Darrelkun
2012-09-10, 03:30
Hello,
My mother's computer contracted a nasty trojan a few days ago. Upon running Spybot, Smitfraud-C:Generic was found. Every couple of hours firefox will boot up a website about a banned fish, and when using google most URLs will redirect to inappropriate websites. To make matters worse, firefox now keeps crashing and recently, stopped working entirely. I had to reinstall it and it seems to be working, but it still gives error messages. Whether or not this is linked to the trojan or something else, I don't know.
Spybot does not get rid of these trojans. :( Neither does Malwarebyte. I thought she had Avast!, but I guess she doesn't. I will be downloading that asap.
An additional note: I accidentally checked the Current User Registry when I first ran ERUNT (I didn't see the note about System Registry ONLY until after the fact! Sorry!). I hope that's okay; it wouldn't let me undo it. Is there anything I can do about this? Or should I leave it for now?
Here is my Spybot log:
Smitfraud-C.generic: [SBI $5926A588] Executable (File, nothing done)
C:\Windows\svchost.exe
Properties.size=20480
Properties.md5=2CEFF13ACE25A40BD8D97654944297CD
Properties.filedate=1247534086
Properties.filedatetext=2009-07-13 18:14:45
--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---
Here is my DDS file report:
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29
Run by Mom at 16:48:28 on 2012-09-09
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3895.1833 [GMT -7:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\SysWOW64\atashost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\Dwm.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Windows\System32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Users\Mom\AppData\Roaming\Urso\koxuf.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
-netsvcs
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\DllHost.exe
"C:\Windows\SysWOW64\svchost.exe" -k LocalServiceDns
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: DealCabby: {780e957d-9057-415c-8b59-c22dfa66a44b} - C:\Users\Mom\AppData\Local\dealcabby\ie\dealcabby_20120804035001.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [Google] Rundll32.exe C:\Users\Mom\AppData\Local\Google\tmwtnkml.dll,FECoreInstance
uRun: [{6C15843D-3E00-AD40-E8DE-0CF4DB552FE9}] C:\Users\Mom\AppData\Roaming\Urso\koxuf.exe
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Dell Registration] C:\Program Files (x86)\System Registration\prodreg.exe /boot
mRun: [<NO NAME>]
mRun: [RoxWatchTray] "c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
StartupFolder: C:\Users\Mom\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ERUNTA~1.LNK - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.1.1
TCP: Interfaces\{72766EDE-761F-4B5D-ABCB-ED152175B5BD} : DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.1.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO-X64: DealCabby: {780E957D-9057-415C-8B59-C22DFA66A44B} - C:\Users\Mom\AppData\Local\dealcabby\ie\dealcabby_20120804035001.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Dell Registration] C:\Program Files (x86)\System Registration\prodreg.exe /boot
mRun-x64: [(Default)]
mRun-x64: [RoxWatchTray] "c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun-x64: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRunOnce-x64: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Mom\AppData\Roaming\Mozilla\Firefox\Profiles\lr7cly53.default-1347234195202\
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 atashost;WebEx Service Host for Support Center;C:\Windows\SysWOW64\atashost.exe [2011-7-16 43912]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-4-20 13336]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-8-29 655944]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2011-4-20 1692480]
R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-4-20 2320920]
R3 BcmVWL;Broadcom Virtual Wireless;C:\Windows\system32\DRIVERS\bcmvwl64.sys --> C:\Windows\system32\DRIVERS\bcmvwl64.sys [?]
R3 btusbflt;Bluetooth USB Filter;C:\Windows\system32\drivers\btusbflt.sys --> C:\Windows\system32\drivers\btusbflt.sys [?]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 fsssvc;Windows Live Family Safety Service;"C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe" --> C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [?]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-9-7 136176]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-6-9 1153368]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-8-18 250056]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-9-7 136176]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-26 114144]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-09-09 23:42:35 73696 ----a-w- C:\Program Files (x86)\Mozilla Firefox\breakpadinjector.dll
2012-09-09 23:42:35 266720 ----a-w- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll
2012-09-09 14:40:54 -------- d-----w- C:\Users\Mom\AppData\Local\{98ACD208-E10A-4F14-9203-9B86552C6033}
2012-09-09 02:40:26 -------- d-----w- C:\Users\Mom\AppData\Local\{C2DF7EF5-CD23-4C72-A1B7-C39FBA6AC0D5}
2012-09-08 14:40:14 -------- d-----w- C:\Users\Mom\AppData\Local\{6E09973C-AD3E-4266-BFCF-284316B5EAC7}
2012-09-08 02:39:50 -------- d-----w- C:\Users\Mom\AppData\Local\{4D77D419-EB61-49F1-AC49-54E526A8673B}
2012-09-07 14:39:36 -------- d-----w- C:\Users\Mom\AppData\Local\{9BD699D5-B0C7-456E-8E91-82C84B4766D2}
2012-09-07 02:39:06 -------- d-----w- C:\Users\Mom\AppData\Local\{9F8FAA4A-F802-4D56-BA55-C31F8023C15D}
2012-09-06 14:38:56 -------- d-----w- C:\Users\Mom\AppData\Local\{A810F45C-E51D-4655-8A25-BCC366660400}
2012-09-06 02:38:30 -------- d-----w- C:\Users\Mom\AppData\Local\{7D3BB518-84D4-4DD3-8584-92CA848FFF95}
2012-09-05 14:38:19 -------- d-----w- C:\Users\Mom\AppData\Local\{0A1D9C2E-9826-45D7-943F-F981ECD3FD82}
2012-09-05 02:37:54 -------- d-----w- C:\Users\Mom\AppData\Local\{B11F75C7-39A3-4A30-A9C3-996BA4DCF0E8}
2012-09-04 14:37:43 -------- d-----w- C:\Users\Mom\AppData\Local\{36257D4B-7FF8-4558-9242-5DD9417F3D74}
2012-09-04 02:37:20 -------- d-----w- C:\Users\Mom\AppData\Local\{881031F0-E4BA-4EC9-8651-E723713ECD73}
2012-09-03 14:37:09 -------- d-----w- C:\Users\Mom\AppData\Local\{0A3FBD73-0851-42E3-9ABB-AB919B6C7625}
2012-09-03 02:36:44 -------- d-----w- C:\Users\Mom\AppData\Local\{E9027C4C-9389-4E91-8FF1-A52E34DD8B70}
2012-09-02 14:36:20 -------- d-----w- C:\Users\Mom\AppData\Local\{F066F07D-6E6D-4EE6-A70F-BC353049663D}
2012-09-02 02:35:50 -------- d-----w- C:\Users\Mom\AppData\Local\{785BF660-0F3A-4505-8B29-C5FD5AC11C4C}
2012-09-01 14:35:26 -------- d-----w- C:\Users\Mom\AppData\Local\{DAB11CBF-87C3-40EF-B8AC-860D8C0E9ED8}
2012-09-01 02:34:58 -------- d-----w- C:\Users\Mom\AppData\Local\{0003FACD-CC45-480C-B2CE-6599FC9BBFBB}
2012-08-31 14:34:44 -------- d-----w- C:\Users\Mom\AppData\Local\{428DC594-01EA-462D-8D4B-1C834DE4CDBA}
2012-08-31 02:34:21 -------- d-----w- C:\Users\Mom\AppData\Local\{04A6C79B-1017-4674-A684-52E7997B764F}
2012-08-30 14:34:09 -------- d-----w- C:\Users\Mom\AppData\Local\{0B7C906E-7989-4F0F-AF9A-E0620583FCC0}
2012-08-30 04:28:52 20480 ----a-w- C:\Windows\svchost.exe
2012-08-30 04:27:11 0 ----a-w- C:\Windows\SysWow64\sho300E.tmp
2012-08-30 02:33:44 -------- d-----w- C:\Users\Mom\AppData\Local\{3CBA13D3-2341-4016-8F55-5475D03100D3}
2012-08-29 14:33:20 -------- d-----w- C:\Users\Mom\AppData\Local\{FD3A0FB4-9498-4559-A394-4DA0B7F87703}
2012-08-29 02:32:57 -------- d-----w- C:\Users\Mom\AppData\Local\{CC10B6C7-336F-4C43-B755-AF291D05E37F}
2012-08-28 14:32:46 -------- d-----w- C:\Users\Mom\AppData\Local\{59A5A9C8-F5C7-40CD-BB24-5E2D7C6DCAB2}
2012-08-28 02:32:22 -------- d-----w- C:\Users\Mom\AppData\Local\{8034D693-CEE7-4CA6-9FD4-CFC426C54721}
2012-08-27 14:32:12 -------- d-----w- C:\Users\Mom\AppData\Local\{A0D33881-81FB-4DCA-A337-6A348D600214}
2012-08-27 04:40:51 0 ----a-w- C:\Windows\SysWow64\sho975.tmp
2012-08-27 02:31:47 -------- d-----w- C:\Users\Mom\AppData\Local\{1DA9D195-0BAA-4E6B-A9D3-D12F37C25D4C}
2012-08-26 14:31:37 -------- d-----w- C:\Users\Mom\AppData\Local\{B90FC22B-8960-4E94-BF6D-10C032E5851E}
2012-08-26 02:31:09 -------- d-----w- C:\Users\Mom\AppData\Local\{A08E67BC-7DE6-4219-ADEA-93A29F7701E7}
2012-08-25 14:30:59 -------- d-----w- C:\Users\Mom\AppData\Local\{B9211D12-47B0-408D-8DBB-3DA049B8D01F}
2012-08-25 02:30:35 -------- d-----w- C:\Users\Mom\AppData\Local\{7C2C4DDA-236F-4285-98C8-49CD2B9B5457}
2012-08-24 14:30:23 -------- d-----w- C:\Users\Mom\AppData\Local\{2524FDA6-8A28-455A-A581-4B944212B2C3}
2012-08-24 02:29:58 -------- d-----w- C:\Users\Mom\AppData\Local\{BD67E7EE-E67D-46D8-981D-8F8A8792BC1C}
2012-08-23 14:29:32 -------- d-----w- C:\Users\Mom\AppData\Local\{1617D1DA-5EE7-4CCF-BF80-DE6C6C753123}
2012-08-23 02:29:09 -------- d-----w- C:\Users\Mom\AppData\Local\{8662E8D1-FB40-45B5-99DF-D3230A7E5CD5}
2012-08-22 14:28:57 -------- d-----w- C:\Users\Mom\AppData\Local\{E9E82E28-469D-4B94-B160-06442BB84FFB}
2012-08-22 02:28:33 -------- d-----w- C:\Users\Mom\AppData\Local\{98A18B30-8727-40E4-B786-BE1CBEA7E943}
2012-08-21 14:28:22 -------- d-----w- C:\Users\Mom\AppData\Local\{A3A5825A-A8E3-46A4-A61F-4EC02687D138}
2012-08-21 02:27:58 -------- d-----w- C:\Users\Mom\AppData\Local\{787D9230-CD03-463D-BD35-37D766FF3A4E}
2012-08-20 14:27:47 -------- d-----w- C:\Users\Mom\AppData\Local\{4B238AEF-D423-4833-9A62-8DF8ABC39F36}
2012-08-20 02:27:23 -------- d-----w- C:\Users\Mom\AppData\Local\{B898E4B2-6087-443B-9751-90FEBDA80FA6}
2012-08-19 14:27:12 -------- d-----w- C:\Users\Mom\AppData\Local\{2DB9D196-0711-4A03-89A1-A8BD1D6C4D0F}
2012-08-19 02:26:44 -------- d-----w- C:\Users\Mom\AppData\Local\{F077A306-AC4B-41B2-B7FE-55B5A561BAFA}
2012-08-19 01:06:56 -------- d-----w- C:\Users\Mom\AppData\Local\Macromedia
2012-08-18 21:19:11 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-08-18 14:26:34 -------- d-----w- C:\Users\Mom\AppData\Local\{860AE12A-15A9-41C1-9F4E-4C594C1231DA}
2012-08-18 02:26:06 -------- d-----w- C:\Users\Mom\AppData\Local\{A31CA825-3FEC-451D-898C-8E3EADA35D36}
2012-08-17 11:21:50 9133488 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E8BD552A-86CB-48C6-9B22-F43D8FC22313}\mpengine.dll
2012-08-17 11:16:44 -------- d-----w- C:\Users\Mom\AppData\Local\{AD59AA76-3774-461B-B5C2-6C768C327934}
2012-08-17 11:16:30 -------- d-----w- C:\Users\Mom\AppData\Local\{B86E8D0A-A529-4EF0-80F0-2AB8E0381E79}
2012-08-16 11:28:23 -------- d-----w- C:\Users\Mom\AppData\Local\{02F45DC2-EF5E-403F-ABF4-C1FF290737C7}
2012-08-16 11:28:12 -------- d-----w- C:\Users\Mom\AppData\Local\{D376D3AB-FC42-4056-9056-47B7A9052F4B}
2012-08-16 04:51:21 552448 ----a-w- C:\Windows\System32\drivers\bthport.sys
2012-08-15 11:46:47 503808 ----a-w- C:\Windows\System32\srcore.dll
2012-08-15 11:46:47 43008 ----a-w- C:\Windows\SysWow64\srclient.dll
2012-08-15 11:46:46 751104 ----a-w- C:\Windows\System32\win32spl.dll
2012-08-15 11:46:46 67584 ----a-w- C:\Windows\splwow64.exe
2012-08-15 11:46:46 559104 ----a-w- C:\Windows\System32\spoolsv.exe
2012-08-15 11:46:46 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll
2012-08-15 11:46:42 58880 ----a-w- C:\Windows\System32\browcli.dll
2012-08-15 11:46:42 41472 ----a-w- C:\Windows\SysWow64\browcli.dll
2012-08-15 11:46:42 3146752 ----a-w- C:\Windows\System32\win32k.sys
2012-08-15 11:46:42 136704 ----a-w- C:\Windows\System32\browser.dll
2012-08-15 11:46:41 956416 ----a-w- C:\Windows\System32\localspl.dll
2012-08-15 11:38:21 -------- d-----w- C:\Users\Mom\AppData\Local\{9D661FD1-194B-482F-AEEF-EBC524D4599E}
2012-08-15 11:38:10 -------- d-----w- C:\Users\Mom\AppData\Local\{8CA760D2-14A9-492D-9023-B481E67BDDBF}
2012-08-14 11:13:47 -------- d-----w- C:\Users\Mom\AppData\Local\{85A4345E-3D0D-48FD-B939-B6C376425798}
2012-08-14 11:13:36 -------- d-----w- C:\Users\Mom\AppData\Local\{D339A9EC-6993-4F05-9539-9189204FE8C8}
2012-08-13 23:06:19 -------- d-----w- C:\Users\Mom\AppData\Local\{5CACB4C0-E813-4222-BC0E-01DB98E2DC32}
2012-08-13 23:06:09 -------- d-----w- C:\Users\Mom\AppData\Local\{CF57DE71-7AE6-4BBB-A13C-649EDAE5DD68}
2012-08-13 11:46:34 -------- d-----w- C:\Users\Mom\AppData\Local\{FFF806F0-9270-41CD-95DA-2F57643EFFB2}
2012-08-13 11:46:16 -------- d-----w- C:\Users\Mom\AppData\Local\{E64C3BC9-ABA0-4DEE-AC89-EEFC7EDE90A9}
2012-08-12 17:20:51 -------- d-----w- C:\Users\Mom\AppData\Local\{72491D2D-64E0-43B9-A599-57655C63AB09}
2012-08-12 17:20:34 -------- d-----w- C:\Users\Mom\AppData\Local\{969FC879-E05F-4112-9894-1B60DC95248E}
2012-08-12 15:44:03 -------- d-----w- C:\ProgramData\VirtualizedApplications
2012-08-12 13:34:46 -------- d-----w- C:\Users\Mom\AppData\Local\{93278B15-9F4D-4D53-B019-29A99DA8A988}
2012-08-12 13:34:34 -------- d-----w- C:\Users\Mom\AppData\Local\{17FBE541-0626-4363-A895-913D6F787DF4}
2012-08-12 03:10:23 -------- d-----w- C:\Users\Mom\AppData\Local\{9E4583FD-6CA3-4CC9-A0B8-2D9FBFCA31D3}
2012-08-12 03:10:10 -------- d-----w- C:\Users\Mom\AppData\Local\{094BCAAD-8C84-4E67-A1B9-A0F180B0297E}
2012-08-12 02:51:19 -------- d-----w- C:\Users\Mom\AppData\Local\ElevatedDiagnostics
2012-08-12 02:40:40 -------- d-----w- C:\Users\Mom\AppData\Local\{5DA42710-1FF0-4969-BA04-F9B10F723612}
2012-08-12 02:40:19 -------- d-----w- C:\Users\Mom\AppData\Local\{8B8D9C5B-C869-4E0B-96DA-63DA198970DA}
2012-08-12 02:14:10 -------- d-----w- C:\Users\Mom\AppData\Roaming\SoftGrid Client
2012-08-12 02:14:10 -------- d-----w- C:\Users\Mom\AppData\Local\SoftGrid Client
2012-08-12 02:13:20 -------- d-----w- C:\Program Files (x86)\Microsoft Application Virtualization Client
2012-08-12 02:13:08 -------- d-----w- C:\Users\Mom\AppData\Roaming\TP
2012-08-12 02:07:35 -------- d-----w- C:\Program Files (x86)\Audio Converter
2012-08-12 02:07:08 -------- d-----w- C:\Users\Mom\AppData\Local\Wajam
2012-08-12 02:07:01 -------- d-----w- C:\Users\Mom\AppData\Local\dealcabby
2012-08-12 01:47:51 -------- d-----w- C:\Users\Mom\AppData\Local\MicrosoftStore
2012-08-11 13:19:22 -------- d-----w- C:\Users\Mom\AppData\Local\{C9F82C7D-D2AD-4473-88F4-89654E029C09}
2012-08-11 13:19:03 -------- d-----w- C:\Users\Mom\AppData\Local\{3B2C14B0-22F3-4315-8EED-A4C3E284E0BE}
.
==================== Find3M ====================
.
2012-08-18 21:36:41 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-03 20:46:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-06-29 03:56:34 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-29 03:49:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-29 03:48:07 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-29 03:43:49 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-29 03:39:48 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-29 00:16:58 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-29 00:09:01 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-29 00:08:59 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-29 00:04:43 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-29 00:00:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
.
============= FINISH: 16:50:06.63 ===============
And here is my aswMBR log:
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-09 16:56:43
-----------------------------
16:56:43.349 OS Version: Windows x64 6.1.7600
16:56:43.349 Number of processors: 4 586 0x2505
16:56:43.350 ComputerName: MOM-PC UserName: Mom
16:56:58.177 Initialize success
17:00:04.527 AVAST engine defs: 12090901
17:02:03.096 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
17:02:03.100 Disk 0 Vendor: ST950032 D005 Size: 476940MB BusType: 3
17:02:03.103 Device \Driver\iaStor -> MajorFunction fffffa8006eaa5e8
17:02:03.106 Disk 0 MBR read successfully
17:02:03.109 Disk 0 MBR scan
17:02:03.113 Disk 0 Windows 7 default MBR code
17:02:03.130 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 100 MB offset 2048
17:02:03.146 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15000 MB offset 206848
17:02:03.214 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 461838 MB offset 30926848
17:02:03.359 Disk 0 scanning C:\Windows\system32\drivers
17:02:37.421 Service scanning
17:03:11.574 Modules scanning
17:03:11.582 Disk 0 trace - called modules:
17:03:11.589 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa8006eaa5e8]<<
17:03:11.595 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004bda060]
17:03:11.600 3 CLASSPNP.SYS[fffff88001b5943f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80048f3050]
17:03:11.606 \Driver\iaStor[0xfffffa8004b0f940] -> IRP_MJ_CREATE -> 0xfffffa8006eaa5e8
17:03:15.714 AVAST engine scan C:\Windows
17:03:18.946 AVAST engine scan C:\Windows\system32
17:05:01.522 File: C:\Windows\system32\services.exe **INFECTED** Win32:Patched-AKC [Trj]
17:05:57.304 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
17:06:00.028 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
17:07:43.987 AVAST engine scan C:\Windows\system32\drivers
17:08:00.209 AVAST engine scan C:\Users\Mom
17:08:12.322 File: C:\Users\Mom\AppData\Local\Google\tmwtnkml.dll **INFECTED** Win32:Tracur-IK [Trj]
17:16:35.027 File: C:\Users\Mom\AppData\Local\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\U\00000004.@ **INFECTED** Win32:Malware-gen
17:16:35.060 File: C:\Users\Mom\AppData\Local\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\U\80000000.@ **INFECTED** Win32:Malware-gen
17:16:35.105 File: C:\Users\Mom\AppData\Local\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\U\80000064.@ **INFECTED** Win32:Malware-gen
17:18:21.929 AVAST engine scan C:\ProgramData
17:21:40.294 Scan finished successfully
17:22:07.545 Disk 0 MBR has been saved successfully to "C:\Users\Mom\Documents\MBR.dat"
17:22:07.550 The log file has been saved successfully to "C:\Users\Mom\Documents\aswMBR.txt"
My mother's computer contracted a nasty trojan a few days ago. Upon running Spybot, Smitfraud-C:Generic was found. Every couple of hours firefox will boot up a website about a banned fish, and when using google most URLs will redirect to inappropriate websites. To make matters worse, firefox now keeps crashing and recently, stopped working entirely. I had to reinstall it and it seems to be working, but it still gives error messages. Whether or not this is linked to the trojan or something else, I don't know.
Spybot does not get rid of these trojans. :( Neither does Malwarebyte. I thought she had Avast!, but I guess she doesn't. I will be downloading that asap.
An additional note: I accidentally checked the Current User Registry when I first ran ERUNT (I didn't see the note about System Registry ONLY until after the fact! Sorry!). I hope that's okay; it wouldn't let me undo it. Is there anything I can do about this? Or should I leave it for now?
Here is my Spybot log:
Smitfraud-C.generic: [SBI $5926A588] Executable (File, nothing done)
C:\Windows\svchost.exe
Properties.size=20480
Properties.md5=2CEFF13ACE25A40BD8D97654944297CD
Properties.filedate=1247534086
Properties.filedatetext=2009-07-13 18:14:45
--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---
Here is my DDS file report:
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29
Run by Mom at 16:48:28 on 2012-09-09
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3895.1833 [GMT -7:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\SysWOW64\atashost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\Dwm.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Windows\System32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Users\Mom\AppData\Roaming\Urso\koxuf.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
-netsvcs
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\DllHost.exe
"C:\Windows\SysWOW64\svchost.exe" -k LocalServiceDns
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: DealCabby: {780e957d-9057-415c-8b59-c22dfa66a44b} - C:\Users\Mom\AppData\Local\dealcabby\ie\dealcabby_20120804035001.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [Google] Rundll32.exe C:\Users\Mom\AppData\Local\Google\tmwtnkml.dll,FECoreInstance
uRun: [{6C15843D-3E00-AD40-E8DE-0CF4DB552FE9}] C:\Users\Mom\AppData\Roaming\Urso\koxuf.exe
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Dell Registration] C:\Program Files (x86)\System Registration\prodreg.exe /boot
mRun: [<NO NAME>]
mRun: [RoxWatchTray] "c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
StartupFolder: C:\Users\Mom\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ERUNTA~1.LNK - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.1.1
TCP: Interfaces\{72766EDE-761F-4B5D-ABCB-ED152175B5BD} : DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.1.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO-X64: DealCabby: {780E957D-9057-415C-8B59-C22DFA66A44B} - C:\Users\Mom\AppData\Local\dealcabby\ie\dealcabby_20120804035001.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Dell Registration] C:\Program Files (x86)\System Registration\prodreg.exe /boot
mRun-x64: [(Default)]
mRun-x64: [RoxWatchTray] "c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun-x64: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRunOnce-x64: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Mom\AppData\Roaming\Mozilla\Firefox\Profiles\lr7cly53.default-1347234195202\
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 atashost;WebEx Service Host for Support Center;C:\Windows\SysWOW64\atashost.exe [2011-7-16 43912]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-4-20 13336]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-8-29 655944]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2011-4-20 1692480]
R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-4-20 2320920]
R3 BcmVWL;Broadcom Virtual Wireless;C:\Windows\system32\DRIVERS\bcmvwl64.sys --> C:\Windows\system32\DRIVERS\bcmvwl64.sys [?]
R3 btusbflt;Bluetooth USB Filter;C:\Windows\system32\drivers\btusbflt.sys --> C:\Windows\system32\drivers\btusbflt.sys [?]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 fsssvc;Windows Live Family Safety Service;"C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe" --> C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [?]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-9-7 136176]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-6-9 1153368]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-8-18 250056]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-9-7 136176]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-26 114144]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-09-09 23:42:35 73696 ----a-w- C:\Program Files (x86)\Mozilla Firefox\breakpadinjector.dll
2012-09-09 23:42:35 266720 ----a-w- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll
2012-09-09 14:40:54 -------- d-----w- C:\Users\Mom\AppData\Local\{98ACD208-E10A-4F14-9203-9B86552C6033}
2012-09-09 02:40:26 -------- d-----w- C:\Users\Mom\AppData\Local\{C2DF7EF5-CD23-4C72-A1B7-C39FBA6AC0D5}
2012-09-08 14:40:14 -------- d-----w- C:\Users\Mom\AppData\Local\{6E09973C-AD3E-4266-BFCF-284316B5EAC7}
2012-09-08 02:39:50 -------- d-----w- C:\Users\Mom\AppData\Local\{4D77D419-EB61-49F1-AC49-54E526A8673B}
2012-09-07 14:39:36 -------- d-----w- C:\Users\Mom\AppData\Local\{9BD699D5-B0C7-456E-8E91-82C84B4766D2}
2012-09-07 02:39:06 -------- d-----w- C:\Users\Mom\AppData\Local\{9F8FAA4A-F802-4D56-BA55-C31F8023C15D}
2012-09-06 14:38:56 -------- d-----w- C:\Users\Mom\AppData\Local\{A810F45C-E51D-4655-8A25-BCC366660400}
2012-09-06 02:38:30 -------- d-----w- C:\Users\Mom\AppData\Local\{7D3BB518-84D4-4DD3-8584-92CA848FFF95}
2012-09-05 14:38:19 -------- d-----w- C:\Users\Mom\AppData\Local\{0A1D9C2E-9826-45D7-943F-F981ECD3FD82}
2012-09-05 02:37:54 -------- d-----w- C:\Users\Mom\AppData\Local\{B11F75C7-39A3-4A30-A9C3-996BA4DCF0E8}
2012-09-04 14:37:43 -------- d-----w- C:\Users\Mom\AppData\Local\{36257D4B-7FF8-4558-9242-5DD9417F3D74}
2012-09-04 02:37:20 -------- d-----w- C:\Users\Mom\AppData\Local\{881031F0-E4BA-4EC9-8651-E723713ECD73}
2012-09-03 14:37:09 -------- d-----w- C:\Users\Mom\AppData\Local\{0A3FBD73-0851-42E3-9ABB-AB919B6C7625}
2012-09-03 02:36:44 -------- d-----w- C:\Users\Mom\AppData\Local\{E9027C4C-9389-4E91-8FF1-A52E34DD8B70}
2012-09-02 14:36:20 -------- d-----w- C:\Users\Mom\AppData\Local\{F066F07D-6E6D-4EE6-A70F-BC353049663D}
2012-09-02 02:35:50 -------- d-----w- C:\Users\Mom\AppData\Local\{785BF660-0F3A-4505-8B29-C5FD5AC11C4C}
2012-09-01 14:35:26 -------- d-----w- C:\Users\Mom\AppData\Local\{DAB11CBF-87C3-40EF-B8AC-860D8C0E9ED8}
2012-09-01 02:34:58 -------- d-----w- C:\Users\Mom\AppData\Local\{0003FACD-CC45-480C-B2CE-6599FC9BBFBB}
2012-08-31 14:34:44 -------- d-----w- C:\Users\Mom\AppData\Local\{428DC594-01EA-462D-8D4B-1C834DE4CDBA}
2012-08-31 02:34:21 -------- d-----w- C:\Users\Mom\AppData\Local\{04A6C79B-1017-4674-A684-52E7997B764F}
2012-08-30 14:34:09 -------- d-----w- C:\Users\Mom\AppData\Local\{0B7C906E-7989-4F0F-AF9A-E0620583FCC0}
2012-08-30 04:28:52 20480 ----a-w- C:\Windows\svchost.exe
2012-08-30 04:27:11 0 ----a-w- C:\Windows\SysWow64\sho300E.tmp
2012-08-30 02:33:44 -------- d-----w- C:\Users\Mom\AppData\Local\{3CBA13D3-2341-4016-8F55-5475D03100D3}
2012-08-29 14:33:20 -------- d-----w- C:\Users\Mom\AppData\Local\{FD3A0FB4-9498-4559-A394-4DA0B7F87703}
2012-08-29 02:32:57 -------- d-----w- C:\Users\Mom\AppData\Local\{CC10B6C7-336F-4C43-B755-AF291D05E37F}
2012-08-28 14:32:46 -------- d-----w- C:\Users\Mom\AppData\Local\{59A5A9C8-F5C7-40CD-BB24-5E2D7C6DCAB2}
2012-08-28 02:32:22 -------- d-----w- C:\Users\Mom\AppData\Local\{8034D693-CEE7-4CA6-9FD4-CFC426C54721}
2012-08-27 14:32:12 -------- d-----w- C:\Users\Mom\AppData\Local\{A0D33881-81FB-4DCA-A337-6A348D600214}
2012-08-27 04:40:51 0 ----a-w- C:\Windows\SysWow64\sho975.tmp
2012-08-27 02:31:47 -------- d-----w- C:\Users\Mom\AppData\Local\{1DA9D195-0BAA-4E6B-A9D3-D12F37C25D4C}
2012-08-26 14:31:37 -------- d-----w- C:\Users\Mom\AppData\Local\{B90FC22B-8960-4E94-BF6D-10C032E5851E}
2012-08-26 02:31:09 -------- d-----w- C:\Users\Mom\AppData\Local\{A08E67BC-7DE6-4219-ADEA-93A29F7701E7}
2012-08-25 14:30:59 -------- d-----w- C:\Users\Mom\AppData\Local\{B9211D12-47B0-408D-8DBB-3DA049B8D01F}
2012-08-25 02:30:35 -------- d-----w- C:\Users\Mom\AppData\Local\{7C2C4DDA-236F-4285-98C8-49CD2B9B5457}
2012-08-24 14:30:23 -------- d-----w- C:\Users\Mom\AppData\Local\{2524FDA6-8A28-455A-A581-4B944212B2C3}
2012-08-24 02:29:58 -------- d-----w- C:\Users\Mom\AppData\Local\{BD67E7EE-E67D-46D8-981D-8F8A8792BC1C}
2012-08-23 14:29:32 -------- d-----w- C:\Users\Mom\AppData\Local\{1617D1DA-5EE7-4CCF-BF80-DE6C6C753123}
2012-08-23 02:29:09 -------- d-----w- C:\Users\Mom\AppData\Local\{8662E8D1-FB40-45B5-99DF-D3230A7E5CD5}
2012-08-22 14:28:57 -------- d-----w- C:\Users\Mom\AppData\Local\{E9E82E28-469D-4B94-B160-06442BB84FFB}
2012-08-22 02:28:33 -------- d-----w- C:\Users\Mom\AppData\Local\{98A18B30-8727-40E4-B786-BE1CBEA7E943}
2012-08-21 14:28:22 -------- d-----w- C:\Users\Mom\AppData\Local\{A3A5825A-A8E3-46A4-A61F-4EC02687D138}
2012-08-21 02:27:58 -------- d-----w- C:\Users\Mom\AppData\Local\{787D9230-CD03-463D-BD35-37D766FF3A4E}
2012-08-20 14:27:47 -------- d-----w- C:\Users\Mom\AppData\Local\{4B238AEF-D423-4833-9A62-8DF8ABC39F36}
2012-08-20 02:27:23 -------- d-----w- C:\Users\Mom\AppData\Local\{B898E4B2-6087-443B-9751-90FEBDA80FA6}
2012-08-19 14:27:12 -------- d-----w- C:\Users\Mom\AppData\Local\{2DB9D196-0711-4A03-89A1-A8BD1D6C4D0F}
2012-08-19 02:26:44 -------- d-----w- C:\Users\Mom\AppData\Local\{F077A306-AC4B-41B2-B7FE-55B5A561BAFA}
2012-08-19 01:06:56 -------- d-----w- C:\Users\Mom\AppData\Local\Macromedia
2012-08-18 21:19:11 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-08-18 14:26:34 -------- d-----w- C:\Users\Mom\AppData\Local\{860AE12A-15A9-41C1-9F4E-4C594C1231DA}
2012-08-18 02:26:06 -------- d-----w- C:\Users\Mom\AppData\Local\{A31CA825-3FEC-451D-898C-8E3EADA35D36}
2012-08-17 11:21:50 9133488 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E8BD552A-86CB-48C6-9B22-F43D8FC22313}\mpengine.dll
2012-08-17 11:16:44 -------- d-----w- C:\Users\Mom\AppData\Local\{AD59AA76-3774-461B-B5C2-6C768C327934}
2012-08-17 11:16:30 -------- d-----w- C:\Users\Mom\AppData\Local\{B86E8D0A-A529-4EF0-80F0-2AB8E0381E79}
2012-08-16 11:28:23 -------- d-----w- C:\Users\Mom\AppData\Local\{02F45DC2-EF5E-403F-ABF4-C1FF290737C7}
2012-08-16 11:28:12 -------- d-----w- C:\Users\Mom\AppData\Local\{D376D3AB-FC42-4056-9056-47B7A9052F4B}
2012-08-16 04:51:21 552448 ----a-w- C:\Windows\System32\drivers\bthport.sys
2012-08-15 11:46:47 503808 ----a-w- C:\Windows\System32\srcore.dll
2012-08-15 11:46:47 43008 ----a-w- C:\Windows\SysWow64\srclient.dll
2012-08-15 11:46:46 751104 ----a-w- C:\Windows\System32\win32spl.dll
2012-08-15 11:46:46 67584 ----a-w- C:\Windows\splwow64.exe
2012-08-15 11:46:46 559104 ----a-w- C:\Windows\System32\spoolsv.exe
2012-08-15 11:46:46 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll
2012-08-15 11:46:42 58880 ----a-w- C:\Windows\System32\browcli.dll
2012-08-15 11:46:42 41472 ----a-w- C:\Windows\SysWow64\browcli.dll
2012-08-15 11:46:42 3146752 ----a-w- C:\Windows\System32\win32k.sys
2012-08-15 11:46:42 136704 ----a-w- C:\Windows\System32\browser.dll
2012-08-15 11:46:41 956416 ----a-w- C:\Windows\System32\localspl.dll
2012-08-15 11:38:21 -------- d-----w- C:\Users\Mom\AppData\Local\{9D661FD1-194B-482F-AEEF-EBC524D4599E}
2012-08-15 11:38:10 -------- d-----w- C:\Users\Mom\AppData\Local\{8CA760D2-14A9-492D-9023-B481E67BDDBF}
2012-08-14 11:13:47 -------- d-----w- C:\Users\Mom\AppData\Local\{85A4345E-3D0D-48FD-B939-B6C376425798}
2012-08-14 11:13:36 -------- d-----w- C:\Users\Mom\AppData\Local\{D339A9EC-6993-4F05-9539-9189204FE8C8}
2012-08-13 23:06:19 -------- d-----w- C:\Users\Mom\AppData\Local\{5CACB4C0-E813-4222-BC0E-01DB98E2DC32}
2012-08-13 23:06:09 -------- d-----w- C:\Users\Mom\AppData\Local\{CF57DE71-7AE6-4BBB-A13C-649EDAE5DD68}
2012-08-13 11:46:34 -------- d-----w- C:\Users\Mom\AppData\Local\{FFF806F0-9270-41CD-95DA-2F57643EFFB2}
2012-08-13 11:46:16 -------- d-----w- C:\Users\Mom\AppData\Local\{E64C3BC9-ABA0-4DEE-AC89-EEFC7EDE90A9}
2012-08-12 17:20:51 -------- d-----w- C:\Users\Mom\AppData\Local\{72491D2D-64E0-43B9-A599-57655C63AB09}
2012-08-12 17:20:34 -------- d-----w- C:\Users\Mom\AppData\Local\{969FC879-E05F-4112-9894-1B60DC95248E}
2012-08-12 15:44:03 -------- d-----w- C:\ProgramData\VirtualizedApplications
2012-08-12 13:34:46 -------- d-----w- C:\Users\Mom\AppData\Local\{93278B15-9F4D-4D53-B019-29A99DA8A988}
2012-08-12 13:34:34 -------- d-----w- C:\Users\Mom\AppData\Local\{17FBE541-0626-4363-A895-913D6F787DF4}
2012-08-12 03:10:23 -------- d-----w- C:\Users\Mom\AppData\Local\{9E4583FD-6CA3-4CC9-A0B8-2D9FBFCA31D3}
2012-08-12 03:10:10 -------- d-----w- C:\Users\Mom\AppData\Local\{094BCAAD-8C84-4E67-A1B9-A0F180B0297E}
2012-08-12 02:51:19 -------- d-----w- C:\Users\Mom\AppData\Local\ElevatedDiagnostics
2012-08-12 02:40:40 -------- d-----w- C:\Users\Mom\AppData\Local\{5DA42710-1FF0-4969-BA04-F9B10F723612}
2012-08-12 02:40:19 -------- d-----w- C:\Users\Mom\AppData\Local\{8B8D9C5B-C869-4E0B-96DA-63DA198970DA}
2012-08-12 02:14:10 -------- d-----w- C:\Users\Mom\AppData\Roaming\SoftGrid Client
2012-08-12 02:14:10 -------- d-----w- C:\Users\Mom\AppData\Local\SoftGrid Client
2012-08-12 02:13:20 -------- d-----w- C:\Program Files (x86)\Microsoft Application Virtualization Client
2012-08-12 02:13:08 -------- d-----w- C:\Users\Mom\AppData\Roaming\TP
2012-08-12 02:07:35 -------- d-----w- C:\Program Files (x86)\Audio Converter
2012-08-12 02:07:08 -------- d-----w- C:\Users\Mom\AppData\Local\Wajam
2012-08-12 02:07:01 -------- d-----w- C:\Users\Mom\AppData\Local\dealcabby
2012-08-12 01:47:51 -------- d-----w- C:\Users\Mom\AppData\Local\MicrosoftStore
2012-08-11 13:19:22 -------- d-----w- C:\Users\Mom\AppData\Local\{C9F82C7D-D2AD-4473-88F4-89654E029C09}
2012-08-11 13:19:03 -------- d-----w- C:\Users\Mom\AppData\Local\{3B2C14B0-22F3-4315-8EED-A4C3E284E0BE}
.
==================== Find3M ====================
.
2012-08-18 21:36:41 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-03 20:46:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-06-29 03:56:34 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-29 03:49:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-29 03:48:07 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-29 03:43:49 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-29 03:39:48 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-29 00:16:58 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-29 00:09:01 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-29 00:08:59 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-29 00:04:43 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-29 00:00:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
.
============= FINISH: 16:50:06.63 ===============
And here is my aswMBR log:
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-09 16:56:43
-----------------------------
16:56:43.349 OS Version: Windows x64 6.1.7600
16:56:43.349 Number of processors: 4 586 0x2505
16:56:43.350 ComputerName: MOM-PC UserName: Mom
16:56:58.177 Initialize success
17:00:04.527 AVAST engine defs: 12090901
17:02:03.096 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
17:02:03.100 Disk 0 Vendor: ST950032 D005 Size: 476940MB BusType: 3
17:02:03.103 Device \Driver\iaStor -> MajorFunction fffffa8006eaa5e8
17:02:03.106 Disk 0 MBR read successfully
17:02:03.109 Disk 0 MBR scan
17:02:03.113 Disk 0 Windows 7 default MBR code
17:02:03.130 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 100 MB offset 2048
17:02:03.146 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15000 MB offset 206848
17:02:03.214 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 461838 MB offset 30926848
17:02:03.359 Disk 0 scanning C:\Windows\system32\drivers
17:02:37.421 Service scanning
17:03:11.574 Modules scanning
17:03:11.582 Disk 0 trace - called modules:
17:03:11.589 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa8006eaa5e8]<<
17:03:11.595 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004bda060]
17:03:11.600 3 CLASSPNP.SYS[fffff88001b5943f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80048f3050]
17:03:11.606 \Driver\iaStor[0xfffffa8004b0f940] -> IRP_MJ_CREATE -> 0xfffffa8006eaa5e8
17:03:15.714 AVAST engine scan C:\Windows
17:03:18.946 AVAST engine scan C:\Windows\system32
17:05:01.522 File: C:\Windows\system32\services.exe **INFECTED** Win32:Patched-AKC [Trj]
17:05:57.304 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
17:06:00.028 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
17:07:43.987 AVAST engine scan C:\Windows\system32\drivers
17:08:00.209 AVAST engine scan C:\Users\Mom
17:08:12.322 File: C:\Users\Mom\AppData\Local\Google\tmwtnkml.dll **INFECTED** Win32:Tracur-IK [Trj]
17:16:35.027 File: C:\Users\Mom\AppData\Local\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\U\00000004.@ **INFECTED** Win32:Malware-gen
17:16:35.060 File: C:\Users\Mom\AppData\Local\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\U\80000000.@ **INFECTED** Win32:Malware-gen
17:16:35.105 File: C:\Users\Mom\AppData\Local\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\U\80000064.@ **INFECTED** Win32:Malware-gen
17:18:21.929 AVAST engine scan C:\ProgramData
17:21:40.294 Scan finished successfully
17:22:07.545 Disk 0 MBR has been saved successfully to "C:\Users\Mom\Documents\MBR.dat"
17:22:07.550 The log file has been saved successfully to "C:\Users\Mom\Documents\aswMBR.txt"