############################## | UsbFix V 7.145 | [Research] User: Administrator (Administrator) # COMPUTER Updated 17/10/2013 by El Desaparecido - Team SosVirus Started at 23:34:57 | 17/10/2013 Website: http://www.usbfix.net/ Forum : http://www.sosvirus.net/ Upload Malware: http://www.sosvirus.net/upload_malware.php Contact: http://www.usbfix.net/contact/ PC: Dell Inc. (038C0K) CPU: Intel(R) Core(TM) i5-2520M CPU @ 2.50GHz RAM -> [Total : 3977 | Free : 823] Bios: Dell Inc. Boot: Normal boot OS: Microsoft Windows 7 Professional (6.1.7601 64-Bit) # Service Pack 1 WB: Windows Internet Explorer 10.0.9200.16721 SC: Security Center Service [Enabled] WU: Windows Update Service [Enabled] AV: Norton Internet Security [Enabled | Updated] FW: Windows FireWall Service [Enabled] C:\ (%systemdrive%) -> Fixed drive # 282 Gb (215 Mb free - 76%) [OS] # NTFS D:\ -> CD-ROM E:\ -> CD-ROM F:\ -> Fixed drive # 931 Gb (526 Mb free - 56%) [My Passport] # NTFS ################## | Active Processes | C:\Windows\system32\csrss.exe (ID 440 |ParentID 420) C:\Windows\system32\csrss.exe (ID 548 |ParentID 540) C:\Windows\system32\wininit.exe (ID 556 |ParentID 420) C:\Windows\system32\winlogon.exe (ID 592 |ParentID 540) C:\Windows\system32\services.exe (ID 652 |ParentID 556) C:\Windows\system32\lsass.exe (ID 660 |ParentID 556) C:\Windows\system32\lsm.exe (ID 668 |ParentID 556) C:\Windows\system32\svchost.exe (ID 768 |ParentID 652) C:\Windows\system32\nvvsvc.exe (ID 836 |ParentID 652) C:\Windows\system32\svchost.exe (ID 876 |ParentID 652) C:\Windows\System32\svchost.exe (ID 960 |ParentID 652) C:\Windows\System32\svchost.exe (ID 996 |ParentID 652) C:\Windows\system32\svchost.exe (ID 1020 |ParentID 652) C:\Program Files\IDT\WDM\STacSV64.exe (ID 344 |ParentID 652) C:\Windows\system32\svchost.exe (ID 1100 |ParentID 652) C:\Windows\system32\svchost.exe (ID 1136 |ParentID 652) C:\Windows\system32\svchost.exe (ID 1276 |ParentID 652) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (ID 1420 |ParentID 836) C:\Windows\system32\nvvsvc.exe (ID 1428 |ParentID 836) C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE (ID 1476 |ParentID 652) C:\Windows\system32\WLANExt.exe (ID 1484 |ParentID 996) C:\Windows\system32\conhost.exe (ID 1492 |ParentID 440) C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe (ID 1532 |ParentID 1476) C:\Windows\System32\spoolsv.exe (ID 1664 |ParentID 652) C:\Program Files\Common Files\SPBA\upeksvr.exe (ID 1748 |ParentID 952) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe (ID 1816 |ParentID 652) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe (ID 1840 |ParentID 652) C:\Windows\System32\svchost.exe (ID 1860 |ParentID 652) C:\Windows\system32\svchost.exe (ID 1920 |ParentID 652) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe (ID 1948 |ParentID 652) C:\Windows\System32\svchost.exe (ID 1740 |ParentID 652) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (ID 2016 |ParentID 652) C:\Program Files\IDT\WDM\AESTSr64.exe (ID 436 |ParentID 652) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (ID 2044 |ParentID 652) C:\Windows\system32\taskhost.exe (ID 2204 |ParentID 652) C:\Windows\system32\taskeng.exe (ID 2232 |ParentID 1020) C:\Windows\system32\Dwm.exe (ID 2308 |ParentID 996) C:\Windows\Explorer.EXE (ID 2336 |ParentID 2280) C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe (ID 2440 |ParentID 2232) C:\Program Files\Bonjour\mDNSResponder.exe (ID 2504 |ParentID 652) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (ID 2552 |ParentID 652) C:\Program Files\DellTPad\Apoint.exe (ID 2772 |ParentID 2336) C:\Program Files\IDT\WDM\sttray64.exe (ID 2780 |ParentID 2336) C:\Windows\System32\hkcmd.exe (ID 2848 |ParentID 2336) C:\Windows\System32\igfxpers.exe (ID 2872 |ParentID 2336) C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe (ID 2924 |ParentID 2336) C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE (ID 2956 |ParentID 2336) C:\Program Files\Dell\Feature Enhancement Pack\DFEPApplication.exe (ID 2980 |ParentID 2336) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe (ID 2996 |ParentID 2336) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (ID 2184 |ParentID 2336) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe (ID 956 |ParentID 2336) C:\Windows\System32\wscript.exe (ID 3104 |ParentID 2336) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (ID 3216 |ParentID 2336) C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe (ID 3332 |ParentID 652) C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe (ID 3360 |ParentID 3180) C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe (ID 3488 |ParentID 3180) C:\Program Files (x86)\Athan\Athan.exe (ID 3648 |ParentID 3180) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (ID 3736 |ParentID 3180) C:\Program Files (x86)\iTunes\iTunesHelper.exe (ID 3844 |ParentID 3180) C:\Windows\system32\IProsetMonitor.exe (ID 4044 |ParentID 652) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe (ID 704 |ParentID 652) C:\Program Files\ma-config.com\MaConfigAgent.exe (ID 3284 |ParentID 652) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe (ID 468 |ParentID 652) C:\Program Files (x86)\Norton Zone\Engine\1.0.12.6\ccSvcHst.exe (ID 3448 |ParentID 652) C:\Windows\system32\DRIVERS\o2flash.exe (ID 1064 |ParentID 652) c:\Windows\SysWOW64\srvany.exe (ID 4060 |ParentID 652) c:\Windows\sysWOW64\SDIOAssist.exe (ID 2088 |ParentID 4060) C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe (ID 1932 |ParentID 652) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (ID 2180 |ParentID 652) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe (ID 4184 |ParentID 652) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (ID 4256 |ParentID 652) c:\Program Files\Dell\Feature Enhancement Pack\DFEPService.exe (ID 4336 |ParentID 652) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (ID 4352 |ParentID 4256) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (ID 4396 |ParentID 3028) C:\Program Files (x86)\Norton Zone\Engine\1.0.12.6\ccSvcHst.exe (ID 4912 |ParentID 3448) C:\Program Files\iPod\bin\iPodService.exe (ID 5008 |ParentID 652) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe (ID 5096 |ParentID 3344) C:\Windows\system32\SearchIndexer.exe (ID 4532 |ParentID 652) C:\Windows\system32\svchost.exe (ID 5244 |ParentID 652) C:\Windows\system32\svchost.exe (ID 5280 |ParentID 652) C:\Windows\system32\wbem\wmiprvse.exe (ID 5672 |ParentID 768) C:\Windows\system32\wbem\wmiprvse.exe (ID 5680 |ParentID 768) C:\Program Files\DellTPad\ApMsgFwd.exe (ID 5736 |ParentID 2772) C:\Windows\System32\WUDFHost.exe (ID 5804 |ParentID 996) C:\Program Files\DellTPad\Apntex.exe (ID 6124 |ParentID 6112) C:\Windows\system32\conhost.exe (ID 2548 |ParentID 548) C:\Windows\SysWOW64\RunDll32.exe (ID 5164 |ParentID 3216) C:\Program Files\DellTPad\HidFind.exe (ID 3536 |ParentID 2772) C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe (ID 5240 |ParentID 768) C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe (ID 784 |ParentID 5240) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (ID 3672 |ParentID 652) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (ID 4144 |ParentID 652) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe (ID 6512 |ParentID 468) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID 7164 |ParentID 2336) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID 2116 |ParentID 7164) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (ID 5324 |ParentID 652) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID 4816 |ParentID 7164) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (ID 7244 |ParentID 652) C:\Program Files (x86)\Connectify\ConnectifyService.exe (ID 4428 |ParentID 652) C:\Program Files (x86)\Connectify\Connectifyd.exe (ID 8028 |ParentID 4428) C:\Windows\system32\conhost.exe (ID 4580 |ParentID 440) C:\Program Files\Windows Media Player\wmpnetwk.exe (ID 3952 |ParentID 652) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID 1696 |ParentID 7164) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID 7992 |ParentID 7164) C:\Program Files (x86)\iTunes\iTunes.exe (ID 7352 |ParentID 3844) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe (ID 2640 |ParentID 7352) C:\Windows\system32\conhost.exe (ID 8908 |ParentID 548) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe (ID 3628 |ParentID 2640) C:\Windows\system32\conhost.exe (ID 5792 |ParentID 548) C:\Program Files\WIDCOMM\Bluetooth Software\BtITunesPlugIn.exe (ID 4484 |ParentID 7352) C:\Windows\system32\conhost.exe (ID 4672 |ParentID 548) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe (ID 8632 |ParentID 2640) C:\Windows\system32\conhost.exe (ID 7252 |ParentID 548) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID 10612 |ParentID 7164) C:\Program Files (x86)\Connectify\Connectify.exe (ID 7452 |ParentID 2336) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe (ID 10928 |ParentID 8028) C:\Windows\system32\conhost.exe (ID 6240 |ParentID 440) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID 6476 |ParentID 7164) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID 9596 |ParentID 7164) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID 10692 |ParentID 7164) C:\Users\Administrator.COMPUTER\Desktop\RogueKillerX64.exe (ID 10680 |ParentID 2336) C:\UsbFix\Go.exe (ID 7784 |ParentID 10148) ################## | Regedit Run | HKLM\SOFTWARE | Run : [IMSS] - "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" HKLM\SOFTWARE | Run : [RemoteControl9] - "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" HKLM\SOFTWARE | Run : [PDVD9LanguageShortcut] - "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe" HKLM\SOFTWARE | Run : [RoxWatchTray] - "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" HKLM\SOFTWARE | Run : [Desktop Disc Tool] - "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" HKLM\SOFTWARE | Run : [HPUsageTrackingLEDM] - "C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe" "C:\Program Files (x86)\HP\HP UT LEDM\" HKLM\SOFTWARE | Run : [Athan] - C:\Program Files (x86)\Athan\Athan.exe HKLM\SOFTWARE | Run : [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" HKLM\SOFTWARE | Run : [TkBellExe] - "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot HKLM\SOFTWARE | Run : [APSDaemon] - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" HKLM\SOFTWARE | Run : [iTunesHelper] - "C:\Program Files (x86)\iTunes\iTunesHelper.exe" HKLM\SOFTWARE\wow6432Node | Run : [IMSS] - "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" HKLM\SOFTWARE\wow6432Node | Run : [RemoteControl9] - "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" HKLM\SOFTWARE\wow6432Node | Run : [PDVD9LanguageShortcut] - "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe" HKLM\SOFTWARE\wow6432Node | Run : [RoxWatchTray] - "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" HKLM\SOFTWARE\wow6432Node | Run : [Desktop Disc Tool] - "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" HKLM\SOFTWARE\wow6432Node | Run : [HPUsageTrackingLEDM] - "C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe" "C:\Program Files (x86)\HP\HP UT LEDM\" HKLM\SOFTWARE\wow6432Node | Run : [Athan] - C:\Program Files (x86)\Athan\Athan.exe HKLM\SOFTWARE\wow6432Node | Run : [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" HKLM\SOFTWARE\wow6432Node | Run : [TkBellExe] - "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot HKLM\SOFTWARE\wow6432Node | Run : [APSDaemon] - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" HKLM\SOFTWARE\wow6432Node | Run : [iTunesHelper] - "C:\Program Files (x86)\iTunes\iTunesHelper.exe" HKLM\SOFTWARE | RunOnce : [] - HKLM\SOFTWARE\wow6432Node | RunOnce : [] - HKLM\SOFTWARE | Policies\Explorer\run : [] - 1 HKU\S-1-5-21-4051628422-3525690287-1979791056-1000\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun HKU\S-1-5-21-4051628422-3525690287-1979791056-500\SOFTWARE | Run : [iCloudServices] - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe HKU\S-1-5-21-4051628422-3525690287-1979791056-500\SOFTWARE | Run : [Connectify] - C:\Program Files (x86)\Connectify\Connectify.exe HKU\S-1-5-21-4051628422-3525690287-1979791056-500\SOFTWARE | Run : [Lync] - "C:\Program Files (x86)\Microsoft Office\Office15\lync.exe" /fromrunkey HKU\S-1-5-21-4051628422-3525690287-1979791056-500\SOFTWARE | Run : [dtlswbgexu] - wscript.exe //B "C:\Users\ADMINI~1.COM\AppData\Local\Temp\dtlswbgexu..vbs" HKU\S-1-5-19\SOFTWARE | RunOnce : [] - HKU\S-1-5-20\SOFTWARE | RunOnce : [] - HKU\S-1-5-21-4051628422-3525690287-1979791056-1000\SOFTWARE | RunOnce : [] - HKU\S-1-5-18\SOFTWARE | RunOnce : [] - ################## | Files # Infected Folders | Found ! C:\Users\ADMINI~1.COM\AppData\Local\Temp\dtlswbgexu..vbs Found ! C:\Users\Administrator.COMPUTER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\dtlswbgexu..vbs Found ! E:\autorun.inf ################## | Registry | Found ! HKU\S-1-5-21-4051628422-3525690287-1979791056-500\Software\Microsoft\Windows\CurrentVersion\Run|dtlswbgexu Found ! HKCU\Software\Microsoft\Windows\CurrentVersion\Run|dtlswbgexu Found ! HKU\S-1-5-21-4051628422-3525690287-1979791056-500\Software\Microsoft\Windows\CurrentVersion\Run|dtlswbgexu Found ! HKCU\Software\Microsoft\Windows\CurrentVersion\Run|dtlswbgexu Found ! HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableRegistryTools Found ! HKU\S-1-5-21-4051628422-3525690287-1979791056-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableRegistryTools Found ! HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableRegistryTools Found ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableRegistryTools Found ! HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr Found ! HKU\S-1-5-21-4051628422-3525690287-1979791056-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr Found ! HKU\S-1-5-21-4051628422-3525690287-1979791056-500\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr Found ! HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr Found ! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr Found ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr ################## | Vaccin | (!) This computer is not vaccinated! ################## | E.O.F | http://www.usbfix.net - http://www.sosvirus.net |