Welcome guest. Before posting on our computer help forum, you must register. Click here it's easy and free.

« previous next »
Pages: [1]   Go Down

Author Topic: Backdoor Trojan and more.  (Read 7051 times)

0 Members and 1 Guest are viewing this topic.

baboontester

    Topic Starter


    Rookie

    Thanked: 1
    Backdoor Trojan and more.
    « on: November 03, 2012, 03:46:00 PM »
    Hey everyone,

    It seems I have picked up a pretty nasty virus(es).  I can usually take care of the ones I get myself, but not this one. AVG, Malwarebytes or Spybot cannot get it although they popup non stop with notifications saying they have blocked the threat, blah blah blah.

    Seems I have two main problems. One is a "trojan horse backdoor.generic15.cgsy" and then something hiding out in my "generic.exe" in my Windows folder.

    I usually just run AVG Free and then Malwarebytes every so often to keep check on things.  I uninstalled Spybot when it could not fix the problem.

    Anyone have any ideas or do I need to post more info? Not really sure what else I need to post to help you guys know what I have.

    Dell Studio 540
    OS: Windows 7 Home Premium.
    AVG Free 2012
    8GB RAM
    Quad Core Processor
    Logged

    SuperDave

    • Malware Removal Specialist
    • Moderator


      • Genius
      • Thanked: 1020
    • Certifications: List
    • Experience: Expert
    • OS: Windows 10
    Re: Backdoor Trojan and more.
    « Reply #1 on: November 03, 2012, 04:00:47 PM »
    Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

    1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
    2. The fixes are specific to your problem and should only be used for this issue on this machine.
    3. If you don't know or understand something, please don't hesitate to ask.
    4. Please DO NOT run any other tools or scans while I am helping you.
    5. It is important that you reply to this thread. Do not start a new topic.
    6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
    7. Absence of symptoms does not mean that everything is clear.

    If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
    *************************************************************************
    Please download AdwCleaner by Xplode onto your Desktop.
    • Double click on AdwCleaner.exe to run the tool.
    • Click on Search.
    • A logfile will automatically open after the scan has finished.
    • Please post the content of that logfile in your reply.
    • You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.
    *********************************************
    Download Combofix from any of the links below, and save it to your DESKTOP

    Link 1
    Link 2
    Link 3

    To prevent your anti-virus application interfering with  ComboFix we need to disable it. See here for a tutorial regarding how to do so if you are unsure.
    • Close any open windows and double click ComboFix.exe to run it.

      You will see the following image:


    Click I Agree to start the program.

    ComboFix will then extract the necessary files and you will see this:



    As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to  have this pre-installed on your machine before doing any malware  removal. This will not occur in Windows Vista and 7

    It will allow you to boot up into a special recovery/repair  mode that will allow us to more easily help you should your computer  have a problem after an attempted removal of malware.

    If you did not have it installed, you will see the prompt below. Choose YES.



    Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



    Click on Yes, to continue scanning for malware.

    When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

    Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

    Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.
    Logged
    Windows 8 and Windows 10 dual boot with two SSD's

    baboontester

      Topic Starter


      Rookie

      Thanked: 1
      Re: Backdoor Trojan and more.
      « Reply #2 on: November 03, 2012, 04:29:59 PM »
      Here is what AdwCleaner found. Getting ready to run Combofix now. Thank you for your response. Will update shortly.

      Quote
      # AdwCleaner v2.006 - Logfile created 11/03/2012 at 18:47:46
      # Updated 30/10/2012 by Xplode
      # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
      # User : Administrator - OWNER1
      # Boot Mode : Normal
      # Running from : C:\Users\Administrator\Desktop\adwcleaner.exe
      # Option [Search]


      ***** [Services] *****


      ***** [Files / Folders] *****

      File Found : C:\user.js
      Folder Found : C:\Program Files (x86)\Conduit
      Folder Found : C:\Users\ADMINI~1\AppData\Local\Temp\BabylonToolbar
      Folder Found : C:\Users\Administrator\AppData\Local\Conduit
      Folder Found : C:\Users\Administrator\AppData\LocalLow\Conduit

      ***** [Registry] *****

      Key Found : HKCU\Software\AppDataLow\Software
      Key Found : HKCU\Software\AppDataLow\Software\Conduit
      Key Found : HKCU\Software\Conduit
      Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
      Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
      Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
      Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
      Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
      Key Found : HKLM\SOFTWARE\Classes\Prod.cap
      Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2786678
      Key Found : HKLM\Software\Conduit
      Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
      Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
      Key Found : HKU\S-1-5-21-961873879-17721080-2473918579-500\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
      Key Found : HKU\S-1-5-21-961873879-17721080-2473918579-500\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
      Key Found : HKU\S-1-5-21-961873879-17721080-2473918579-500\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

      ***** [Internet Browsers] *****

      -\\ Internet Explorer v9.0.8112.16421

      [OK] Registry is clean.

      -\\ Google Chrome v22.0.1229.94

      File : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Preferences

      [OK] File is clean.

      *************************

      AdwCleaner[R1].txt - [2329 octets] - [03/11/2012 18:47:46]

      ########## EOF - C:\AdwCleaner[R1].txt - [2389 octets] ##########
      Logged

      baboontester

        Topic Starter


        Rookie

        Thanked: 1
        Re: Backdoor Trojan and more.
        « Reply #3 on: November 03, 2012, 04:56:06 PM »
        Here is the Combofix report.

        ComboFix 12-11-04.01 - Administrator 11/03/2012  19:02:51.1.4 - x64
        Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8191.6531 [GMT -4:00]
        Running from: c:\users\Administrator\Desktop\ComboFix.exe
        AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
        SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
        SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
         * Created a new restore point
        .
        .
        (((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
        .
        .
        c:\windows\Installer\{21bb2907-ed47-21e0-f802-a7b8e7c5454d}\@
        c:\windows\Installer\{21bb2907-ed47-21e0-f802-a7b8e7c5454d}\U\00000004.@
        c:\windows\Installer\{21bb2907-ed47-21e0-f802-a7b8e7c5454d}\U\00000008.@
        c:\windows\Installer\{21bb2907-ed47-21e0-f802-a7b8e7c5454d}\U\000000cb.@
        c:\windows\Installer\{21bb2907-ed47-21e0-f802-a7b8e7c5454d}\U\80000000.@
        c:\windows\Installer\{21bb2907-ed47-21e0-f802-a7b8e7c5454d}\U\80000032.@
        c:\windows\Installer\{21bb2907-ed47-21e0-f802-a7b8e7c5454d}\U\80000064.@
        c:\windows\SysWow64\tmpAC53.tmp
        c:\windows\SysWow64\tmpAC54.tmp
        .
        Infected copy of c:\windows\system32\services.exe was found and disinfected
        Restored copy from - c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
        .
        .
        (((((((((((((((((((((((((   Files Created from 2012-10-03 to 2012-11-03  )))))))))))))))))))))))))))))))
        .
        .
        2012-11-03 22:56 . 2012-11-03 22:56   9310   ----a-w-   c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXTBOX.JS
        2012-11-01 02:54 . 2010-06-02 08:55   77656   ----a-w-   c:\windows\system32\XAPOFX1_5.dll
        2012-11-01 02:54 . 2010-06-02 08:55   518488   ----a-w-   c:\windows\system32\XAudio2_7.dll
        2012-11-01 02:54 . 2010-06-02 08:55   176984   ----a-w-   c:\windows\system32\xactengine3_7.dll
        2012-11-01 02:54 . 2010-05-26 15:41   2526056   ----a-w-   c:\windows\system32\D3DCompiler_43.dll
        2012-11-01 02:54 . 2010-05-26 15:41   1907552   ----a-w-   c:\windows\system32\d3dcsx_43.dll
        2012-11-01 02:54 . 2010-05-26 15:41   276832   ----a-w-   c:\windows\system32\d3dx11_43.dll
        2012-11-01 02:54 . 2010-05-26 15:41   511328   ----a-w-   c:\windows\system32\d3dx10_43.dll
        2012-11-01 02:54 . 2010-05-26 15:41   2401112   ----a-w-   c:\windows\system32\D3DX9_43.dll
        2012-11-01 02:52 . 2012-11-01 02:52   --------   d-----w-   c:\users\Administrator\AppData\Roaming\InstallShield
        2012-10-31 23:44 . 2012-11-03 03:48   --------   d-----w-   c:\programdata\Spybot - Search & Destroy
        2012-10-31 23:44 . 2012-11-03 03:36   --------   d-----w-   c:\program files (x86)\Spybot - Search & Destroy
        2012-10-31 02:52 . 2012-10-31 02:52   --------   d-----w-   c:\users\Administrator\AppData\Roaming\Malwarebytes
        2012-10-31 02:51 . 2012-10-31 02:51   --------   d-----w-   c:\programdata\Malwarebytes
        2012-10-31 02:51 . 2012-11-03 22:47   --------   d-----w-   c:\program files (x86)\Malwarebytes' Anti-Malware
        2012-10-30 03:30 . 2012-10-30 03:30   --------   d-sh--w-   c:\windows\SysWow64\%APPDATA%
        2012-10-30 03:18 . 2012-10-31 04:31   --------   d-----w-   c:\program files (x86)\Kart Racing Pro
        2012-10-10 00:26 . 2012-08-31 18:19   1659760   ----a-w-   c:\windows\system32\drivers\ntfs.sys
        .
        .
        .
        ((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
        .
        2012-10-10 07:02 . 2010-08-02 21:41   65309168   ----a-w-   c:\windows\system32\MRT.exe
        2012-10-09 22:24 . 2012-04-02 23:58   696760   ----a-w-   c:\windows\SysWow64\FlashPlayerApp.exe
        2012-10-09 22:24 . 2012-01-21 00:00   73656   ----a-w-   c:\windows\SysWow64\FlashPlayerCPLApp.cpl
        2012-08-24 19:43 . 2012-08-24 19:43   384352   ----a-w-   c:\windows\system32\drivers\avgtdia.sys
        2012-08-24 11:15 . 2012-09-24 07:00   17810944   ----a-w-   c:\windows\system32\mshtml.dll
        2012-08-24 10:39 . 2012-09-24 07:00   10925568   ----a-w-   c:\windows\system32\ieframe.dll
        2012-08-24 10:31 . 2012-09-24 07:00   2312704   ----a-w-   c:\windows\system32\jscript9.dll
        2012-08-24 10:22 . 2012-09-24 07:00   1346048   ----a-w-   c:\windows\system32\urlmon.dll
        2012-08-24 10:21 . 2012-09-24 07:00   1392128   ----a-w-   c:\windows\system32\wininet.dll
        2012-08-24 10:20 . 2012-09-24 07:00   1494528   ----a-w-   c:\windows\system32\inetcpl.cpl
        2012-08-24 10:18 . 2012-09-24 07:00   237056   ----a-w-   c:\windows\system32\url.dll
        2012-08-24 10:17 . 2012-09-24 07:00   85504   ----a-w-   c:\windows\system32\jsproxy.dll
        2012-08-24 10:14 . 2012-09-24 07:00   173056   ----a-w-   c:\windows\system32\ieUnatt.exe
        2012-08-24 10:14 . 2012-09-24 07:00   816640   ----a-w-   c:\windows\system32\jscript.dll
        2012-08-24 10:13 . 2012-09-24 07:00   599040   ----a-w-   c:\windows\system32\vbscript.dll
        2012-08-24 10:12 . 2012-09-24 07:00   2144768   ----a-w-   c:\windows\system32\iertutil.dll
        2012-08-24 10:11 . 2012-09-24 07:00   729088   ----a-w-   c:\windows\system32\msfeeds.dll
        2012-08-24 10:10 . 2012-09-24 07:00   96768   ----a-w-   c:\windows\system32\mshtmled.dll
        2012-08-24 10:09 . 2012-09-24 07:00   2382848   ----a-w-   c:\windows\system32\mshtml.tlb
        2012-08-24 10:04 . 2012-09-24 07:00   248320   ----a-w-   c:\windows\system32\ieui.dll
        2012-08-24 06:59 . 2012-09-24 07:00   1800704   ----a-w-   c:\windows\SysWow64\jscript9.dll
        2012-08-24 06:51 . 2012-09-24 07:00   1129472   ----a-w-   c:\windows\SysWow64\wininet.dll
        2012-08-24 06:51 . 2012-09-24 07:00   1427968   ----a-w-   c:\windows\SysWow64\inetcpl.cpl
        2012-08-24 06:47 . 2012-09-24 07:00   142848   ----a-w-   c:\windows\SysWow64\ieUnatt.exe
        2012-08-24 06:47 . 2012-09-24 07:00   420864   ----a-w-   c:\windows\SysWow64\vbscript.dll
        2012-08-24 06:43 . 2012-09-24 07:00   2382848   ----a-w-   c:\windows\SysWow64\mshtml.tlb
        2012-08-22 18:12 . 2012-09-12 22:48   1913200   ----a-w-   c:\windows\system32\drivers\tcpip.sys
        2012-08-22 18:12 . 2012-09-12 22:48   950128   ----a-w-   c:\windows\system32\drivers\ndis.sys
        2012-08-22 18:12 . 2012-09-12 22:48   376688   ----a-w-   c:\windows\system32\drivers\netio.sys
        2012-08-22 18:12 . 2012-09-12 22:48   288624   ----a-w-   c:\windows\system32\drivers\FWPKCLNT.SYS
        2012-08-21 21:01 . 2012-09-26 01:52   245760   ----a-w-   c:\windows\system32\OxpsConverter.exe
        2012-08-20 17:38 . 2012-10-10 00:25   44032   ----a-w-   c:\windows\apppatch\acwow64.dll
        .
        .
        (((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
        .
        .
        *Note* empty entries & legit default entries are not shown
        REGEDIT4
        .
        [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
        "HP Photosmart 5510 series (NET)"="c:\program files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe" [2011-09-16 2676584]
        "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-13 17418928]
        "SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
        .
        [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
        "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
        "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
        "PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-25 140520]
        "Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160]
        "DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
        "Dell V310-V510 Series"="c:\program files (x86)\Dell V310-V510 Series\fm3032.exe" [2009-07-10 316072]
        "AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-07-31 2596984]
        "AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
        "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
        "HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-03-24 49208]
        "AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
        "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
        .
        c:\users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
        Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]
        .
        c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
        Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]
        MagicDisc.lnk - c:\program files (x86)\MagicDisc\MagicDisc.exe [2011-12-5 576000]
        Monitor Ink Alerts - HP Photosmart 5510 series (Network).lnk - c:\windows\system32\RunDll32.exe [2009-7-13 45568]
        .
        c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
        Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]
        .
        [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
        "ConsentPromptBehaviorAdmin"= 0 (0x0)
        "ConsentPromptBehaviorUser"= 3 (0x3)
        "EnableLUA"= 0 (0x0)
        "EnableUIADesktopToggle"= 0 (0x0)
        "PromptOnSecureDesktop"= 0 (0x0)
        .
        [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
        "aux"=wdmaud.drv
        .
        [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
        BootExecute   REG_MULTI_SZ      autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
        .
        R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
        R2 dleaCATSCustConnectService;dleaCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\dleaserv.exe [2009-07-01 33448]
        R2 mi-raysat_3dsMax2009_32;mental ray 3.6 Satellite for Autodesk 3ds Max 2009 32-bit 32-bit;c:\program files (x86)\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe [2008-03-10 65536]
        R2 mi-raysat_3dsMax2009_64;mental ray 3.6 Satellite for Autodesk 3ds Max 2009 64-bit 64-bit;c:\program files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_64server.exe [2008-03-10 65536]
        R2 mi-raysat_3dsmax2011_32;mental ray 3.8 Satellite for Autodesk 3ds Max 2011 32-bit 32-bit;c:\program files (x86)\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe [2010-03-10 86016]
        R2 mi-raysat_3dsmax2011_64;mental ray 3.8 Satellite for Autodesk 3ds Max 2011 64-bit 64-bit;c:\program files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_64server.exe [2010-03-10 86016]
        R2 sfmgr;CaReTaKeR-CT NetMgr 1.2.1;c:\users\ADMINI~1\AppData\Local\Temp\Rar$EX04.056\sfmgr.exe

        R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-02 3064000]
        R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
        R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-02-03 1436424]
        R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-05-26 138752]
        R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
        R3 sxuptp;SXUPTP Driver;c:\windows\system32\DRIVERS\sxuptp.sys

        R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
        R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-08-02 51712]
        R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-21 1255736]
        S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]
        S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]
        S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
        S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-07-26 291680]
        S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
        S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-08-24 384352]
        S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-03-31 92160]
        S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2012-08-13 5167736]
        S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
        S2 dlea_device;dlea_device;c:\windows\system32\dleacoms.exe [2009-07-01 1054888]
        S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
        S2 iRacingService;iRacing.com Helper Service;c:\program files (x86)\iRacing\iRacingService.exe [2012-11-03 526504]
        S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-05-15 382272]
        S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-02-23 2886528]
        S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]
        S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]
        S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-07-28 52584]
        S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]
        S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-05-23 215040]
        .
        .
        --- Other Services/Drivers In Memory ---
        .
        *NewlyCreated* - WS2IFSL
        .
        Contents of the 'Scheduled Tasks' folder
        .
        2012-11-03 c:\windows\Tasks\Adobe Flash Player Updater.job
        - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 22:24]
        .
        2012-11-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-961873879-17721080-2473918579-500Core.job
        - c:\users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-01 03:33]
        .
        2012-11-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-961873879-17721080-2473918579-500UA.job
        - c:\users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-01 03:33]
        .
        2012-11-03 c:\windows\Tasks\HP Photo Creations Communicator.job
        - c:\programdata\HP Photo Creations\MessageCheck.exe [2012-04-08 17:03]
        .
        .
        --------- X64 Entries -----------
        .
        .
        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
        "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-06-03 7834656]
        "dleamon.exe"="c:\program files (x86)\Dell V310-V510 Series\dleamon.exe" [2009-07-10 766632]
        "EzPrint"="c:\program files (x86)\Dell V310-V510 Series\ezprint.exe" [2009-07-10 139944]
        "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 161304]
        "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 386584]
        "Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 415256]
        "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
        "Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2009-09-17 190472]
        "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
        .
        ------- Supplementary Scan -------
        .
        uLocal Page = c:\windows\system32\blank.htm
        uStart Page = about:blank
        mLocal Page = c:\windows\SysWOW64\blank.htm
        uInternet Settings,ProxyOverride = *.local
        IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
        IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
        TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
        .
        - - - - ORPHANS REMOVED - - - -
        .
        URLSearchHooks-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
        Toolbar-Locked - (no file)
        Wow6432Node-HKCU-Run-AdobeBridge - (no file)
        Wow6432Node-HKCU-Run-Facebook Update - c:\users\Administrator\AppData\Local\Facebook\Update\FacebookUpdate.exe
        Wow6432Node-HKLM-Run-<NO NAME> - (no file)
        SafeBoot-mcmscsvc
        SafeBoot-MCODS
        Toolbar-Locked - (no file)
        WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
        HKLM-Run-Skytel - c:\program files\Realtek\Audio\HDA\Skytel.exe
        .
        .
        .
        --------------------- LOCKED REGISTRY KEYS ---------------------
        .
        [HKEY_USERS\S-1-5-21-961873879-17721080-2473918579-500\Software\Microsoft\Internet Explorer\Approved Extensions]
        @Denied: (2) (Administrator)
        "{09B71986-2AC5-482D-B6CB-42EA34F4F85B}"=hex:51,66,7a,6c,4c,1d,3b,1b,96,0e,a3,
           11,fa,7e,41,0d,ad,c9,1d,b6,33,b0,bf,46
        "{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}"=hex:51,66,7a,6c,4c,1d,3b,1b,ea,97,67,
           a7,8b,b7,de,08,b4,3c,c2,db,84,e0,1c,e1
        "{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,3b,1b,0c,1f,cb,
           00,92,bc,ef,07,be,94,a5,0b,8b,6a,fa,de
        "{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}"=hex:51,66,7a,6c,4c,1d,3b,1b,02,e4,b6,
           24,51,3b,3f,0e,bd,6c,11,39,e3,d3,8f,dd
        "{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,3b,1b,25,bf,e7,
           ac,1e,5a,35,0c,a1,20,1d,ef,07,ca,45,e2
        "{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,3b,1b,54,17,dc,
           c3,7a,f0,37,06,a7,76,c3,79,c6,81,cf,b4
        .
        [HKEY_USERS\S-1-5-21-961873879-17721080-2473918579-500\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
        @Denied: (2) (Administrator)
        "Timestamp"=hex:3a,b8,27,ad,1a,ba,cc,01
        .
        [HKEY_USERS\S-1-5-21-961873879-17721080-2473918579-500\Software\Microsoft\Internet Explorer\User Preferences]
        @Denied: (2) (Administrator)
        "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5 977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
           d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,12,6f,f1,f7,e1,60,a7,4d,a3,8d,75,\
        "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839 E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
           d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,da,53,cb,c8,7c,cf,44,45,ba,bf,19,\
        .
        [HKEY_USERS\S-1-5-21-961873879-17721080-2473918579-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3g2\UserChoice]
        @Denied: (2) (Administrator)
        "Progid"="WMP11.AssocFile.3G2"
        .
        [HKEY_USERS\S-1-5-21-961873879-17721080-2473918579-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp\UserChoice]
        @Denied: (2) (Administrator)
        "Progid"="WMP11.AssocFile.3GP"
        .
        [HKEY_USERS\S-1-5-21-961873879-17721080-2473918579-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp2\UserChoice]
        @Denied: (2) (Administrator)
        "Progid"="WMP11.AssocFile.3G2"
        .
        [HKEY_USERS\S-1-5-21-961873879-17721080-2473918579-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gpp\UserChoice]
        @Denied: (2) (Administrator)
        "Progid"="WMP11.AssocFile.3GP"
        .
        [HKEY_USERS\S-1-5-21-961873879-17721080-2473918579-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AAC\UserChoice]
        @Denied: (2) (Administrator)
        "Progid"="WMP11.AssocFile.ADTS"
        .
        [HKEY_USERS\S-1-5-21-961873879-17721080-2473918579-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADT\UserChoice]
        @Denied: (2) (Administrator)
        "Progid"="WMP11.AssocFile.ADTS"
        .
        [HKEY_USERS\S-1-5-21-961873879-17721080-2473918579-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADTS\UserChoice]
        @Denied: (2) (Administrator)
        "Progid"="WMP11.AssocFile.ADTS"
        .
        [HKEY_USERS\S-1-5-21-961873879-17721080-2473918579-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
        @Denied: (2) (Administrator)
        "Progid"="WMP11.AssocFile.AIFF"
        .
        [HKEY_USERS\S-1-5-21-961873879-17721080-2473918579-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
        @Denied: (2) (Administrator)
        "Progid"="WMP11.AssocFile.AIFF"
        .
        [HKEY_USERS\S-1-5-21-961873879-17721080-2473918579-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
        @Denied: (2) (Administrator)
        "Progid"="WMP11.AssocFile.AIFF"
        .
        [HKEY_USERS\S-1-5-21-961873879-17721080-2473918579-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asf\UserChoice]
        @Denied: (2) (Administrator)
        "Progid"="WMP11.AssocFile.ASF"
        .
        [HKEY_USERS\S-1-5-21-961873879-17721080-2473918579-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx\UserChoice]
        @Denied: (2) (Administrator)
        "Progid"="WMP11.AssocFile.ASX"
        .
        [HKEY_USERS\S-1-5-21-961873879-17721080-2473918579-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
        @Denied: (2) (Administrator)
        "Progid"="WMP11.AssocFile.AU"
        .
        [HKEY_USERS\S-1-5-21-961873879-17721080-2473918579-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\UserChoice]
        @Denied: (2) (Administrator)
        "Progid"="WMP11.AssocFile.AVI"
        .
        [HKEY_USERS\S-1-5-21-961873879-17721080-2473918579-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]
        @Denied: (2) (Administrator)
        "Progid"="Applications\\Fireworks.exe"
        .
        [HKEY_USERS\S-1-5-21-961873879-17721080-2473918579-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cda\UserChoice]
        @Denied: (2) (Administrator)
        "Progid"="WMP11.AssocFile.CDA"
        .
        [HKEY_USERS\S-1-5-21-961873879-17721080-2473918579-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cdda\UserChoice]
        @Denied: (2) (Administrator)
        "Progid"="iTunes.cdda"
        .
        [HKEY_USERS\S-1-5-21-961873879-17721080-2473918579-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
        @Denied: (2) (Administrator)
        "Progid"="ChromeHTML"
        .
        [HKEY_USERS\S-1-5-21-961873879-17721080-2473918579-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
        @Denied: (2) (Administrator)
        "Progid"="ChromeHTML"
        .
        [HKEY_USERS\S-1-5-21-961873879-17721080-2473918579-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ini\UserChoice]
        @Denied: (2) (Administrator)
        "Progid"="Applications\\Dreamweaver.exe"
        .
        [HKEY_USERS\S-1-5-21-961873879-17721080-2473918579-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ipa\UserChoice]
        @Denied: (2) (Administrator)
        "Progid"="iTunes.ipa"
        .
        [HKEY_USERS\S-1-5-21-961873879-17721080-2473918579-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ipg\UserChoice]
        @Denied: (2) (Administrator)
        "Progid"="iTunes.ipg"
        .
        [HKEY_USERS\S-1-5-21-961873879-17721080-2473918579-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ipsw\UserChoice]
        @Denied: (2) (Administrator)
        "Progid"="iTunes.ipsw"
        .
        [HKEY_USERS\S-1-5-21-961873879-17721080-2473918579-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iso\UserChoice]
        @Denied: (2) (Administrator)
        "Progid"="Applications\\MagicDisc.exe"
        .
        [HKEY_USERS\S-1-5-21-961873879-17721080-2473918579-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.itdb\UserChoice]
        @Denied: (2) (Administrator)
        "Progid"="iTunes.itdb"
        .
        [HKEY_USERS\S-1-5-21-961873879-17721080-2473918579-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ite\UserChoice]
        @Denied: (2) (Administrator)
        "Progid"="iTunes.ite"
        .
        [HKEY_USERS\S-1-5-21-961873879-17721080-2473918579-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.itl\UserChoice]
        @Denied: (2) (Administrator)
        "Progid"="iTunes.itl"
        .
        [HKEY_USERS\S-1-5-21-961873879-17721080-2473918579-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.itlp\UserChoice]
        @Denied: (2) (Administrator)
        "Progid"="iTunes.itlp"
        .
        [HKEY_USERS\S-1-5-21-961873879-17721080-2473918579-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.itls\UserChoice]
        @Denied: (2) (Administrator)
        "Progid"="iTunes.itls"
        .
        [HKEY_USERS\S-1-5-21-961873879-17721080-2473918579-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.itms\UserChoice]
        @Denied: (2) (Administrator)
        "Progid"="iTunes.itms"
        .
        [HKEY_USERS\S-1-5-21-961873879-17721080-2473918579-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.itpc\UserChoice]
        @Denied: (2) (Administrator)
        "Progid"="iTunes.itpc"
        .
        [HKEY_USERS\S-1-5-21-961873879-17721080-2473918579-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]
        @Denied: (2) (Administrator)
        "Progid"="Applications\\Fireworks.exe"
        .
        [HKEY_USERS\S-1-5-21-961873879-17721080-2473918579-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1v\UserChoice]
        @Denied: (2) (Administrator)
        "Progid"="WMP11.AssocFile.MPEG"
        .
        [HKEY_USERS\S-1-5-21-961873879-17721080-2473918579-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2T\UserChoice]
        @Denied: (2) (Administrator)
        "Progid"="WMP11.AssocFile.M2TS"
        .
        [HKEY_USERS\S-1-5-21-961873879-17721080-2473918579-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2TS\UserChoice]
        @Denied: (2) (Administrator)
        "Progid"="WMP11.AssocFile.M2TS"
        .
        [HKEY_USERS\S-1-5-21-961873879-17721080-2473918579-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2V\UserChoice]
        @Denied: (2) (Administrator)
        "Progid"="WMP11.AssocFile.MPEG"
        .
        [HKEY_USERS\S-1-5-21-961873879-17721080-2473918579-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
        @Denied: (2) (Administrator)
        "Progid"="WMP11.AssocFile.m3u"
        .
        [HKEY_USERS\S-1-5-21-961873879-17721080-2473918579-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u8\UserChoice]
        @Denied: (2) (Administrator)
        "Progid"="iTunes.m3u8"
        .
        [HKEY_USERS\S-1-5-21-961873879-17721080-2473918579-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4a\UserChoice]
        @Denied: (2) (Administrator)
        "Progid"="WMP11.AssocFile.M4A"
        .
        [HKEY_USERS\S-1-5-21-961873879-17721080-2473918579-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4b\UserChoice]
        @Denied: (2) (Administrator)
        "Progid"="iTunes.m4b"
        .
        [HKEY_USERS\S-1-5-21-961873879-17721080-2473918579-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4p\UserChoice]
        @Denied: (2) (Administrator)
        "Progid"="iTunes.m4p"
        .
        [HKEY_USERS\S-1-5-21-961873879-17721080-2473918579-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4r\UserChoice]
        @Denied: (2) (Administrator)
        "Progid"="iTunes.m4r"
        .
        [HKEY_USERS\S-1-5-21-961873879-17721080-2473918579-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4v\UserChoice]
        @Denied: (2) (Administrator)
        "Progid"="WMP11.AssocFile.MP4"
        .
        [HKEY_USERS\S-1-5-21-961873879-17721080-2473918579-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
        @Denied: (2) (Administrator)
        "Progid"="WMP11.AssocFile.MIDI"
        .
        [HKEY_USERS\S-1-5-21-961873879-17721080-2473918579-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
        @Denied: (2) (Administrator)
        "Progid"="WMP11.AssocFile.MIDI"
        .
        [HKEY_USERS\S-1-5-21-961873879-17721080-2473918579-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MOD\UserChoice]
        @Denied: (2) (Administrator)
        "Progid"="WMP11.AssocFile.MPEG"
        .
        [HKEY_USERS\S-1-5-21-961873879-17721080-2473918579-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mov\UserChoice]
        @Denied: (2) (Administrator)
        "Progid"="WMP11.AssocFile.MOV"
        .
        [HKEY_USERS\S-1-5-21-961873879-17721080-2473918579-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2\UserChoice]
        @Denied: (2) (Administrator)
        "Progid"="WMP11.AssocFile.MP3"
        .
        [HKEY_USERS\S-1-5-21-961873879-17721080-2473918579-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2v\UserChoice]
        @Denied: (2) (Administrator)
        "Progid"="WMP11.AssocFile.MPEG"
        .
        [HKEY_USERS\S-1-5-21-961873879-17721080-2473918579-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
        @Denied: (2) (Administrator)
        "Progid"="WMP11.AssocFile.MP3"
        .
        [HKEY_USERS\S-1-5-21-961873879-17721080-2473918579-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\UserChoice]
        @Denied: (2) (Administrator)
        "Progid"="WMP11.AssocFile.MP4"
        .
        [HKEY_USERS\S-1-5-21-961873879-17721080-2473918579-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4v\UserChoice]
        @Denied: (2) (Administrator)
        "Progid"="WMP11.AssocFile.MP4"
        .
        [HKEY_USERS\S-1-5-21-961873879-17721080-2473918579-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpa\UserChoice]
        @Denied: (2) (Administrator)
        "Progid"="WMP11.AssocFile.MPEG"
        .
        [HKEY_USERS\S-1-5-21-961873879-17721080-2473918579-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpe\UserChoice]
        @Denied: (2) (Administrator)
        "Progid"="WMP11.AssocFile.MPEG"
        .
        [HKEY_USERS\S-1-5-21-961873879-17721080-2473918579-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg\UserChoice]
        @Denied: (2) (Administrator)
        "Progid"="WMP11.AssocFile.MPEG"
        .
        [HKEY_USERS\S-1-5-21-961873879-17721080-2473918579-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpg\UserChoice]
        @Denied: (2) (Administrator)
        "Progid"="WMP11.AssocFile.MPEG"
        .
        [HKEY_USERS\S-1-5-21-961873879-17721080-2473918579-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv2\UserChoice]
        @Denied: (2) (Administrator)
        "Progid"="WMP11.AssocFile.MPEG"
        .
        [HKEY_USERS\S-1-5-21-961873879-17721080-2473918579-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MTS\UserChoice]
        @Denied: (2) (Administrator)
        "Progid"="WMP11.AssocFile.M2TS"
        .
        [HKEY_USERS\S-1-5-21-961873879-17721080-2473918579-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcast\UserChoice]
        @Denied: (2) (Administrator)
        "Progid"="iTunes.pcast"
        .
        [HKEY_USERS\S-1-5-21-961873879-17721080-2473918579-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pls\UserChoice]
        @Denied: (2) (Administrator)
        "Progid"="iTunes.pls"
        .
        [HKEY_USERS\S-1-5-21-961873879-17721080-2473918579-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmi\UserChoice]
        @Denied: (2) (Administrator)
        "Progid"="WMP11.AssocFile.MIDI"
        .
        [HKEY_USERS\S-1-5-21-961873879-17721080-2473918579-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
        @Denied: (2) (Administrator)
        "Progid"="ChromeHTML"
        .
        [HKEY_USERS\S-1-5-21-961873879-17721080-2473918579-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
        @Denied: (2) (Administrator)
        "Progid"="WMP11.AssocFile.AU"
        .
        [HKEY_USERS\S-1-5-21-961873879-17721080-2473918579-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice]
        @Denied: (2) (Administrator)
        "Progid"="Photoshop.TGAFile.11"
        .
        [HKEY_USERS\S-1-5-21-961873879-17721080-2473918579-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.torrent\UserChoice]
        @Denied: (2) (Administrator)
        "Progid"="Applications\\uTorrent.exe"
        .
        [HKEY_USERS\S-1-5-21-961873879-17721080-2473918579-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TS\UserChoice]
        @Denied: (2) (Administrator)
        "Progid"="WMP11.AssocFile.TTS"
        .
        [HKEY_USERS\S-1-5-21-961873879-17721080-2473918579-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TTS\UserChoice]
        @Denied: (2) (Administrator)
        "Progid"="WMP11.AssocFile.TTS"
        .
        [HKEY_USERS\S-1-5-21-961873879-17721080-2473918579-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
        @Denied: (2) (Administrator)
        "Progid"="WMP11.AssocFile.WAV"
        .
        [HKEY_USERS\S-1-5-21-961873879-17721080-2473918579-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wave\UserChoice]
        @Denied: (2) (Administrator)
        "Progid"="iTunes.wave"
        .
        [HKEY_USERS\S-1-5-21-961873879-17721080-2473918579-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wax\UserChoice]
        @Denied: (2) (Administrator)
        "Progid"="WMP11.AssocFile.WAX"
        .
        [HKEY_USERS\S-1-5-21-961873879-17721080-2473918579-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wm\UserChoice]
        @Denied: (2) (Administrator)
        "Progid"="WMP11.AssocFile.ASF"
        .
        [HKEY_USERS\S-1-5-21-961873879-17721080-2473918579-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
        @Denied: (2) (Administrator)
        "Progid"="WMP11.AssocFile.WMA"
        .
        [HKEY_USERS\S-1-5-21-961873879-17721080-2473918579-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmd\UserChoice]
        @Denied: (2) (Administrator)
        "Progid"="WMP11.AssocFile.WMD"
        .
        [HKEY_USERS\S-1-5-21-961873879-17721080-2473918579-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wms\UserChoice]
        @Denied: (2) (Administrator)
        "Progid"="WMP11.AssocFile.WMS"
        .
        [HKEY_USERS\S-1-5-21-961873879-17721080-2473918579-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv\UserChoice]
        @Denied: (2) (Administrator)
        "Progid"="WMP11.AssocFile.WMV"
        .
        [HKEY_USERS\S-1-5-21-961873879-17721080-2473918579-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmx\UserChoice]
        @Denied: (2) (Administrator)
        "Progid"="WMP11.AssocFile.ASX"
        .
        [HKEY_USERS\S-1-5-21-961873879-17721080-2473918579-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmz\UserChoice]
        @Denied: (2) (Administrator)
        "Progid"="WMP11.AssocFile.WMZ"
        .
        [HKEY_USERS\S-1-5-21-961873879-17721080-2473918579-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wpl\UserChoice]
        @Denied: (2) (Administrator)
        "Progid"="WMP11.AssocFile.WPL"
        .
        [HKEY_USERS\S-1-5-21-961873879-17721080-2473918579-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wvx\UserChoice]
        @Denied: (2) (Administrator)
        "Progid"="WMP11.AssocFile.WVX"
        .
        [HKEY_USERS\S-1-5-21-961873879-17721080-2473918579-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
        @Denied: (2) (Administrator)
        "Progid"="ChromeHTML"
        .
        [HKEY_USERS\S-1-5-21-961873879-17721080-2473918579-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
        @Denied: (2) (Administrator)
        "Progid"="ChromeHTML"
        .
        [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
        @Denied: (A 2) (Everyone)
        @="FlashBroker"
        "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
        .
        [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
        "Enabled"=dword:00000001
        .
        [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
        @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
        .
        [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
        @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
        .
        [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
        @Denied: (A 2) (Everyone)
        @="IFlashBroker5"
        .
        [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
        @="{00020424-0000-0000-C000-000000000046}"
        .
        [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
        @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
        "Version"="1.0"
        .
        [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
        @Denied: (A 2) (Everyone)
        @="FlashBroker"
        "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
        .
        [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
        "Enabled"=dword:00000001
        .
        [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
        @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
        .
        [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
        @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
        .
        [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
        @Denied: (A 2) (Everyone)
        @="Shockwave Flash Object"
        .
        [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
        @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
        "ThreadingModel"="Apartment"
        .
        [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
        @="0"
        .
        [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
        @="ShockwaveFlash.ShockwaveFlash.11"
        .
        [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
        @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
        .
        [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
        @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
        .
        [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
        @="1.0"
        .
        [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
        @="ShockwaveFlash.ShockwaveFlash"
        .
        [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
        @Denied: (A 2) (Everyone)
        @="Macromedia Flash Factory Object"
        .
        [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
        @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
        "ThreadingModel"="Apartment"
        .
        [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
        @="FlashFactory.FlashFactory.1"
        .
        [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
        @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
        .
        [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
        @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
        .
        [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
        @="1.0"
        .
        [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
        @="FlashFactory.FlashFactory"
        .
        [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
        @Denied: (A 2) (Everyone)
        @="IFlashBroker5"
        .
        [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
        @="{00020424-0000-0000-C000-000000000046}"
        .
        [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
        @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
        "Version"="1.0"
        .
        [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
        @Denied: (A) (Everyone)
        "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
        .
        [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
        @Denied: (A) (Everyone)
        .
        [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
        "Key"="ActionsPane3"
        "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
        .
        [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
        @Denied: (Full) (Everyone)
        .
        Completion time: 2012-11-03  19:15:11
        ComboFix-quarantined-files.txt  2012-11-03 23:15
        .
        Pre-Run: 388,425,154,560 bytes free
        Post-Run: 389,935,374,336 bytes free
        .
        - - End Of File - - A366811D823C0BC9466CBC4F1E516857
        « Last Edit: November 03, 2012, 07:35:30 PM by SuperDave »
        Logged

        SuperDave

        • Malware Removal Specialist
        • Moderator


          • Genius
          • Thanked: 1020
        • Certifications: List
        • Experience: Expert
        • OS: Windows 10
        Re: Backdoor Trojan and more.
        « Reply #4 on: November 03, 2012, 07:37:45 PM »
        Remove the Adware:
        • Please close all open programs and internet browsers.
        • Double click on adwcleaner.exe to run the tool.
        • Click on Delete.
        • Confirm each time with OK
        • Your computer will be rebooted automatically. A text file will open after the restart.
        • Please post the content of that logfile in your reply.
        • You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.
        *****************************************************
        Please download aswMBR.exe ( 511KB ) to your desktop.

        Double click the aswMBR.exe to run it



        Click the "Scan" button to start scan

        Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives



        On completion of the scan click save log, save it to your desktop and post in your next reply
        **************************************************
        Please download Rooter and Save it to your desktop.
        • Double click it to start the tool.Vista and Windows7 run as administrator.
        • Click Scan.
        • Eventually, a Notepad file containing the report will open, also found at C:\Rooter.txt. Post that log in your next reply.
        Logged
        Windows 8 and Windows 10 dual boot with two SSD's

        baboontester

          Topic Starter


          Rookie

          Thanked: 1
          Re: Backdoor Trojan and more.
          « Reply #5 on: November 03, 2012, 09:17:01 PM »
          ADWCLEANER[S1]
          Quote
          # AdwCleaner v2.006 - Logfile created 11/03/2012 at 23:27:53
          # Updated 30/10/2012 by Xplode
          # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
          # User : Administrator - OWNER1
          # Boot Mode : Normal
          # Running from : C:\Users\Administrator\Desktop\adwcleaner.exe
          # Option [Delete]


          ***** [Services] *****


          ***** [Files / Folders] *****

          File Deleted : C:\user.js
          Folder Deleted : C:\Program Files (x86)\Conduit
          Folder Deleted : C:\Users\Administrator\AppData\Local\Conduit
          Folder Deleted : C:\Users\Administrator\AppData\LocalLow\Conduit

          ***** [Registry] *****

          Key Deleted : HKCU\Software\AppDataLow\Software
          Key Deleted : HKCU\Software\Conduit
          Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
          Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
          Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
          Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
          Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
          Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
          Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2786678
          Key Deleted : HKLM\Software\Conduit
          Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
          Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

          ***** [Internet Browsers] *****

          -\\ Internet Explorer v9.0.8112.16421

          [OK] Registry is clean.

          -\\ Google Chrome v22.0.1229.94

          File : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Preferences

          [OK] File is clean.

          *************************

          AdwCleaner[R1].txt - [2452 octets] - [03/11/2012 18:47:46]
          AdwCleaner[S1].txt - [1851 octets] - [03/11/2012 23:27:53]

          ########## EOF - C:\AdwCleaner[S1].txt - [1911 octets] ##########


          aswMBR
          Quote
          aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
          Run date: 2012-11-03 23:31:14
          -----------------------------
          23:31:14.524    OS Version: Windows x64 6.1.7601 Service Pack 1
          23:31:14.524    Number of processors: 4 586 0x170A
          23:31:14.524    ComputerName: OWNER1  UserName:
          23:31:15.694    Initialize success
          23:31:18.440    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
          23:31:18.440    Disk 0 Vendor: WDC_WD6400AAKS-75A7B2 01.03B01 Size: 610480MB BusType: 3
          23:31:18.456    Disk 0 MBR read successfully
          23:31:18.456    Disk 0 MBR scan
          23:31:18.456    Disk 0 Windows 7 default MBR code
          23:31:18.471    Disk 0 Partition 1 00     DE Dell Utility Dell 8.0       54 MB offset 63
          23:31:18.471    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS        10942 MB offset 112640
          23:31:18.487    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       599482 MB offset 22521856
          23:31:18.518    Disk 0 scanning C:\Windows\system32\drivers
          23:31:25.694    Service scanning
          23:31:44.680    Modules scanning
          23:31:44.680    Disk 0 trace - called modules:
          23:31:44.712    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys
          23:31:44.712    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007ab9060]
          23:31:44.712    3 CLASSPNP.SYS[fffff8800141743f] -> nt!IofCallDriver -> [0xfffffa80077fe500]
          23:31:44.727    5 ACPI.sys[fffff88000f117a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80077fb060]
          23:31:44.727    Scan finished successfully
          23:31:57.972    Disk 0 MBR has been saved successfully to "C:\Users\Administrator\Desktop\MBR.dat"
          23:31:57.987    The log file has been saved successfully to "C:\Users\Administrator\Desktop\aswMBR.txt"

          ROOTER
          Quote
          Rooter.exe (v1.0.2) by Eric_71
          .
          SeDebugPrivilege granted successfully ...
          .
          Windows 7 Home Edition (6.1.7601) Service Pack 1
          [32_bits] - Intel64 Family 6 Model 23 Stepping 10, GenuineIntel
          .
          [wscsvc] (Security Center) RUNNING (state:4)
          [MpsSvc] RUNNING (state:4)
          Windows Firewall -> Enabled
          Windows Defender -> Enabled
          User Account Control (UAC) -> Disabled !
          .
          Internet Explorer 9.0.8112.16421
          .
          C:\  [Fixed-NTFS] .. ( Total:585 Go - Free:363 Go )
          D:\  [CD_Rom]
          E:\  [CD_Rom]
          F:\  [Removable]
          G:\  [Removable]
          H:\  [Removable]
          I:\  [Removable]
          L:\  [CD_Rom]
          .
          Scan : 23:34.10
          Path : C:\Users\Administrator\Desktop\Rooter.exe
          User : Administrator ( Administrator -> YES )
          .
          ----------------------\\ Processes
          .
          Locked [System Process] (0)
          Locked System (4)
          ______ ???
          ?????? (284)
          ______ ???
          ?????? (392)
          ______ ???
          ?????? (440)
          ______ ???
          ?????? (716)
          ______ ???
          ?????? (780)
          ______ ???
          ?????? (816)
          ______ ???
          ?????? (840)
          ______ ???
          ?????? (856)
          ______ ???
          ?????? (864)
          ______ ???
          ?????? (996)
          ______ ???
          ?????? (132)
          ______ ???
          ?????? (688)
          ______ C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (700)
          ______ ???
          ?????? (796)
          ______ ???
          ?????? (1088)
          ______ ???
          ?????? (1136)
          ______ ???
          ?????? (1184)
          Locked audiodg.exe (1284)
          ______ ???
          ?????? (1332)
          ______ C:\Program Files\Dell\DellDock\DockLogin.exe (1396)
          ______ ???
          ?????? (1408)
          ______ ???
          ?????? (1420)
          ______ ???
          ?????? (1532)
          ______ ???
          ?????? (1728)
          ______ ???
          ?????? (1768)
          ______ ???
          ?????? (1888)
          ______ C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (1912)
          ______ C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe (1948)
          ______ C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (1984)
          ______ ???
          ?????? (2032)
          ______ ???
          ?????? (1316)
          ______ C:\Program Files (x86)\iRacing\iRacingService.exe (1152)
          ______ C:\Program Files (x86)\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe (1196)
          ______ C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_64server.exe (1680)
          ______ C:\Program Files (x86)\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe (2060)
          ______ C:\Program Files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_64server.exe (2080)
          ______ C:\Program Files (x86)\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe (2128)
          ______ C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (2224)
          ______ ???
          ?????? (2288)
          ______ ???
          ?????? (2412)
          ______ ???
          ?????? (2428)
          ______ C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (2460)
          ______ ???
          ?????? (2560)
          ______ ???
          ?????? (2584)
          ______ C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe (2672)
          ______ ???
          ?????? (2296)
          ______ ???
          ?????? (3312)
          ______ ???
          ?????? (3348)
          ______ ???
          ?????? (3716)
          ______ C:\Program Files (x86)\Dell V310-V510 Series\dleamon.exe (3724)
          ______ C:\Program Files (x86)\Dell V310-V510 Series\ezprint.exe (3740)
          ______ ???
          ?????? (4032)
          ______ ???
          ?????? (4048)
          ______ ???
          ?????? (3492)
          ______ ???
          ?????? (1256)
          ______ ???
          ?????? (3832)
          ______ ???
          ?????? (3200)
          ______ ???
          ?????? (3040)
          ______ ???
          ?????? (4060)
          ______ ???
          ?????? (4192)
          ______ C:\Program Files (x86)\Skype\Phone\Skype.exe (4416)
          ______ C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (4520)
          ______ ???
          ?????? (4556)
          ______ C:\Program Files (x86)\MagicDisc\MagicDisc.exe (4580)
          ______ ???
          ?????? (4588)
          ______ C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (4600)
          ______ C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe (4612)
          ______ C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (4628)
          ______ C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe (4636)
          ______ C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (4644)
          ______ C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (4664)
          ______ ???
          ?????? (4680)
          ______ ???
          ?????? (4764)
          ______ ???
          ?????? (4800)
          ______ ???
          ?????? (4808)
          ______ C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (2712)
          ______ C:\Program Files (x86)\iTunes\iTunesHelper.exe (4956)
          ______ ???
          ?????? (5084)
          ______ ???
          ?????? (4552)
          ______ ???
          ?????? (5860)
          ______ ???
          ?????? (2104)
          ______ C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe (5652)
          ______ ???
          ?????? (3016)
          ______ ???
          ?????? (5672)
          ______ ???
          ?????? (5676)
          ______ C:\Users\Administrator\Desktop\Rooter.exe (5752)
          .
          ----------------------\\ Device\Harddisk0\
          .
          \Device\Harddisk0 [Sectors : 63 x 512 Bytes]
          .
          \Device\Harddisk0\Partition1 (Start_Offset:32256 | Length:57544704)
          \Device\Harddisk0\Partition2 --[ MBR ]-- (Start_Offset:57671680 | Length:11473518592)
          \Device\Harddisk0\Partition3 (Start_Offset:11531190272 | Length:628602437632)
          .
          ----------------------\\ Scheduled Tasks
          .
          C:\Windows\Tasks\Adobe Flash Player Updater.job
          C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-961873879-17721080-2473918579-500Core.job
          C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-961873879-17721080-2473918579-500UA.job
          C:\Windows\Tasks\HP Photo Creations Communicator.job
          C:\Windows\Tasks\SA.DAT
          C:\Windows\Tasks\SCHEDLGU(116).TXT
          C:\Windows\Tasks\SCHEDLGU.TXT
          .
          ----------------------\\ Registry
          .
          .
          ----------------------\\ Files & Folders
          .
          ----------------------\\ Scan completed at 23:34.32
          .
          C:\Rooter$\Rooter_1.txt - (03/11/2012 | 23:34.32)
          [/quote[
          Logged

          SuperDave

          • Malware Removal Specialist
          • Moderator


            • Genius
            • Thanked: 1020
          • Certifications: List
          • Experience: Expert
          • OS: Windows 10
          Re: Backdoor Trojan and more.
          « Reply #6 on: November 04, 2012, 06:52:38 PM »
          How's your computer running now? Any other issues?

          I'd like to scan your machine with ESET OnlineScan

          •Hold down Control and click on the following link to open ESET OnlineScan in a new window.
          ESET OnlineScan
          •Click the button.
          •For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
          • Click on to download the ESET Smart Installer. Save it to your desktop.
          • Double click on the icon on your desktop.
          •Check
          •Click the button.
          •Accept any security warnings from your browser.
          •Check
          •Push the Start button.
          •ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
          •When the scan completes, push
          •Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
          •Push the button.
          •Push
          A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt
          Logged
          Windows 8 and Windows 10 dual boot with two SSD's
          Pages: [1]   Go Up
          « previous next »