Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Malware Identified: Trojan horse Patched_c.LYU

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Malware Identified: Trojan horse Patched_c.LYU

Unread postby helpmefix » July 7th, 2012, 2:33 pm

I have ran AVG and it identifed the malware as Trojan horse Patched_c.LYU but it has been unable to remove it. Can you please help me to get this off of my computer?

Here is my log file:


ComboFix 12-07-07.04 - Sheri 07/07/2012 7:52.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3572.2120 [GMT -7:00]
Running from: c:\users\Sheri\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\program files\Mozilla Firefox\searchplugins\search.xml
c:\programdata\Windows Defender
c:\programdata\Windows Defender\Definition Updates\{8DF22EEF-86A0-4F74-9A4E-D74AED517AC1}\mpasbase.vdm
c:\programdata\Windows Defender\Definition Updates\{8DF22EEF-86A0-4F74-9A4E-D74AED517AC1}\mpasdlta.vdm
c:\programdata\Windows Defender\Definition Updates\{8DF22EEF-86A0-4F74-9A4E-D74AED517AC1}\mpengine.dll
c:\programdata\Windows Defender\Support\MPLog-07132009-215552.log
c:\programdata\windows
c:\programdata\windows\Caches\{67D69890-D853-4011-A87E-AA64FA83CE5A}.2.ver0x0000000000000001.db
c:\programdata\Windows\Caches\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000004.db
c:\programdata\windows\Caches\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000005.db
c:\programdata\Windows\Caches\{92FCFE54-7083-4733-B738-ED55272E6F2B}.2.ver0x0000000000000001.db
c:\programdata\Windows\Caches\{D25C9F7E-8BB2-47F6-824D-5A6D1DB27502}.2.ver0x0000000000000001.db
c:\programdata\windows\Caches\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000001.db
c:\programdata\Windows\Caches\cversions.2.db
c:\programdata\windows\DeviceMetadataStore\cs-CZ\f29afbd0-f58c-4f64-b540-436b41ad956b.devicemetadata-ms
c:\programdata\windows\DeviceMetadataStore\da-DK\338b0169-5871-49be-9394-0bc6a8775d0a.devicemetadata-ms
c:\programdata\Windows\DeviceMetadataStore\de-DE\0fee2a17-3dd6-4d3a-848e-d07a5edc2f04.devicemetadata-ms
c:\programdata\Windows\DeviceMetadataStore\el-GR\4ee36c2c-6d41-4ef4-87da-54cf3b89771c.devicemetadata-ms
c:\programdata\windows\DeviceMetadataStore\en-US\34e548a8-3268-4dde-bedf-c40f9b6c814a.devicemetadata-ms
c:\programdata\Windows\DeviceMetadataStore\en-US\63921eef-8415-4368-9201-f0df4af5778f.devicemetadata-ms
c:\programdata\windows\DeviceMetadataStore\en-US\97d30e0e-bf7b-4093-b9ca-74d53ece9021.devicemetadata-ms
c:\programdata\windows\DeviceMetadataStore\es-ES\2ee13431-a855-4830-97e6-179fa246e334.devicemetadata-ms
c:\programdata\Windows\DeviceMetadataStore\fi-FI\130dc546-6876-4c49-b8cd-ee2193674e36.devicemetadata-ms
c:\programdata\Windows\DeviceMetadataStore\fr-FR\10e3581e-4b62-46d4-9e97-0e88480e0b8a.devicemetadata-ms
c:\programdata\Windows\DeviceMetadataStore\he-IL\d2a36269-ac58-4cbb-ad35-adc3bc109660.devicemetadata-ms
c:\programdata\windows\DeviceMetadataStore\hu-HU\34869419-c31c-4cf8-8842-3081186a78f1.devicemetadata-ms
c:\programdata\windows\DeviceMetadataStore\it-IT\0e814ebe-3122-47dd-a58c-fcf64f36afc3.devicemetadata-ms
c:\programdata\Windows\DeviceMetadataStore\ja-JP\e5e5734a-449e-4c2b-9068-4e8d1fdebbbe.devicemetadata-ms
c:\programdata\Windows\DeviceMetadataStore\ko-KR\c2abe3c1-8fde-462b-ae4e-39b653a9b72c.devicemetadata-ms
c:\programdata\Windows\DeviceMetadataStore\nb-NO\15a409c9-8099-4ac3-80db-34cdcb6b23ac.devicemetadata-ms
c:\programdata\windows\DeviceMetadataStore\nl-NL\6bf4f610-142c-44a5-8643-0dcae62ca0e2.devicemetadata-ms
c:\programdata\Windows\DeviceMetadataStore\pl-PL\11ec303e-341a-4c0d-8b35-8ea64e2411ae.devicemetadata-ms
c:\programdata\Windows\DeviceMetadataStore\pt-BR\839f48c8-6c7f-41d1-85d6-e6d2e44441e2.devicemetadata-ms
c:\programdata\windows\DeviceMetadataStore\pt-PT\8669ec6b-2a5e-44dd-a628-b95985d368df.devicemetadata-ms
c:\programdata\windows\DeviceMetadataStore\ru-RU\954b6ebd-ed96-4a99-b281-286f37ea769f.devicemetadata-ms
c:\programdata\Windows\DeviceMetadataStore\sl-SI\472ba683-ef23-4400-8c11-51db9a2115ab.devicemetadata-ms
c:\programdata\windows\DeviceMetadataStore\sv-SE\c3ad917a-44ae-4be1-b447-0cc7d161d368.devicemetadata-ms
c:\programdata\Windows\DeviceMetadataStore\zh-CN\8368e32a-3b06-4d2c-b83a-5239b747ef68.devicemetadata-ms
c:\programdata\Windows\DeviceMetadataStore\zh-TW\e47f132f-8a9d-4a65-9109-0833c0c63fed.devicemetadata-ms
c:\programdata\Windows\DRM\blackbox.bin
c:\programdata\Windows\DRM\drmstore.hds
c:\programdata\Windows\DRM\v3ks.bla
c:\programdata\Windows\DRM\v3ks.sec
c:\programdata\Windows\Power Efficiency Diagnostics\energy-ntkl.etl
c:\programdata\windows\Power Efficiency Diagnostics\energy-report-2010-12-17.xml
c:\programdata\Windows\Power Efficiency Diagnostics\energy-report-2010-12-31.xml
c:\programdata\Windows\Power Efficiency Diagnostics\energy-report-2011-01-25.xml
c:\programdata\windows\Power Efficiency Diagnostics\energy-report-2011-02-18.xml
c:\programdata\windows\Power Efficiency Diagnostics\energy-report.html
c:\programdata\Windows\Power Efficiency Diagnostics\energy-trace.etl
c:\programdata\windows\Ringtones\Ringtone 01.wma
c:\programdata\windows\Ringtones\Ringtone 02.wma
c:\programdata\Windows\Ringtones\Ringtone 03.wma
c:\programdata\windows\Ringtones\Ringtone 04.wma
c:\programdata\Windows\Ringtones\Ringtone 05.wma
c:\programdata\Windows\Ringtones\Ringtone 06.wma
c:\programdata\windows\Ringtones\Ringtone 07.wma
c:\programdata\Windows\Ringtones\Ringtone 08.wma
c:\programdata\windows\Ringtones\Ringtone 09.wma
c:\programdata\windows\Ringtones\Ringtone 10.wma
c:\programdata\windows\Start Menu\Default Programs.lnk
c:\programdata\Windows\Start Menu\Programs\Accessories\Accessibility\Speech Recognition.lnk
c:\programdata\windows\Start Menu\Programs\Accessories\Calculator.lnk
c:\programdata\windows\Start Menu\Programs\Accessories\displayswitch.lnk
c:\programdata\windows\Start Menu\Programs\Accessories\Math Input Panel.lnk
c:\programdata\windows\Start Menu\Programs\Accessories\Mobility Center.lnk
c:\programdata\windows\Start Menu\Programs\Accessories\Paint.lnk
c:\programdata\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk
c:\programdata\windows\Start Menu\Programs\Accessories\Snipping Tool.lnk
c:\programdata\windows\Start Menu\Programs\Accessories\Sound Recorder.lnk
c:\programdata\windows\Start Menu\Programs\Accessories\Sticky Notes.lnk
c:\programdata\windows\Start Menu\Programs\Accessories\Sync Center.lnk
c:\programdata\Windows\Start Menu\Programs\Accessories\System Tools\Character Map.lnk
c:\programdata\Windows\Start Menu\Programs\Accessories\System Tools\dfrgui.lnk
c:\programdata\Windows\Start Menu\Programs\Accessories\System Tools\Disk Cleanup.lnk
c:\programdata\Windows\Start Menu\Programs\Accessories\System Tools\Resource Monitor.lnk
c:\programdata\windows\Start Menu\Programs\Accessories\System Tools\System Information.lnk
c:\programdata\windows\Start Menu\Programs\Accessories\System Tools\System Restore.lnk
c:\programdata\windows\Start Menu\Programs\Accessories\System Tools\Task Scheduler.lnk
c:\programdata\Windows\Start Menu\Programs\Accessories\System Tools\Windows Easy Transfer Reports.lnk
c:\programdata\windows\Start Menu\Programs\Accessories\System Tools\Windows Easy Transfer.lnk
c:\programdata\windows\Start Menu\Programs\Accessories\Tablet PC\ShapeCollector.lnk
c:\programdata\Windows\Start Menu\Programs\Accessories\Tablet PC\TabTip.lnk
c:\programdata\windows\Start Menu\Programs\Accessories\Tablet PC\Windows Journal.lnk
c:\programdata\Windows\Start Menu\Programs\Accessories\Welcome Center.lnk
c:\programdata\windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE.lnk
c:\programdata\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk
c:\programdata\Windows\Start Menu\Programs\Accessories\Wordpad.lnk
c:\programdata\windows\Start Menu\Programs\Administrative Tools\Component Services.lnk
c:\programdata\windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk
c:\programdata\windows\Start Menu\Programs\Administrative Tools\Data Sources (ODBC).lnk
c:\programdata\windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk
c:\programdata\Windows\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk
c:\programdata\Windows\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk
c:\programdata\Windows\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk
c:\programdata\Windows\Start Menu\Programs\Administrative Tools\services.lnk
c:\programdata\windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk
c:\programdata\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk
c:\programdata\Windows\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk
c:\programdata\Windows\Start Menu\Programs\Administrative Tools\Windows PowerShell Modules.lnk
c:\programdata\windows\Start Menu\Programs\AI RoboForm\Buy RoboForm Pro.url
c:\programdata\windows\Start Menu\Programs\Debugging Tools for Windows (x86)\Uninstall Debugging Tools for Windows (x86).lnk
c:\programdata\Windows\Start Menu\Programs\Games\GameExplorer.lnk
c:\programdata\windows\Start Menu\Programs\GO Contact Sync Homepage.url
c:\programdata\windows\Start Menu\Programs\Google Earth\Uninstall Google Earth Plug-in.lnk
c:\programdata\Windows\Start Menu\Programs\Lenovo ThinkVantage Tools.lnk
c:\programdata\Windows\Start Menu\Programs\Maintenance\Backup and Restore Center.lnk
c:\programdata\windows\Start Menu\Programs\Maintenance\Create Recovery Disc.lnk
c:\programdata\windows\Start Menu\Programs\Maintenance\Remote Assistance.lnk
c:\programdata\windows\Start Menu\Programs\Media Center.lnk
c:\programdata\Windows\Start Menu\Programs\Microsoft Windows SDK v7.1\Windows SDK 7.1 Command Prompt.lnk
c:\programdata\windows\Start Menu\Programs\Sidebar.lnk
c:\programdata\Windows\Start Menu\Programs\Soluto\Uninstall Soluto.lnk
c:\programdata\Windows\Start Menu\Programs\WebEx\Productivity Tools\Uninstall.lnk
c:\programdata\windows\Start Menu\Programs\Windows DVD Maker.lnk
c:\programdata\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
c:\programdata\windows\Start Menu\Programs\Windows Media Player.lnk
c:\programdata\windows\Start Menu\Programs\Windows Virtual PC\Virtual Windows XP.lnk
c:\programdata\Windows\Start Menu\Programs\XPS Viewer.lnk
c:\programdata\windows\Start Menu\Windows Update.lnk
c:\programdata\windows\WER\ReportArchive\AppCrash_CAMMUTE.exe_6a92cc37c3bdb7f10f7f1ef46d8aa947ca472_084f54e3\Report.wer
c:\programdata\Windows\WER\ReportArchive\Critical_DeskTask.exe_a6d3a62d16b0d9c2e66f73ddaccc5488b3761725_154aead2\Report.wer
c:\programdata\Windows\WER\ReportArchive\Kernel_0_0_cab_00d70b55\Report.wer
c:\programdata\Windows\WER\ReportArchive\Kernel_0_0_cab_01e5b559\Report.cab
c:\programdata\Windows\WER\ReportArchive\Kernel_0_0_cab_01e5b559\Report.wer
c:\programdata\Windows\WER\ReportArchive\Kernel_0_0_cab_033b23f4\Report.wer
c:\programdata\Windows\WER\ReportArchive\Kernel_0_0_cab_04d8b29b\Report.wer
c:\programdata\windows\WER\ReportArchive\Kernel_0_0_cab_080163c1\Report.cab
c:\programdata\Windows\WER\ReportArchive\Kernel_0_0_cab_080163c1\Report.wer
c:\programdata\Windows\WER\ReportArchive\Kernel_0_0_cab_0bb9c570\Report.wer
c:\programdata\windows\WER\ReportArchive\Kernel_0_0_cab_0e7adeab\Report.wer
c:\programdata\Windows\WER\ReportArchive\Kernel_0_0_cab_0f8342ea\Report.wer
c:\programdata\Windows\WER\ReportArchive\Kernel_0_0_cab_10caa14c\Report.wer
c:\programdata\Windows\WER\ReportArchive\Kernel_0_0_cab_11df2f91\Report.wer
c:\programdata\Windows\WER\ReportArchive\Kernel_0_0_cab_4971dcc0\Report.wer
c:\programdata\Windows\WER\ReportArchive\Kernel_0_0_cab_4971ede0\Report.wer
c:\programdata\Windows\WER\ReportArchive\Kernel_0_0_cab_49720b10\Report.wer
c:\programdata\Windows\WER\ReportArchive\Kernel_0_0_cab_49721ccc\Report.wer
c:\programdata\Windows\WER\ReportArchive\Kernel_0_0_cab_49722c08\Report.wer
c:\programdata\windows\WER\ReportArchive\NonCritical_7.3.7600.16385_1874fcef6224e42694c8b30caacce43071e7c1_084f67d6\Report.wer
c:\programdata\windows\WER\ReportArchive\NonCritical_7.3.7600.16385_1874fcef6224e42694c8b30caacce43071e7c1_084f7af9\Report.wer
c:\programdata\windows\WER\ReportArchive\NonCritical_7.3.7600.16385_da14ee2b46a530257e51e56c6d2f723e2f5020c9_041571b6\Report.wer
c:\programdata\Windows\WER\ReportArchive\NonCritical_7.3.7600.16385_da14ee2b46a530257e51e56c6d2f723e2f5020c9_041586ac\Report.wer
c:\programdata\windows\WER\ReportArchive\NonCritical_7.3.7600.16385_da14ee2b46a530257e51e56c6d2f723e2f5020c9_04159bb2\Report.wer
c:\programdata\windows\WER\ReportArchive\NonCritical_7.3.7600.16385_da14ee2b46a530257e51e56c6d2f723e2f5020c9_0485ac07\Report.wer
c:\programdata\windows\WER\ReportArchive\NonCritical_7.3.7600.16385_da14ee2b46a530257e51e56c6d2f723e2f5020c9_0485c18a\Report.wer
c:\programdata\Windows\WER\ReportArchive\NonCritical_7.3.7600.16385_da14ee2b46a530257e51e56c6d2f723e2f5020c9_0495fbcb\Report.wer
c:\programdata\Windows\WER\ReportArchive\NonCritical_7.3.7600.16385_da14ee2b46a530257e51e56c6d2f723e2f5020c9_04960ea0\Report.wer
c:\programdata\Windows\WER\ReportArchive\NonCritical_7.3.7600.16385_da14ee2b46a530257e51e56c6d2f723e2f5020c9_049621c2\Report.wer
c:\programdata\Windows\WER\ReportArchive\NonCritical_7.3.7600.16385_da14ee2b46a530257e51e56c6d2f723e2f5020c9_05b05450\Report.wer
c:\programdata\Windows\WER\ReportArchive\NonCritical_7.3.7600.16385_da14ee2b46a530257e51e56c6d2f723e2f5020c9_05b067ef\Report.wer
c:\programdata\Windows\WER\ReportArchive\NonCritical_7.3.7600.16385_da14ee2b46a530257e51e56c6d2f723e2f5020c9_094468bd\Report.wer
c:\programdata\Windows\WER\ReportArchive\NonCritical_7.3.7600.16385_da14ee2b46a530257e51e56c6d2f723e2f5020c9_0b0068bd\Report.wer
c:\programdata\Windows\WER\ReportArchive\NonCritical_7.3.7600.16385_da14ee2b46a530257e51e56c6d2f723e2f5020c9_1057f398\Report.wer
c:\programdata\windows\WER\ReportArchive\NonCritical_7.3.7600.16385_da14ee2b46a530257e51e56c6d2f723e2f5020c9_49724265\Report.wer
c:\programdata\Windows\WER\ReportArchive\NonCritical_7.3.7600.16385_da14ee2b46a530257e51e56c6d2f723e2f5020c9_4972553a\Report.wer
c:\programdata\windows\WER\ReportArchive\NonCritical_Microsoft Corpor_34f98bfe46f1387f7746e474c26f08fc83cbfca_0465c3ea\Report.wer
c:\programdata\windows\WER\ReportArchive\NonCritical_Microsoft_13b3a23918c47da3729f90fbdeb7a328bf8d150_4972685c\Report.wer
c:\programdata\windows\WER\ReportArchive\NonCritical_Microsoft_343f281fff3f3197deeb39c9352f4426eba3_0491cd1f\Report.wer
c:\programdata\windows\WER\ReportArchive\NonCritical_Microsoft_3d1e9231749753d04b58af855ce2946bdfac45eb_49727400\Report.wer
c:\programdata\Windows\WER\ReportArchive\NonCritical_Microsoft_4780814be9f9611de3f97496cf36f8a6215a5e88_49728992\Report.wer
c:\programdata\windows\WER\ReportArchive\NonCritical_Setup.exe_a7be4db67938de5d1cb422ff97ccf16829a8b02e_1389a6da\Report.wer
c:\programdata\windows\WER\ReportArchive\NonCritical_x86_439bbb40b685f07c79b08a2e46e8779f4385e9bb_084f8574\Report.wer
c:\programdata\Windows\WER\ReportArchive\NonCritical_x86_df887ca1099eb492946a918c9359367d66d08b_084f903d\Report.wer
c:\programdata\Windows\WER\ReportArchive\NonCritical_x86_e91d8bc7e82e5d5e5e074e144dcd1a05eb2a37d_04419617\Report.wer
c:\users\Sheri\g2mdlhlpx.exe
c:\windows\assembly\GAC\Desktop.ini
c:\windows\Installer\{f75556d9-4217-2ed4-17d6-b3145d87ef04}\@
c:\windows\Installer\{f75556d9-4217-2ed4-17d6-b3145d87ef04}\L\00000004.@
c:\windows\Installer\{f75556d9-4217-2ed4-17d6-b3145d87ef04}\L\1afb2d56
c:\windows\Installer\{f75556d9-4217-2ed4-17d6-b3145d87ef04}\L\201d3dde
c:\windows\Installer\{f75556d9-4217-2ed4-17d6-b3145d87ef04}\U\00000004.@
c:\windows\Installer\{f75556d9-4217-2ed4-17d6-b3145d87ef04}\U\00000008.@
c:\windows\Installer\{f75556d9-4217-2ed4-17d6-b3145d87ef04}\U\000000cb.@
c:\windows\Installer\{f75556d9-4217-2ed4-17d6-b3145d87ef04}\U\80000000.@
c:\windows\Installer\{f75556d9-4217-2ed4-17d6-b3145d87ef04}\U\80000032.@
c:\windows\system32\ps2.bat
.
Infected copy of c:\windows\system32\services.exe was found and disinfected
Restored copy from - c:\32788r22fwjfw\HarddiskVolumeShadowCopy7_!Windows!System32!services.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-06-07 to 2012-07-07 )))))))))))))))))))))))))))))))
.
.
2012-07-07 15:08 . 2012-07-07 15:08 -------- d-----w- c:\users\DefaultAppPool\AppData\Local\temp
2012-07-07 15:08 . 2012-07-07 15:08 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-07-07 14:33 . 2012-07-07 14:33 -------- d-----w- c:\users\Sheri\AppData\Local\Secunia PSI
2012-07-07 03:29 . 2012-07-07 03:29 -------- d-----w- c:\users\Sheri\AppData\Roaming\AVG2012
2012-07-07 03:23 . 2012-07-07 15:15 -------- d-----w- c:\windows\system32\drivers\AVG
2012-07-06 18:26 . 2012-07-06 18:26 -------- d-----w- c:\users\Sheri\AppData\Local\AVG Secure Search
2012-07-06 18:26 . 2012-07-06 18:26 -------- d-----w- c:\programdata\AVG Secure Search
2012-07-06 18:26 . 2012-07-07 04:04 -------- d-----w- c:\program files\AVG Secure Search
2012-07-06 18:26 . 2012-07-07 04:04 -------- d-----w- c:\program files\Common Files\AVG Secure Search
2012-07-06 18:25 . 2012-07-07 03:23 -------- d-----w- c:\programdata\AVG2012
2012-07-06 18:25 . 2012-07-06 18:25 -------- d-----w- C:\$AVG
2012-07-06 18:24 . 2012-07-07 04:01 -------- d-----w- c:\program files\AVG
2012-07-06 03:07 . 2011-09-23 00:18 73064 ----a-w- c:\windows\system32\perf-MSSQL$MSSMLBIZ-sqlctr10.3.5500.0.dll
2012-07-06 03:07 . 2011-09-23 00:18 89960 ----a-w- c:\windows\system32\SQSRVRES.DLL
2012-07-06 02:09 . 2012-07-06 02:15 -------- d-----w- C:\ea96db6ae0616d7943e799
2012-07-05 02:55 . 2012-07-07 04:02 -------- d-----w- c:\program files\Microsoft WebMatrix
2012-07-05 02:54 . 2012-07-07 04:01 -------- d-----w- c:\program files\IIS
2012-07-05 02:53 . 2012-07-07 04:01 -------- d-----w- c:\program files\IIS Express
2012-07-05 02:53 . 2012-07-05 02:53 -------- d-----w- c:\program files\Microsoft SDKs
2012-07-05 02:52 . 2012-07-07 04:02 -------- d-----w- c:\program files\Microsoft ASP.NET
2012-07-05 00:25 . 2012-07-07 04:02 -------- d-----w- c:\program files\Shyam Pillai
2012-07-04 23:41 . 2012-07-07 04:02 -------- d-----w- c:\program files\LinkedIn
2012-07-04 04:51 . 2012-07-04 04:51 -------- d-----w- c:\users\Sheri\AppData\Local\LogMeIn
2012-07-04 04:51 . 2012-05-11 17:40 52096 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2012-07-04 04:51 . 2012-05-11 17:40 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2012-07-04 04:51 . 2012-05-11 17:40 30592 ----a-w- c:\windows\system32\LMIport.dll
2012-07-04 04:51 . 2012-04-02 19:17 47640 ----a-w- c:\windows\system32\drivers\LMIRfsDriver.sys
2012-07-04 04:51 . 2012-05-11 17:40 87424 ----a-w- c:\windows\system32\LMIinit.dll
2012-07-04 04:51 . 2012-07-07 14:30 -------- d-----w- c:\programdata\LogMeIn
2012-07-04 04:51 . 2012-07-07 04:02 -------- d-----w- c:\program files\LogMeIn
2012-07-01 05:02 . 2012-07-07 04:02 -------- d-----w- c:\program files\Microsoft Small Business
2012-07-01 05:02 . 2012-07-07 04:02 -------- d-----w- c:\program files\Microsoft Chart Controls
2012-07-01 05:00 . 2009-03-31 04:55 50200 ----a-w- c:\windows\system32\perf-SQLAgent$MSSMLBIZ-sqlagtctr10.1.2531.0.dll
2012-07-01 04:59 . 2012-07-01 04:59 -------- d-----w- c:\windows\system32\RsFx
2012-07-01 04:58 . 2012-07-07 04:02 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0
2012-07-01 04:58 . 2012-07-05 02:54 -------- d-----w- c:\windows\system32\1033
2012-06-25 18:39 . 2012-05-04 09:59 514560 ----a-w- c:\windows\system32\qdvd.dll
2012-06-22 17:19 . 2012-06-22 19:41 -------- d-----w- c:\users\Sheri\AppData\Roaming\webex
2012-06-22 15:39 . 2012-07-07 04:02 -------- d-----w- c:\users\Sheri\workspace
2012-06-19 14:02 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-19 14:02 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-19 14:02 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-19 14:02 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-19 14:02 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-19 14:02 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-19 14:02 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-19 14:02 . 2012-06-02 22:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-19 14:02 . 2012-06-02 22:12 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-18 18:29 . 2012-06-18 18:29 -------- d-----w- c:\users\Sheri\AppData\Local\Macromedia
2012-06-18 03:11 . 2012-06-18 03:11 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll
2012-06-18 03:11 . 2012-06-18 03:11 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll
2012-06-14 21:05 . 2012-06-14 21:05 -------- d--h--w- c:\users\.TemporaryItems
2012-06-14 03:34 . 2012-07-06 18:37 -------- d-----w- c:\users\Sheri\AppData\Local\Deployment
2012-06-14 03:32 . 2012-07-07 04:02 -------- d-----w- c:\program files\Scand Ltd
2012-06-13 23:48 . 2012-04-28 03:17 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-13 23:48 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\system32\msi.dll
2012-06-13 23:48 . 2012-05-15 01:05 2343936 ----a-w- c:\windows\system32\win32k.sys
2012-06-13 23:48 . 2012-05-01 04:44 164352 ----a-w- c:\windows\system32\profsvc.dll
2012-06-13 23:48 . 2012-04-26 04:45 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-13 23:48 . 2012-04-26 04:45 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-13 23:48 . 2012-04-26 04:41 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-13 23:48 . 2012-04-24 04:36 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-13 23:48 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\system32\crypt32.dll
2012-06-13 23:48 . 2012-04-24 04:36 103936 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-11 20:32 . 2012-06-11 20:32 -------- d-----w- c:\windows\Sun
2012-06-10 20:19 . 2012-06-10 20:19 -------- d-----w- c:\windows\PCHEALTH
2012-06-10 20:08 . 2012-07-07 04:05 -------- d-----w- c:\program files\WizMouse
2012-06-10 20:06 . 2012-07-07 04:02 -------- d-----w- c:\program files\Microsoft SQL Server
2012-06-10 19:22 . 2012-06-10 19:22 -------- d-----w- c:\users\Administrator\AppData\Local\ElevatedDiagnostics
2012-06-10 19:22 . 2009-04-20 19:57 46592 ----a-w- c:\windows\system32\drivers\risdptsk.sys
2012-06-10 19:21 . 2011-05-20 19:01 122104 ----a-w- c:\windows\system32\Vxdif.dll
2012-06-10 19:21 . 2011-05-26 17:50 305488 ----a-w- c:\windows\system32\drivers\Apfiltr.sys
2012-06-10 19:21 . 2007-10-31 05:57 7463 ----a-w- c:\windows\system32\drivers\tkbtnpn.sys
2012-06-10 19:21 . 2007-10-31 05:57 1490999 ----a-w- c:\windows\system32\tkbtnpn1.dll
2012-06-10 19:08 . 2012-07-07 04:02 -------- d-----w- c:\program files\RadarSync
2012-06-10 19:03 . 2012-07-07 04:02 -------- d-----w- c:\users\Administrator\AppData\Roaming\IObit
2012-06-09 19:42 . 2012-07-07 04:02 -------- d-----w- c:\users\Sheri\AppData\Local\Remove_Empty_Directories
2012-06-09 19:40 . 2012-06-09 19:40 -------- d-----w- c:\windows\system32\wbem\MOF
2012-06-09 18:21 . 2012-07-07 04:02 -------- d-----w- C:\Python27
2012-06-08 20:52 . 2012-06-08 20:52 -------- d-----w- c:\programdata\GFI Software
2012-06-08 01:42 . 2012-07-07 04:02 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-06-08 01:42 . 2012-06-10 19:01 -------- d-----w- c:\program files\Spybot - Search & Destroy
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-23 20:33 . 2012-04-03 22:59 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-23 20:33 . 2011-05-20 02:34 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-03 18:19 . 2012-06-03 18:19 74703 ----a-w- c:\windows\system32\mfc45.dll
2012-05-24 17:47 . 2012-06-03 20:30 21888 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2012-04-19 11:50 . 2012-04-19 11:50 24896 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2012-04-11 06:31 . 2012-04-11 06:31 2303488 ----a-w- c:\windows\system32\python27.dll
2012-06-18 03:11 . 2011-12-05 23:45 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AutorunsDisabled\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Sheri\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AutorunsDisabled\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Sheri\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AutorunsDisabled\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Sheri\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AutorunsDisabled\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Sheri\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AutorunsDisabled\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Sheri\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AutorunsDisabled\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Sheri\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"X1FileMonitor.exe"="c:\progra~1\X1\X1FileMonitor.exe" [2012-06-06 400024]
"WizMouse"="c:\program files\WizMouse\WizMouse.exe" [2009-11-06 694008]
"Advanced SystemCare 5"="c:\program files\IObit\Advanced SystemCare 5\ASCTray.exe" [2012-05-28 288128]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-07-20 505720]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2000-01-01 495708]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-26 1159168]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2011-08-03 309352]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2011-07-05 1632360]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 1821576]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2012-04-02 63048]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
.
c:\users\Sheri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Sheri\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
EvernoteClipper.lnk - c:\program files\Evernote\Evernote\EvernoteClipper.exe [2012-6-13 1014112]
Trillian.lnk - c:\program files\Trillian\trillian.exe [2011-12-19 2362720]
X1.lnk - c:\program files\X1\X1.exe [2012-6-6 903832]
.
c:\users\Sheri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled
X1 System Tray.lnk - c:\program files\X1\X1Systray.exe [2012-6-6 370840]
X1.lnk - c:\program files\X1\X1.exe [2012-6-6 903832]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Dell System Manager.lnk - c:\program files\Dell\Dell System Manager\DCPSysMgr.exe [2010-8-24 1458032]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled
Google Calendar Sync.lnk - c:\program files\Google\Google Calendar Sync\GoogleCalendarSync.exe [2011-4-8 542264]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoThumbnailCache"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AutorunsDisabled]
2011-08-12 18:43 147832 ----a-w- c:\program files\Citrix\GoToAssist Express Customer\309\g2ax_winlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Intuit Data Protect.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk
backup=c:\windows\pss\Intuit Data Protect.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=c:\windows\pss\QuickBooks Update Agent.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Sheri^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^DING!.lnk]
path=c:\users\Sheri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DING!.lnk
backup=c:\windows\pss\DING!.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
2012-03-27 12:40 40376 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter3]
2008-12-24 17:26 114688 ----a-w- c:\program files\Brother\ControlCenter3\BrCtrCen.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Intuit SyncManager]
2011-02-22 08:28 1497352 ----a-w- c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]
2012-04-02 19:17 63048 ----a-w- c:\program files\LogMeIn\x86\LogMeInSystray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoboForm]
2012-06-01 20:35 109336 ----a-w- c:\program files\Siber Systems\AI RoboForm\robotaskbaricon.exe
.
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\avgidsagent.exe [x]
R2 dsiasrv;DSM CM Inventory Agent;c:\program files\Dell\SysMgt\dsia\bin\DsiaSrv32.exe [x]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [x]
R3 BrSerIb;Brother Serial Interface Driver(WDM);c:\windows\system32\DRIVERS\BrSerIb.sys [x]
R3 BrUsbSIb;Brother Serial USB Driver(WDM);c:\windows\system32\DRIVERS\BrUsbSIb.sys [x]
R3 btwampfl;btwampfl;c:\windows\system32\drivers\btwampfl.sys [x]
R3 GoToAssist Express Customer;GoToAssist Express Customer;c:\program files\Citrix\GoToAssist Express Customer\309\g2ax_service.exe Start=service [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [x]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [x]
R3 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\PSIA.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R4 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x]
R4 RsFx0105;RsFx0105 Driver;c:\windows\system32\DRIVERS\RsFx0105.sys [x]
R4 SQLAgent$MSSMLBIZ;SQL Server Agent (MSSMLBIZ);c:\program files\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\SQLAGENT.EXE [x]
R4 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [x]
R4 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [x]
R4 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [x]
R4 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys [x]
S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys [x]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [x]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [x]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\IObit\Advanced SystemCare 5\ASCService.exe [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\aestsrv.exe [x]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [x]
S2 dcpsysmgrsvc;Dell System Manager Service;c:\program files\Dell\Dell System Manager\DCPSysMgrSvc.exe [x]
S2 iprip;RIP Listener;c:\windows\System32\svchost.exe [x]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [x]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [x]
S2 MsDepSvc;Web Deployment Agent Service;c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe [x]
S2 QBVSS;QBIDPService;c:\program files\Common Files\Intuit\DataProtect\QBIDPService.exe [x]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 acpials;ALS Sensor Filter;c:\windows\system32\DRIVERS\acpials.sys [x]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdriverx.sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfilterx.sys [x]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys [x]
S3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y6232.sys [x]
S3 NETwNs32;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETwNs32.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
ipripsvc REG_MULTI_SZ iprip
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 20:33]
.
2012-03-12 c:\windows\Tasks\FixCleaner Scan.job
- c:\program files\FixCleaner\FixCleaner.exe [2011-12-07 01:45]
.
2012-04-30 c:\windows\Tasks\FixCleaner Startup.job
- c:\program files\FixCleaner\FixCleaner.exe [2011-12-07 01:45]
.
2012-03-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3257982909-1008624326-3110686292-1000Core.job
- c:\users\Sheri\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-03 19:04]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://blekkosearch.mystart.com/blekkot ... p=homepage
mStart Page = hxxp://www.yahoo.com/?fr=fp-tyc8
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: Add to Evernote 4.0 - c:\program files\Evernote\Evernote\EvernoteIE.dll/204
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert link target to existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Se&nd to OneNote - c:\progra~1\MICROS~4\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Show RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
Trusted Zone: acs
Trusted Zone: atgnow.com\symantec
Trusted Zone: ausy-notes
Trusted Zone: concursolutions.com
Trusted Zone: crmsiebel
Trusted Zone: custhelp.com
Trusted Zone: custhelp.com\order-ops-americas
Trusted Zone: custhelp.com\order-ops-apj
Trusted Zone: custhelp.com\order-ops-emea
Trusted Zone: custhelp.com\order-ops-global
Trusted Zone: custhelp.com\symantec
Trusted Zone: custhelp.com\symantec-apc-en
Trusted Zone: custhelp.com\symantec-consumer-tams
Trusted Zone: custhelp.com\symantec-de
Trusted Zone: custhelp.com\symantec-emea-en
Trusted Zone: custhelp.com\symantec-fr
Trusted Zone: custhelp.com\symantec-japan
Trusted Zone: custhelp.com\symantec-osg
Trusted Zone: custhelp.com\symantec-osg-vip
Trusted Zone: custhelp.com\symantecacc
Trusted Zone: deptwebs
Trusted Zone: glc
Trusted Zone: gotomeeting.com
Trusted Zone: gss
Trusted Zone: irdu-notes
Trusted Zone: jato-notes
Trusted Zone: journyx.com
Trusted Zone: mymeetings.com
Trusted Zone: mysymantec.com
Trusted Zone: omniture.com\sitecatalyst
Trusted Zone: prg
Trusted Zone: quickarrow.com\symantec
Trusted Zone: salesdev
Trusted Zone: salesreports
Trusted Zone: symantec.com
Trusted Zone: syminfo
Trusted Zone: symlearn
Trusted Zone: sympeople
Trusted Zone: trainingreports
Trusted Zone: uscu-notes
Trusted Zone: usnn-notes
Trusted Zone: ussm-notes
Trusted Zone: ussp-notes
Trusted Zone: veritas.com
Trusted Zone: vnet
TCP: DhcpNameServer = 192.168.2.1
DPF: {682C59F5-478C-4421-9070-AD170D143B77} - hxxp://www.dell.com/support/troubleshoo ... /pcd86.cab
FF - ProfilePath - c:\users\Sheri\AppData\Roaming\Mozilla\Firefox\Profiles\da9fwbak.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?q=
FF - prefs.js: network.proxy.type - 0
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{88c7f2aa-f93f-432c-8f0e-b7d85967a527} - (no file)
URLSearchHooks-{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)
WebBrowser-{88C7F2AA-F93F-432C-8F0E-B7D85967A527} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
HKCU-Run-AdobeBridge - (no file)
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
MSConfigStartUp-Xmarks - c:\program files\Xmarks\IE Extension\xmarkssync.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MsDepSvc]
"ImagePath"="\"c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe\" -runService:MsDepSvc"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3257982909-1008624326-3110686292-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\P*e*r*s*o*n*a*l* \NonProfit]
"Order"=hex:08,00,00,00,02,00,00,00,9e,00,00,00,01,00,00,00,01,00,00,00,92,00,
00,00,00,00,00,00,84,00,32,00,cd,00,00,00,00,bd,cb,1a,20,00,59,57,43,41,57,\
.
[HKEY_USERS\S-1-5-21-3257982909-1008624326-3110686292-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\P*e*r*s*o*n*a*l* \Training]
"Order"=hex:08,00,00,00,02,00,00,00,90,00,00,00,01,00,00,00,01,00,00,00,84,00,
00,00,00,00,00,00,76,00,32,00,cd,00,00,00,00,08,7d,7d,20,00,4d,49,43,52,4f,\
.
[HKEY_USERS\S-1-5-21-3257982909-1008624326-3110686292-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\Y*a*h*o*o*!* \Communication]
"Order"=hex:08,00,00,00,02,00,00,00,10,02,00,00,01,00,00,00,05,00,00,00,6e,00,
00,00,00,00,00,00,60,00,32,00,cd,00,00,00,00,56,20,5f,20,00,47,52,45,45,54,\
.
[HKEY_USERS\S-1-5-21-3257982909-1008624326-3110686292-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\Y*a*h*o*o*!* \Community]
"Order"=hex:08,00,00,00,02,00,00,00,4a,02,00,00,01,00,00,00,05,00,00,00,6e,00,
00,00,00,00,00,00,60,00,32,00,cd,00,00,00,00,75,c5,58,20,00,45,44,55,43,41,\
.
[HKEY_USERS\S-1-5-21-3257982909-1008624326-3110686292-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\Y*a*h*o*o*!* \Entertainment]
"Order"=hex:08,00,00,00,02,00,00,00,ee,02,00,00,01,00,00,00,07,00,00,00,6e,00,
00,00,00,00,00,00,60,00,32,00,cd,00,00,00,00,9d,ed,8f,20,00,41,53,54,52,4f,\
.
[HKEY_USERS\S-1-5-21-3257982909-1008624326-3110686292-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\Y*a*h*o*o*!* \Home & Living]
"Order"=hex:08,00,00,00,02,00,00,00,d6,02,00,00,01,00,00,00,07,00,00,00,68,00,
00,00,00,00,00,00,5a,00,32,00,cd,00,00,00,00,1f,22,cb,20,00,43,61,72,65,65,\
.
[HKEY_USERS\S-1-5-21-3257982909-1008624326-3110686292-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\Y*a*h*o*o*!* \Information Management]
"Order"=hex:08,00,00,00,02,00,00,00,5c,06,00,00,01,00,00,00,0f,00,00,00,5c,00,
00,00,00,00,00,00,4e,00,32,00,cd,00,00,00,00,4e,f1,92,20,00,33,36,30,2e,75,\
.
[HKEY_USERS\S-1-5-21-3257982909-1008624326-3110686292-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\Y*a*h*o*o*!* \News]
"Order"=hex:08,00,00,00,02,00,00,00,be,02,00,00,01,00,00,00,06,00,00,00,66,00,
00,00,00,00,00,00,58,00,32,00,cd,00,00,00,00,2b,9f,e8,20,00,41,6c,65,72,74,\
.
[HKEY_USERS\S-1-5-21-3257982909-1008624326-3110686292-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\Y*a*h*o*o*!* \Personal Finance]
"Order"=hex:08,00,00,00,02,00,00,00,f0,00,00,00,01,00,00,00,02,00,00,00,68,00,
00,00,00,00,00,00,5a,00,32,00,cd,00,00,00,00,c8,4b,36,20,00,46,69,6e,61,6e,\
.
[HKEY_USERS\S-1-5-21-3257982909-1008624326-3110686292-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\Y*a*h*o*o*!* \Personal Publishing]
"Order"=hex:08,00,00,00,02,00,00,00,c2,01,00,00,01,00,00,00,04,00,00,00,68,00,
00,00,00,00,00,00,5a,00,32,00,cd,00,00,00,00,00,c6,ba,20,00,44,6f,6d,61,69,\
.
[HKEY_USERS\S-1-5-21-3257982909-1008624326-3110686292-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\Y*a*h*o*o*!* \Shopping]
"Order"=hex:08,00,00,00,02,00,00,00,c8,03,00,00,01,00,00,00,09,00,00,00,62,00,
00,00,00,00,00,00,54,00,32,00,cd,00,00,00,00,0a,1c,da,20,00,41,75,74,6f,73,\
.
[HKEY_USERS\S-1-5-21-3257982909-1008624326-3110686292-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\Y*a*h*o*o*!* \Sports & Outdoors]
"Order"=hex:08,00,00,00,02,00,00,00,5a,01,00,00,01,00,00,00,03,00,00,00,78,00,
00,00,00,00,00,00,6a,00,32,00,cd,00,00,00,00,4e,ad,6e,20,00,46,41,4e,54,41,\
.
[HKEY_USERS\S-1-5-21-3257982909-1008624326-3110686292-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\Y*a*h*o*o*!* \Tools for Business]
"Order"=hex:08,00,00,00,02,00,00,00,6c,02,00,00,01,00,00,00,05,00,00,00,7a,00,
00,00,00,00,00,00,6c,00,32,00,cd,00,00,00,00,1e,0c,f2,20,00,4d,41,52,4b,45,\
.
[HKEY_USERS\S-1-5-21-3257982909-1008624326-3110686292-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\Y*a*h*o*o*!* \Travel & Transportation]
"Order"=hex:08,00,00,00,02,00,00,00,00,01,00,00,01,00,00,00,02,00,00,00,8e,00,
00,00,00,00,00,00,80,00,32,00,cd,00,00,00,00,fe,be,56,20,00,4d,41,50,53,26,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(3324)
c:\users\Sheri\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
c:\program files\WIDCOMM\Bluetooth Software\btncopy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\IDT\WDM\STacSV.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\conhost.exe
c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\WIDCOMM\Bluetooth Software\btwdins.exe
c:\windows\system32\CISVC.EXE
c:\program files\LogMeIn\x86\RaMaint.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\windows\System32\snmp.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\sqlservr.exe
c:\windows\system32\cidaemon.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\X1\X1FileMonitor.exe
c:\program files\Microsoft IntelliPoint\dpupdchk.exe
c:\program files\DellTPad\ApMsgFwd.exe
c:\program files\Brother\Brmfcmon\BrMfcmon.exe
c:\program files\DellTPad\Apntex.exe
c:\program files\DellTPad\HidFind.exe
c:\windows\system32\conhost.exe
c:\progra~1\X1\X1Systray.exe
c:\progra~1\X1\X1Service.exe
.
**************************************************************************
.
Completion time: 2012-07-07 11:04:22 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-07 18:04
.
Pre-Run: 124,596,576,256 bytes free
Post-Run: 128,104,509,440 bytes free
.
- - End Of File - - 77D77C7B475DBA71A5319D5C002463F4
helpmefix
Active Member
 
Posts: 1
Joined: July 7th, 2012, 2:27 pm
Advertisement
Register to Remove

Re: Malware Identified: Trojan horse Patched_c.LYU

Unread postby deltalima » July 7th, 2012, 2:38 pm

ComboFix Log posted - no other log.

May I draw your attention to the topic: ALL USERS OF THIS FORUM MUST READ THIS FIRST, which you should have read before posting for help.

ComboFix is not a tool that is intended to be used without the direct supervision of a qualified expert. To use ComboFix on your own, especially without the Recovery Console installed for XP or access to the Recovery Environment for Vista or Windows 7, is to court disaster for your computer. Please stop all attempts at self-fixes for your system's issues as that may only confuse the issue further and cause additional problems as well.

The instructions for running DDS found HERE, state how we need you to post the logs, so we can help you.
Please follow the instructions, start a new topic and post your logs, include your ComboFix log in the same post.


This topic is now closed
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 295 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware