.dll
2011-10-26 09:24 . 2011-05-04 04:52 666624 ----a-w- c:\windows\system32\mssvp.dll
2011-10-26 09:24 . 2011-05-04 04:52 428032 ----a-w- c:\windows\system32\SearchIndexer.exe
2011-10-26 09:24 . 2011-05-04 04:52 337408 ----a-w- c:\windows\system32\mssph.dll
2011-10-26 09:24 . 2011-05-04 04:52 197120 ----a-w- c:\windows\system32\mssphtb.dll
2011-10-26 09:24 . 2011-05-04 04:52 164352 ----a-w- c:\windows\system32\SearchProtocolHost.exe
2011-10-26 09:24 . 2011-05-04 04:52 59392 ----a-w- c:\windows\system32\msscntrs.dll
2011-10-26 09:24 . 2011-05-04 04:52 86528 ----a-w- c:\windows\system32\SearchFilterHost.exe
2011-10-26 09:24 . 2011-02-12 05:30 191488 ----a-w- c:\windows\system32\FXSCOVER.exe
2011-10-26 09:24 . 2009-10-19 14:10 70656 ----a-w- c:\windows\system32\fontsub.dll
2011-10-26 09:24 . 2011-02-24 05:32 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-10-26 09:22 . 2011-02-26 05:33 2614784 ----a-w- c:\windows\explorer.exe
2011-10-26 09:22 . 2010-10-16 04:36 314368 ----a-w- c:\windows\system32\webio.dll
2011-10-26 09:18 . 2011-06-15 09:04 86016 ----a-w- c:\windows\system32\odbccu32.dll
2011-10-26 09:18 . 2011-06-15 09:04 81920 ----a-w- c:\windows\system32\odbccr32.dll
2011-10-26 09:18 . 2011-06-15 09:04 319488 ----a-w- c:\windows\system32\odbcjt32.dll
2011-10-26 09:18 . 2011-06-15 09:04 122880 ----a-w- c:\windows\system32\odbccp32.dll
2011-10-26 09:18 . 2011-06-15 09:04 94208 ----a-w- c:\program files\Common Files\System\Ole DB\msdaosp.dll
2011-10-26 09:18 . 2011-06-15 09:04 163840 ----a-w- c:\windows\system32\odbctrac.dll
2011-10-26 09:16 . 2010-10-27 04:40 1289536 ----a-w- c:\windows\system32\ntdll.dll
2011-10-26 09:16 . 2010-08-27 05:46 168448 ----a-w- c:\windows\system32\srvsvc.dll
2011-10-26 09:16 . 2011-01-17 05:38 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2011-10-26 09:16 . 2010-11-02 04:35 1170944 ----a-w- c:\windows\system32\d3d10warp.dll
2011-10-26 09:16 . 2010-05-23 10:11 3181568 ----a-w- c:\windows\system32\mf.dll
2011-10-26 09:15 . 2010-05-23 10:15 1619456 ----a-w- c:\windows\system32\WMVDECOD.DLL
2011-10-26 09:15 . 2010-11-02 04:35 218624 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-10-26 09:15 . 2010-06-26 05:14 1495040 ----a-w- c:\windows\system32\ExplorerFrame.dll
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-25 23:26 . 2010-01-09 01:42 6 ----a-w- c:\windows\system32\PLD_Framework.cmd
2011-09-13 11:30 . 2011-09-13 11:30 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2011-08-08 11:08 . 2011-08-08 11:08 40016 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}]
2010-01-09 01:55 433648 ----a-w- c:\programdata\Partner\Partner.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-09-10 13:41 120104 ----a-w- c:\program files\EgisTec\MyWinLocker 3\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-01-09 39408]
"WhatPulse"="c:\program files\WhatPulse\WhatPulse.exe" [2010-08-09 2922496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2009-10-07 1157640]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-12-09 8120864]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2009-09-30 703008]
"EgisTecLiveUpdate"="c:\program files\EgisTec Egis Software Update\EgisUpdate.exe" [2009-08-04 199464]
"mwlDaemon"="c:\program files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2009-09-10 349480]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"NortonOnlineBackupReminder"="c:\program files\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-07-25 588648]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-10-05 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-10-05 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-10-05 150552]
"Acer Assist Launcher"="c:\program files\Acer\Acer Assist\launcher.exe" [2007-11-19 1261568]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-10-23 1594664]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2011-09-23 2404704]
"emsisoft anti-malware"="c:\program files\Emsisoft Anti-Malware\a2guard.exe" [2011-10-17 3561872]
.
c:\users\ktolsen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
EvernoteClipper.lnk - c:\program files\Evernote\Evernote\EvernoteClipper.exe [2011-9-19 993280]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Acer VCM.lnk - c:\program files\Acer\Acer VCM\AcerVCM.exe [2010-1-8 708608]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2011-07-11 295248]
R2 a2AntiMalware;Emsisoft Anti-Malware 6.0 - Service;c:\program files\Emsisoft Anti-Malware\a2service.exe [2011-10-31 3074040]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [2011-09-12 5265248]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [x]
R2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [x]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-11-01 135664]
R3 a2acc;a2acc;c:\program files\EMSISOFT ANTI-MALWARE\a2accx86.sys [2011-08-12 51632]
R3 EUCR;EUCR;c:\windows\system32\DRIVERS\EUCR6SK.SYS [2009-11-23 103296]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-11-01 135664]
R3 MWLService;MyWinLocker Service;c:\program files\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2009-09-10 305448]
R3 Partner Service;Partner Service;c:\programdata\Partner\Partner.exe [2010-01-09 332272]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2011-07-11 23120]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2011-09-13 32592]
S1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files\Emsisoft Anti-Malware\a2ddax86.sys [2011-05-19 17904]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2011-07-11 229840]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2009-06-02 18992]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2009-06-02 16432]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2009-06-02 60976]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2011-11-01 192776]
S2 DsiWMIService;Dritek WMI Service;c:\program files\Launch Manager\dsiwmis.exe [2011-11-01 107016]
S2 Greg_Service;GRegService;c:\program files\Acer\Registration\GregHSRW.exe [2011-11-01 1150496]
S2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [2011-11-01 253952]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2011-11-01 240160]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [2011-07-11 134736]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [2011-07-11 24272]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys [2011-07-11 16720]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x86.sys [2009-09-04 54784]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-11-01 01:49]
.
2011-11-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-11-01 01:49]
.
2011-10-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1165962799-223075182-2640885764-1000Core.job
- c:\users\ktolsen\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-25 22:20]
.
2011-11-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1165962799-223075182-2640885764-1000UA.job
- c:\users\ktolsen\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-25 22:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=ao532h&r=27b51011w505l0474ww45w64l2r782
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=ao532h&r=27b51011w505l0474ww45w64l2r782
IE: Add to Evernote 4.0 - c:\program files\Evernote\Evernote\EvernoteIE.dll/204
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://c:\program files\Evernote\Evernote\EvernoteIE.dll/204
TCP: DhcpNameServer = 144.92.254.254 128.104.254.254
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(1796)
c:\program files\EgisTec\MyWinLocker 3\x86\psdprotect.dll
c:\program files\EgisTec\MyWinLocker 3\x86\sysenv.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\windows\system32\taskhost.exe
c:\program files\AVG\AVG2012\avgemcx.exe
c:\windows\system32\conhost.exe
c:\windows\system32\sppsvc.exe
c:\program files\AVG\AVG2012\avgmfapx.exe
.
**************************************************************************
.
Completion time: 2011-10-31 20:59:13 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-01 01:59
.
Pre-Run: 212,208,791,552 bytes free
Post-Run: 212,294,246,400 bytes free
.
- - End Of File - - 3B999828A9817CC0EE3ECD300273AF19
 

kevinf80

Kevin
Malware Specialist
Joined
Mar 21, 2006
Messages
11,470
Ok, continue as follows ;-

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the Codebox below into it:

Code:
Killall::
file::
c:\windows\system32\c_43734.nl_
c:\windows\system32\drivers\hoxbgkwk.sys
folder::
c:\programdata\Partner
Dirlook::
c:\users\ktolsen\appdata\local\277141cc
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}]
Save this as CFScript.txt, and as Type: All Files (*.*) in the same location as ComboFix.exe





Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Step 2

Run ESET Online Scan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the
    button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on
    to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the
    icon on your desktop.
  • Check
  • Click the
    button.
  • Accept any security warnings from your browser.
  • Check
  • Leave the tick out of remove found threats
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push
  • Push
    , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the
    button.
  • Push
You can refer to this animation by neomage if needed.
Frequently asked questions available Here Please read them before running the scan.

Also be aware this scan can take several hours to complete depending on the size of your system.

ESET log can be found here "C:\Program Files\ESET\EsetOnlineScanner\log.txt".

Post those two logs, also give update on issues/concerns...

Kevin
 

a23kiki23

Thread Starter
Joined
Oct 31, 2011
Messages
9
Seems as if the redirect virus has gone. I don't know whether or not the things you had me run removed it and anything else with it. In addition to whatever you see in the logs, what virus protection software would you recommend?

ComboFix 11-10-30.04 - ktolsen 11/01/2011 16:20:51.2.2 - x86
Microsoft Windows 7 Starter 6.1.7600.0.1252.1.1033.18.1013.576 [GMT -5:00]
Running from: c:\users\ktolsen\Desktop\Gotcha.exe
Command switches used :: c:\users\ktolsen\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\system32\c_43734.nl_"
"c:\windows\system32\drivers\hoxbgkwk.sys"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Partner
c:\programdata\Partner\debug.log
c:\programdata\Partner\Partner.dll
c:\programdata\Partner\Partner.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_Partner Service
-------\Service_Partner Service
.
.
((((((((((((((((((((((((( Files Created from 2011-10-01 to 2011-11-01 )))))))))))))))))))))))))))))))
.
.
2011-11-01 21:35 . 2011-11-01 21:35 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-01 14:44 . 2011-11-01 14:44 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{550C8FCE-2C6B-4CEA-915E-E1E5AB9E1808}\offreg.dll
2011-11-01 14:44 . 2011-10-18 07:28 6668624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{550C8FCE-2C6B-4CEA-915E-E1E5AB9E1808}\mpengine.dll
2011-10-31 21:52 . 2011-10-31 21:52 -------- d-----w- c:\program files\Trend Micro
2011-10-31 21:21 . 2011-10-31 21:25 -------- d-----w- c:\program files\Emsisoft Anti-Malware
2011-10-31 07:10 . 2011-05-25 00:14 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-10-31 05:02 . 2011-10-31 05:02 -------- d-----w- c:\windows\system32\SPReview
2011-10-31 05:01 . 2011-10-31 05:01 -------- d-----w- c:\windows\system32\EventProviders
2011-10-31 04:49 . 2011-10-31 07:38 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-10-31 04:49 . 2011-10-31 04:49 -------- d-----w- c:\programdata\Malwarebytes
2011-10-31 04:49 . 2011-10-31 07:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-10-30 23:59 . 2011-10-31 21:34 48016 --sha-w- c:\windows\system32\c_43734.nl_
2011-10-27 15:31 . 2011-10-27 15:36 -------- d-----w- C:\cb5d62e224cdaf4a97bfc586
2011-10-27 15:27 . 2009-11-25 17:47 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2011-10-27 15:27 . 2009-11-25 17:47 49472 ----a-w- c:\windows\system32\netfxperf.dll
2011-10-27 15:27 . 2009-11-25 17:47 297808 ----a-w- c:\windows\system32\mscoree.dll
2011-10-27 15:27 . 2009-11-25 17:47 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2011-10-27 15:27 . 2009-11-25 17:47 1130824 ----a-w- c:\windows\system32\dfshim.dll
2011-10-27 14:55 . 2011-10-27 14:55 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2011-10-27 14:43 . 2010-03-04 04:04 146304 ----a-w- c:\windows\system32\drivers\usbvideo.sys
2011-10-27 14:43 . 2010-03-04 03:57 190976 ----a-w- c:\windows\system32\drivers\ks.sys
2011-10-27 14:42 . 2010-09-14 06:07 276992 ----a-w- c:\windows\system32\wcncsvc.dll
2011-10-27 03:55 . 2011-10-27 03:55 -------- d-----w- c:\programdata\Hewlett-Packard
2011-10-27 03:55 . 2009-07-14 01:15 280064 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpzppw71.dll
2011-10-27 03:22 . 2011-02-19 05:32 739840 ----a-w- c:\windows\system32\d2d1.dll
2011-10-27 03:22 . 2011-02-19 05:33 802304 ----a-w- c:\windows\system32\FntCache.dll
2011-10-27 03:22 . 2011-02-19 05:32 1074176 ----a-w- c:\windows\system32\DWrite.dll
2011-10-26 18:18 . 2011-10-26 18:18 -------- d-sh--w- c:\windows\system32\%APPDATA%
2011-10-26 18:03 . 2011-10-26 18:03 -------- d-----w- C:\$AVG
2011-10-26 14:14 . 2011-10-26 14:15 -------- d-----w- c:\program files\WhatPulse
2011-10-26 11:40 . 2011-10-26 11:40 -------- d-----w- C:\DEVICE
2011-10-26 09:41 . 2010-12-21 05:38 204288 ----a-w- c:\windows\system32\upnp.dll
2011-10-26 09:41 . 2010-12-21 05:36 1389568 ----a-w- c:\windows\system32\msxml6.dll
2011-10-26 09:40 . 2010-12-21 05:36 1236992 ----a-w- c:\windows\system32\msxml3.dll
2011-10-26 09:40 . 2010-12-21 05:38 350720 ----a-w- c:\windows\system32\winhttp.dll
2011-10-26 09:40 . 2010-12-21 05:38 204800 ----a-w- c:\windows\system32\WebClnt.dll
2011-10-26 09:40 . 2010-12-21 05:34 80384 ----a-w- c:\windows\system32\davclnt.dll
2011-10-26 09:40 . 2010-12-21 05:38 73728 ----a-w- c:\windows\system32\wscsvc.dll
2011-10-26 09:40 . 2010-12-21 05:38 51200 ----a-w- c:\windows\system32\wscapi.dll
2011-10-26 09:40 . 2010-12-21 05:38 14336 ----a-w- c:\windows\system32\slwga.dll
2011-10-26 09:40 . 2010-06-29 04:57 4247040 ----a-w- c:\program files\Windows NT\Accessories\wordpad.exe
2011-10-26 09:40 . 2010-06-29 05:02 1413632 ----a-w- c:\windows\system32\ole32.dll
2011-10-26 09:39 . 2009-09-26 05:58 194488 ----a-w- c:\windows\system32\drivers\fvevol.sys
2011-10-26 09:38 . 2011-04-29 02:57 311296 ----a-w- c:\windows\system32\drivers\srv.sys
2011-10-26 09:38 . 2011-04-29 02:57 309760 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-10-26 09:38 . 2011-04-29 02:57 114176 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-10-26 09:38 . 2010-08-21 05:32 316928 ----a-w- c:\windows\system32\spoolsv.exe
2011-10-26 09:37 . 2011-02-18 05:33 31232 ----a-w- c:\windows\system32\prevhost.exe
2011-10-26 09:36 . 2010-07-29 06:30 197632 ----a-w- c:\windows\system32\ir32_32.dll
2011-10-26 09:36 . 2010-07-29 06:30 82944 ----a-w- c:\windows\system32\iccvid.dll
2011-10-26 09:36 . 2011-03-03 05:29 132608 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-10-26 09:36 . 2011-03-03 05:27 28672 ----a-w- c:\windows\system32\dnscacheugc.exe
2011-10-26 09:36 . 2011-06-23 04:38 3957120 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-26 09:36 . 2011-06-23 04:38 3902336 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-26 09:35 . 2011-02-19 03:37 294912 ----a-w- c:\windows\system32\atmfd.dll
2011-10-26 09:35 . 2011-02-19 05:32 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-10-26 09:34 . 2009-10-28 06:17 285696 ----a-w- c:\windows\system32\winlogon.exe
2011-10-26 09:34 . 2010-08-26 04:39 109056 ----a-w- c:\windows\system32\t2embed.dll
2011-10-26 09:34 . 2010-10-12 04:25 516096 ----a-w- c:\program files\Windows Mail\wab.exe
2011-10-26 09:33 . 2011-08-17 04:22 75776 ----a-w- c:\windows\system32\psisrndr.ax
2011-10-26 09:33 . 2011-08-17 04:26 465408 ----a-w- c:\windows\system32\psisdecd.dll
2011-10-26 09:33 . 2011-08-17 04:22 204288 ----a-w- c:\windows\system32\MSNP.ax
2011-10-26 09:33 . 2011-08-17 04:22 72704 ----a-w- c:\windows\system32\Mpeg2Data.ax
2011-10-26 09:33 . 2011-08-17 04:22 59904 ----a-w- c:\windows\system32\MSDvbNP.ax
2011-10-26 09:33 . 2010-08-21 05:36 224256 ----a-w- c:\windows\system32\schannel.dll
2011-10-26 09:33 . 2011-05-24 10:35 294912 ----a-w- c:\windows\system32\umpnpmgr.dll
2011-10-26 09:32 . 2010-11-02 04:39 749056 ----a-w- c:\windows\system32\schedsvc.dll
2011-10-26 09:32 . 2010-11-02 04:40 496128 ----a-w- c:\windows\system32\taskschd.dll
2011-10-26 09:32 . 2010-11-02 04:41 351232 ----a-w- c:\windows\system32\wmicmiplugin.dll
2011-10-26 09:32 . 2010-11-02 04:40 305152 ----a-w- c:\windows\system32\taskcomp.dll
2011-10-26 09:32 . 2010-11-02 04:34 192000 ----a-w- c:\windows\system32\taskeng.exe
2011-10-26 09:32 . 2010-11-02 04:34 179712 ----a-w- c:\windows\system32\schtasks.exe
2011-10-26 09:32 . 2009-12-11 07:44 133720 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2011-10-26 09:32 . 2009-12-11 07:38 1037312 ----a-w- c:\windows\system32\lsasrv.dll
2011-10-26 09:32 . 2010-06-19 06:23 37376 ----a-w- c:\windows\system32\rtutils.dll
2011-10-26 09:32 . 2010-03-04 07:33 1619968 ----a-w- c:\program files\Windows Mail\msoe.dll
2011-10-26 09:31 . 2010-12-18 05:29 541184 ----a-w- c:\windows\system32\kerberos.dll
2011-10-26 09:31 . 2011-07-09 02:26 222720 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-10-26 09:31 . 2011-05-04 02:43 96256 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-10-26 09:31 . 2011-05-04 02:43 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-10-26 09:31 . 2011-08-27 04:43 571904 ----a-w- c:\windows\system32\oleaut32.dll
2011-10-26 09:31 . 2011-08-27 04:43 233472 ----a-w- c:\windows\system32\oleacc.dll
2011-10-26 09:30 . 2010-10-16 04:34 573440 ----a-w- c:\windows\system32\odbc32.dll
2011-10-26 09:30 . 2010-10-16 04:33 987136 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2011-10-26 09:30 . 2010-10-16 04:33 372736 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
2011-10-26 09:30 . 2010-10-16 04:33 352256 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll
2011-10-26 09:30 . 2010-10-16 04:33 208896 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll
2011-10-26 09:30 . 2011-07-09 04:30 2048 ----a-w- c:\windows\system32\tzres.dll
2011-10-26 09:27 . 2011-04-27 02:33 78336 ----a-w- c:\windows\system32\drivers\dfsc.sys
2011-10-26 09:27 . 2011-06-21 05:39 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-10-26 09:27 . 2011-05-03 04:50 740864 ----a-w- c:\windows\system32\inetcomm.dll
2011-10-26 09:27 . 2010-03-05 07:42 67584 ----a-w- c:\windows\system32\asycfilt.dll
2011-10-26 09:27 . 2010-08-21 05:33 530432 ----a-w- c:\windows\system32\comctl32.dll
2011-10-26 09:26 . 2010-08-31 04:32 954752 ----a-w- c:\windows\system32\mfc40.dll
2011-10-26 09:26 . 2010-08-31 04:32 954288 ----a-w- c:\windows\system32\mfc40u.dll
2011-10-26 09:26 . 2011-09-06 02:38 2332672 ----a-w- c:\windows\system32\win32k.sys
2011-10-26 09:24 . 2011-05-04 04:52 1401856 ----a-w- c:\windows\system32\mssrch.dll
2011-10-26 09:24 . 2011-05-04 04:53 1553920 ----a-w- c:\windows\system32\tquery.dll
2011-10-26 09:24 . 2011-05-04 04:52 666624 ----a-w- c:\windows\system32\mssvp.dll
2011-10-26 09:24 . 2011-05-04 04:52 428032 ----a-w- c:\windows\system32\SearchIndexer.exe
2011-10-26 09:24 . 2011-05-04 04:52 337408 ----a-w- c:\windows\system32\mssph.dll
2011-10-26 09:24 . 2011-05-04 04:52 197120 ----a-w- c:\windows\system32\mssphtb.dll
2011-10-26 09:24 . 2011-05-04 04:52 164352 ----a-w- c:\windows\system32\SearchProtocolHost.exe
2011-10-26 09:24 . 2011-05-04 04:52 59392 ----a-w- c:\windows\system32\msscntrs.dll
2011-10-26 09:24 . 2011-05-04 04:52 86528 ----a-w- c:\windows\system32\SearchFilterHost.exe
2011-10-26 09:24 . 2011-02-12 05:30 191488 ----a-w- c:\windows\system32\FXSCOVER.exe
2011-10-26 09:24 . 2009-10-19 14:10 70656 ----a-w- c:\windows\system32\fontsub.dll
2011-10-26 09:24 . 2011-02-24 05:32 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-10-26 09:22 . 2011-02-26 05:33 2614784 ----a-w- c:\windows\explorer.exe
2011-10-26 09:22 . 2010-10-16 04:36 314368 ----a-w- c:\windows\system32\webio.dll
2011-10-26 09:18 . 2011-06-15 09:04 86016 ----a-w- c:\windows\system32\odbccu32.dll
2011-10-26 09:18 . 2011-06-15 09:04 81920 ----a-w- c:\windows\system32\odbccr32.dll
2011-10-26 09:18 . 2011-06-15 09:04 319488 ----a-w- c:\windows\system32\odbcjt32.dll
2011-10-26 09:18 . 2011-06-15 09:04 122880 ----a-w- c:\windows\system32\odbccp32.dll
2011-10-26 09:18 . 2011-06-15 09:04 94208 ----a-w- c:\program files\Common Files\System\Ole DB\msdaosp.dll
2011-10-26 09:18 . 2011-06-15 09:04 163840 ----a-w- c:\windows\system32\odbctrac.dll
2011-10-26 09:16 . 2010-10-27 04:40 1289536 ----a-w- c:\windows\system32\ntdll.dll
2011-10-26 09:16 . 2010-08-27 05:46 168448 ----a-w- c:\windows\system32\srvsvc.dll
2011-10-26 09:16 . 2011-01-17 05:38 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2011-10-26 09:16 . 2010-11-02 04:35 1170944 ----a-w- c:\windows\system32\d3d10warp.dll
2011-10-26 09:16 . 2010-05-23 10:11 3181568 ----a-w- c:\windows\system32\mf.dll
2011-10-26 09:15 . 2010-05-23 10:15 1619456 ----a-w- c:\windows\system32\WMVDECOD.DLL
2011-10-26 09:15 . 2010-11-02 04:35 218624 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-10-26 09:15 . 2010-06-26 05:14 1495040 ----a-w- c:\windows\system32\ExplorerFrame.dll
2011-10-26 09:15 . 2010-05-23 10:11 196608 ----a-w- c:\windows\system32\mfreadwrite.dll
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-25 23:26 . 2010-01-09 01:42 6 ----a-w- c:\windows\system32\PLD_Framework.cmd
2011-09-13 11:30 . 2011-09-13 11:30 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2011-08-08 11:08 . 2011-08-08 11:08 40016 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\users\ktolsen\appdata\local\277141cc ----
.
2011-10-26 17:58 . 2011-10-26 17:58 2048 --sha-w- c:\users\ktolsen\appdata\local\277141cc\@
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-09-10 13:41 120104 ----a-w- c:\program files\EgisTec\MyWinLocker 3\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-01-09 39408]
"WhatPulse"="c:\program files\WhatPulse\WhatPulse.exe" [2010-08-09 2922496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2009-10-07 1157640]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-12-09 8120864]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2009-09-30 703008]
"EgisTecLiveUpdate"="c:\program files\EgisTec Egis Software Update\EgisUpdate.exe" [2009-08-04 199464]
"mwlDaemon"="c:\program files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2009-09-10 349480]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"NortonOnlineBackupReminder"="c:\program files\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-07-25 588648]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-10-05 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-10-05 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-10-05 150552]
"Acer Assist Launcher"="c:\program files\Acer\Acer Assist\launcher.exe" [2007-11-19 1261568]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-10-23 1594664]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2011-09-23 2404704]
"emsisoft anti-malware"="c:\program files\Emsisoft Anti-Malware\a2guard.exe" [2011-10-17 3561872]
.
c:\users\ktolsen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
EvernoteClipper.lnk - c:\program files\Evernote\Evernote\EvernoteClipper.exe [2011-9-19 993280]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Acer VCM.lnk - c:\program files\Acer\Acer VCM\AcerVCM.exe [2010-1-8 708608]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2011-07-11 295248]
R2 a2AntiMalware;Emsisoft Anti-Malware 6.0 - Service;c:\program files\Emsisoft Anti-Malware\a2service.exe [2011-10-31 3074040]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [2011-09-12 5265248]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [x]
R2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [x]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-11-01 135664]
R3 a2acc;a2acc;c:\program files\EMSISOFT ANTI-MALWARE\a2accx86.sys [2011-08-12 51632]
R3 EUCR;EUCR;c:\windows\system32\DRIVERS\EUCR6SK.SYS [2009-11-23 103296]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-11-01 135664]
R3 MWLService;MyWinLocker Service;c:\program files\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2009-09-10 305448]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2011-07-11 23120]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2011-09-13 32592]
S1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files\Emsisoft Anti-Malware\a2ddax86.sys [2011-05-19 17904]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2011-07-11 229840]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2009-06-02 18992]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2009-06-02 16432]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2009-06-02 60976]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2011-11-01 192776]
S2 DsiWMIService;Dritek WMI Service;c:\program files\Launch Manager\dsiwmis.exe [2011-11-01 107016]
S2 Greg_Service;GRegService;c:\program files\Acer\Registration\GregHSRW.exe [2011-11-01 1150496]
S2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [2011-11-01 253952]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2011-11-01 240160]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [2011-07-11 134736]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [2011-07-11 24272]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys [2011-07-11 16720]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x86.sys [2009-09-04 54784]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-11-01 01:49]
.
2011-11-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-11-01 01:49]
.
2011-10-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1165962799-223075182-2640885764-1000Core.job
- c:\users\ktolsen\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-25 22:20]
.
2011-11-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1165962799-223075182-2640885764-1000UA.job
- c:\users\ktolsen\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-25 22:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=ao532h&r=27b51011w505l0474ww45w64l2r782
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=ao532h&r=27b51011w505l0474ww45w64l2r782
IE: Add to Evernote 4.0 - c:\program files\Evernote\Evernote\EvernoteIE.dll/204
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://c:\program files\Evernote\Evernote\EvernoteIE.dll/204
TCP: DhcpNameServer = 144.92.254.254 128.104.254.254
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(2452)
c:\program files\EgisTec\MyWinLocker 3\x86\psdprotect.dll
c:\program files\EgisTec\MyWinLocker 3\x86\sysenv.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\AVG\AVG2012\avgemcx.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Completion time: 2011-11-01 16:43:45 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-01 21:43
ComboFix2.txt 2011-11-01 01:59
.
Pre-Run: 211,609,559,040 bytes free
Post-Run: 211,563,196,416 bytes free
.
- - End Of File - - 2455C4550CCB1FDF90A1A306BD9283B4




C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe Win32/Patched.HN trojan
C:\Program Files\AVG\AVG2012\avgrsx.exe Win32/Patched.HN trojan
C:\Program Files\Emsisoft Anti-Malware\A2SERVICE.EXE.old Win32/Patched.HN trojan
C:\Qoobox\Quarantine\C\Program Files\Acer\Acer ePower Management\ePowerSvc.exe.vir Win32/Patched.HN trojan
C:\Qoobox\Quarantine\C\Program Files\Acer\Acer Updater\UpdaterService.exe.vir Win32/Patched.HN trojan
C:\Qoobox\Quarantine\C\Program Files\Acer\Acer VCM\RS_Service.exe.vir Win32/Patched.HN trojan
C:\Qoobox\Quarantine\C\Program Files\Acer\Registration\GregHSRW.exe.vir Win32/Patched.HN trojan
C:\Qoobox\Quarantine\C\Program Files\AVG\AVG2012\avgwdsvc.exe.vir Win32/Patched.HN trojan
C:\Qoobox\Quarantine\C\Program Files\Google\Update\GoogleUpdate.exe.vir Win32/Patched.HN trojan
C:\Qoobox\Quarantine\C\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe.vir Win32/Patched.HN trojan
C:\Qoobox\Quarantine\C\Program Files\Launch Manager\dsiwmis.exe.vir Win32/Patched.HN trojan
C:\Qoobox\Quarantine\C\Windows\assembly\GAC_MSIL\desktop.ini.vir a variant of Win32/Sirefef.CH trojan
C:\Qoobox\Quarantine\C\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe.vir Win32/Patched.HN trojan
C:\Qoobox\Quarantine\C\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe.vir Win32/Patched.HN trojan
C:\Windows\System32\c_43734.nl_ a variant of Win32/Sirefef.CR trojan
C:\Windows\System32\drivers\tdx.sys a variant of Win32/Rootkit.Kryptik.EQ trojan
C:\Windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7600.16385_none_ea141e6f3d693e28\tdx.sys a variant of Win32/Rootkit.Kryptik.EQ trojan
 

kevinf80

Kevin
Malware Specialist
Joined
Mar 21, 2006
Messages
11,470
The re-directs may have ceased but your logs are not clean. OK do the following:

Step 1

Please download OTM by OldTimer.
Alternative Mirror 1
Alternative Mirror 2
Save it to your desktop.
Double click OTM.exe to start the tool. Vista or Windows 7 users right click and select Run as Administrator
  • Copy the text between the dotted lines below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    -------------------------------------------------------------------

    :Files
    ipconfig /flushdns /c
    c:\users\ktolsen\appdata\local\277141cc
    c:\windows\system32\c_43734.nl_
    C:\Program Files\Emsisoft Anti-Malware\A2SERVICE.EXE.old
    :Commands
    [EmptyTemp]

    ---------------------------------------------------------------------
  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red
    button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTM
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

If the machine reboots, the Results log can be found here:

c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log

Step 2

Upload a File to Virustotal
Please visit Virustotal
  • Click the Browse... button
  • Navigate to the file C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
  • Click the Open button
  • Click the Send button
  • If you get a message saying File has already been analyzed: click Reanalyze file now
  • Copy and paste the results back here please.
  • Repeat the above steps for the following files

C:\Program Files\AVG\AVG2012\avgrsx.exe

Step 3

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:

    Code:
    :filefind
    tdx.sys
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

Let me see the followin in your reply :-

  • Log from OTM
  • Results from VirusTotal
  • Result from SystemLook

Kevin
 

a23kiki23

Thread Starter
Joined
Oct 31, 2011
Messages
9
All processes killed
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\ktolsen\Desktop\cmd.bat deleted successfully.
C:\Users\ktolsen\Desktop\cmd.txt deleted successfully.
c:\users\ktolsen\appdata\local\277141cc\U folder moved successfully.
c:\users\ktolsen\appdata\local\277141cc folder moved successfully.
c:\windows\system32\c_43734.nl_ moved successfully.
C:\Program Files\Emsisoft Anti-Malware\A2SERVICE.EXE.old moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: ktolsen
->Temp folder emptied: 15386080 bytes
->Temporary Internet Files folder emptied: 2974645 bytes
->Google Chrome cache emptied: 391666647 bytes
->Flash cache emptied: 5682 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 594577 bytes
RecycleBin emptied: 561454 bytes

Total Files Cleaned = 392.00 mb


OTM by OldTimer - Version 3.1.19.0 log created on 11042011_111419

Files moved on Reboot...
C:\Windows\temp\TMP00000003179997C2E0651598 moved successfully.

Registry entries deleted on Reboot...






Antivirus Version Last Update Result
AhnLab-V3 2011.11.04.02 2011.11.04 Win-Trojan/Patched.DD
AntiVir 7.11.17.14 2011.11.04 W32/PatchLoad.A
Antiy-AVL 2.0.3.7 2011.11.04 Trojan/win32.agent.gen
Avast 6.0.1289.0 2011.11.04 Win32:patched-WQ [Trj]
AVG 10.0.0.1190 2011.11.04 Win32/Katusha.A
BitDefender 7.2 2011.11.04 Trojan.Patched.HE
ByteHero 1.0.0.1 2011.11.04 Trojan.Win32.Heur.Gen
CAT-QuickHeal 11.00 2011.11.04 W32.Patchload.O
ClamAV 0.97.3.0 2011.11.04 Trojan.Patched-167
Commtouch 5.3.2.6 2011.11.04 W32/Patched.G
Comodo 10663 2011.11.04 TrojWare.Win32.Patched.HN
DrWeb 5.0.2.03300 2011.11.04 Trojan.Starter.1695
Emsisoft 5.1.0.11 2011.11.04 Trojan-Spy.Win32.Zbot!IK
eSafe 7.0.17.0 2011.11.02 -
eTrust-Vet 36.1.8656 2011.11.04 Win32/Patchload.U
F-Prot 4.6.5.141 2011.11.04 W32/Patched.G
F-Secure 9.0.16440.0 2011.11.04 Trojan.Patched.HE
Fortinet 4.3.370.0 2011.11.04 W32/Patched.MF!tr
GData 22 2011.11.04 Trojan.Patched.HE
Ikarus T3.1.1.107.0 2011.11.04 Trojan-Spy.Win32.Zbot
Jiangmin 13.0.900 2011.11.04 TrojanSpy.Zbot.adxr
K7AntiVirus 9.117.5394 2011.11.04 Trojan
Kaspersky 9.0.0.837 2011.11.04 Trojan.Win32.Patched.mf
McAfee 5.400.0.1158 2011.11.04 W32/Katusha
McAfee-GW-Edition 2010.1D 2011.11.04 W32/Katusha
Microsoft 1.7801 2011.11.04 Virus:Win32/Patchload.O
NOD32 6601 2011.11.04 Win32/Patched.HN
Norman 6.07.13 2011.11.04 W32/Patched.BH
nProtect 2011-11-04.01 2011.11.04 -
Panda 10.0.3.5 2011.11.04 W32/Katusha.BN
PCTools 8.0.0.5 2011.11.04 Trojan.Paccyn
Prevx 3.0 2011.11.04 -
Rising 23.82.02.02 2011.11.02 Win32.Loader.li
Sophos 4.71.0 2011.11.04 W32/Patched-AL
SUPERAntiSpyware 4.40.0.1006 2011.11.04 -
Symantec 20111.2.0.82 2011.11.04 Trojan.Paccyn!inf
TheHacker 6.7.0.1.338 2011.11.04 -
TrendMicro 9.500.0.1008 2011.11.04 PTCH_KATUSHA.W
TrendMicro-HouseCall 9.500.0.1008 2011.11.04 PTCH_KATUSHA.W
VBA32 3.12.16.4 2011.11.04 Trojan-Spy.Zbot.gen
VIPRE 10962 2011.11.04 Virus.Win32.Agent.mpq (v)
ViRobot 2011.11.4.4755 2011.11.04 Win32.Patched.BE
VirusBuster 14.1.45.0 2011.11.04 Win32.Katusha.Gen
Additional informationShow all
MD5 : 0c6e60a79034a0cc138e08a2688970f3
SHA1 : fef190f322dee94b705f6885bda452181fbb1959
SHA256: a59054d0387eca985e303d723289c0bcd5f0ee6a5f50f1fc2c55aa8edc74f045
ssdeep: 6144:LubwSWb4HgLeqfY4+V2jXvwfSSSflGzA++:LuA8H0lp62jXofgg+
File size : 469536 bytes
First seen: 2011-07-25 00:44:30
Last seen : 2011-11-04 16:15:44
TrID:
Win64 Executable Generic (59.6%)
Win32 Executable MS Visual C++ (generic) (26.2%)
Win32 Executable Generic (5.9%)
Win32 Dynamic Link Library (generic) (5.2%)
Generic Win/DOS Executable (1.3%)
sigcheck:
publisher....: Acer Incorporated
copyright....: (C) All rights reserved
product......: Power Management
description..: ePowerEvent
original name: ePowerEvent.exe
internal name: ePowerEvent
file version.: 4, 5, 3004, 0
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
PEInfo: PE structure information

[[ basic data ]]
entrypointaddress: 0x71170
timedatestamp....: 0x4AC2FB0D (Wed Sep 30 06:30:37 2009)
machinetype......: 0x14c (I386)

[[ 4 section(s) ]]
name, viradd, virsiz, rawdsiz, ntropy, md5
.text, 0x1000, 0x66E4, 0x7000, 6.33, 19be33b26a137b216520fa41780e826d
.rdata, 0x8000, 0x1E1C, 0x2000, 5.35, 2b1b4af52385fbe0cc54c15015b04c7c
.data, 0xA000, 0x1B5C, 0x1000, 2.13, ce4027a473b733853b337f1c451041aa
.rsrc, 0xC000, 0x658F0, 0x66000, 4.63, 8ec0f1d0e4aa057d92c9c49bcccbfa0f

[[ 2 import(s) ]]
KERNEL32.dll: GetLastError, CreateMutexW, GetProcAddress, LoadLibraryW, LCMapStringW, LCMapStringA, GetStringTypeW, GetStringTypeA, WideCharToMultiByte, GetLocaleInfoA, HeapSize, RtlUnwind, HeapReAlloc, HeapFree, GetVersionExA, HeapAlloc, GetProcessHeap, GetStartupInfoW, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, GetModuleHandleA, ExitProcess, WriteFile, GetStdHandle, GetModuleFileNameA, GetModuleFileNameW, FreeEnvironmentStringsA, MultiByteToWideChar, GetEnvironmentStrings, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetCommandLineA, GetCommandLineW, SetHandleCount, GetFileType, GetStartupInfoA, DeleteCriticalSection, TlsGetValue, TlsAlloc, TlsSetValue, TlsFree, InterlockedIncrement, SetLastError, GetCurrentThreadId, InterlockedDecrement, HeapDestroy, HeapCreate, VirtualFree, QueryPerformanceCounter, GetTickCount, GetCurrentProcessId, GetSystemTimeAsFileTime, LeaveCriticalSection, EnterCriticalSection, LoadLibraryA, InitializeCriticalSection, Sleep, GetCPInfo, GetACP, GetOEMCP, IsValidCodePage, VirtualAlloc
USER32.dll: EndDialog, GetMessageW, BeginPaint, DefWindowProcW, RegisterClassExW, PostQuitMessage, TranslateAcceleratorW, LoadIconW, CreateWindowExW, DialogBoxParamW, EndPaint, LoadStringW, TranslateMessage, DestroyWindow, LoadAcceleratorsW, LoadCursorW, DispatchMessageW
ExifTool:
file metadata
CharacterSet: Unicode
CodeSize: 28672
CompanyName: Acer Incorporated
EntryPoint: 0x71170
FileDescription: ePowerEvent
FileFlagsMask: 0x0017
FileOS: Win32
FileSize: 459 kB
FileSubtype: 0
FileType: Win32 EXE
FileVersion: 4, 5, 3004, 0
FileVersionNumber: 4.5.3004.0
ImageVersion: 0.0
InitializedDataSize: 430080
InternalName: ePowerEvent
LanguageCode: English (U.S.)
LegalCopyright: (C) All rights reserved
LinkerVersion: 8.0
MIMEType: application/octet-stream
MachineType: Intel 386 or later, and compatibles
OSVersion: 6.1
ObjectFileType: Executable application
OriginalFilename: ePowerEvent.exe
PEType: PE32
ProductName: Power Management
ProductVersion: 4, 5, 3004, 0
ProductVersionNumber: 4.5.3004.0
Subsystem: Windows GUI
SubsystemVersion: 4.0
TimeStamp: 2009:09:30 08:30:37+02:00
UninitializedDataSize: 0





Antivirus Version Last Update Result
AhnLab-V3 2011.11.04.02 2011.11.04 Win-Trojan/Patched.DD
AntiVir 7.11.17.14 2011.11.04 W32/PatchLoad.A
Antiy-AVL 2.0.3.7 2011.11.04 Trojan/Win32.Patched.gen
Avast 6.0.1289.0 2011.11.04 Win32:patched-WQ [Trj]
AVG 10.0.0.1190 2011.11.04 Win32/Katusha.A
BitDefender 7.2 2011.11.04 Trojan.Generic.6710986
ByteHero 1.0.0.1 2011.11.04 -
CAT-QuickHeal 11.00 2011.11.04 W32.Patchload.O
ClamAV 0.97.3.0 2011.11.04 Trojan.Patched-167
Commtouch 5.3.2.6 2011.11.04 W32/Patched.G
Comodo 10663 2011.11.04 TrojWare.Win32.Patched.HN
DrWeb 5.0.2.03300 2011.11.04 Trojan.Starter.1695
Emsisoft 5.1.0.11 2011.11.04 Trojan-Spy.Win32.Zbot!IK
eSafe 7.0.17.0 2011.11.02 -
eTrust-Vet 36.1.8656 2011.11.04 Win32/Patchload.U
F-Prot 4.6.5.141 2011.11.04 W32/Patched.G
F-Secure 9.0.16440.0 2011.11.04 Trojan.Generic.6710986
Fortinet 4.3.370.0 2011.11.04 W32/Patched.MF!tr
GData 22 2011.11.04 Trojan.Generic.6710986
Ikarus T3.1.1.107.0 2011.11.04 Trojan-Spy.Win32.Zbot
Jiangmin 13.0.900 2011.11.04 TrojanSpy.Zbot.adxr
K7AntiVirus 9.117.5394 2011.11.04 Trojan
Kaspersky 9.0.0.837 2011.11.04 Trojan.Win32.Patched.mf
McAfee 5.400.0.1158 2011.11.04 W32/Katusha
McAfee-GW-Edition 2010.1D 2011.11.04 W32/Katusha
Microsoft 1.7801 2011.11.04 Virus:Win32/Patchload.O
NOD32 6601 2011.11.04 Win32/Patched.HN
Norman 6.07.13 2011.11.04 W32/Patched.BH
nProtect 2011-11-04.01 2011.11.04 -
Panda 10.0.3.5 2011.11.04 W32/Katusha.BN
PCTools 8.0.0.5 2011.11.04 Trojan.Paccyn
Prevx 3.0 2011.11.04 -
Rising 23.82.02.02 2011.11.02 Win32.Loader.li
Sophos 4.71.0 2011.11.04 W32/Patched-AL
SUPERAntiSpyware 4.40.0.1006 2011.11.04 -
Symantec 20111.2.0.82 2011.11.04 Trojan.Paccyn!inf
TheHacker 6.7.0.1.338 2011.11.04 -
TrendMicro 9.500.0.1008 2011.11.04 PTCH_KATUSHA.W
TrendMicro-HouseCall 9.500.0.1008 2011.11.04 PTCH_KATUSHA.W
VBA32 3.12.16.4 2011.11.04 Trojan-Spy.Zbot.gen
VIPRE 10962 2011.11.04 Virus.Win32.Agent.mpq (v)
ViRobot 2011.11.4.4755 2011.11.04 Win32.Patched.BE
VirusBuster 14.1.45.0 2011.11.04 Win32.Katusha.Gen
Additional informationShow all
MD5 : 45bb9ebb18676cb884c2a3879fb60e7b
SHA1 : ca3893dadc2a3210f0cba10de01b5513abb8df7f
SHA256: fdd07a5f7dd9612a8607417eb812cc09806dd772607ee8f2e9338c02d9942e9e
ssdeep: 12288:wb4J230ZLEy54iX95QOVvFFIwXrAyL/j3yRTh/gVLZW3DWjtis0QnpgN1TpqAgrT:wb4J
230ZLEe4iNKOtbLSTh/mz0QnpYRa
File size : 743264 bytes
First seen: 2011-09-29 16:07:28
Last seen : 2011-11-04 16:24:17
TrID:
Win64 Executable Generic (87.2%)
Win32 Executable Generic (8.6%)
Generic Win/DOS Executable (2.0%)
DOS Executable Generic (2.0%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
sigcheck:
publisher....: AVG Technologies CZ, s.r.o.
copyright....: Copyright (c) 2011 AVG Technologies CZ, s.r.o.
product......: AVG Internet Security
description..: AVG Resident Shield Service
original name: avgrs.exe
internal name: avgrs
file version.: 12.0.0.1806
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
PEInfo: PE structure information

[[ basic data ]]
entrypointaddress: 0xB9D7C
timedatestamp....: 0x4E6904FE (Thu Sep 08 18:10:06 2011)
machinetype......: 0x14c (I386)

[[ 5 section(s) ]]
name, viradd, virsiz, rawdsiz, ntropy, md5
.text, 0x1000, 0x8DBEA, 0x8DC00, 6.41, d3f2a755193f715a16a50c2f5f517d43
.rdata, 0x8F000, 0x17524, 0x17600, 4.10, 80c7b0b887dcb795c1a0292776c7631d
.data, 0xA7000, 0x4B24, 0x1600, 4.19, f7a10007264571ab6d00e90abdec24e5
.rsrc, 0xAC000, 0x644, 0x800, 4.52, e6c0a5c06cb1c9089a617b05a1b0d735
.reloc, 0xAD000, 0xD4FC, 0xD600, 4.52, 3d98303867ec587c878d7cf025272ad5

[[ 1 import(s) ]]
ntdll.dll: memcpy, memmove, memset, _aulldiv, ZwClose, _alldiv, RtlNtStatusToDosError, ZwSetInformationProcess, _chkstk, RtlFreeUnicodeString, ZwCreateKey, RtlOpenCurrentUser, ZwDuplicateToken, RtlCreateSecurityDescriptor, RtlGetDaclSecurityDescriptor, RtlGetGroupSecurityDescriptor, RtlGetOwnerSecurityDescriptor, RtlGetSaclSecurityDescriptor, RtlValidSecurityDescriptor, RtlSetDaclSecurityDescriptor, RtlSetGroupSecurityDescriptor, RtlSetOwnerSecurityDescriptor, RtlSetSaclSecurityDescriptor, RtlCreateAcl, RtlAddAccessAllowedAceEx, ZwQueryInformationToken, RtlEqualSid, RtlGetAce, ZwOpenFile, ZwQueryValueKey, ZwSetValueKey, ZwOpenKey, ZwEnumerateKey, ZwQueryKey, ZwDeleteKey, LdrUnloadDll, LdrGetProcedureAddress, RtlInitAnsiString, LdrLoadDll, RtlInitUnicodeString, LdrGetDllHandle, ZwWaitForMultipleObjects, RtlAllocateHeap, RtlReAllocateHeap, RtlFreeHeap, ZwFlushBuffersFile, ZwFsControlFile, ZwWaitForSingleObject, ZwSetInformationThread, ZwReadFile, ZwWriteFile, ZwCreateNamedPipeFile, ZwSetInformationFile, RtlCreateUnicodeString, _allmul, ZwQueryInformationProcess, ZwOpenProcess, ZwQueryInformationFile, ZwCancelIoFile, ZwOpenThreadToken, ZwCreateEvent, RtlTimeToTimeFields, _aullrem, RtlTimeFieldsToTime, DbgPrint, _allrem, _stricmp, _strnicmp, _ftol, ZwTerminateProcess, ZwQueryInformationThread, ZwDelayExecution, ZwResumeThread, ZwTerminateThread, RtlRaiseException, ZwDuplicateObject, LdrShutdownThread, CsrClientCallServer, RtlCreateUserThread, RtlUpcaseUnicodeString, RtlxAnsiStringToUnicodeSize, RtlxOemStringToUnicodeSize, NlsMbOemCodePageTag, RtlAnsiStringToUnicodeString, RtlOemStringToUnicodeString, RtlxUnicodeStringToAnsiSize, RtlxUnicodeStringToOemSize, RtlUnicodeStringToAnsiString, RtlUnicodeStringToOemString, _aullshr, ZwSetEvent, ZwResetEvent, RtlSystemTimeToLocalTime, RtlInitializeCriticalSection, RtlEnterCriticalSection, RtlLeaveCriticalSection, RtlDeleteCriticalSection, ZwReleaseMutant, ZwQuerySymbolicLinkObject, ZwOpenSymbolicLinkObject, ZwDeviceIoControlFile, ZwCreateFile, RtlGetFullPathName_U, RtlQueryEnvironmentVariable_U, ZwReadVirtualMemory, ZwQuerySystemInformation, RtlCopySid, RtlAddAccessDeniedAceEx, RtlAdjustPrivilege, RtlImpersonateSelf, RtlDestroyProcessParameters, RtlCreateUserProcess, RtlCreateProcessParameters, RtlGetCurrentDirectory_U, ZwQueryVirtualMemory, RtlDosPathNameToNtPathName_U, ZwQueryObject, RtlDestroyEnvironment, RtlSetEnvironmentVariable, RtlCreateEnvironment, ZwUnmapViewOfSection, ZwMapViewOfSection, ZwCreateSection, ZwQueryDirectoryFile, RtlIsDosDeviceName_U, ZwDisplayString, RtlUnwind, RtlReleasePebLock, RtlClearBits, RtlFindClearBitsAndSet, RtlAcquirePebLock, RtlAreBitsSet, _allshl
ExifTool:
file metadata
CharacterSet: Unicode
CodeSize: 580608
CompanyName: AVG Technologies CZ, s.r.o.
EntryPoint: 0xb9d7c
FileDescription: AVG Resident Shield Service
FileFlagsMask: 0x0017
FileOS: Win32
FileSize: 726 kB
FileSubtype: 0
FileType: Win32 EXE
FileVersion: 12.0.0.1806
FileVersionNumber: 12.0.0.1806
ImageVersion: 0.0
InitializedDataSize: 156160
InternalName: avgrs
LanguageCode: Neutral
LegalCopyright: Copyright 2011 AVG Technologies CZ, s.r.o.
LinkerVersion: 9.0
MIMEType: application/octet-stream
MachineType: Intel 386 or later, and compatibles
OSVersion: 6.1
ObjectFileType: Executable application
OriginalFilename: avgrs.exe
PEType: PE32
PrivateBuild: Win32 Release_Unicode_NTDLL
ProductName: AVG Internet Security
ProductVersion: 12.0.0.1806
ProductVersionNumber: 12.0.0.1806
SpecialBuild: Avg2012VC9_2011_0908_172130(1806), SVNRev 365736a (release/HotFix2012-01)
Subsystem: Native
SubsystemVersion: 5.0
TimeStamp: 2011:09:08 20:10:06+02:00
UninitializedDataSize: 0





SystemLook 30.07.11 by jpshortstuff
Log created at 11:37 on 04/11/2011 by ktolsen
Administrator - Elevation successful

========== filefind ==========

Searching for "tdx.sys"
C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7601.17514_none_ec4532373a57c1c2\tdx.sys --a---- 74752 bytes [06:24 31/10/2011] [08:39 20/11/2010] B459575348C20E8121D6039DA063C704
C:\Windows\SoftwareDistribution\Download\bd60fbfcf1ac006bf26f6afa5c1dff1a\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7601.17514_none_ec4532373a57c1c2\tdx.sys --a---- 74752 bytes [16:31 04/11/2011] [08:39 20/11/2010] B459575348C20E8121D6039DA063C704
C:\Windows\System32\drivers\tdx.sys --a---- 74240 bytes [23:12 13/07/2009] [23:12 13/07/2009] 07ABD12E1737EFA05465BC1DE7C0CEC2
C:\Windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7600.16385_none_ea141e6f3d693e28\tdx.sys --a---- 74240 bytes [23:12 13/07/2009] [23:12 13/07/2009] 07ABD12E1737EFA05465BC1DE7C0CEC2

-= EOF =-
 

kevinf80

Kevin
Malware Specialist
Joined
Mar 21, 2006
Messages
11,470
Run the following :-

Step 1

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the Codebox below into it:

Code:
KillAll::
FCopy::
C:\Windows\SoftwareDistribution\Download\bd60fbfcf1ac006bf26f6afa5c1dff1a\x 86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7601.17514_none_ec4532373a57c1c2\tdx.sys | C:\Windows\System32\drivers\tdx.sys
C:\Windows\SoftwareDistribution\Download\bd60fbfcf1ac006bf26f6afa5c1dff1a\x 86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7601.17514_none_ec4532373a57c1c2\tdx.sys | C:\Windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7600.16385_none_ea141e6f3d693e28\tdx.sys
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acer ePower Management"=-
Save this as CFScript.txt, and as Type: All Files (*.*) in the same location as ComboFix.exe





Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Step 2

Go Here and hit the "Free download" tab, follow the prompts. Once installed it will want to update and carry out a quick scan, let it update but do not scan yet.

Step 3

Get the AVG removal tool from Here http://www.avg.com/us-en/utilities and remove AVG from your system.

Step 4

Run a quick scan with Microsoft Security Essentials.

Let me see the log from Combofix, also let me know what MSE found, there will be know log as such, you can check under the history tab..

Kevin
 

a23kiki23

Thread Starter
Joined
Oct 31, 2011
Messages
9
ComboFix 11-11-13.02 - ktolsen 11/13/2011 11:50:54.3.2 - x86
Microsoft Windows 7 Starter 6.1.7600.0.1252.1.1033.18.1013.493 [GMT -6:00]
Running from: c:\users\ktolsen\Desktop\Gotcha.exe
Command switches used :: c:\users\ktolsen\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2011-10-13 to 2011-11-13 )))))))))))))))))))))))))))))))
.
.
2011-11-13 18:03 . 2011-11-13 18:03 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-10 08:35 . 2011-11-10 08:35 -------- d-----w- c:\program files\Oceanis
2011-10-31 07:10 . 2011-05-25 00:14 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-10-31 05:02 . 2011-10-31 05:02 -------- d-----w- c:\windows\system32\SPReview
2011-10-31 05:01 . 2011-10-31 05:01 -------- d-----w- c:\windows\system32\EventProviders
2011-10-31 04:49 . 2011-10-31 07:38 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-10-31 04:49 . 2011-10-31 04:49 -------- d-----w- c:\programdata\Malwarebytes
2011-10-31 04:49 . 2011-10-31 07:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-10-30 16:40 . 2011-03-29 03:06 284160 ----a-w- c:\windows\system32\drivers\usbport.sys
2011-10-30 16:40 . 2011-03-29 03:06 43008 ----a-w- c:\windows\system32\drivers\usbehci.sys
2011-10-30 16:40 . 2011-03-29 03:07 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys
2011-10-30 16:40 . 2011-03-29 03:06 76288 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2011-10-30 16:40 . 2011-03-29 03:06 20480 ----a-w- c:\windows\system32\drivers\usbohci.sys
2011-10-30 16:40 . 2011-03-29 03:06 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2011-10-30 16:40 . 2011-03-29 03:06 5888 ----a-w- c:\windows\system32\drivers\usbd.sys
2011-10-30 16:40 . 2011-03-11 05:44 143744 ----a-w- c:\windows\system32\drivers\nvstor.sys
2011-10-30 16:39 . 2011-03-11 05:44 1210240 ----a-w- c:\windows\system32\drivers\ntfs.sys
2011-10-30 16:39 . 2011-03-11 05:44 117120 ----a-w- c:\windows\system32\drivers\nvraid.sys
2011-10-30 16:39 . 2011-03-11 05:39 1686016 ----a-w- c:\windows\system32\esent.dll
2011-10-30 16:39 . 2011-03-11 05:44 146304 ----a-w- c:\windows\system32\drivers\storport.sys
2011-10-30 16:39 . 2011-03-11 05:43 332160 ----a-w- c:\windows\system32\drivers\iaStorV.sys
2011-10-30 16:39 . 2011-03-11 05:43 80256 ----a-w- c:\windows\system32\drivers\amdsata.sys
2011-10-30 16:39 . 2011-03-11 05:43 22400 ----a-w- c:\windows\system32\drivers\amdxata.sys
2011-10-30 16:39 . 2011-03-11 05:37 74240 ----a-w- c:\windows\system32\fsutil.exe
2011-10-27 15:31 . 2011-10-27 15:36 -------- d-----w- C:\cb5d62e224cdaf4a97bfc586
2011-10-27 15:27 . 2009-11-25 17:47 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2011-10-27 15:27 . 2009-11-25 17:47 49472 ----a-w- c:\windows\system32\netfxperf.dll
2011-10-27 15:27 . 2009-11-25 17:47 297808 ----a-w- c:\windows\system32\mscoree.dll
2011-10-27 15:27 . 2009-11-25 17:47 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2011-10-27 15:27 . 2009-11-25 17:47 1130824 ----a-w- c:\windows\system32\dfshim.dll
2011-10-27 14:55 . 2011-10-27 14:55 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2011-10-27 14:43 . 2010-03-04 04:04 146304 ----a-w- c:\windows\system32\drivers\usbvideo.sys
2011-10-27 14:43 . 2010-03-04 03:57 190976 ----a-w- c:\windows\system32\drivers\ks.sys
2011-10-27 14:42 . 2010-09-14 06:07 276992 ----a-w- c:\windows\system32\wcncsvc.dll
2011-10-27 03:55 . 2011-10-27 03:55 -------- d-----w- c:\programdata\Hewlett-Packard
2011-10-27 03:55 . 2009-07-14 01:15 280064 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpzppw71.dll
2011-10-27 03:22 . 2011-02-19 05:32 739840 ----a-w- c:\windows\system32\d2d1.dll
2011-10-27 03:22 . 2011-02-19 05:33 802304 ----a-w- c:\windows\system32\FntCache.dll
2011-10-27 03:22 . 2011-02-19 05:32 1074176 ----a-w- c:\windows\system32\DWrite.dll
2011-10-26 18:18 . 2011-10-26 18:18 -------- d-sh--w- c:\windows\system32\%APPDATA%
2011-10-26 18:03 . 2011-10-26 18:03 -------- d-----w- C:\$AVG
2011-10-26 14:14 . 2011-10-26 14:15 -------- d-----w- c:\program files\WhatPulse
2011-10-26 11:40 . 2011-10-26 11:40 -------- d-----w- C:\DEVICE
2011-10-26 09:41 . 2010-12-21 05:38 204288 ----a-w- c:\windows\system32\upnp.dll
2011-10-26 09:41 . 2010-12-21 05:36 1389568 ----a-w- c:\windows\system32\msxml6.dll
2011-10-26 09:40 . 2010-12-21 05:36 1236992 ----a-w- c:\windows\system32\msxml3.dll
2011-10-26 09:40 . 2010-12-21 05:38 350720 ----a-w- c:\windows\system32\winhttp.dll
2011-10-26 09:40 . 2010-12-21 05:38 204800 ----a-w- c:\windows\system32\WebClnt.dll
2011-10-26 09:40 . 2010-12-21 05:34 80384 ----a-w- c:\windows\system32\davclnt.dll
2011-10-26 09:40 . 2010-12-21 05:38 73728 ----a-w- c:\windows\system32\wscsvc.dll
2011-10-26 09:40 . 2010-12-21 05:38 51200 ----a-w- c:\windows\system32\wscapi.dll
2011-10-26 09:40 . 2010-12-21 05:38 14336 ----a-w- c:\windows\system32\slwga.dll
2011-10-26 09:40 . 2010-06-29 04:57 4247040 ----a-w- c:\program files\Windows NT\Accessories\wordpad.exe
2011-10-26 09:40 . 2010-06-29 05:02 1413632 ----a-w- c:\windows\system32\ole32.dll
2011-10-26 09:39 . 2009-09-26 05:58 194488 ----a-w- c:\windows\system32\drivers\fvevol.sys
2011-10-26 09:38 . 2011-04-29 02:57 311296 ----a-w- c:\windows\system32\drivers\srv.sys
2011-10-26 09:38 . 2011-04-29 02:57 309760 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-10-26 09:38 . 2011-04-29 02:57 114176 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-10-26 09:38 . 2010-08-21 05:32 316928 ----a-w- c:\windows\system32\spoolsv.exe
2011-10-26 09:37 . 2011-02-18 05:33 31232 ----a-w- c:\windows\system32\prevhost.exe
2011-10-26 09:36 . 2010-07-29 06:30 197632 ----a-w- c:\windows\system32\ir32_32.dll
2011-10-26 09:36 . 2010-07-29 06:30 82944 ----a-w- c:\windows\system32\iccvid.dll
2011-10-26 09:36 . 2011-03-03 05:29 132608 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-10-26 09:36 . 2011-03-03 05:27 28672 ----a-w- c:\windows\system32\dnscacheugc.exe
2011-10-26 09:36 . 2011-06-23 04:38 3957120 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-26 09:36 . 2011-06-23 04:38 3902336 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-26 09:35 . 2011-02-19 03:37 294912 ----a-w- c:\windows\system32\atmfd.dll
2011-10-26 09:35 . 2011-02-19 05:32 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-10-26 09:34 . 2009-10-28 06:17 285696 ----a-w- c:\windows\system32\winlogon.exe
2011-10-26 09:34 . 2010-08-26 04:39 109056 ----a-w- c:\windows\system32\t2embed.dll
2011-10-26 09:34 . 2010-10-12 04:25 516096 ----a-w- c:\program files\Windows Mail\wab.exe
2011-10-26 09:33 . 2011-08-17 04:22 75776 ----a-w- c:\windows\system32\psisrndr.ax
2011-10-26 09:33 . 2011-08-17 04:26 465408 ----a-w- c:\windows\system32\psisdecd.dll
2011-10-26 09:33 . 2011-08-17 04:22 204288 ----a-w- c:\windows\system32\MSNP.ax
2011-10-26 09:33 . 2011-08-17 04:22 72704 ----a-w- c:\windows\system32\Mpeg2Data.ax
2011-10-26 09:33 . 2011-08-17 04:22 59904 ----a-w- c:\windows\system32\MSDvbNP.ax
2011-10-26 09:33 . 2010-08-21 05:36 224256 ----a-w- c:\windows\system32\schannel.dll
2011-10-26 09:33 . 2011-05-24 10:35 294912 ----a-w- c:\windows\system32\umpnpmgr.dll
2011-10-26 09:32 . 2010-11-02 04:39 749056 ----a-w- c:\windows\system32\schedsvc.dll
2011-10-26 09:32 . 2010-11-02 04:40 496128 ----a-w- c:\windows\system32\taskschd.dll
2011-10-26 09:32 . 2010-11-02 04:41 351232 ----a-w- c:\windows\system32\wmicmiplugin.dll
2011-10-26 09:32 . 2010-11-02 04:40 305152 ----a-w- c:\windows\system32\taskcomp.dll
2011-10-26 09:32 . 2010-11-02 04:34 192000 ----a-w- c:\windows\system32\taskeng.exe
2011-10-26 09:32 . 2010-11-02 04:34 179712 ----a-w- c:\windows\system32\schtasks.exe
2011-10-26 09:32 . 2009-12-11 07:44 133720 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2011-10-26 09:32 . 2009-12-11 07:38 1037312 ----a-w- c:\windows\system32\lsasrv.dll
2011-10-26 09:32 . 2010-06-19 06:23 37376 ----a-w- c:\windows\system32\rtutils.dll
2011-10-26 09:32 . 2010-03-04 07:33 1619968 ----a-w- c:\program files\Windows Mail\msoe.dll
2011-10-26 09:31 . 2010-12-18 05:29 541184 ----a-w- c:\windows\system32\kerberos.dll
2011-10-26 09:31 . 2011-07-09 02:26 222720 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-10-26 09:31 . 2011-05-04 02:43 96256 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-10-26 09:31 . 2011-05-04 02:43 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-10-26 09:31 . 2011-08-27 04:43 571904 ----a-w- c:\windows\system32\oleaut32.dll
2011-10-26 09:31 . 2011-08-27 04:43 233472 ----a-w- c:\windows\system32\oleacc.dll
2011-10-26 09:30 . 2010-10-16 04:34 573440 ----a-w- c:\windows\system32\odbc32.dll
2011-10-26 09:30 . 2010-10-16 04:33 987136 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2011-10-26 09:30 . 2010-10-16 04:33 372736 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
2011-10-26 09:30 . 2010-10-16 04:33 352256 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll
2011-10-26 09:30 . 2010-10-16 04:33 208896 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll
2011-10-26 09:30 . 2011-07-09 04:30 2048 ----a-w- c:\windows\system32\tzres.dll
2011-10-26 09:27 . 2011-04-27 02:33 78336 ----a-w- c:\windows\system32\drivers\dfsc.sys
2011-10-26 09:27 . 2011-06-21 05:39 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-10-26 09:27 . 2011-05-03 04:50 740864 ----a-w- c:\windows\system32\inetcomm.dll
2011-10-26 09:27 . 2010-03-05 07:42 67584 ----a-w- c:\windows\system32\asycfilt.dll
2011-10-26 09:27 . 2010-08-21 05:33 530432 ----a-w- c:\windows\system32\comctl32.dll
2011-10-26 09:26 . 2010-08-31 04:32 954752 ----a-w- c:\windows\system32\mfc40.dll
2011-10-26 09:26 . 2010-08-31 04:32 954288 ----a-w- c:\windows\system32\mfc40u.dll
2011-10-26 09:26 . 2011-09-06 02:38 2332672 ----a-w- c:\windows\system32\win32k.sys
2011-10-26 09:24 . 2011-05-04 04:52 1401856 ----a-w- c:\windows\system32\mssrch.dll
2011-10-26 09:24 . 2011-05-04 04:53 1553920 ----a-w- c:\windows\system32\tquery.dll
2011-10-26 09:24 . 2011-05-04 04:52 666624 ----a-w- c:\windows\system32\mssvp.dll
2011-10-26 09:24 . 2011-05-04 04:52 428032 ----a-w- c:\windows\system32\SearchIndexer.exe
2011-10-26 09:24 . 2011-05-04 04:52 337408 ----a-w- c:\windows\system32\mssph.dll
2011-10-26 09:24 . 2011-05-04 04:52 197120 ----a-w- c:\windows\system32\mssphtb.dll
2011-10-26 09:24 . 2011-05-04 04:52 164352 ----a-w- c:\windows\system32\SearchProtocolHost.exe
2011-10-26 09:24 . 2011-05-04 04:52 59392 ----a-w- c:\windows\system32\msscntrs.dll
2011-10-26 09:24 . 2011-05-04 04:52 86528 ----a-w- c:\windows\system32\SearchFilterHost.exe
2011-10-26 09:24 . 2011-02-12 05:30 191488 ----a-w- c:\windows\system32\FXSCOVER.exe
2011-10-26 09:24 . 2009-10-19 14:10 70656 ----a-w- c:\windows\system32\fontsub.dll
2011-10-26 09:24 . 2011-02-24 05:32 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-10-26 09:22 . 2011-02-26 05:33 2614784 ----a-w- c:\windows\explorer.exe
2011-10-26 09:22 . 2010-10-16 04:36 314368 ----a-w- c:\windows\system32\webio.dll
2011-10-26 09:18 . 2011-06-15 09:04 86016 ----a-w- c:\windows\system32\odbccu32.dll
2011-10-26 09:18 . 2011-06-15 09:04 81920 ----a-w- c:\windows\system32\odbccr32.dll
2011-10-26 09:18 . 2011-06-15 09:04 319488 ----a-w- c:\windows\system32\odbcjt32.dll
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-25 23:26 . 2010-01-09 01:42 6 ----a-w- c:\windows\system32\PLD_Framework.cmd
2011-10-07 12:23 . 2011-10-07 12:23 230608 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2011-10-04 12:21 . 2011-10-04 12:21 16720 ----a-w- c:\windows\system32\drivers\AVGIDSShim.sys
2011-09-13 11:30 . 2011-09-13 11:30 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-09-10 13:41 120104 ----a-w- c:\program files\EgisTec\MyWinLocker 3\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-01-09 39408]
"WhatPulse"="c:\program files\WhatPulse\WhatPulse.exe" [2010-08-09 2922496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2009-10-07 1157640]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-12-09 8120864]
"EgisTecLiveUpdate"="c:\program files\EgisTec Egis Software Update\EgisUpdate.exe" [2009-08-04 199464]
"mwlDaemon"="c:\program files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2009-09-10 349480]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"NortonOnlineBackupReminder"="c:\program files\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-07-25 588648]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-10-05 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-10-05 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-10-05 150552]
"Acer Assist Launcher"="c:\program files\Acer\Acer Assist\launcher.exe" [2007-11-19 1261568]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-10-23 1594664]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2011-10-25 2415456]
"emsisoft anti-malware"="c:\program files\Emsisoft Anti-Malware\a2guard.exe" [2011-10-17 3561872]
.
c:\users\ktolsen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
EvernoteClipper.lnk - c:\program files\Evernote\Evernote\EvernoteClipper.exe [2011-9-19 993280]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2011-07-11 295248]
R2 a2AntiMalware;Emsisoft Anti-Malware 6.0 - Service;c:\program files\Emsisoft Anti-Malware\a2service.exe [2011-10-31 3074040]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [x]
R2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [x]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-11-01 135664]
R3 a2acc;a2acc;c:\program files\EMSISOFT ANTI-MALWARE\a2accx86.sys [2011-08-12 51632]
R3 EUCR;EUCR;c:\windows\system32\DRIVERS\EUCR6SK.SYS [2009-11-23 103296]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-11-01 135664]
R3 MWLService;MyWinLocker Service;c:\program files\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2009-09-10 305448]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2011-07-11 23120]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2011-09-13 32592]
S1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files\Emsisoft Anti-Malware\a2ddax86.sys [2011-05-19 17904]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2011-10-07 230608]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2009-06-02 18992]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2009-06-02 16432]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2009-06-02 60976]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2011-11-01 192776]
S2 DsiWMIService;Dritek WMI Service;c:\program files\Launch Manager\dsiwmis.exe [2011-11-01 107016]
S2 Greg_Service;GRegService;c:\program files\Acer\Registration\GregHSRW.exe [2011-11-01 1150496]
S2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [2011-11-01 253952]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2011-11-01 240160]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [2011-07-11 134736]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [2011-07-11 24272]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys [2011-10-04 16720]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x86.sys [2009-09-04 54784]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-11-01 01:49]
.
2011-11-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-11-01 01:49]
.
2011-11-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1165962799-223075182-2640885764-1000Core.job
- c:\users\ktolsen\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-25 22:20]
.
2011-11-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1165962799-223075182-2640885764-1000UA.job
- c:\users\ktolsen\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-25 22:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=ao532h&r=27b51011w505l0474ww45w64l2r782
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=ao532h&r=27b51011w505l0474ww45w64l2r782
IE: Add to Evernote 4.0 - c:\program files\Evernote\Evernote\EvernoteIE.dll/204
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://c:\program files\Evernote\Evernote\EvernoteIE.dll/204
TCP: DhcpNameServer = 192.168.1.1
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(2784)
c:\program files\EgisTec\MyWinLocker 3\x86\psdprotect.dll
c:\program files\EgisTec\MyWinLocker 3\x86\sysenv.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\AVG\AVG2012\avgemcx.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\windows\system32\sppsvc.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Completion time: 2011-11-13 12:12:47 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-13 18:12
ComboFix2.txt 2011-11-01 21:43
ComboFix3.txt 2011-11-01 01:59
.
Pre-Run: 207,659,401,216 bytes free
Post-Run: 207,659,204,608 bytes free
.
- - End Of File - - AF56B791E0449C42498D46A07AFB8064




MSE Quick Scan said it found one trojan, but I don't see it when I go to the history tab.
 

kevinf80

Kevin
Malware Specialist
Joined
Mar 21, 2006
Messages
11,470
Did you run AVG removal tool, it is still showing as installed....
 

a23kiki23

Thread Starter
Joined
Oct 31, 2011
Messages
9
Hmm, I did do the uninstall on it. Also, I've got something called emsisoft on my computer somewhere, though I tried uninstalling that a while ago as well.
 

kevinf80

Kevin
Malware Specialist
Joined
Mar 21, 2006
Messages
11,470
Step 3 in reply #9 has a link for AVG removal tool, get it and run it. Delete Combofix (Gotcha) from your Desktop. Download a fresh copy of Combofix from either of the following links:

Do not re-name this time...

Link 1
Link 2

Re-run as you did before
 

a23kiki23

Thread Starter
Joined
Oct 31, 2011
Messages
9
ComboFix 11-11-13.02 - ktolsen 11/13/2011 11:50:54.3.2 - x86
Microsoft Windows 7 Starter 6.1.7600.0.1252.1.1033.18.1013.493 [GMT -6:00]
Running from: c:\users\ktolsen\Desktop\Gotcha.exe
Command switches used :: c:\users\ktolsen\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2011-10-13 to 2011-11-13 )))))))))))))))))))))))))))))))
.
.
2011-11-13 18:03 . 2011-11-13 18:03 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-10 08:35 . 2011-11-10 08:35 -------- d-----w- c:\program files\Oceanis
2011-10-31 07:10 . 2011-05-25 00:14 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-10-31 05:02 . 2011-10-31 05:02 -------- d-----w- c:\windows\system32\SPReview
2011-10-31 05:01 . 2011-10-31 05:01 -------- d-----w- c:\windows\system32\EventProviders
2011-10-31 04:49 . 2011-10-31 07:38 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-10-31 04:49 . 2011-10-31 04:49 -------- d-----w- c:\programdata\Malwarebytes
2011-10-31 04:49 . 2011-10-31 07:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-10-30 16:40 . 2011-03-29 03:06 284160 ----a-w- c:\windows\system32\drivers\usbport.sys
2011-10-30 16:40 . 2011-03-29 03:06 43008 ----a-w- c:\windows\system32\drivers\usbehci.sys
2011-10-30 16:40 . 2011-03-29 03:07 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys
2011-10-30 16:40 . 2011-03-29 03:06 76288 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2011-10-30 16:40 . 2011-03-29 03:06 20480 ----a-w- c:\windows\system32\drivers\usbohci.sys
2011-10-30 16:40 . 2011-03-29 03:06 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2011-10-30 16:40 . 2011-03-29 03:06 5888 ----a-w- c:\windows\system32\drivers\usbd.sys
2011-10-30 16:40 . 2011-03-11 05:44 143744 ----a-w- c:\windows\system32\drivers\nvstor.sys
2011-10-30 16:39 . 2011-03-11 05:44 1210240 ----a-w- c:\windows\system32\drivers\ntfs.sys
2011-10-30 16:39 . 2011-03-11 05:44 117120 ----a-w- c:\windows\system32\drivers\nvraid.sys
2011-10-30 16:39 . 2011-03-11 05:39 1686016 ----a-w- c:\windows\system32\esent.dll
2011-10-30 16:39 . 2011-03-11 05:44 146304 ----a-w- c:\windows\system32\drivers\storport.sys
2011-10-30 16:39 . 2011-03-11 05:43 332160 ----a-w- c:\windows\system32\drivers\iaStorV.sys
2011-10-30 16:39 . 2011-03-11 05:43 80256 ----a-w- c:\windows\system32\drivers\amdsata.sys
2011-10-30 16:39 . 2011-03-11 05:43 22400 ----a-w- c:\windows\system32\drivers\amdxata.sys
2011-10-30 16:39 . 2011-03-11 05:37 74240 ----a-w- c:\windows\system32\fsutil.exe
2011-10-27 15:31 . 2011-10-27 15:36 -------- d-----w- C:\cb5d62e224cdaf4a97bfc586
2011-10-27 15:27 . 2009-11-25 17:47 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2011-10-27 15:27 . 2009-11-25 17:47 49472 ----a-w- c:\windows\system32\netfxperf.dll
2011-10-27 15:27 . 2009-11-25 17:47 297808 ----a-w- c:\windows\system32\mscoree.dll
2011-10-27 15:27 . 2009-11-25 17:47 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2011-10-27 15:27 . 2009-11-25 17:47 1130824 ----a-w- c:\windows\system32\dfshim.dll
2011-10-27 14:55 . 2011-10-27 14:55 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2011-10-27 14:43 . 2010-03-04 04:04 146304 ----a-w- c:\windows\system32\drivers\usbvideo.sys
2011-10-27 14:43 . 2010-03-04 03:57 190976 ----a-w- c:\windows\system32\drivers\ks.sys
2011-10-27 14:42 . 2010-09-14 06:07 276992 ----a-w- c:\windows\system32\wcncsvc.dll
2011-10-27 03:55 . 2011-10-27 03:55 -------- d-----w- c:\programdata\Hewlett-Packard
2011-10-27 03:55 . 2009-07-14 01:15 280064 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpzppw71.dll
2011-10-27 03:22 . 2011-02-19 05:32 739840 ----a-w- c:\windows\system32\d2d1.dll
2011-10-27 03:22 . 2011-02-19 05:33 802304 ----a-w- c:\windows\system32\FntCache.dll
2011-10-27 03:22 . 2011-02-19 05:32 1074176 ----a-w- c:\windows\system32\DWrite.dll
2011-10-26 18:18 . 2011-10-26 18:18 -------- d-sh--w- c:\windows\system32\%APPDATA%
2011-10-26 18:03 . 2011-10-26 18:03 -------- d-----w- C:\$AVG
2011-10-26 14:14 . 2011-10-26 14:15 -------- d-----w- c:\program files\WhatPulse
2011-10-26 11:40 . 2011-10-26 11:40 -------- d-----w- C:\DEVICE
2011-10-26 09:41 . 2010-12-21 05:38 204288 ----a-w- c:\windows\system32\upnp.dll
2011-10-26 09:41 . 2010-12-21 05:36 1389568 ----a-w- c:\windows\system32\msxml6.dll
2011-10-26 09:40 . 2010-12-21 05:36 1236992 ----a-w- c:\windows\system32\msxml3.dll
2011-10-26 09:40 . 2010-12-21 05:38 350720 ----a-w- c:\windows\system32\winhttp.dll
2011-10-26 09:40 . 2010-12-21 05:38 204800 ----a-w- c:\windows\system32\WebClnt.dll
2011-10-26 09:40 . 2010-12-21 05:34 80384 ----a-w- c:\windows\system32\davclnt.dll
2011-10-26 09:40 . 2010-12-21 05:38 73728 ----a-w- c:\windows\system32\wscsvc.dll
2011-10-26 09:40 . 2010-12-21 05:38 51200 ----a-w- c:\windows\system32\wscapi.dll
2011-10-26 09:40 . 2010-12-21 05:38 14336 ----a-w- c:\windows\system32\slwga.dll
2011-10-26 09:40 . 2010-06-29 04:57 4247040 ----a-w- c:\program files\Windows NT\Accessories\wordpad.exe
2011-10-26 09:40 . 2010-06-29 05:02 1413632 ----a-w- c:\windows\system32\ole32.dll
2011-10-26 09:39 . 2009-09-26 05:58 194488 ----a-w- c:\windows\system32\drivers\fvevol.sys
2011-10-26 09:38 . 2011-04-29 02:57 311296 ----a-w- c:\windows\system32\drivers\srv.sys
2011-10-26 09:38 . 2011-04-29 02:57 309760 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-10-26 09:38 . 2011-04-29 02:57 114176 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-10-26 09:38 . 2010-08-21 05:32 316928 ----a-w- c:\windows\system32\spoolsv.exe
2011-10-26 09:37 . 2011-02-18 05:33 31232 ----a-w- c:\windows\system32\prevhost.exe
2011-10-26 09:36 . 2010-07-29 06:30 197632 ----a-w- c:\windows\system32\ir32_32.dll
2011-10-26 09:36 . 2010-07-29 06:30 82944 ----a-w- c:\windows\system32\iccvid.dll
2011-10-26 09:36 . 2011-03-03 05:29 132608 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-10-26 09:36 . 2011-03-03 05:27 28672 ----a-w- c:\windows\system32\dnscacheugc.exe
2011-10-26 09:36 . 2011-06-23 04:38 3957120 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-26 09:36 . 2011-06-23 04:38 3902336 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-26 09:35 . 2011-02-19 03:37 294912 ----a-w- c:\windows\system32\atmfd.dll
2011-10-26 09:35 . 2011-02-19 05:32 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-10-26 09:34 . 2009-10-28 06:17 285696 ----a-w- c:\windows\system32\winlogon.exe
2011-10-26 09:34 . 2010-08-26 04:39 109056 ----a-w- c:\windows\system32\t2embed.dll
2011-10-26 09:34 . 2010-10-12 04:25 516096 ----a-w- c:\program files\Windows Mail\wab.exe
2011-10-26 09:33 . 2011-08-17 04:22 75776 ----a-w- c:\windows\system32\psisrndr.ax
2011-10-26 09:33 . 2011-08-17 04:26 465408 ----a-w- c:\windows\system32\psisdecd.dll
2011-10-26 09:33 . 2011-08-17 04:22 204288 ----a-w- c:\windows\system32\MSNP.ax
2011-10-26 09:33 . 2011-08-17 04:22 72704 ----a-w- c:\windows\system32\Mpeg2Data.ax
2011-10-26 09:33 . 2011-08-17 04:22 59904 ----a-w- c:\windows\system32\MSDvbNP.ax
2011-10-26 09:33 . 2010-08-21 05:36 224256 ----a-w- c:\windows\system32\schannel.dll
2011-10-26 09:33 . 2011-05-24 10:35 294912 ----a-w- c:\windows\system32\umpnpmgr.dll
2011-10-26 09:32 . 2010-11-02 04:39 749056 ----a-w- c:\windows\system32\schedsvc.dll
2011-10-26 09:32 . 2010-11-02 04:40 496128 ----a-w- c:\windows\system32\taskschd.dll
2011-10-26 09:32 . 2010-11-02 04:41 351232 ----a-w- c:\windows\system32\wmicmiplugin.dll
2011-10-26 09:32 . 2010-11-02 04:40 305152 ----a-w- c:\windows\system32\taskcomp.dll
2011-10-26 09:32 . 2010-11-02 04:34 192000 ----a-w- c:\windows\system32\taskeng.exe
2011-10-26 09:32 . 2010-11-02 04:34 179712 ----a-w- c:\windows\system32\schtasks.exe
2011-10-26 09:32 . 2009-12-11 07:44 133720 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2011-10-26 09:32 . 2009-12-11 07:38 1037312 ----a-w- c:\windows\system32\lsasrv.dll
2011-10-26 09:32 . 2010-06-19 06:23 37376 ----a-w- c:\windows\system32\rtutils.dll
2011-10-26 09:32 . 2010-03-04 07:33 1619968 ----a-w- c:\program files\Windows Mail\msoe.dll
2011-10-26 09:31 . 2010-12-18 05:29 541184 ----a-w- c:\windows\system32\kerberos.dll
2011-10-26 09:31 . 2011-07-09 02:26 222720 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-10-26 09:31 . 2011-05-04 02:43 96256 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-10-26 09:31 . 2011-05-04 02:43 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-10-26 09:31 . 2011-08-27 04:43 571904 ----a-w- c:\windows\system32\oleaut32.dll
2011-10-26 09:31 . 2011-08-27 04:43 233472 ----a-w- c:\windows\system32\oleacc.dll
2011-10-26 09:30 . 2010-10-16 04:34 573440 ----a-w- c:\windows\system32\odbc32.dll
2011-10-26 09:30 . 2010-10-16 04:33 987136 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2011-10-26 09:30 . 2010-10-16 04:33 372736 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
2011-10-26 09:30 . 2010-10-16 04:33 352256 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll
2011-10-26 09:30 . 2010-10-16 04:33 208896 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll
2011-10-26 09:30 . 2011-07-09 04:30 2048 ----a-w- c:\windows\system32\tzres.dll
2011-10-26 09:27 . 2011-04-27 02:33 78336 ----a-w- c:\windows\system32\drivers\dfsc.sys
2011-10-26 09:27 . 2011-06-21 05:39 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-10-26 09:27 . 2011-05-03 04:50 740864 ----a-w- c:\windows\system32\inetcomm.dll
2011-10-26 09:27 . 2010-03-05 07:42 67584 ----a-w- c:\windows\system32\asycfilt.dll
2011-10-26 09:27 . 2010-08-21 05:33 530432 ----a-w- c:\windows\system32\comctl32.dll
2011-10-26 09:26 . 2010-08-31 04:32 954752 ----a-w- c:\windows\system32\mfc40.dll
2011-10-26 09:26 . 2010-08-31 04:32 954288 ----a-w- c:\windows\system32\mfc40u.dll
2011-10-26 09:26 . 2011-09-06 02:38 2332672 ----a-w- c:\windows\system32\win32k.sys
2011-10-26 09:24 . 2011-05-04 04:52 1401856 ----a-w- c:\windows\system32\mssrch.dll
2011-10-26 09:24 . 2011-05-04 04:53 1553920 ----a-w- c:\windows\system32\tquery.dll
2011-10-26 09:24 . 2011-05-04 04:52 666624 ----a-w- c:\windows\system32\mssvp.dll
2011-10-26 09:24 . 2011-05-04 04:52 428032 ----a-w- c:\windows\system32\SearchIndexer.exe
2011-10-26 09:24 . 2011-05-04 04:52 337408 ----a-w- c:\windows\system32\mssph.dll
2011-10-26 09:24 . 2011-05-04 04:52 197120 ----a-w- c:\windows\system32\mssphtb.dll
2011-10-26 09:24 . 2011-05-04 04:52 164352 ----a-w- c:\windows\system32\SearchProtocolHost.exe
2011-10-26 09:24 . 2011-05-04 04:52 59392 ----a-w- c:\windows\system32\msscntrs.dll
2011-10-26 09:24 . 2011-05-04 04:52 86528 ----a-w- c:\windows\system32\SearchFilterHost.exe
2011-10-26 09:24 . 2011-02-12 05:30 191488 ----a-w- c:\windows\system32\FXSCOVER.exe
2011-10-26 09:24 . 2009-10-19 14:10 70656 ----a-w- c:\windows\system32\fontsub.dll
2011-10-26 09:24 . 2011-02-24 05:32 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-10-26 09:22 . 2011-02-26 05:33 2614784 ----a-w- c:\windows\explorer.exe
2011-10-26 09:22 . 2010-10-16 04:36 314368 ----a-w- c:\windows\system32\webio.dll
2011-10-26 09:18 . 2011-06-15 09:04 86016 ----a-w- c:\windows\system32\odbccu32.dll
2011-10-26 09:18 . 2011-06-15 09:04 81920 ----a-w- c:\windows\system32\odbccr32.dll
2011-10-26 09:18 . 2011-06-15 09:04 319488 ----a-w- c:\windows\system32\odbcjt32.dll
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-25 23:26 . 2010-01-09 01:42 6 ----a-w- c:\windows\system32\PLD_Framework.cmd
2011-10-07 12:23 . 2011-10-07 12:23 230608 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2011-10-04 12:21 . 2011-10-04 12:21 16720 ----a-w- c:\windows\system32\drivers\AVGIDSShim.sys
2011-09-13 11:30 . 2011-09-13 11:30 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-09-10 13:41 120104 ----a-w- c:\program files\EgisTec\MyWinLocker 3\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-01-09 39408]
"WhatPulse"="c:\program files\WhatPulse\WhatPulse.exe" [2010-08-09 2922496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2009-10-07 1157640]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-12-09 8120864]
"EgisTecLiveUpdate"="c:\program files\EgisTec Egis Software Update\EgisUpdate.exe" [2009-08-04 199464]
"mwlDaemon"="c:\program files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2009-09-10 349480]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"NortonOnlineBackupReminder"="c:\program files\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-07-25 588648]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-10-05 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-10-05 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-10-05 150552]
"Acer Assist Launcher"="c:\program files\Acer\Acer Assist\launcher.exe" [2007-11-19 1261568]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-10-23 1594664]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2011-10-25 2415456]
"emsisoft anti-malware"="c:\program files\Emsisoft Anti-Malware\a2guard.exe" [2011-10-17 3561872]
.
c:\users\ktolsen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
EvernoteClipper.lnk - c:\program files\Evernote\Evernote\EvernoteClipper.exe [2011-9-19 993280]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2011-07-11 295248]
R2 a2AntiMalware;Emsisoft Anti-Malware 6.0 - Service;c:\program files\Emsisoft Anti-Malware\a2service.exe [2011-10-31 3074040]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [x]
R2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [x]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-11-01 135664]
R3 a2acc;a2acc;c:\program files\EMSISOFT ANTI-MALWARE\a2accx86.sys [2011-08-12 51632]
R3 EUCR;EUCR;c:\windows\system32\DRIVERS\EUCR6SK.SYS [2009-11-23 103296]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-11-01 135664]
R3 MWLService;MyWinLocker Service;c:\program files\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2009-09-10 305448]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2011-07-11 23120]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2011-09-13 32592]
S1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files\Emsisoft Anti-Malware\a2ddax86.sys [2011-05-19 17904]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2011-10-07 230608]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2009-06-02 18992]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2009-06-02 16432]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2009-06-02 60976]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2011-11-01 192776]
S2 DsiWMIService;Dritek WMI Service;c:\program files\Launch Manager\dsiwmis.exe [2011-11-01 107016]
S2 Greg_Service;GRegService;c:\program files\Acer\Registration\GregHSRW.exe [2011-11-01 1150496]
S2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [2011-11-01 253952]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2011-11-01 240160]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [2011-07-11 134736]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [2011-07-11 24272]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys [2011-10-04 16720]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x86.sys [2009-09-04 54784]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-11-01 01:49]
.
2011-11-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-11-01 01:49]
.
2011-11-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1165962799-223075182-2640885764-1000Core.job
- c:\users\ktolsen\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-25 22:20]
.
2011-11-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1165962799-223075182-2640885764-1000UA.job
- c:\users\ktolsen\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-25 22:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=ao532h&r=27b51011w505l0474ww45w64l2r782
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=ao532h&r=27b51011w505l0474ww45w64l2r782
IE: Add to Evernote 4.0 - c:\program files\Evernote\Evernote\EvernoteIE.dll/204
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://c:\program files\Evernote\Evernote\EvernoteIE.dll/204
TCP: DhcpNameServer = 192.168.1.1
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(2784)
c:\program files\EgisTec\MyWinLocker 3\x86\psdprotect.dll
c:\program files\EgisTec\MyWinLocker 3\x86\sysenv.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\AVG\AVG2012\avgemcx.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\windows\system32\sppsvc.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Completion time: 2011-11-13 12:12:47 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-13 18:12
ComboFix2.txt 2011-11-01 21:43
ComboFix3.txt 2011-11-01 01:59
.
Pre-Run: 207,659,401,216 bytes free
Post-Run: 207,659,204,608 bytes free
.
- - End Of File - - AF56B791E0449C42498D46A07AFB8064




MSE Quick Scan found one trojan, though it appears as if it removed it for me.
 

kevinf80

Kevin
Malware Specialist
Joined
Mar 21, 2006
Messages
11,470
That is not a log from a new run of CF that is the same log that you posted in reply #10
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Members online

Top