Rootkits on a netbook

Done it <riddy>

 

Just shout "I'm a 'tard, get me out of here!" and eveything will be magically alright

 

Here we go!!!

 

.

 

Autoscan is in progress, 10mins it's telling me

 

Well?

 

I guessing it hasn't gone quite to plan!

 

still running

 

Now got the "log - notebook" on screen??

 

That is some 10 minutes mate, is it one of these clocks on a computer then says 10.27mins, then 5 minutes later it says 13.42mins remaining?!

 

Is that it completed?

 

Can you post the log on here

 

2mins

 

please log in to view this image

 

It's as we feared. Yer netbook is ****.

 

'

 

It's 10000 characters too long

 

ComboFix 12-11-28.02 - ************ 28/11/2012 13:11:44.1.4 - x86
Microsoft Windows 7 Starter 6.1.7601.1.1252.44.1033.18.1012.286 [GMT 0:00]
Running from: c:\users\**********\Downloads\ComboFix.exe
AV: AVG Internet Security 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: AVG Internet Security 2013 *Disabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: AVG Internet Security 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-10-28 to 2012-11-28 )))))))))))))))))))))))))))))))
.
.
2012-11-28 13:30 . 2012-11-28 13:30 -------- d-----w- c:\users\**********\AppData\Local\temp
2012-11-28 13:30 . 2012-11-28 13:30 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-28 12:47 . 2012-11-28 12:47 0 ----a-w- c:\windows\system32\shoDB03.tmp
2012-11-28 12:45 . 2012-11-28 13:15 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0B4CF3EE-D675-47E8-8162-ADF9BBF1B210}\offreg.dll
2012-11-27 22:22 . 2012-11-27 22:22 -------- d-----w- c:\users\*********\AppData\Roaming\AVG2013
2012-11-27 22:20 . 2012-11-27 22:20 -------- d-----w- c:\users\*********\AppData\Roaming\TuneUp Software
2012-11-27 22:04 . 2012-10-12 05:56 6918632 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0B4CF3EE-D675-47E8-8162-ADF9BBF1B210}\mpengine.dll
2012-11-26 20:13 . 2012-11-26 20:13 -------- d-----w- C:\$AVG
2012-11-26 20:13 . 2012-11-26 21:43 -------- d-----w- c:\programdata\AVG2013
2012-11-26 20:12 . 2012-11-26 20:12 -------- d-----w- c:\program files\AVG
2012-11-26 20:07 . 2012-11-28 12:42 -------- d-----w- c:\programdata\MFAData
2012-11-26 20:07 . 2012-11-26 20:20 -------- d-----w- c:\users\*********\AppData\Local\Avg2013
2012-11-26 20:07 . 2012-11-26 20:07 -------- d--h--w- c:\programdata\Common Files
2012-11-26 20:07 . 2012-11-26 20:07 -------- d-----w- c:\users\********\AppData\Local\MFAData
2012-11-26 19:40 . 2012-11-27 22:51 -------- d-----w- c:\program files\uTorrentControl_v2
2012-11-26 19:40 . 2012-11-27 22:51 -------- d-----w- c:\program files\Yontoo
2012-11-26 19:40 . 2012-11-26 19:40 -------- d-----w- c:\programdata\Tarma Installer
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

 

2012-10-22 13:02 . 2012-10-22 13:02 179936 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2012-10-17 09:12 . 2012-10-17 09:12 0 ----a-w- c:\windows\system32\shoEFF6.tmp
2012-10-15 03:48 . 2012-10-15 03:48 55776 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2012-10-05 03:32 . 2012-10-05 03:32 93536 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2012-10-02 03:30 . 2012-10-02 03:30 159712 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2012-09-21 03:46 . 2012-09-21 03:46 164832 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2012-09-21 03:46 . 2012-09-21 03:46 177376 ----a-w- c:\windows\system32\drivers\avglogx.sys
2012-09-21 03:45 . 2012-09-21 03:45 19936 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
2012-09-14 18:28 . 2012-10-16 21:59 2048 ----a-w- c:\windows\system32\tzres.dll
2012-09-14 03:05 . 2012-09-14 03:05 35552 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2012-09-04 10:39 . 2012-09-04 10:39 50296 ----a-w- c:\windows\system32\drivers\avgfwd6x.sys
2012-08-31 17:18 . 2012-10-16 21:58 1211760 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-08-30 17:12 . 2012-10-16 21:58 3914096 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-30 17:12 . 2012-10-16 21:57 3968880 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-09-10 20:25 . 2011-12-26 15:39 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{687578b9-7132-4a7a-80e4-30ee31099e03}"= "c:\program files\uTorrentControl2\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{687578b9-7132-4a7a-80e4-30ee31099e03}]
2011-05-09 09:49 176936 ----a-w- c:\program files\uTorrentControl2\prxtbuTor.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{687578b9-7132-4a7a-80e4-30ee31099e03}"= "c:\program files\uTorrentControl2\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{687578B9-7132-4A7A-80E4-30EE31099E03}"= "c:\program files\uTorrentControl2\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-11-02 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-11-02 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-11-02 150552]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2011-03-18 2217256]
"IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-11-06 283160]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2011-06-30 1138780]
"AtherosBtStack"="c:\program files\Bluetooth Suite\BtvStack.exe" [2011-03-01 490656]
"AthBtTray"="c:\program files\Bluetooth Suite\AthBtTray.exe" [2011-03-01 302240]
"HPQuickWebProxy"="c:\program files\Hewlett-Packard\HP QuickWeb\hpqwutils.exe" [2011-04-08 78904]
"HPConnectionManager"="c:\program files\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe" [2011-02-15 94264]
"HP Quick Launch"="c:\program files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-11-09 586296]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-07-27 35768]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"HPOSD"="c:\program files\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-01-27 318520]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-09-09 421776]
"AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2012-11-06 3143800]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 HPAuto;HP Auto;c:\program files\Hewlett-Packard\HP Auto\HPAuto.exe [x]
R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [x]
R3 GamesAppService;GamesAppService;c:\program files\WildTangent Games\App\GamesAppService.exe [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R4 wlcrasvc;

 

It looks fine to me.