• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
smurf667

clkads.com

19 posts in this topic

Hi,

 

I'm running windows 7 (32bit)

 

My browser (internet explorer 9)is redirected to clkads.com, not all the time, but every so often. This doesn't happen at all whilst I'm using chrome, just internet explorer.

 

I tried using Spybot - search and destroy, it came up with nothing at all, the same as avg free, and malwarebytes anti malware (quick scan and full scan)

 

Here's my hijack this log:

 

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 14:57:12, on 07/04/2012

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v9.00 (9.00.8112.16421)

Boot mode: Normal

 

Running processes:

C:\Windows\System32\smss.exe

C:\PROGRA~1\AVG\AVG2012\avgrsx.exe

C:\Program Files\AVG\AVG2012\avgcsrvx.exe

C:\Windows\system32\csrss.exe

C:\Windows\system32\csrss.exe

C:\Windows\system32\wininit.exe

C:\Windows\system32\winlogon.exe

C:\Windows\system32\services.exe

C:\Windows\system32\lsass.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\nvvsvc.exe

C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe

C:\Program Files\Philips\CamSuite\2.0.15.0\ACPService.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\AVG\AVG2012\avgwdsvc.exe

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Program Files\3 Mobile Broadband\3Connect\BecHelperService.exe

C:\Windows\system32\crypserv.exe

C:\Windows\system32\svchost.exe

C:\Program Files\OO Software\Defrag\oodag.exe

C:\Program Files\AVG\AVG2012\avgnsx.exe

C:\Program Files\AVG\AVG2012\avgemcx.exe

C:\Windows\system32\svchost.exe

C:\Windows\System32\svchost.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Program Files\Philips\CamSuite\2.0.15.0\ACPGUI.dll

C:\Windows\Explorer.EXE

C:\Program Files\AVG\AVG2012\avgtray.exe

C:\Windows\VM331_STI.exe

C:\Windows\Philips\SPZ2000\GUCI_AVS.exe

C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe

C:\Program Files\Logitech\SetPointP\SetPoint.exe

C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Program Files\OO Software\Defrag\oodtray.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Sticky Password\stpass.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\DAEMON Tools Lite\DTLite.exe

C:\Users\Pete\AppData\Local\Smartbar\Application\Smartbar.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe

C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE

C:\Users\Pete\AppData\Local\Facebook\Messenger\2.0.4478.0\FacebookMessenger.exe

C:\Users\Pete\AppData\Local\Google\Update\1.3.21.111\GoogleCrashHandler.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe

C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\3 Mobile Broadband\3Connect\Wilog.exe

C:\Windows\system32\svchost.exe

C:\Users\Pete\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Pete\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Pete\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Pete\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Pete\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Pete\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\rundll32.exe

C:\Users\Pete\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\msiexec.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

C:\Windows\system32\wbem\wmiprvse.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://co122w.col122.mail.live.com/default.aspx?rru=inbox&wa=wsignin1.0

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll

O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll

O2 - BHO: Messenger Plus! Community SmartbarEngine - {31ad400d-1b06-4e33-a59a-90c2c140cba0} - mscoree.dll (file missing)

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll

O2 - BHO: FlashGetBHO - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Users\Pete\AppData\Roaming\FlashGetBHO\FlashGetBHO3.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll

O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll

O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll

O3 - Toolbar: Messenger Plus! Community Smartbar - {ae07101b-46d4-4a98-af68-0333ea26e113} - mscoree.dll (file missing)

O4 - HKLM\..\Run: [iTSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START

O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe"

O4 - HKLM\..\Run: [VM331_STI] C:\Windows\VM331_STI.exe

O4 - HKLM\..\Run: [sPZ2000_Monitor] C:\Windows\Philips\SPZ2000\GUCI_AVS.exe

O4 - HKLM\..\Run: [PlusService] C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming

O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s

O4 - HKLM\..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe

O4 - HKLM\..\Run: [OODefragTray] C:\Program Files\OO Software\Defrag\oodtray.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKCU\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [stickyPassword] C:\Program Files\Sticky Password\stpass.exe

O4 - HKCU\..\Run: [Messenger (Yahoo!)] ~"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

O4 - HKCU\..\Run: [Google Update] "C:\Users\Pete\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [msnmsgr] ~"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun

O4 - HKCU\..\Run: [browser Infrastructure Helper] C:\Users\Pete\AppData\Local\Smartbar\Application\Smartbar.exe startup

O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Pete\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-21-3149207797-2026983667-1932898229-1005\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')

O4 - HKUS\S-1-5-21-3149207797-2026983667-1932898229-1005\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')

O4 - Startup: Facebook Messenger.lnk = Pete\AppData\Local\Facebook\Messenger\2.0.4478.0\FacebookMessenger.exe

O4 - Startup: Logitech . Product Registration.lnk = C:\Program Files\Common Files\Logishrd\eReg\SetPoint\eReg.exe

O4 - Global Startup: Bluetooth Manager.lnk = ?

O8 - Extra context menu item: Download All By FlashGet3 - C:\Users\Pete\AppData\Roaming\FlashGetBHO\GetAllUrl.htm

O8 - Extra context menu item: Download By FlashGet3 - C:\Users\Pete\AppData\Roaming\FlashGetBHO\GetUrl.htm

O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll

O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O15 - Trusted Zone: http://www.facebook.com

O15 - Trusted Zone: http://software.kuaiche.com

O16 - DPF: {01025D1C-BB03-4369-8344-732CD0DCCCF0} (NVIDIA GPU Reader Class) - http://www.geforce.com/services_toolkit/ShimGen/1.1.28.1/GPU_Reader.cab

O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1288660748821

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1288661968046

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{1EF8542D-AD41-4704-B5FD-A72B7759046A}: NameServer = 217.171.132.1 217.171.135.1

O17 - HKLM\System\CS1\Services\Tcpip\..\{1EF8542D-AD41-4704-B5FD-A72B7759046A}: NameServer = 217.171.132.1 217.171.135.1

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O23 - Service: ACPService - Unknown owner - C:\Program Files\Philips\CamSuite\2.0.15.0\ACPService.exe

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe

O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe

O23 - Service: BecHelperService - Unknown owner - C:\Program Files\3 Mobile Broadband\3Connect\BecHelperService.exe

O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\Windows\SYSTEM32\crypserv.exe

O23 - Service: JetDrive WindowsClosingService - Unknown owner - C:\Windows\System32\WindowsClosingService (file missing)

O23 - Service: Just Flight Limited License Service - Just Flight Limited - C:\Program Files\Common Files\Just Flight Limited Shared\Service\JustFlightLimitedLicSvc.exe

O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

O23 - Service: O&O Defrag Agent (OODefragAgent) - O&O Software GmbH - C:\Program Files\OO Software\Defrag\oodag.exe

O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

O23 - Service: Sony Ericsson PCCompanion - Avanquest Software - C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe

O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

 

--

End of file - 14836 bytes

 

Here's my DDS.txt:

 

 

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 9.0.8112.16421

Run by Pete at 15:07:32 on 2012-04-07

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3070.1188 [GMT 1:00]

.

AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\PROGRA~1\AVG\AVG2012\avgrsx.exe

C:\Program Files\AVG\AVG2012\avgcsrvx.exe

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Philips\CamSuite\2.0.15.0\ACPService.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\AVG\AVG2012\avgwdsvc.exe

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Program Files\3 Mobile Broadband\3Connect\BecHelperService.exe

C:\Windows\system32\crypserv.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\OO Software\Defrag\oodag.exe

C:\Program Files\AVG\AVG2012\avgnsx.exe

C:\Program Files\AVG\AVG2012\avgemcx.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Program Files\Philips\CamSuite\2.0.15.0\ACPGUI.dll

C:\Windows\Explorer.EXE

C:\Program Files\AVG\AVG2012\avgtray.exe

C:\Windows\VM331_STI.exe

C:\Windows\Philips\SPZ2000\GUCI_AVS.exe

C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe

C:\Program Files\Logitech\SetPointP\SetPoint.exe

C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Program Files\OO Software\Defrag\oodtray.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Sticky Password\stpass.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\DAEMON Tools Lite\DTLite.exe

C:\Users\Pete\AppData\Local\Smartbar\Application\Smartbar.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe

C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE

C:\Users\Pete\AppData\Local\Facebook\Messenger\2.0.4478.0\FacebookMessenger.exe

C:\Users\Pete\AppData\Local\Google\Update\1.3.21.111\GoogleCrashHandler.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe

C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\3 Mobile Broadband\3Connect\Wilog.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Users\Pete\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Pete\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Pete\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Pete\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Pete\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Pete\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\rundll32.exe

C:\Users\Pete\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Pete\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://co122w.col122.mail.live.com/default.aspx?rru=inbox&wa=wsignin1.0

uSearch Bar =

uSearch Page =

mSearchAssistant =

mURLSearchHooks: H - No File

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: FGCatchUrl: {2f364306-aa45-47b5-9f9d-39a8b94e7ef7} - c:\program files\flashget\jccatch.dll

BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll

BHO: Messenger Plus! Community SmartbarEngine: {31ad400d-1b06-4e33-a59a-90c2c140cba0} - mscoree.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll

BHO: FlashGetBHO: {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - c:\users\pete\appdata\roaming\flashgetbho\FlashGetBHO3.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: FlashGet GetFlash Class: {f156768e-81ef-470c-9057-481ba8380dba} - c:\program files\flashget\getflash.dll

BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll

TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File

TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll

TB: Messenger Plus! Community Smartbar: {ae07101b-46d4-4a98-af68-0333ea26e113} - mscoree.dll

uRun: [iSUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup

uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe

uRun: [stickyPassword] c:\program files\sticky password\stpass.exe

uRun: [Messenger (Yahoo!)] ~"c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet

uRun: [Google Update] "c:\users\pete\appdata\local\google\update\GoogleUpdate.exe" /c

uRun: [msnmsgr] ~"c:\program files\windows live\messenger\msnmsgr.exe" /background

uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun

uRun: [browser Infrastructure Helper] c:\users\pete\appdata\local\smartbar\application\Smartbar.exe startup

uRun: [Facebook Update] "c:\users\pete\appdata\local\facebook\update\FacebookUpdate.exe" /c /nocrashserver

mRun: [iTSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START

mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"

mRun: [VM331_STI] c:\windows\VM331_STI.exe

mRun: [sPZ2000_Monitor] c:\windows\philips\spz2000\GUCI_AVS.exe

mRun: [PlusService] c:\program files\yuna software\messenger plus!\PlusService.exe

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming

mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s

mRun: [RIMBBLaunchAgent.exe] c:\program files\common files\research in motion\usb drivers\RIMBBLaunchAgent.exe

mRun: [OODefragTray] c:\program files\oo software\defrag\oodtray.exe

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

StartupFolder: c:\users\pete\appdata\roaming\micros~1\windows\startm~1\programs\startup\facebo~1.lnk - c:\users\pete\appdata\local\facebook\messenger\2.0.4478.0\FacebookMessenger.exe

StartupFolder: c:\users\pete\appdata\roaming\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\common files\logishrd\ereg\setpoint\eReg.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng.exe

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: Download All By FlashGet3 - c:\users\pete\appdata\roaming\flashgetbho\GetAllUrl.htm

IE: Download By FlashGet3 - c:\users\pete\appdata\roaming\flashgetbho\GetUrl.htm

IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll

Trusted Zone: facebook.com\www

Trusted Zone: kuaiche.com\software

Trusted Zone: microsoft.com\*.update

DPF: {01025D1C-BB03-4369-8344-732CD0DCCCF0} - hxxp://www.geforce.com/services_toolkit/ShimGen/1.1.28.1/GPU_Reader.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab

DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1288660748821

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1288661968046

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: Interfaces\{1EF8542D-AD41-4704-B5FD-A72B7759046A} : NameServer = 217.171.132.1 217.171.135.1

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll

Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll

Hosts: 127.0.0.1 www.spywareinfo.com

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 32592]

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-9-27 64288]

R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [2009-2-3 63096]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-10-7 230608]

R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]

R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2010-9-28 101720]

R2 ACPService;ACPService;c:\program files\philips\camsuite\2.0.15.0\ACPService.exe [2010-8-26 687104]

R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]

R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]

R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]

R2 BecHelperService;BecHelperService;c:\program files\3 mobile broadband\3connect\BecHelperService.exe [2011-4-16 1737464]

R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia update core\daemonu.exe [2012-2-22 2348352]

R2 OODefragAgent;O&O Defrag Agent;c:\program files\oo software\defrag\oodag.exe [2011-11-17 2489680]

R2 PfFilter;PfFilter;c:\program files\iobit\protected folder\pffilter.sys [2011-5-12 140848]

R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-9-27 1153368]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2012-2-9 382272]

R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134736]

R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]

R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-10-4 16720]

R3 GUCI_AVS;Philips SPZ2000 Webcam;c:\windows\system32\drivers\GUCI_AVS.sys [2011-2-8 574848]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2010-9-25 278560]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 JetDrive WindowsClosingService;JetDrive WindowsClosingService;c:\windows\system32\windowsclosingservice --> c:\windows\system32\WindowsClosingService [?]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2010-12-12 39272]

S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2011-5-13 1492840]

S3 jetdrive;jddrv;c:\windows\system32\drivers\jddrv.sys [2011-3-15 29056]

S3 Just Flight Limited License Service;Just Flight Limited License Service;c:\program files\common files\just flight limited shared\service\JustFlightLimitedLicSvc.exe [2010-10-27 69632]

S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2010-12-10 9216]

S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2010-9-27 27192]

S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [2010-12-10 89256]

S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [2010-12-10 15016]

S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [2010-12-10 120744]

S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [2010-12-10 114216]

S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [2010-12-10 25512]

S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [2010-12-10 110632]

S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [2010-12-10 115752]

S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\sony ericsson\sony ericsson pc companion\PCCService.exe [2011-11-24 155344]

S3 SRS_AE_Service;SRS Audio Essentials;c:\windows\system32\drivers\SRS_AE_i386.sys [2011-12-7 404256]

S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-2-26 52224]

S3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);c:\windows\system32\drivers\vcsvad.sys [2011-6-4 17792]

S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-9-25 1343400]

S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [2010-12-1 25704]

S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [2010-12-1 25704]

S3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [2010-12-1 25704]

S3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [2010-12-1 25704]

S3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [2010-12-1 25704]

S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]

.

=============== Created Last 30 ================

.

2012-04-07 13:56:24 388096 ----a-r- c:\users\pete\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe

2012-04-07 13:56:18 -------- d-----w- c:\program files\Trend Micro

2012-04-06 21:53:17 -------- d-----w- c:\users\pete\appdata\local\Facebook

2012-04-05 17:29:54 -------- d-----w- c:\programdata\boost_interprocess

2012-03-27 22:08:55 -------- d-----w- c:\users\pete\appdata\local\Smartbar

2012-03-27 22:06:01 -------- d-----w- c:\users\pete\appdata\local\{51275F5C-89BB-46C3-B7CD-F57C90C27B86}

2012-03-27 22:05:45 -------- d-----w- c:\users\pete\appdata\local\{00EBC5EE-5CC9-4E6E-8A12-3C45B3E79416}

2012-03-14 09:49:23 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-03-14 09:49:22 3913584 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-03-14 09:12:50 2343424 ----a-w- c:\windows\system32\win32k.sys

2012-03-14 09:12:49 1077248 ----a-w- c:\windows\system32\DWrite.dll

2012-03-14 09:12:15 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe

2012-03-14 09:12:15 58880 ----a-w- c:\windows\system32\rdpwsx.dll

2012-03-14 09:12:15 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll

2012-03-14 09:12:14 826880 ----a-w- c:\windows\system32\rdpcore.dll

2012-03-14 09:12:14 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys

2012-03-14 09:12:14 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-03-12 14:56:32 -------- d-----w- c:\program files\ToniArts

2012-03-12 14:56:18 733184 ----a-w- c:\program files\common files\installshield\professional\runtime\10\01\intel32\iKernel.dll

2012-03-12 14:56:18 69715 ----a-w- c:\program files\common files\installshield\professional\runtime\10\01\intel32\ctor.dll

2012-03-12 14:56:18 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\10\01\intel32\DotNetInstaller.exe

2012-03-12 14:56:18 266240 ----a-w- c:\program files\common files\installshield\professional\runtime\10\01\intel32\iscript.dll

2012-03-12 14:56:18 172032 ----a-w- c:\program files\common files\installshield\professional\runtime\10\01\intel32\iuser.dll

2012-03-12 14:56:17 303236 ----a-w- c:\program files\common files\installshield\professional\runtime\10\01\intel32\setup.dll

2012-03-12 14:56:17 180356 ----a-w- c:\program files\common files\installshield\professional\runtime\10\01\intel32\iGdi.dll

.

==================== Find3M ====================

.

2012-04-05 17:15:10 472808 ----a-w- c:\windows\system32\deployJava1.dll

2012-02-10 04:13:00 881984 ----a-w- c:\windows\system32\nvgenco32.dll

2012-02-10 04:13:00 7713088 ----a-w- c:\windows\system32\nvwgf2um.dll

2012-02-10 04:13:00 61248 ----a-w- c:\windows\system32\OpenCL.dll

2012-02-10 04:13:00 5892928 ----a-w- c:\windows\system32\nvcuda.dll

2012-02-10 04:13:00 2517312 ----a-w- c:\windows\system32\nvcuvid.dll

2012-02-10 04:13:00 2437440 ----a-w- c:\windows\system32\nvcuvenc.dll

2012-02-10 04:13:00 2301248 ----a-w- c:\windows\system32\nvapi.dll

2012-02-10 04:13:00 19443520 ----a-w- c:\windows\system32\nvoglv32.dll

2012-02-10 04:13:00 17543488 ----a-w- c:\windows\system32\nvcompiler.dll

2012-02-10 04:13:00 15009600 ----a-w- c:\windows\system32\nvd3dum.dll

2012-02-10 04:13:00 10816832 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys

2012-02-10 04:13:00 1000256 ----a-w- c:\windows\system32\nvdispco32.dll

2012-02-10 03:02:06 3881792 ----a-w- c:\windows\system32\nvcpl.dll

2012-02-10 03:00:44 2719040 ----a-w- c:\windows\system32\nvsvc.dll

2012-02-10 03:00:26 645440 ----a-w- c:\windows\system32\nvvsvc.exe

2012-02-10 03:00:26 62272 ----a-w- c:\windows\system32\nvshext.dll

2012-02-10 03:00:26 108352 ----a-w- c:\windows\system32\nvmctray.dll

2012-02-09 20:05:44 416064 ----a-w- c:\windows\system32\nvStreaming.exe

.

============= FINISH: 15:09:21.77 ===============

 

And my checkup.txt

 

 

Results of screen317's Security Check version 0.99.32

Windows 7 Service Pack 1 x86 (UAC is disabled!)

Internet Explorer 9

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Enabled!

AVG 2012

WMI entry may not exist for antivirus; attempting automatic update.

```````````````````````````````

Anti-malware/Other Utilities Check:

MVPS Hosts File

Spybot - Search & Destroy

EasyCleaner

Java 6 Update 22

Java 6 Update 31

Java version out of date!

Adobe Reader X (10.1.2)

````````````````````````````````

Process Check:

objlist.exe by Laurent

AVG avgwdsvc.exe

AVG avgtray.exe

AVG avgrsx.exe

AVG avgnsx.exe

AVG avgemc.exe

``````````End of Log````````````

 

Your help would be greatly appreciated

 

Thanks

Share this post


Link to post
Share on other sites

Welcome smurf667 to SpywareInfo. I am The Dark Knight and will be assisting you. Please ask questions if anything is unclear. :)

 

Just a few things before we begin:

 

:excl:Before proceeding:

  • In the upper right hand corner of this topic there is a button labelled Watch this topic. Please click this button, select Immediate E-Mail notification and then click Proceed to ensure you are notified when I reply.
  • Please back up your personal documents and files by copying them to a location other than your system drive.
  • Please open Notepad>Format and if Word Wrap is ticked, please select it to untick it.

 

:excl:For the duration of this topic:

Please DO NOT run, install and/or uninstall/remove any tools/ programs other than those I suggest to you in order to avoid conflicts and/or additional problems on your system. :thumbup:

 

 

:excl:When you receive new instructions:

  • Please read the whole post before carrying out any of the instructions.
  • All our tools must be downloaded to the Desktop and launched from there (unless I specify otherwise).
  • Please perform all steps in the received order and DO NOT proceed if you need clarification.
  • Please DO NOT re-run any program unless I ask you to.
  • Please DO NOT plug in any external devices like USBs and Hard Drives unless I ask you to.
  • If you encounter any problems please stop and let me know.

 

:excl:When replying:

  • Please click the Add Reply button post-10-126012383895.gif so that my reply is not posted back to me. Thank you!
  • Please copy and paste your logs into your post unless I specifically ask you to attach one.

_________________________________________________________________________________________________________________________________

 

 

Please follow these instructions to run ComboFix.exe. Please visit this webpage for download links and instructions for running this tool:

 

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

 

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix (CF).

 

Please go here to see a list of programs that need to be disabled.

 

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall.**

**Note 2: If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.**

 

Please include the C:\ComboFix.txt in your next reply for further review.

==========

 

Next, please download to your Desktop:

  • TDSSKiller.zip from here and extract it (right click on it => "Extract here").

 

>>> TDSSKiller: Double-click on TDSSKiller.exe to run the application.

  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
     
  • If an infected file is detected, the default action will be Cure. Instead, choose SKIP, then click on Continue tdsskiller2.png
     
  • If a suspicious file is detected, the default action will be Skip, click on Continue tdsskiller3.png
     
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.

 

 

Finally, please download MBRCheck by a_d_13 to your Desktop from one of these locations:

 

http://ad13.geekstogo.com/MBRCheck.exe

http://download.bleepingcomputer.com/rootrepeal/MBRCheck.exe

http://www.kernelmode.info/MBRCheck.exe

 

Close all opened programs/ windows and double-click on MBRCheck.exe.

It will produce a log file saved automatically on your Desktop as "MBRCheck_[Date]_[Time].txt".

 

Press the "Enter" key to close the MBRCheck window and post the contents of the log file.

==========

 

In your next post please post the following:

  • ComboFix.txt.
  • Log from TDSSKiller.
  • Log from MBCheck.

Are the redirections in Internet Explorer still present?

Share this post


Link to post
Share on other sites

Here you go,

 

 

ComboFix 12-04-07.04 - Pete 08/04/2012 15:15:33.1.2 - x86

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3070.1881 [GMT 1:00]

Running from: c:\users\Pete\Desktop\ComboFix.exe

AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((( Files Created from 2012-03-08 to 2012-04-08 )))))))))))))))))))))))))))))))

.

.

2012-04-08 14:28 . 2012-04-08 14:28 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2012-04-08 14:28 . 2012-04-08 14:28 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-04-07 14:24 . 2012-04-07 14:24 -------- d-----w- c:\program files\MALWAREBYTES ANTI-MALWARE

2012-04-07 13:56 . 2012-04-07 13:56 388096 ----a-r- c:\users\Pete\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2012-04-07 13:56 . 2012-04-07 13:56 -------- d-----w- c:\program files\Trend Micro

2012-04-06 21:53 . 2012-04-06 21:53 -------- d-----w- c:\users\Pete\AppData\Local\Facebook

2012-04-05 17:29 . 2012-04-05 17:29 -------- d-----w- c:\programdata\boost_interprocess

2012-03-27 22:08 . 2012-03-27 22:09 -------- d-----w- c:\users\Pete\AppData\Local\Smartbar

2012-03-14 09:49 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-03-14 09:49 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-03-14 09:12 . 2012-02-03 03:54 2343424 ----a-w- c:\windows\system32\win32k.sys

2012-03-14 09:12 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\system32\DWrite.dll

2012-03-14 09:12 . 2012-01-25 05:32 58880 ----a-w- c:\windows\system32\rdpwsx.dll

2012-03-14 09:12 . 2012-01-25 05:32 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll

2012-03-14 09:12 . 2012-01-25 05:27 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe

2012-03-14 09:12 . 2012-02-17 05:34 826880 ----a-w- c:\windows\system32\rdpcore.dll

2012-03-14 09:12 . 2012-02-17 04:14 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-03-14 09:12 . 2012-02-17 04:13 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys

2012-03-12 14:56 . 2012-03-12 14:56 -------- d-----w- c:\program files\ToniArts

2012-03-12 14:56 . 2004-07-16 00:20 733184 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iKernel.dll

2012-03-12 14:56 . 2004-07-16 00:20 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\ctor.dll

2012-03-12 14:56 . 2004-07-16 00:19 266240 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iscript.dll

2012-03-12 14:56 . 2004-07-16 00:18 172032 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iuser.dll

2012-03-12 14:56 . 2004-07-16 00:18 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\DotNetInstaller.exe

2012-03-12 14:56 . 2012-03-12 14:56 303236 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\setup.dll

2012-03-12 14:56 . 2012-03-12 14:56 180356 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iGdi.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-04-05 17:15 . 2010-10-23 07:50 472808 ----a-w- c:\windows\system32\deployJava1.dll

2012-02-10 04:13 . 2012-02-22 17:04 7713088 ----a-w- c:\windows\system32\nvwgf2um.dll

2012-02-10 04:13 . 2012-02-22 17:04 61248 ----a-w- c:\windows\system32\OpenCL.dll

2012-02-10 04:13 . 2012-02-22 17:04 5892928 ----a-w- c:\windows\system32\nvcuda.dll

2012-02-10 04:13 . 2012-02-22 17:04 2517312 ----a-w- c:\windows\system32\nvcuvid.dll

2012-02-10 04:13 . 2012-02-22 17:04 2437440 ----a-w- c:\windows\system32\nvcuvenc.dll

2012-02-10 04:13 . 2012-02-22 17:04 19443520 ----a-w- c:\windows\system32\nvoglv32.dll

2012-02-10 04:13 . 2012-02-22 17:04 17543488 ----a-w- c:\windows\system32\nvcompiler.dll

2012-02-10 04:13 . 2012-02-22 17:04 15009600 ----a-w- c:\windows\system32\nvd3dum.dll

2012-02-10 04:13 . 2012-02-22 17:04 10816832 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys

2012-02-10 04:13 . 2011-08-10 03:00 881984 ----a-w- c:\windows\system32\nvgenco32.dll

2012-02-10 04:13 . 2011-08-10 03:00 1000256 ----a-w- c:\windows\system32\nvdispco32.dll

2012-02-10 04:13 . 2010-09-24 23:46 2301248 ----a-w- c:\windows\system32\nvapi.dll

2012-02-10 03:02 . 2011-04-07 21:43 3881792 ----a-w- c:\windows\system32\nvcpl.dll

2012-02-10 03:00 . 2011-04-07 21:43 2719040 ----a-w- c:\windows\system32\nvsvc.dll

2012-02-10 03:00 . 2011-04-07 21:43 645440 ----a-w- c:\windows\system32\nvvsvc.exe

2012-02-10 03:00 . 2011-04-07 21:43 108352 ----a-w- c:\windows\system32\nvmctray.dll

2012-02-10 03:00 . 2010-07-09 15:20 62272 ----a-w- c:\windows\system32\nvshext.dll

2012-02-09 20:05 . 2012-02-09 20:05 416064 ----a-w- c:\windows\system32\nvStreaming.exe

2012-01-26 18:39 . 2012-01-26 18:39 53248 ----a-r- c:\users\Pete\AppData\Roaming\Microsoft\Installer\{12BAA98C-F8DD-4BC9-BBE6-1C8463114197}\ARPPRODUCTICON.exe

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]

2010-11-13 21:58 3913000 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{31ad400d-1b06-4e33-a59a-90c2c140cba0}]

2010-11-05 01:58 297808 ----a-w- c:\windows\System32\mscoree.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-17 221184]

"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

"StickyPassword"="c:\program files\Sticky Password\stpass.exe" [2010-08-25 3052376]

"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]

"Browser Infrastructure Helper"="c:\users\Pete\AppData\Local\Smartbar\Application\Smartbar.exe" [2012-03-20 19272]

"Facebook Update"="c:\users\Pete\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-04-06 137536]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2009-07-22 83336]

"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]

"VM331_STI"="c:\windows\VM331_STI.exe" [2010-01-15 536576]

"SPZ2000_Monitor"="c:\windows\Philips\SPZ2000\GUCI_AVS.exe" [2007-12-10 323584]

"PlusService"="c:\program files\Yuna Software\Messenger Plus!\PlusService.exe" [2012-02-27 801792]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1387288]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-07-28 9398888]

"RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-09-01 90448]

"OODefragTray"="c:\program files\OO Software\Defrag\oodtray.exe" [2011-11-17 2773328]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

.

c:\users\Pete\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Facebook Messenger.lnk - c:\users\Pete\AppData\Local\Facebook\Messenger\2.0.4478.0\FacebookMessenger.exe [2012-4-5 204288]

Logitech . Product Registration.lnk - c:\program files\Common Files\Logishrd\eReg\SetPoint\eReg.exe [2009-11-16 517384]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2010-6-28 2721184]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]

2011-09-27 19:03 66328 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart\0OODBS

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@=""

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 JetDrive WindowsClosingService;JetDrive WindowsClosingService;c:\windows\System32\WindowsClosingService [x]

R3 jetdrive;jddrv;c:\windows\system32\DRIVERS\jddrv.sys [2011-03-12 29056]

R3 Just Flight Limited License Service;Just Flight Limited License Service;c:\program files\Common Files\Just Flight Limited Shared\Service\JustFlightLimitedLicSvc.exe [2010-10-27 69632]

R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [x]

R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2010-01-19 9216]

R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 27192]

R3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\DRIVERS\s0016bus.sys [2008-05-16 89256]

R3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0016mdfl.sys [2008-05-16 15016]

R3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0016mdm.sys [2008-05-16 120744]

R3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0016mgmt.sys [2008-05-16 114216]

R3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\DRIVERS\s0016nd5.sys [2008-05-16 25512]

R3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0016obex.sys [2008-05-16 110632]

R3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\DRIVERS\s0016unic.sys [2008-05-16 115752]

R3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2011-06-29 155344]

R3 SRS_AE_Service;SRS Audio Essentials;c:\windows\system32\drivers\SRS_AE_i386.sys [2011-08-01 404256]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]

R3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);c:\windows\system32\DRIVERS\vcsvad.sys [2008-12-26 17792]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-09-25 1343400]

R3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [2010-11-26 25704]

R3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [2010-11-26 25704]

R3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [2010-11-26 25704]

R3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [2010-11-26 25704]

R3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [2010-11-26 25704]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]

S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2011-07-11 23120]

S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2011-09-13 32592]

S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-07-12 64288]

S0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\System32\drivers\sfdrv01a.sys [2009-02-03 63096]

S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]

S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2011-10-07 230608]

S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2011-07-11 295248]

S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2011-06-28 101720]

S2 ACPService;ACPService;c:\program files\Philips\CamSuite\2.0.15.0\ACPService.exe [2010-08-26 687104]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]

S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]

S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]

S2 BecHelperService;BecHelperService;c:\program files\3 Mobile Broadband\3Connect\BecHelperService.exe [2010-01-28 1737464]

S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-02-10 2348352]

S2 OODefragAgent;O&O Defrag Agent;c:\program files\OO Software\Defrag\oodag.exe [2011-11-17 2489680]

S2 PfFilter;PfFilter;c:\program files\IObit\Protected Folder\pffilter.sys [2011-03-16 140848]

S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-09 382272]

S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [2011-07-11 134736]

S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [2011-07-11 24272]

S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys [2011-10-04 16720]

S3 GUCI_AVS;Philips SPZ2000 Webcam;c:\windows\system32\DRIVERS\GUCI_AVS.sys [2010-06-10 574848]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-03-22 278560]

.

.

Contents of the 'Scheduled Tasks' folder

.

2012-04-08 c:\windows\Tasks\AWC AutoSweep.job

- c:\program files\IObit\Advanced SystemCare 3\AutoSweep.exe [2010-10-06 13:11]

.

2012-04-07 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3149207797-2026983667-1932898229-1000Core.job

- c:\users\Pete\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-06 21:53]

.

2012-04-08 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3149207797-2026983667-1932898229-1000UA.job

- c:\users\Pete\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-06 21:53]

.

2012-04-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3149207797-2026983667-1932898229-1000Core.job

- c:\users\Pete\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-18 23:52]

.

2012-04-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3149207797-2026983667-1932898229-1000UA.job

- c:\users\Pete\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-18 23:52]

.

2012-04-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3149207797-2026983667-1932898229-1003Core.job

- c:\users\Claire\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-20 16:00]

.

2012-04-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3149207797-2026983667-1932898229-1003UA.job

- c:\users\Claire\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-20 16:00]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://co122w.col122.mail.live.com/default.aspx?rru=inbox&wa=wsignin1.0

IE: Download All By FlashGet3 - c:\users\Pete\AppData\Roaming\FlashGetBHO\GetAllUrl.htm

IE: Download By FlashGet3 - c:\users\Pete\AppData\Roaming\FlashGetBHO\GetUrl.htm

Trusted Zone: facebook.com\www

Trusted Zone: kuaiche.com\software

Trusted Zone: microsoft.com\*.update

DPF: {01025D1C-BB03-4369-8344-732CD0DCCCF0} - hxxp://www.geforce.com/services_toolkit/ShimGen/1.1.28.1/GPU_Reader.cab

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

HKCU-Run-Messenger (Yahoo!) - ~c:\program files\Yahoo!\Messenger\YahooMessenger.exe

AddRemove-Wupper Express 11 Actpack 1.0 - c:\train simulator\Uninstal.exe

.

.

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\JetDrive WindowsClosingService]

"ImagePath"="c:\windows\System32\WindowsClosingService"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-3149207797-2026983667-1932898229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.Email.1"

.

[HKEY_USERS\S-1-5-21-3149207797-2026983667-1932898229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.VCard.1"

.

[HKEY_USERS\S-1-5-21-3149207797-2026983667-1932898229-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B1E51BE9-9E19-2AA1-5AE0-30693E4CDCDF}*]

"mafeebkianklingcpcbenhmmfi"=hex:6a,61,68,66,63,69,70,6f,68,65,61,6a,6d,69,64,

6c,61,6b,6f,70,00,00

"nadecadlmiabdgjoebiifnbgkjno"=hex:6a,61,68,66,63,69,70,6f,68,65,61,6a,6d,69,

64,6c,61,6b,6f,70,00,00

"hahbbjljccohllin"=hex:61,62,63,63,65,67,6d,6c,64,62,66,6d,6d,6d,6c,69,67,61,

61,64,65,65,6e,62,62,61,6b,65,67,70,70,6b,70,6a,00,00

"hahbbjljpchjpmck"=hex:64,62,65,65,6f,63,70,6d,6b,67,6c,66,70,69,6a,65,6f,69,

6a,6d,6e,69,70,66,65,6e,63,6e,63,66,64,68,69,68,6e,6b,61,6e,61,66,00,40

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]

"OOPM03.00.00.01PRO"="4D6DB634E94BAB10518D41788B55A2E18248F07AB605280B68409CFDD28FE6B97040334856CBB2741834CF6A59F3BE6BE5B399A77EFBA8E0BB9CF3D7A4F05022EDBF7C75EBEA018AB419629C0913E89CE497FDB46BB262267DFEC71932D68AF7854D95DA6E04AD2E3533AE0DB8F47B03F825A7A319F3943735F116623236DA0AE9E9105CD2D022BD1BA1FC81BDBEA72D8F343639D7EDD4F5DD23749A15FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808BA7FD869164D6794A6171C11EC38DE3DA6171C11EC38DE3D5D092FFE5513152E5DA2D294245356DA186ADDEFBEA6859F7F24BE8F47C810400D85E4FE0F70CAE75B7969DE763D979BC13C4540D57A2E7F8C4493D772AC5FECBA756EF392F47C525532D24B8FC2C26ECBAC141A88CD58CD6D90E60F92EDDD26E58175040C38887553D9878FF4ED55F6E6CA365E56C1456C1A43346240E3AC2D6DA4A6C950E20F0DBDCF06D1D260129025FD9961658AF7726FE3FB7138F5307598AD31525334760B65CA4F2C76CA7EC8007F31687BF036292D51C0535BA211A490C14B20307D6713FAD169AFD27465DF505DF3B2854F0C10F8410B90AEFAB99862D8AC29A3A64EFD16C25D5D7F3B554CD678DBED1398495A59B765265CA25C5F7F3E92D710285D57304E3A2E380D1F36B707E6BFD7CEFE6DBB91E0042F56EABD3C123E0AFA118861A678118AD96C597D78939ABE2C8B85E3F07B8F8F98DF9F2AD3C6729210840A103E9B76D36871DF3286FBF9F78CFA780CACF80A23AEA2F550E3A678B41BB7DD8B9D6285DC8BC64D992FF092EB17DB376808E1EB8AA893AD0F6CCA1EAD0E74C6B04CCE5AEA8D2D082E2878F10E900563B0FE60D58665BA4AFB52A433AA019B480FBA3698BADB75321D876DA945E1DCE5CFF07269CD643795DC60F78CCC2B1C2DEBBAC0E47B0C893947C7FB52EE95606861A46B4F074BB81BAEC3DA822AEB7E024083E968CD53E249424A27855B5C9FDABAC072B3D16185AA9E0E3AF24D45DA17382E85D0CB0D91D4D85144E14C093FEF61D10245BC95F6D892B357BCB35DE203B33935507E37B89387847C8AFC95F69F10C86838CEF7F9FDA18F444550FBD51DC809731DE5760FFC016F4FA5171C142535794A45003D0F35955DE77589910C84BE610C6FF49061D029010D5EBB5DF4FDF21D9BA53EBE4C5E6FBF803A372F6E98916EA18691700D129A0D5B62FEBB8F6F9FCE291AE9F85C9FE23C9B03298A7B7FF33EA62297268606A1CB3565E8C1EAFE479110E6570D7ADF573A1FC5A07DC4234843660AD6E25536C156E61E74192578A646C5D3CF41774BE789417AD406F22FA7527B0711FD13F0AEAD14469213ECEA31378E2B917BBAD264DA0E1EEEC53E94DE2856E5FDF271C8D236B09D"

"OODEFRAG14.00.00.01PROFESSIONAL"="D165D114FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808A2D97226D213B555A6A0AC4980AC7933C038D530D6EB34524EA4E50917B51E820907A54BAB5765676D50CD0D5C5F8D8081B66C139F1CA3B55B0AD39F0A4A7E69B503302E0BEAB380CC1B71CC72A8EE7E9383FB78CB4F06322F9E2B168353696CCA0E286E63E4DD4C385412C3579B8C18DD8169F78AA75BAD7971DD35491C1FF32F9A5D3D3F438F6C6BECF9AEFC869DC991419F73D264091C7F54142B7675CE8D5ADA5330FE86662733992C2A273BCD2F7019B934ED46E59519E02785FAB11EE8DAC8C0C05532F3E5F1D3DBB96E0EBA8E52230CE37A16BD56B270A5BB98A926DC529E114C4B4FBDB69D587243C0D978CBA23E1B93699CD0BCCC23D223E6B8F3DFF25E6414BB6B3FCC42290B915DFA8E74E08BA0B401A9D3CD7ADAA47ACE3E08900A4B8EBDD79666FBFB0B7752D9D4F6351FF18921D9106E3265404561129CD8AFF16D96D222E493BE7E86BC971ECB21E2869A7713E2A5BC34493D135CC0BECDA09E913841F2701EB410E812D8E8C9707350F4C0A9DDC4CE4576022252430D446E92C6E2D875D4D01E8AC364F049BDBA02CC336E68604E2877D101B71253790D45E8623A4FA9B267605CECD39CA4174CCCDF4A3DB653A14105D1714FCA00F56E754D7B9640E3AE168607FB3600B3CCE2B7FE749FDF76A88648854F96112CFA2074036F01264B7181BEA1CF131F8358B3C8B7B13B93594CD7418AD8EF5E1004D0DADDDD3B645CA8C4D85688A667F33763ABA7C1E865637A08939691F10D34912065C72A38BFE583ECCDE30B61A5BBEA0FAE03ACB74CCD27DF08F040E75E77A52375BDFC9FE00C387C351C80690B61F944C490BB66A4A6491C0AF770CF768EC8628FD1C3CCD6C67DE9CD64D69630C2EC86852C7CEC2CCE5A6C2A99F0DC5F7E87DCDDA8ABCE9162919D79393F740F90D14CABC34274077C58F41BDBD5F383A370022BFAAC6A67FDB4F73EA6AD4405CF3B02155B23D9BD3A494DB6D574B0B42B17B66A16FB95118CAB49C6CF5C7A5558BD05460C78ADB965AF017633EAE225979355AEDC967DAC58BD585E6A48BF26D7F229647DE0B84C2F9990FAB6948A704280A932433D00BA7A395EF8C2326F81CEF8363CF13E70289D14710932975F10547FF4D0D273322164EE0A2D34A01D579271E5BA3C3785638B318988105A4C66CB33EC0D2881DA2A59B17DB2335A89774B81E774423559FBA58835044A07EF37FBC23A0A75F27401EF5CCE69C5ED301A75D35E9F80677E4F6D3546ADF20E1C2B8CDA7911019A31B895C98751852CBBD9E295621785BFC121B9D4FED72DA257CDF72ABC102189F1470BDB2692A1AB0DB3B7F7FDD975739E99B28A97F8B23ADC108BE48617C5984F04"

"OODEFRAG15.00.00.01PROFESSIONAL"="07725BEB32B05DDC0C797267C0CDDC3E884836A3C42BCD8F02962422CEE4E86668E73CEC1B23A1BBE1B4571A22F086C89380890F29752AC28AAC1FA678EDA9592C1E9E968A7F3490383D60AFE1DC2C62FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808A9C6AECB7A5D1407BA7FD869164D67949DB7CE019D40AA5CDAC89EC09BF93E8A71579DBE33851B9FB2F8C47B713C9D98DD742404042AF8DCB124EE88F4CBDEEE70E6911EF92D980EF1EDD947CD5FBBAEC54EAB4F19B466BA65F3C97BEF518CA778CFA984D88FD7DBA3E4DBE2E9AC94E06F23826C72C933ECB98A564133BC55303429BE852F3366FEFB5DF5F1FD9F57C4BAF3C32C3DFAD046568FC1F607530739B6DEAC2C7D3396A69725568B64C77623EA961052CF6B714CC8FCB9AED7ED38A4F5B05577E83CFCB274E2ACB91CC82779A6B58695A0550C3A8022F36C37FABE0A49331DD7BD11F1B6F30F2F7CC7D964797A4D51A44B03DAFED12026A959FAB8B6704D6CB3E70814FBDD7619C6AEC46B89D4B0981D1156DE3CF56F8D52970206290BBBAEE5790CC300DB39A57FBB6ABEC289050B9355C2DAC988DAE949EEBAC914208C57BB291BA5707B4C9982FCBDA472CF445D919FD055AF0B807DE27F62EB6018255877D04723B431F8B71CA646A719C3BCC3101C9C992F60D311E70F4A1AA740BC2C4E6E366964D1DB4A938F9E16EEE48E7B029AD5B7BA539AEE948756443C4A5FCEEB2323EACB9865209B31F580DA15B1C0CA0FC181F60DEFE89BF2821E1F4AEC40EC36DCDA6B235B8A622B113E7B1D6E58C111380E3F214350A104599E89BB1806E40F43B3F774545E85C14569A2A7E286B2DC2639A181D67E3E907D84667C6A2957BD4FB159F23FF59759FE60D4C400985ED30B236208C1CE000F244D554BBDB4C0738AD6AD685C2E21FE3CC4CBE60E5BF876FA2DF4EFEDA0681F163EA84F433A8E0712E7C38340691CE0927DF5E6A3A1A96F9E7F085B1C56E900B161E9117DCFA17019EDA1D6D30DF7D0273475FE31C20D0AB204F5CD5CD9EF95E6FED3FEC50C514FE5B5FDD9530396C736D69D4FF699B33507EB542F971656EA3C2BD56AC60CE764D251C6E4D0B9D05F0F9779DA8B83A08600A8E74C07FA6FACC936138781F021174E951D38AFA0F0D6956CC588D864CBB495F12D553BF9FEAA3E3C63F0475E31EF591B537429AE3690BF1175A41B22A21BD4C350DE950EBD5AD896D223C27EBE9C8B4073224ADE53141981ABDD65A7043B5D5CB4E1CCB0D954716520806EFDE0700FA5BA29F2ABEE0C4281C4489D63C338633FF0B9EC61F3D5EE8EBE4E198B286022AF97D95A1A24476C95CB5AFCC8A9D9AEB250275426A03FCFB95634E85E15869687306606AD03B85F0A0470124E730C9DC250"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'Explorer.exe'(5548)

c:\program files\Sticky Password\spCapBtn.dll

.

Completion time: 2012-04-08 15:31:41

ComboFix-quarantined-files.txt 2012-04-08 14:31

.

Pre-Run: 433,079,930,880 bytes free

Post-Run: 433,105,821,696 bytes free

.

- - End Of File - - 863981B9884CBE92326E4B1A934B1E00

 

 

 

15:55:22.0381 4908 TDSS rootkit removing tool 2.7.26.0 Apr 4 2012 19:52:02

15:55:24.0382 4908 ============================================================

15:55:24.0382 4908 Current date / time: 2012/04/08 15:55:24.0382

15:55:24.0382 4908 SystemInfo:

15:55:24.0382 4908

15:55:24.0382 4908 OS Version: 6.1.7601 ServicePack: 1.0

15:55:24.0382 4908 Product type: Workstation

15:55:24.0383 4908 ComputerName: PETE-PC

15:55:24.0383 4908 UserName: Pete

15:55:24.0383 4908 Windows directory: C:\Windows

15:55:24.0383 4908 System windows directory: C:\Windows

15:55:24.0383 4908 Processor architecture: Intel x86

15:55:24.0383 4908 Number of processors: 2

15:55:24.0383 4908 Page size: 0x1000

15:55:24.0383 4908 Boot type: Normal boot

15:55:24.0383 4908 ============================================================

15:55:25.0230 4908 Drive \Device\Harddisk0\DR0 - Size: 0x7470AFDE00 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

15:55:25.0242 4908 Drive \Device\Harddisk1\DR1 - Size: 0x1BF286DE00 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

15:55:25.0260 4908 Drive \Device\Harddisk2\DR2 - Size: 0x25432CDE00 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

15:55:25.0283 4908 \Device\Harddisk0\DR0:

15:55:25.0283 4908 MBR used

15:55:25.0283 4908 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A384C02

15:55:25.0283 4908 \Device\Harddisk1\DR1:

15:55:25.0283 4908 MBR used

15:55:25.0283 4908 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xDF93782

15:55:25.0283 4908 \Device\Harddisk2\DR2:

15:55:25.0283 4908 MBR used

15:55:25.0283 4908 \Device\Harddisk2\DR2\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x12A18A82

15:55:25.0433 4908 Initialize success

15:55:25.0433 4908 ============================================================

15:55:48.0568 4276 ============================================================

15:55:48.0568 4276 Scan started

15:55:48.0568 4276 Mode: Manual;

15:55:48.0568 4276 ============================================================

15:55:48.0981 4276 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys

15:55:48.0984 4276 1394ohci - ok

15:55:49.0020 4276 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys

15:55:49.0023 4276 ACPI - ok

15:55:49.0041 4276 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys

15:55:49.0043 4276 AcpiPmi - ok

15:55:49.0093 4276 ACPService (41ee3d758bd1b7acd04136a58b753342) C:\Program Files\Philips\CamSuite\2.0.15.0\ACPService.exe

15:55:49.0097 4276 ACPService - ok

15:55:49.0149 4276 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

15:55:49.0150 4276 AdobeARMservice - ok

15:55:49.0222 4276 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys

15:55:49.0227 4276 adp94xx - ok

15:55:49.0248 4276 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys

15:55:49.0252 4276 adpahci - ok

15:55:49.0260 4276 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys

15:55:49.0263 4276 adpu320 - ok

15:55:49.0293 4276 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll

15:55:49.0294 4276 AeLookupSvc - ok

15:55:49.0328 4276 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys

15:55:49.0332 4276 AFD - ok

15:55:49.0360 4276 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys

15:55:49.0361 4276 agp440 - ok

15:55:49.0409 4276 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys

15:55:49.0411 4276 aic78xx - ok

15:55:49.0430 4276 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe

15:55:49.0432 4276 ALG - ok

15:55:49.0454 4276 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys

15:55:49.0456 4276 aliide - ok

15:55:49.0465 4276 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys

15:55:49.0467 4276 amdagp - ok

15:55:49.0476 4276 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys

15:55:49.0477 4276 amdide - ok

15:55:49.0493 4276 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys

15:55:49.0495 4276 AmdK8 - ok

15:55:49.0508 4276 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys

15:55:49.0510 4276 AmdPPM - ok

15:55:49.0545 4276 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys

15:55:49.0547 4276 amdsata - ok

15:55:49.0572 4276 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys

15:55:49.0575 4276 amdsbs - ok

15:55:49.0611 4276 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys

15:55:49.0612 4276 amdxata - ok

15:55:49.0650 4276 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys

15:55:49.0652 4276 AppID - ok

15:55:49.0706 4276 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll

15:55:49.0724 4276 AppIDSvc - ok

15:55:49.0762 4276 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll

15:55:49.0764 4276 Appinfo - ok

15:55:49.0836 4276 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys

15:55:49.0838 4276 arc - ok

15:55:49.0847 4276 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys

15:55:49.0848 4276 arcsas - ok

15:55:49.0865 4276 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys

15:55:49.0866 4276 AsyncMac - ok

15:55:49.0895 4276 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys

15:55:49.0895 4276 atapi - ok

15:55:49.0954 4276 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll

15:55:49.0960 4276 AudioEndpointBuilder - ok

15:55:49.0968 4276 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll

15:55:49.0972 4276 Audiosrv - ok

15:55:50.0091 4276 AVGIDSAgent (6d440ff3f44ca72edfd6176c6d6a89c0) C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe

15:55:50.0115 4276 AVGIDSAgent - ok

15:55:50.0185 4276 AVGIDSDriver (f6878b90a8a9795116bce335238e65af) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys

15:55:50.0186 4276 AVGIDSDriver - ok

15:55:50.0229 4276 AVGIDSEH (19a08a6728a6e02099d64268218cd799) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys

15:55:50.0230 4276 AVGIDSEH - ok

15:55:50.0251 4276 AVGIDSFilter (f8927ab1dd086edeff2924a64dc89869) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys

15:55:50.0251 4276 AVGIDSFilter - ok

15:55:50.0280 4276 AVGIDSShim (dadca567891033dcf2ec4a3f9da46ae4) C:\Windows\system32\DRIVERS\AVGIDSShim.Sys

15:55:50.0281 4276 AVGIDSShim - ok

15:55:50.0302 4276 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\Windows\system32\DRIVERS\avgldx86.sys

15:55:50.0304 4276 Avgldx86 - ok

15:55:50.0326 4276 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\Windows\system32\DRIVERS\avgmfx86.sys

15:55:50.0327 4276 Avgmfx86 - ok

15:55:50.0343 4276 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\Windows\system32\DRIVERS\avgrkx86.sys

15:55:50.0344 4276 Avgrkx86 - ok

15:55:50.0407 4276 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\Windows\system32\DRIVERS\avgtdix.sys

15:55:50.0409 4276 Avgtdix - ok

15:55:50.0465 4276 avgwd (6699ece24fe4b3f752a66c66a602ee86) C:\Program Files\AVG\AVG2012\avgwdsvc.exe

15:55:50.0466 4276 avgwd - ok

15:55:50.0509 4276 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll

15:55:50.0511 4276 AxInstSV - ok

15:55:50.0544 4276 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys

15:55:50.0550 4276 b06bdrv - ok

15:55:50.0600 4276 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys

15:55:50.0603 4276 b57nd60x - ok

15:55:50.0634 4276 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll

15:55:50.0636 4276 BDESVC - ok

15:55:50.0815 4276 BecHelperService (553e94ae71d233c14a8c8b4af9286ed0) C:\Program Files\3 Mobile Broadband\3Connect\BecHelperService.exe

15:55:50.0824 4276 BecHelperService - ok

15:55:50.0890 4276 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys

15:55:50.0891 4276 Beep - ok

15:55:50.0929 4276 BFE (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll

15:55:50.0934 4276 BFE - ok

15:55:50.0964 4276 BITS (e585445d5021971fae10393f0f1c3961) C:\Windows\system32\qmgr.dll

15:55:50.0972 4276 BITS - ok

15:55:50.0990 4276 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys

15:55:50.0991 4276 blbdrive - ok

15:55:51.0017 4276 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys

15:55:51.0019 4276 bowser - ok

15:55:51.0064 4276 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys

15:55:51.0066 4276 BrFiltLo - ok

15:55:51.0092 4276 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys

15:55:51.0093 4276 BrFiltUp - ok

15:55:51.0118 4276 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys

15:55:51.0119 4276 BridgeMP - ok

15:55:51.0138 4276 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll

15:55:51.0140 4276 Browser - ok

15:55:51.0163 4276 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys

15:55:51.0166 4276 Brserid - ok

15:55:51.0185 4276 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys

15:55:51.0187 4276 BrSerWdm - ok

15:55:51.0204 4276 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys

15:55:51.0205 4276 BrUsbMdm - ok

15:55:51.0222 4276 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys

15:55:51.0226 4276 BrUsbSer - ok

15:55:51.0273 4276 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\drivers\BthEnum.sys

15:55:51.0274 4276 BthEnum - ok

15:55:51.0304 4276 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys

15:55:51.0305 4276 BTHMODEM - ok

15:55:51.0340 4276 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys

15:55:51.0341 4276 BthPan - ok

15:55:51.0372 4276 BTHPORT (c2fbf6d271d9a94d839c416bf186ead9) C:\Windows\System32\Drivers\BTHport.sys

15:55:51.0377 4276 BTHPORT - ok

15:55:51.0395 4276 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll

15:55:51.0397 4276 bthserv - ok

15:55:51.0428 4276 BTHUSB (c81e9413a25a439f436b1d4b6a0cf9e9) C:\Windows\System32\Drivers\BTHUSB.sys

15:55:51.0430 4276 BTHUSB - ok

15:55:51.0492 4276 catchme - ok

15:55:51.0560 4276 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys

15:55:51.0561 4276 cdfs - ok

15:55:51.0615 4276 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys

15:55:51.0617 4276 cdrom - ok

15:55:51.0654 4276 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll

15:55:51.0656 4276 CertPropSvc - ok

15:55:51.0673 4276 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys

15:55:51.0675 4276 circlass - ok

15:55:51.0722 4276 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys

15:55:51.0725 4276 CLFS - ok

15:55:51.0799 4276 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

15:55:51.0801 4276 clr_optimization_v2.0.50727_32 - ok

15:55:51.0852 4276 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

15:55:51.0855 4276 clr_optimization_v4.0.30319_32 - ok

15:55:51.0913 4276 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys

15:55:51.0938 4276 CmBatt - ok

15:55:51.0971 4276 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys

15:55:51.0972 4276 cmdide - ok

15:55:51.0997 4276 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys

15:55:51.0999 4276 CNG - ok

15:55:52.0008 4276 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys

15:55:52.0009 4276 Compbatt - ok

15:55:52.0029 4276 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys

15:55:52.0031 4276 CompositeBus - ok

15:55:52.0052 4276 COMSysApp - ok

15:55:52.0067 4276 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys

15:55:52.0068 4276 crcdisk - ok

15:55:52.0071 4276 Crypkey License - ok

15:55:52.0102 4276 CryptSvc (a585bebf7d054bd9618eda0922d5484a) C:\Windows\system32\cryptsvc.dll

15:55:52.0104 4276 CryptSvc - ok

15:55:52.0142 4276 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll

15:55:52.0149 4276 DcomLaunch - ok

15:55:52.0180 4276 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll

15:55:52.0184 4276 defragsvc - ok

15:55:52.0222 4276 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys

15:55:52.0223 4276 DfsC - ok

15:55:52.0239 4276 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll

15:55:52.0243 4276 Dhcp - ok

15:55:52.0279 4276 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys

15:55:52.0280 4276 discache - ok

15:55:52.0311 4276 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys

15:55:52.0313 4276 Disk - ok

15:55:52.0342 4276 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll

15:55:52.0344 4276 Dnscache - ok

15:55:52.0381 4276 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll

15:55:52.0385 4276 dot3svc - ok

15:55:52.0417 4276 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll

15:55:52.0421 4276 DPS - ok

15:55:52.0446 4276 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys

15:55:52.0447 4276 drmkaud - ok

15:55:52.0484 4276 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys

15:55:52.0488 4276 DXGKrnl - ok

15:55:52.0537 4276 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll

15:55:52.0540 4276 EapHost - ok

15:55:52.0612 4276 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys

15:55:52.0640 4276 ebdrv - ok

15:55:52.0676 4276 EFS (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe

15:55:52.0678 4276 EFS - ok

15:55:52.0736 4276 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe

15:55:52.0742 4276 ehRecvr - ok

15:55:52.0766 4276 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe

15:55:52.0767 4276 ehSched - ok

15:55:52.0825 4276 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys

15:55:52.0830 4276 elxstor - ok

15:55:52.0855 4276 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys

15:55:52.0856 4276 ErrDev - ok

15:55:52.0908 4276 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll

15:55:52.0913 4276 EventSystem - ok

15:55:52.0936 4276 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys

15:55:52.0939 4276 exfat - ok

15:55:52.0976 4276 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys

15:55:52.0979 4276 fastfat - ok

15:55:53.0013 4276 Fax (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe

15:55:53.0020 4276 Fax - ok

15:55:53.0041 4276 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys

15:55:53.0043 4276 fdc - ok

15:55:53.0061 4276 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll

15:55:53.0063 4276 fdPHost - ok

15:55:53.0094 4276 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll

15:55:53.0096 4276 FDResPub - ok

15:55:53.0121 4276 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys

15:55:53.0122 4276 FileInfo - ok

15:55:53.0142 4276 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys

15:55:53.0143 4276 Filetrace - ok

15:55:53.0177 4276 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys

15:55:53.0179 4276 flpydisk - ok

15:55:53.0209 4276 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys

15:55:53.0212 4276 FltMgr - ok

15:55:53.0255 4276 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll

15:55:53.0264 4276 FontCache - ok

15:55:53.0317 4276 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

15:55:53.0319 4276 FontCache3.0.0.0 - ok

15:55:53.0370 4276 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys

15:55:53.0371 4276 FsDepends - ok

15:55:53.0395 4276 fssfltr (d909075fa72c090f27aa926c32cb4612) C:\Windows\system32\DRIVERS\fssfltr.sys

15:55:53.0397 4276 fssfltr - ok

15:55:53.0472 4276 fsssvc (40cdfad174b3d5e80f95dda003c0b97f) C:\Program Files\Windows Live\Family Safety\fsssvc.exe

15:55:53.0486 4276 fsssvc - ok

15:55:53.0524 4276 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys

15:55:53.0525 4276 Fs_Rec - ok

15:55:53.0556 4276 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys

15:55:53.0559 4276 fvevol - ok

15:55:53.0610 4276 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys

15:55:53.0611 4276 gagp30kx - ok

15:55:53.0651 4276 gdrv (c6e3105b8c68c35cc1eb26a00fd1a8c6) C:\Windows\gdrv.sys

15:55:53.0652 4276 gdrv - ok

15:55:53.0697 4276 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll

15:55:53.0704 4276 gpsvc - ok

15:55:53.0744 4276 GUCI_AVS (c483626faaee199b98e61ac9bb219150) C:\Windows\system32\DRIVERS\GUCI_AVS.sys

15:55:53.0751 4276 GUCI_AVS - ok

15:55:53.0781 4276 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys

15:55:53.0782 4276 hcw85cir - ok

15:55:53.0813 4276 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys

15:55:53.0817 4276 HdAudAddService - ok

15:55:53.0859 4276 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys

15:55:53.0860 4276 HDAudBus - ok

15:55:53.0881 4276 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys

15:55:53.0882 4276 HidBatt - ok

15:55:53.0904 4276 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys

15:55:53.0905 4276 HidBth - ok

15:55:53.0922 4276 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys

15:55:53.0923 4276 HidIr - ok

15:55:53.0941 4276 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\System32\hidserv.dll

15:55:53.0944 4276 hidserv - ok

15:55:53.0962 4276 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys

15:55:53.0963 4276 HidUsb - ok

15:55:53.0998 4276 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll

15:55:54.0001 4276 hkmsvc - ok

15:55:54.0031 4276 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll

15:55:54.0035 4276 HomeGroupListener - ok

15:55:54.0085 4276 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll

15:55:54.0089 4276 HomeGroupProvider - ok

15:55:54.0114 4276 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys

15:55:54.0116 4276 HpSAMD - ok

15:55:54.0149 4276 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys

15:55:54.0156 4276 HTTP - ok

15:55:54.0181 4276 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys

15:55:54.0182 4276 hwpolicy - ok

15:55:54.0209 4276 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys

15:55:54.0211 4276 i8042prt - ok

15:55:54.0248 4276 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys

15:55:54.0253 4276 iaStorV - ok

15:55:54.0331 4276 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

15:55:54.0340 4276 idsvc - ok

15:55:54.0471 4276 igfx (ad626f6964f4d364d226c39e06872dd3) C:\Windows\system32\DRIVERS\igdkmd32.sys

15:55:54.0514 4276 igfx - ok

15:55:54.0540 4276 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys

15:55:54.0542 4276 iirsp - ok

15:55:54.0600 4276 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll

15:55:54.0607 4276 IKEEXT - ok

15:55:54.0709 4276 IntcAzAudAddService (aee99ecf06cd1cea95816ccb5bf73ec8) C:\Windows\system32\drivers\RTKVHDA.sys

15:55:54.0724 4276 IntcAzAudAddService - ok

15:55:54.0783 4276 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys

15:55:54.0785 4276 intelide - ok

15:55:54.0837 4276 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys

15:55:54.0838 4276 intelppm - ok

15:55:54.0863 4276 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll

15:55:54.0865 4276 IPBusEnum - ok

15:55:54.0880 4276 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys

15:55:54.0881 4276 IpFilterDriver - ok

15:55:54.0911 4276 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll

15:55:54.0917 4276 iphlpsvc - ok

15:55:54.0961 4276 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys

15:55:54.0963 4276 IPMIDRV - ok

15:55:54.0974 4276 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys

15:55:54.0976 4276 IPNAT - ok

15:55:54.0997 4276 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys

15:55:54.0998 4276 IRENUM - ok

15:55:55.0012 4276 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys

15:55:55.0013 4276 isapnp - ok

15:55:55.0060 4276 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys

15:55:55.0064 4276 iScsiPrt - ok

15:55:55.0096 4276 jetdrive (d6c59572d05a6a4e0ce5a283ad97ff29) C:\Windows\system32\DRIVERS\jddrv.sys

15:55:55.0097 4276 jetdrive - ok

15:55:55.0106 4276 JetDrive WindowsClosingService - ok

15:55:55.0152 4276 Just Flight Limited License Service (3818b0097208f2f424d7030024f72816) C:\Program Files\Common Files\Just Flight Limited Shared\Service\JustFlightLimitedLicSvc.exe

15:55:55.0154 4276 Just Flight Limited License Service - ok

15:55:55.0195 4276 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys

15:55:55.0196 4276 kbdclass - ok

15:55:55.0219 4276 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\DRIVERS\kbdhid.sys

15:55:55.0220 4276 kbdhid - ok

15:55:55.0245 4276 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe

15:55:55.0248 4276 KeyIso - ok

15:55:55.0276 4276 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys

15:55:55.0277 4276 KSecDD - ok

15:55:55.0293 4276 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys

15:55:55.0295 4276 KSecPkg - ok

15:55:55.0327 4276 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll

15:55:55.0332 4276 KtmRm - ok

15:55:55.0361 4276 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\System32\srvsvc.dll

15:55:55.0367 4276 LanmanServer - ok

15:55:55.0420 4276 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll

15:55:55.0425 4276 LanmanWorkstation - ok

15:55:55.0435 4276 Lavasoft Kernexplorer - ok

15:55:55.0459 4276 Lbd (b7c19ec8b0dd7efa58ad41ffeb8b8cda) C:\Windows\system32\DRIVERS\Lbd.sys

15:55:55.0461 4276 Lbd - ok

15:55:55.0518 4276 LBTServ (910344e2a984010435ae84783b25e5eb) C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe

15:55:55.0520 4276 LBTServ - ok

15:55:55.0557 4276 LHidFilt (01cc7fb6e790ef044b411377f3a1ff41) C:\Windows\system32\DRIVERS\LHidFilt.Sys

15:55:55.0558 4276 LHidFilt - ok

15:55:55.0585 4276 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys

15:55:55.0587 4276 lltdio - ok

15:55:55.0639 4276 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll

15:55:55.0643 4276 lltdsvc - ok

15:55:55.0666 4276 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll

15:55:55.0669 4276 lmhosts - ok

15:55:55.0693 4276 LMouFilt (a2e7eae8898d7b4b8c302b8f4e836bb5) C:\Windows\system32\DRIVERS\LMouFilt.Sys

15:55:55.0694 4276 LMouFilt - ok

15:55:55.0715 4276 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys

15:55:55.0717 4276 LSI_FC - ok

15:55:55.0731 4276 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys

15:55:55.0733 4276 LSI_SAS - ok

15:55:55.0749 4276 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys

15:55:55.0750 4276 LSI_SAS2 - ok

15:55:55.0769 4276 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys

15:55:55.0771 4276 LSI_SCSI - ok

15:55:55.0788 4276 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys

15:55:55.0790 4276 luafv - ok

15:55:55.0823 4276 massfilter (59a2783aba6019bed0c843c706e10a6a) C:\Windows\system32\drivers\massfilter.sys

15:55:55.0824 4276 massfilter - ok

15:55:55.0872 4276 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll

15:55:55.0876 4276 Mcx2Svc - ok

15:55:55.0966 4276 mdvrmng (4e10e84320a8ec1c12bd0d00973b22ab) C:\Windows\system32\drivers\mdvrmng.sys

15:55:55.0980 4276 mdvrmng - ok

15:55:56.0032 4276 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys

15:55:56.0034 4276 megasas - ok

15:55:56.0052 4276 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys

15:55:56.0056 4276 MegaSR - ok

15:55:56.0081 4276 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll

15:55:56.0084 4276 MMCSS - ok

15:55:56.0104 4276 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys

15:55:56.0105 4276 Modem - ok

15:55:56.0129 4276 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys

15:55:56.0130 4276 monitor - ok

15:55:56.0157 4276 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys

15:55:56.0158 4276 mouclass - ok

15:55:56.0194 4276 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys

15:55:56.0196 4276 mouhid - ok

15:55:56.0241 4276 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys

15:55:56.0243 4276 mountmgr - ok

15:55:56.0266

Share this post


Link to post
Share on other sites

Hey smurf667. :)

 

Thank you for providing the requested logs. :thumbup:

 

Please print out these instructions or copy them to a Notepad file for an easier reading.

 

 

I notice that you have Spybot's TeaTimer running. While this is normally a wonderful tool to protect against hijackers, it can also interfere with many fixes and tools you may run. Please disable TeaTimer by doing the following:

  • Run Spybot-S&D.
  • Go to the Mode menu, and make sure Advanced Mode is selected.
  • On the left hand side, choose Tools -> Resident.
  • Uncheck Resident TeaTimer and OK any prompts.

I will give you instructions on how to re-enable TeaTimer once your system is clean.

==========

 

I notitce that you have the following programs installed:

 

Advanced SystemCare 3 (please see IOBit’s Denial of Theft Unconvincing for more information).

AVG Security Toolbar (please see here for more information).

Conduit Engine (please see here for more information).

Daemon Tools Toolbar (please see here for more information).

IOBIT (please see IOBit’s Denial of Theft Unconvincing for more information).

Messenger Plus! Community SmartbarEngine + Toolbar (please see here for more information).

Yahoo! Toolbar Helper (please see here for more information).

 

 

I recommend the removal of all these programs, for the reasons listed in the links provided above.

 

Please go to Start>Control Panel>Programs>Programs and Features and Uninstall the following programs (if present):

 

  • Advanced SystemCare 3
  • AVG Security Toolbar
  • Conduit Engine
  • Daemon Tools Toolbar
  • IOBIT
  • Messenger Plus! Community Smartbar Engine
  • Messenger Plus! Toolbar
  • Yahoo! Toolbar Helper

Please restart your computer after these program removals.

==========

 

Next, please follow these instructions to remove the remaining malicious entries:

 

  • Please close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Open Notepad and copy/paste the text in the quotebox below into it:
     
    Please Note: Do NOT use any other text editor than Notepad or the CFScript will fail.
     

    killall::
     
    DDS::
    uStart Page = hxxp://co122w.col122.mail.live.com/default.aspx?rru=inbox&wa=wsignin1.0
    uSearch Bar =
    uSearch Page =
    mSearchAssistant =
    Trusted Zone: facebook.com\www
    Trusted Zone: kuaiche.com\software
    Trusted Zone: microsoft.com\*.update
     
    RegLockDel::
    [HKEY_USERS\S-1-5-21-3149207797-2026983667-1932898229-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B1E51BE9-9E19-2AA1-5AE0-30693E4CDCDF}*]
    "mafeebkianklingcpcbenhmmfi"=hex:6a,61,68,66,63,69,70,6f,68,65,61,6a,6d,69,64,
    6c,61,6b,6f,70,00,00
    "nadecadlmiabdgjoebiifnbgkjno"=hex:6a,61,68,66,63,69,70,6f,68,65,61,6a,6d,69,
    64,6c,61,6b,6f,70,00,00
    "hahbbjljccohllin"=hex:61,62,63,63,65,67,6d,6c,64,62,66,6d,6d,6d,6c,69,67,61,
    61,64,65,65,6e,62,62,61,6b,65,67,70,70,6b,70,6a,00,00
    "hahbbjljpchjpmck"=hex:64,62,65,65,6f,63,70,6d,6b,67,6c,66,70,69,6a,65,6f,69,
    6a,6d,6e,69,70,66,65,6e,63,6e,63,66,64,68,69,68,6e,6b,61,6e,61,66,00,40
     
     
  • Save this as CFScript.txt, in the same location as ComboFix.exe.
     
    CFScriptB-4.gif
     
  • Referring to the picture above, drag CFScript into ComboFix.exe.
  • When finished, it shall produce a log for you at C:\ComboFix.txt.

 

 

Please post the ComboFix.txt in your next reply.

==========

 

Then, please download Sophos Anti-rootkit & save it to your Desktop.

alternate download link

Note: If using the vendor's download site you will be asked to register with MySophos so an email containing an activation link can be sent to your email address.

 

Be sure to print out and read the Sophos Anti-Rookit User Manual and Release Notes.

  • Double-click sar_15_sfx.exe to begin the installation, read the license agreement and click Accept.
  • Allow the default location of C:\Program Files\Sophos\Sophos Anti-Rootkit and click Install.
  • A message will appear "Sophos Anti-Rootkit was successfully installed. Click 'yes' to start it now".
  • Click Yes and allow the driver and its randomly named .tmp file (i.e. F.tmp) to load if asked.
  • If the scan did not start automatically, make sure the following are checked:

  • Running processes
  • Windows Registry
  • Local Hard Drives

[*]Click Start scan.

[*]Sophos Anti-Rootkit will scan the selected areas and display any suspicious files in the upper panel.

[*]When the scan is complete, a pop-up screen will appear with "Rootkit Scan Results". Click OK to continue.

[*]Click on the suspicious file to display more information about it in the lower panel which also includes whether the item is recommended for removal.

  • Files tagged as Removable: No are not marked for removal and cannot be removed.
  • Files tagged as Removable: Yes (clean up recommended) are marked for removal by default.
  • Files tagged as Removable: Yes (but clean up not recommended) are not marked for removal because Sophos did not recognize them. These files will require further investigation.

[*]Select only items recommended for removal, then click "Clean up checked items". You will be asked to confirm, click Yes.

[*]A pop up window will appear advising the cleanup will finish when you restart your computer. Click Restart Now.

[*]After reboot, a dialog box displays the files you selected for removal and the action taken.

[*]Click Empty list and then click Continue to re-scan your computer a second time to ensure everything was cleaned.

[*]When done, go to Start > Run and type or copy/paste: %temp%\sarscan.log

[*]This should open the log from the rootkit scan. Please post this log in your next reply. If you have a problem, you can find sarscan.log in C:\Documents and Settings\<username>\Local Settings\Temp\.

Before performing an ARK scan it is recommended to do the following to ensure more accurate results and avoid common issues that may cause false detections.

  • Disconnect from the Internet or physically unplug you Internet cable connection.
  • Clean out your temporary files.
  • Close all open programs, scheduling/updating tasks and background processes that might activate during the scan including the screensaver.
  • Temporarily disable your anti-virus and real-time anti-spyware protection.
  • After starting the scan, do not use the computer until the scan has completed.
  • When finished, re-enable your anti-virus/anti-malware (or reboot) and then you can reconnect to the Internet.

==========

 

In your next post please provide the following:

  • If you had any problems uninstalling any of those programs.
  • ComboFix.txt.
  • Log from Sophos Anti-rootkit.

How is your computer running now?

Share this post


Link to post
Share on other sites

Hi Dark knight, thanks for your continual help,

 

I've done as you requested and removed those programs/toolbars, though I must point out that I never actually used the toolbars, as I'm not keen on those BHO's for obvious reasons, and to be honest, I wanted rid of them, but thought that they were integral with the programs that they came with. I never thought of checking in the add/remove programs, so thanks for pointing me there.

 

Anyway, on to the business in hand, Yes, it's still there unfortunately. I also noticed that there's been one file flagged up twice now, once in tdss and again in the sophos anti-root kit, that is in the windows/drivers folder, namely C:\Windows\System32\drivers\sptd.sys, I also see that it's an hidden file too.

 

Here's the combo fix.txt:

 

 

ComboFix 12-04-07.04 - Pete 09/04/2012 17:03:18.2.2 - x86

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3070.2039 [GMT 1:00]

Running from: c:\users\Pete\Desktop\ComboFix.exe

Command switches used :: c:\users\Pete\Desktop\CFScript.txt

AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((( Files Created from 2012-03-09 to 2012-04-09 )))))))))))))))))))))))))))))))

.

.

2012-04-09 16:15 . 2012-04-09 16:15 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2012-04-09 16:15 . 2012-04-09 16:15 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-04-09 16:15 . 2012-04-09 16:15 -------- d-----w- c:\users\Claire\AppData\Local\temp

2012-04-08 15:44 . 2012-04-08 15:44 -------- d-----w- c:\users\Claire\AppData\Roaming\Birdstep Technology

2012-04-08 14:51 . 2012-03-20 02:53 6582328 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4B31C784-38FD-420D-A4C1-72EAE506D523}\mpengine.dll

2012-04-08 14:47 . 2012-04-08 14:47 -------- d-----w- c:\users\Pete\AppData\Roaming\Birdstep Technology

2012-04-08 14:47 . 2010-01-28 12:35 10240 ----a-w- c:\windows\system32\drivers\mdvrmng.sys

2012-04-08 14:47 . 2012-04-08 14:47 -------- d-----w- c:\program files\3 Mobile Broadband

2012-04-07 14:24 . 2012-04-07 14:24 -------- d-----w- c:\program files\MALWAREBYTES ANTI-MALWARE

2012-04-07 13:56 . 2012-04-07 13:56 388096 ----a-r- c:\users\Pete\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2012-04-07 13:56 . 2012-04-07 13:56 -------- d-----w- c:\program files\Trend Micro

2012-04-06 21:53 . 2012-04-06 21:53 -------- d-----w- c:\users\Pete\AppData\Local\Facebook

2012-04-05 17:29 . 2012-04-05 17:29 -------- d-----w- c:\programdata\boost_interprocess

2012-03-27 22:08 . 2012-04-09 12:36 -------- d-----w- c:\users\Pete\AppData\Local\Smartbar

2012-03-14 09:49 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-03-14 09:49 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-03-14 09:12 . 2012-02-03 03:54 2343424 ----a-w- c:\windows\system32\win32k.sys

2012-03-14 09:12 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\system32\DWrite.dll

2012-03-14 09:12 . 2012-01-25 05:32 58880 ----a-w- c:\windows\system32\rdpwsx.dll

2012-03-14 09:12 . 2012-01-25 05:32 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll

2012-03-14 09:12 . 2012-01-25 05:27 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe

2012-03-14 09:12 . 2012-02-17 05:34 826880 ----a-w- c:\windows\system32\rdpcore.dll

2012-03-14 09:12 . 2012-02-17 04:14 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-03-14 09:12 . 2012-02-17 04:13 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys

2012-03-12 14:56 . 2012-03-12 14:56 -------- d-----w- c:\program files\ToniArts

2012-03-12 14:56 . 2004-07-16 00:20 733184 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iKernel.dll

2012-03-12 14:56 . 2004-07-16 00:20 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\ctor.dll

2012-03-12 14:56 . 2004-07-16 00:19 266240 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iscript.dll

2012-03-12 14:56 . 2004-07-16 00:18 172032 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iuser.dll

2012-03-12 14:56 . 2004-07-16 00:18 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\DotNetInstaller.exe

2012-03-12 14:56 . 2012-03-12 14:56 303236 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\setup.dll

2012-03-12 14:56 . 2012-03-12 14:56 180356 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iGdi.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-04-05 17:15 . 2010-10-23 07:50 472808 ----a-w- c:\windows\system32\deployJava1.dll

2012-02-23 09:18 . 2010-09-30 12:51 237072 ------w- c:\windows\system32\MpSigStub.exe

2012-02-10 04:13 . 2012-02-22 17:04 7713088 ----a-w- c:\windows\system32\nvwgf2um.dll

2012-02-10 04:13 . 2012-02-22 17:04 61248 ----a-w- c:\windows\system32\OpenCL.dll

2012-02-10 04:13 . 2012-02-22 17:04 5892928 ----a-w- c:\windows\system32\nvcuda.dll

2012-02-10 04:13 . 2012-02-22 17:04 2517312 ----a-w- c:\windows\system32\nvcuvid.dll

2012-02-10 04:13 . 2012-02-22 17:04 2437440 ----a-w- c:\windows\system32\nvcuvenc.dll

2012-02-10 04:13 . 2012-02-22 17:04 19443520 ----a-w- c:\windows\system32\nvoglv32.dll

2012-02-10 04:13 . 2012-02-22 17:04 17543488 ----a-w- c:\windows\system32\nvcompiler.dll

2012-02-10 04:13 . 2012-02-22 17:04 15009600 ----a-w- c:\windows\system32\nvd3dum.dll

2012-02-10 04:13 . 2012-02-22 17:04 10816832 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys

2012-02-10 04:13 . 2011-08-10 03:00 881984 ----a-w- c:\windows\system32\nvgenco32.dll

2012-02-10 04:13 . 2011-08-10 03:00 1000256 ----a-w- c:\windows\system32\nvdispco32.dll

2012-02-10 04:13 . 2010-09-24 23:46 2301248 ----a-w- c:\windows\system32\nvapi.dll

2012-02-10 03:02 . 2011-04-07 21:43 3881792 ----a-w- c:\windows\system32\nvcpl.dll

2012-02-10 03:00 . 2011-04-07 21:43 2719040 ----a-w- c:\windows\system32\nvsvc.dll

2012-02-10 03:00 . 2011-04-07 21:43 645440 ----a-w- c:\windows\system32\nvvsvc.exe

2012-02-10 03:00 . 2011-04-07 21:43 108352 ----a-w- c:\windows\system32\nvmctray.dll

2012-02-10 03:00 . 2010-07-09 15:20 62272 ----a-w- c:\windows\system32\nvshext.dll

2012-02-09 20:05 . 2012-02-09 20:05 416064 ----a-w- c:\windows\system32\nvStreaming.exe

2012-01-26 18:39 . 2012-01-26 18:39 53248 ----a-r- c:\users\Pete\AppData\Roaming\Microsoft\Installer\{12BAA98C-F8DD-4BC9-BBE6-1C8463114197}\ARPPRODUCTICON.exe

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-17 221184]

"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

"StickyPassword"="c:\program files\Sticky Password\stpass.exe" [2010-08-25 3052376]

"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]

"Facebook Update"="c:\users\Pete\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-04-06 137536]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2009-07-22 83336]

"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]

"VM331_STI"="c:\windows\VM331_STI.exe" [2010-01-15 536576]

"SPZ2000_Monitor"="c:\windows\Philips\SPZ2000\GUCI_AVS.exe" [2007-12-10 323584]

"PlusService"="c:\program files\Yuna Software\Messenger Plus!\PlusService.exe" [2012-02-27 801792]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1387288]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-07-28 9398888]

"RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-09-01 90448]

"OODefragTray"="c:\program files\OO Software\Defrag\oodtray.exe" [2011-11-17 2773328]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

.

c:\users\Pete\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Facebook Messenger.lnk - c:\users\Pete\AppData\Local\Facebook\Messenger\2.0.4478.0\FacebookMessenger.exe [2012-4-5 204288]

Logitech . Product Registration.lnk - c:\program files\Common Files\Logishrd\eReg\SetPoint\eReg.exe [2009-11-16 517384]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2010-6-28 2721184]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]

2011-09-27 19:03 66328 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart\0OODBS

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@=""

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 JetDrive WindowsClosingService;JetDrive WindowsClosingService;c:\windows\System32\WindowsClosingService [x]

R3 jetdrive;jddrv;c:\windows\system32\DRIVERS\jddrv.sys [2011-03-12 29056]

R3 Just Flight Limited License Service;Just Flight Limited License Service;c:\program files\Common Files\Just Flight Limited Shared\Service\JustFlightLimitedLicSvc.exe [2010-10-27 69632]

R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [x]

R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2010-01-19 9216]

R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 27192]

R3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\DRIVERS\s0016bus.sys [2008-05-16 89256]

R3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0016mdfl.sys [2008-05-16 15016]

R3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0016mdm.sys [2008-05-16 120744]

R3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0016mgmt.sys [2008-05-16 114216]

R3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\DRIVERS\s0016nd5.sys [2008-05-16 25512]

R3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0016obex.sys [2008-05-16 110632]

R3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\DRIVERS\s0016unic.sys [2008-05-16 115752]

R3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2011-06-29 155344]

R3 SRS_AE_Service;SRS Audio Essentials;c:\windows\system32\drivers\SRS_AE_i386.sys [2011-08-01 404256]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]

R3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);c:\windows\system32\DRIVERS\vcsvad.sys [2008-12-26 17792]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-09-25 1343400]

R3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [2010-11-26 25704]

R3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [2010-11-26 25704]

R3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [2010-11-26 25704]

R3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [2010-11-26 25704]

R3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [2010-11-26 25704]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]

S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2011-07-11 23120]

S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2011-09-13 32592]

S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-07-12 64288]

S0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\System32\drivers\sfdrv01a.sys [2009-02-03 63096]

S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]

S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2011-10-07 230608]

S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2011-07-11 295248]

S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2011-06-28 101720]

S2 ACPService;ACPService;c:\program files\Philips\CamSuite\2.0.15.0\ACPService.exe [2010-08-26 687104]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]

S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]

S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]

S2 BecHelperService;BecHelperService;c:\program files\3 Mobile Broadband\3Connect\BecHelperService.exe [2010-01-28 1737464]

S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-02-10 2348352]

S2 OODefragAgent;O&O Defrag Agent;c:\program files\OO Software\Defrag\oodag.exe [2011-11-17 2489680]

S2 PfFilter;PfFilter;c:\program files\IObit\Protected Folder\pffilter.sys [2011-03-16 140848]

S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-09 382272]

S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [2011-07-11 134736]

S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [2011-07-11 24272]

S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys [2011-10-04 16720]

S3 GUCI_AVS;Philips SPZ2000 Webcam;c:\windows\system32\DRIVERS\GUCI_AVS.sys [2010-06-10 574848]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-03-22 278560]

.

.

Contents of the 'Scheduled Tasks' folder

.

2012-04-08 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3149207797-2026983667-1932898229-1000Core.job

- c:\users\Pete\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-06 21:53]

.

2012-04-09 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3149207797-2026983667-1932898229-1000UA.job

- c:\users\Pete\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-06 21:53]

.

2012-04-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3149207797-2026983667-1932898229-1000Core.job

- c:\users\Pete\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-18 23:52]

.

2012-04-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3149207797-2026983667-1932898229-1000UA.job

- c:\users\Pete\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-18 23:52]

.

2012-04-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3149207797-2026983667-1932898229-1003Core.job

- c:\users\Claire\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-20 16:00]

.

2012-04-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3149207797-2026983667-1932898229-1003UA.job

- c:\users\Claire\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-20 16:00]

.

.

------- Supplementary Scan -------

.

IE: Download All By FlashGet3 - c:\users\Pete\AppData\Roaming\FlashGetBHO\GetAllUrl.htm

IE: Download By FlashGet3 - c:\users\Pete\AppData\Roaming\FlashGetBHO\GetUrl.htm

DPF: {01025D1C-BB03-4369-8344-732CD0DCCCF0} - hxxp://www.geforce.com/services_toolkit/ShimGen/1.1.28.1/GPU_Reader.cab

.

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\JetDrive WindowsClosingService]

"ImagePath"="c:\windows\System32\WindowsClosingService"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-3149207797-2026983667-1932898229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.Email.1"

.

[HKEY_USERS\S-1-5-21-3149207797-2026983667-1932898229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.VCard.1"

.

[HKEY_USERS\S-1-5-21-3149207797-2026983667-1932898229-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B1E51BE9-9E19-2AA1-5AE0-30693E4CDCDF}*]

"mafeebkianklingcpcbenhmmfi"=hex:6a,61,68,66,63,69,70,6f,68,65,61,6a,6d,69,64,

6c,61,6b,6f,70,00,00

"nadecadlmiabdgjoebiifnbgkjno"=hex:6a,61,68,66,63,69,70,6f,68,65,61,6a,6d,69,

64,6c,61,6b,6f,70,00,00

"hahbbjljccohllin"=hex:61,62,63,63,65,67,6d,6c,64,62,66,6d,6d,6d,6c,69,67,61,

61,64,65,65,6e,62,62,61,6b,65,67,70,70,6b,70,6a,00,00

"hahbbjljpchjpmck"=hex:64,62,65,65,6f,63,70,6d,6b,67,6c,66,70,69,6a,65,6f,69,

6a,6d,6e,69,70,66,65,6e,63,6e,63,66,64,68,69,68,6e,6b,61,6e,61,66,00,40

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]

"OOPM03.00.00.01PRO"="4D6DB634E94BAB10518D41788B55A2E18248F07AB605280B68409CFDD28FE6B97040334856CBB2741834CF6A59F3BE6BE5B399A77EFBA8E0BB9CF3D7A4F05022EDBF7C75EBEA018AB419629C0913E89CE497FDB46BB262267DFEC71932D68AF7854D95DA6E04AD2E3533AE0DB8F47B03F825A7A319F3943735F116623236DA0AE9E9105CD2D022BD1BA1FC81BDBEA72D8F343639D7EDD4F5DD23749A15FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808BA7FD869164D6794A6171C11EC38DE3DA6171C11EC38DE3D5D092FFE5513152E5DA2D294245356DA186ADDEFBEA6859F7F24BE8F47C810400D85E4FE0F70CAE75B7969DE763D979BC13C4540D57A2E7F8C4493D772AC5FECBA756EF392F47C525532D24B8FC2C26ECBAC141A88CD58CD6D90E60F92EDDD26E58175040C38887553D9878FF4ED55F6E6CA365E56C1456C1A43346240E3AC2D6DA4A6C950E20F0DBDCF06D1D260129025FD9961658AF7726FE3FB7138F5307598AD31525334760B65CA4F2C76CA7EC8007F31687BF036292D51C0535BA211A490C14B20307D6713FAD169AFD27465DF505DF3B2854F0C10F8410B90AEFAB99862D8AC29A3A64EFD16C25D5D7F3B554CD678DBED1398495A59B765265CA25C5F7F3E92D710285D57304E3A2E380D1F36B707E6BFD7CEFE6DBB91E0042F56EABD3C123E0AFA118861A678118AD96C597D78939ABE2C8B85E3F07B8F8F98DF9F2AD3C6729210840A103E9B76D36871DF3286FBF9F78CFA780CACF80A23AEA2F550E3A678B41BB7DD8B9D6285DC8BC64D992FF092EB17DB376808E1EB8AA893AD0F6CCA1EAD0E74C6B04CCE5AEA8D2D082E2878F10E900563B0FE60D58665BA4AFB52A433AA019B480FBA3698BADB75321D876DA945E1DCE5CFF07269CD643795DC60F78CCC2B1C2DEBBAC0E47B0C893947C7FB52EE95606861A46B4F074BB81BAEC3DA822AEB7E024083E968CD53E249424A27855B5C9FDABAC072B3D16185AA9E0E3AF24D45DA17382E85D0CB0D91D4D85144E14C093FEF61D10245BC95F6D892B357BCB35DE203B33935507E37B89387847C8AFC95F69F10C86838CEF7F9FDA18F444550FBD51DC809731DE5760FFC016F4FA5171C142535794A45003D0F35955DE77589910C84BE610C6FF49061D029010D5EBB5DF4FDF21D9BA53EBE4C5E6FBF803A372F6E98916EA18691700D129A0D5B62FEBB8F6F9FCE291AE9F85C9FE23C9B03298A7B7FF33EA62297268606A1CB3565E8C1EAFE479110E6570D7ADF573A1FC5A07DC4234843660AD6E25536C156E61E74192578A646C5D3CF41774BE789417AD406F22FA7527B0711FD13F0AEAD14469213ECEA31378E2B917BBAD264DA0E1EEEC53E94DE2856E5FDF271C8D236B09D"

"OODEFRAG14.00.00.01PROFESSIONAL"="D165D114FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808A2D97226D213B555A6A0AC4980AC7933C038D530D6EB34524EA4E50917B51E820907A54BAB5765676D50CD0D5C5F8D8081B66C139F1CA3B55B0AD39F0A4A7E69B503302E0BEAB380CC1B71CC72A8EE7E9383FB78CB4F06322F9E2B168353696CCA0E286E63E4DD4C385412C3579B8C18DD8169F78AA75BAD7971DD35491C1FF32F9A5D3D3F438F6C6BECF9AEFC869DC991419F73D264091C7F54142B7675CE8D5ADA5330FE86662733992C2A273BCD2F7019B934ED46E59519E02785FAB11EE8DAC8C0C05532F3E5F1D3DBB96E0EBA8E52230CE37A16BD56B270A5BB98A926DC529E114C4B4FBDB69D587243C0D978CBA23E1B93699CD0BCCC23D223E6B8F3DFF25E6414BB6B3FCC42290B915DFA8E74E08BA0B401A9D3CD7ADAA47ACE3E08900A4B8EBDD79666FBFB0B7752D9D4F6351FF18921D9106E3265404561129CD8AFF16D96D222E493BE7E86BC971ECB21E2869A7713E2A5BC34493D135CC0BECDA09E913841F2701EB410E812D8E8C9707350F4C0A9DDC4CE4576022252430D446E92C6E2D875D4D01E8AC364F049BDBA02CC336E68604E2877D101B71253790D45E8623A4FA9B267605CECD39CA4174CCCDF4A3DB653A14105D1714FCA00F56E754D7B9640E3AE168607FB3600B3CCE2B7FE749FDF76A88648854F96112CFA2074036F01264B7181BEA1CF131F8358B3C8B7B13B93594CD7418AD8EF5E1004D0DADDDD3B645CA8C4D85688A667F33763ABA7C1E865637A08939691F10D34912065C72A38BFE583ECCDE30B61A5BBEA0FAE03ACB74CCD27DF08F040E75E77A52375BDFC9FE00C387C351C80690B61F944C490BB66A4A6491C0AF770CF768EC8628FD1C3CCD6C67DE9CD64D69630C2EC86852C7CEC2CCE5A6C2A99F0DC5F7E87DCDDA8ABCE9162919D79393F740F90D14CABC34274077C58F41BDBD5F383A370022BFAAC6A67FDB4F73EA6AD4405CF3B02155B23D9BD3A494DB6D574B0B42B17B66A16FB95118CAB49C6CF5C7A5558BD05460C78ADB965AF017633EAE225979355AEDC967DAC58BD585E6A48BF26D7F229647DE0B84C2F9990FAB6948A704280A932433D00BA7A395EF8C2326F81CEF8363CF13E70289D14710932975F10547FF4D0D273322164EE0A2D34A01D579271E5BA3C3785638B318988105A4C66CB33EC0D2881DA2A59B17DB2335A89774B81E774423559FBA58835044A07EF37FBC23A0A75F27401EF5CCE69C5ED301A75D35E9F80677E4F6D3546ADF20E1C2B8CDA7911019A31B895C98751852CBBD9E295621785BFC121B9D4FED72DA257CDF72ABC102189F1470BDB2692A1AB0DB3B7F7FDD975739E99B28A97F8B23ADC108BE48617C5984F04"

"OODEFRAG15.00.00.01PROFESSIONAL"="07725BEB32B05DDC0C797267C0CDDC3E884836A3C42BCD8F02962422CEE4E86668E73CEC1B23A1BBE1B4571A22F086C89380890F29752AC28AAC1FA678EDA9592C1E9E968A7F3490383D60AFE1DC2C62FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808A9C6AECB7A5D1407BA7FD869164D67949DB7CE019D40AA5CDAC89EC09BF93E8A71579DBE33851B9FB2F8C47B713C9D98DD742404042AF8DCB124EE88F4CBDEEE70E6911EF92D980EF1EDD947CD5FBBAEC54EAB4F19B466BA65F3C97BEF518CA778CFA984D88FD7DBA3E4DBE2E9AC94E06F23826C72C933ECB98A564133BC55303429BE852F3366FEFB5DF5F1FD9F57C4BAF3C32C3DFAD046568FC1F607530739B6DEAC2C7D3396A69725568B64C77623EA961052CF6B714CC8FCB9AED7ED38A4F5B05577E83CFCB274E2ACB91CC82779A6B58695A0550C3A8022F36C37FABE0A49331DD7BD11F1B6F30F2F7CC7D964797A4D51A44B03DAFED12026A959FAB8B6704D6CB3E70814FBDD7619C6AEC46B89D4B0981D1156DE3CF56F8D52970206290BBBAEE5790CC300DB39A57FBB6ABEC289050B9355C2DAC988DAE949EEBAC914208C57BB291BA5707B4C9982FCBDA472CF445D919FD055AF0B807DE27F62EB6018255877D04723B431F8B71CA646A719C3BCC3101C9C992F60D311E70F4A1AA740BC2C4E6E366964D1DB4A938F9E16EEE48E7B029AD5B7BA539AEE948756443C4A5FCEEB2323EACB9865209B31F580DA15B1C0CA0FC181F60DEFE89BF2821E1F4AEC40EC36DCDA6B235B8A622B113E7B1D6E58C111380E3F214350A104599E89BB1806E40F43B3F774545E85C14569A2A7E286B2DC2639A181D67E3E907D84667C6A2957BD4FB159F23FF59759FE60D4C400985ED30B236208C1CE000F244D554BBDB4C0738AD6AD685C2E21FE3CC4CBE60E5BF876FA2DF4EFEDA0681F163EA84F433A8E0712E7C38340691CE0927DF5E6A3A1A96F9E7F085B1C56E900B161E9117DCFA17019EDA1D6D30DF7D0273475FE31C20D0AB204F5CD5CD9EF95E6FED3FEC50C514FE5B5FDD9530396C736D69D4FF699B33507EB542F971656EA3C2BD56AC60CE764D251C6E4D0B9D05F0F9779DA8B83A08600A8E74C07FA6FACC936138781F021174E951D38AFA0F0D6956CC588D864CBB495F12D553BF9FEAA3E3C63F0475E31EF591B537429AE3690BF1175A41B22A21BD4C350DE950EBD5AD896D223C27EBE9C8B4073224ADE53141981ABDD65A7043B5D5CB4E1CCB0D954716520806EFDE0700FA5BA29F2ABEE0C4281C4489D63C338633FF0B9EC61F3D5EE8EBE4E198B286022AF97D95A1A24476C95CB5AFCC8A9D9AEB250275426A03FCFB95634E85E15869687306606AD03B85F0A0470124E730C9DC250"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'Explorer.exe'(4812)

c:\program files\Sticky Password\spCapBtn.dll

.

------------------------ Other Running Processes ------------------------

.

c:\progra~1\AVG\AVG2012\avgrsx.exe

c:\program files\AVG\AVG2012\avgcsrvx.exe

c:\windows\system32\nvvsvc.exe

c:\program files\NVIDIA Corporation\Display\nvxdsync.exe

c:\windows\system32\nvvsvc.exe

c:\windows\system32\crypserv.exe

c:\program files\AVG\AVG2012\avgnsx.exe

c:\program files\AVG\AVG2012\avgemcx.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

c:\windows\system32\WUDFHost.exe

c:\windows\system32\taskhost.exe

c:\program files\Philips\CamSuite\2.0.15.0\ACPGUI.dll

c:\windows\system32\conhost.exe

c:\program files\NVIDIA Corporation\Display\nvtray.exe

c:\program files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE

c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe

c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe

c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe

c:\windows\system32\sppsvc.exe

c:\program files\Windows Media Player\wmpnetwk.exe

.

**************************************************************************

.

Completion time: 2012-04-09 17:24:00 - machine was rebooted

ComboFix-quarantined-files.txt 2012-04-09 16:23

.

Pre-Run: 433,179,226,112 bytes free

Post-Run: 433,149,042,688 bytes free

.

- - End Of File - - E3178DDA215B751CCE655FFF2756E992

 

 

And Here's the sarscan.log, though at the end of the scan, there was nothing flagged up to remove, these files were flagged as removable but not advised until looked into more thoroughly

 

 

Sophos Anti-Rootkit Version 1.5.4 © 2009 Sophos Plc

Started logging on 09/04/2012 at 20:06:21

User "Pete" on computer "PETE-PC"

Windows version 6.1 SP 1.0 Service Pack 1 build 7601 SM=0x300 PT=0x1 Win32

Info: Starting registry scan.

Info: Starting disk scan of C: (NTFS).

Stopped logging on 09/04/2012 at 20:07:15

 

 

Sophos Anti-Rootkit Version 1.5.4 © 2009 Sophos Plc

Started logging on 09/04/2012 at 20:07:58

User "Pete" on computer "PETE-PC"

Windows version 6.1 SP 1.0 Service Pack 1 build 7601 SM=0x300 PT=0x1 Win32

Info: Starting registry scan.

Info: Starting disk scan of C: (NTFS).

Hidden: file C:\ProgramData\IObit\Protected Folder\fstile.cds

Hidden: file C:\ProgramData\IObit\Protected Folder\drawposs.db

Hidden: file C:\ProgramData\IObit\Protected Folder\config.ini

Hidden: file C:\Windows\System32\drivers\sptd.sys

Stopped logging on 09/04/2012 at 20:40:56

 

I hope this helps in the diagnosis

Share this post


Link to post
Share on other sites

Hey smurf667. :)

 

This file:

 

C:\Windows\System32\drivers\sptd.sys

 

Is legitimate as it is part of DAEMON Tools. :)

 

 

As for the other files sarscan found, if you uninstalled IOBIT then please navigate to this folder and delete it (if present):

 

C:\ProgramData\IObit

==========

 

Next, please follow these instructions to remove the remaining malicious entries:

 

  • Please close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Open Notepad and copy/paste the text in the quotebox below into it:
     
    Please Note: Do NOT use any other text editor than Notepad or the CFScript will fail.
     

    killall::
     
    Registry::
    [HKEY_USERS\S-1-5-21-3149207797-2026983667-1932898229-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B1E51BE9-9E19-2AA1-5AE0-30693E4CDCDF}*-]
     
     
  • Save this as CFScript.txt, in the same location as ComboFix.exe.
     
    CFScriptB-4.gif
     
  • Referring to the picture above, drag CFScript into ComboFix.exe.
  • When finished, it shall produce a log for you at C:\ComboFix.txt.

 

Please post the ComboFix.txt in your next reply.

==========

 

In your next post, please provide the ComboFix.txt.

Share this post


Link to post
Share on other sites

Hi my Friend,

 

IObit deleted as per instruction. One quick question, have you any ideas as to how the computer got infected (just so I can avoid it happening in the future). If you have any suggestions etc, it would be appreciated.

 

Here's the Combofix.txt:

 

 

ComboFix 12-04-07.04 - Pete 10/04/2012 17:30:38.3.2 - x86

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3070.1905 [GMT 1:00]

Running from: c:\users\Pete\Desktop\ComboFix.exe

Command switches used :: c:\users\Pete\Desktop\CFScript.txt

AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((( Files Created from 2012-03-10 to 2012-04-10 )))))))))))))))))))))))))))))))

.

.

2012-04-10 16:43 . 2012-04-10 16:43 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2012-04-10 16:43 . 2012-04-10 16:43 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-04-10 16:43 . 2012-04-10 16:43 -------- d-----w- c:\users\Claire\AppData\Local\temp

2012-04-09 16:50 . 2012-04-09 16:50 -------- d-----w- c:\program files\Sophos

2012-04-08 15:44 . 2012-04-08 15:44 -------- d-----w- c:\users\Claire\AppData\Roaming\Birdstep Technology

2012-04-08 14:51 . 2012-03-20 02:53 6582328 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4B31C784-38FD-420D-A4C1-72EAE506D523}\mpengine.dll

2012-04-08 14:47 . 2012-04-08 14:47 -------- d-----w- c:\users\Pete\AppData\Roaming\Birdstep Technology

2012-04-08 14:47 . 2010-01-28 12:35 10240 ----a-w- c:\windows\system32\drivers\mdvrmng.sys

2012-04-08 14:47 . 2012-04-08 14:47 -------- d-----w- c:\program files\3 Mobile Broadband

2012-04-07 14:24 . 2012-04-07 14:24 -------- d-----w- c:\program files\MALWAREBYTES ANTI-MALWARE

2012-04-07 13:56 . 2012-04-07 13:56 388096 ----a-r- c:\users\Pete\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2012-04-07 13:56 . 2012-04-07 13:56 -------- d-----w- c:\program files\Trend Micro

2012-04-06 21:53 . 2012-04-06 21:53 -------- d-----w- c:\users\Pete\AppData\Local\Facebook

2012-04-05 17:29 . 2012-04-05 17:29 -------- d-----w- c:\programdata\boost_interprocess

2012-03-27 22:08 . 2012-04-09 12:36 -------- d-----w- c:\users\Pete\AppData\Local\Smartbar

2012-03-14 09:49 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-03-14 09:49 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-03-14 09:12 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\system32\DWrite.dll

2012-03-14 09:12 . 2012-01-25 05:32 58880 ----a-w- c:\windows\system32\rdpwsx.dll

2012-03-14 09:12 . 2012-01-25 05:32 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll

2012-03-14 09:12 . 2012-01-25 05:27 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe

2012-03-14 09:12 . 2012-02-17 05:34 826880 ----a-w- c:\windows\system32\rdpcore.dll

2012-03-14 09:12 . 2012-02-17 04:14 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-03-14 09:12 . 2012-02-17 04:13 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys

2012-03-12 14:56 . 2012-03-12 14:56 -------- d-----w- c:\program files\ToniArts

2012-03-12 14:56 . 2004-07-16 00:20 733184 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iKernel.dll

2012-03-12 14:56 . 2004-07-16 00:20 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\ctor.dll

2012-03-12 14:56 . 2004-07-16 00:19 266240 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iscript.dll

2012-03-12 14:56 . 2004-07-16 00:18 172032 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iuser.dll

2012-03-12 14:56 . 2004-07-16 00:18 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\DotNetInstaller.exe

2012-03-12 14:56 . 2012-03-12 14:56 303236 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\setup.dll

2012-03-12 14:56 . 2012-03-12 14:56 180356 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iGdi.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-04-05 17:15 . 2010-10-23 07:50 472808 ----a-w- c:\windows\system32\deployJava1.dll

2012-02-23 09:18 . 2010-09-30 12:51 237072 ------w- c:\windows\system32\MpSigStub.exe

2012-02-10 04:13 . 2012-02-22 17:04 7713088 ----a-w- c:\windows\system32\nvwgf2um.dll

2012-02-10 04:13 . 2012-02-22 17:04 61248 ----a-w- c:\windows\system32\OpenCL.dll

2012-02-10 04:13 . 2012-02-22 17:04 5892928 ----a-w- c:\windows\system32\nvcuda.dll

2012-02-10 04:13 . 2012-02-22 17:04 2517312 ----a-w- c:\windows\system32\nvcuvid.dll

2012-02-10 04:13 . 2012-02-22 17:04 2437440 ----a-w- c:\windows\system32\nvcuvenc.dll

2012-02-10 04:13 . 2012-02-22 17:04 19443520 ----a-w- c:\windows\system32\nvoglv32.dll

2012-02-10 04:13 . 2012-02-22 17:04 17543488 ----a-w- c:\windows\system32\nvcompiler.dll

2012-02-10 04:13 . 2012-02-22 17:04 15009600 ----a-w- c:\windows\system32\nvd3dum.dll

2012-02-10 04:13 . 2012-02-22 17:04 10816832 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys

2012-02-10 04:13 . 2011-08-10 03:00 881984 ----a-w- c:\windows\system32\nvgenco32.dll

2012-02-10 04:13 . 2011-08-10 03:00 1000256 ----a-w- c:\windows\system32\nvdispco32.dll

2012-02-10 04:13 . 2010-09-24 23:46 2301248 ----a-w- c:\windows\system32\nvapi.dll

2012-02-10 03:02 . 2011-04-07 21:43 3881792 ----a-w- c:\windows\system32\nvcpl.dll

2012-02-10 03:00 . 2011-04-07 21:43 2719040 ----a-w- c:\windows\system32\nvsvc.dll

2012-02-10 03:00 . 2011-04-07 21:43 645440 ----a-w- c:\windows\system32\nvvsvc.exe

2012-02-10 03:00 . 2011-04-07 21:43 108352 ----a-w- c:\windows\system32\nvmctray.dll

2012-02-10 03:00 . 2010-07-09 15:20 62272 ----a-w- c:\windows\system32\nvshext.dll

2012-02-09 20:05 . 2012-02-09 20:05 416064 ----a-w- c:\windows\system32\nvStreaming.exe

2012-02-03 03:54 . 2012-03-14 09:12 2343424 ----a-w- c:\windows\system32\win32k.sys

2012-01-26 18:39 . 2012-01-26 18:39 53248 ----a-r- c:\users\Pete\AppData\Roaming\Microsoft\Installer\{12BAA98C-F8DD-4BC9-BBE6-1C8463114197}\ARPPRODUCTICON.exe

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-17 221184]

"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

"StickyPassword"="c:\program files\Sticky Password\stpass.exe" [2010-08-25 3052376]

"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]

"Facebook Update"="c:\users\Pete\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-04-06 137536]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2009-07-22 83336]

"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]

"VM331_STI"="c:\windows\VM331_STI.exe" [2010-01-15 536576]

"SPZ2000_Monitor"="c:\windows\Philips\SPZ2000\GUCI_AVS.exe" [2007-12-10 323584]

"PlusService"="c:\program files\Yuna Software\Messenger Plus!\PlusService.exe" [2012-02-27 801792]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1387288]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-07-28 9398888]

"RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-09-01 90448]

"OODefragTray"="c:\program files\OO Software\Defrag\oodtray.exe" [2011-11-17 2773328]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

.

c:\users\Pete\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Facebook Messenger.lnk - c:\users\Pete\AppData\Local\Facebook\Messenger\2.0.4478.0\FacebookMessenger.exe [2012-4-5 204288]

Logitech . Product Registration.lnk - c:\program files\Common Files\Logishrd\eReg\SetPoint\eReg.exe [2009-11-16 517384]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2010-6-28 2721184]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]

2011-09-27 19:03 66328 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart\0OODBS

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@=""

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 JetDrive WindowsClosingService;JetDrive WindowsClosingService;c:\windows\System32\WindowsClosingService [x]

R3 jetdrive;jddrv;c:\windows\system32\DRIVERS\jddrv.sys [2011-03-12 29056]

R3 Just Flight Limited License Service;Just Flight Limited License Service;c:\program files\Common Files\Just Flight Limited Shared\Service\JustFlightLimitedLicSvc.exe [2010-10-27 69632]

R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [x]

R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2010-01-19 9216]

R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\A707.tmp [x]

R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 27192]

R3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\DRIVERS\s0016bus.sys [2008-05-16 89256]

R3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0016mdfl.sys [2008-05-16 15016]

R3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0016mdm.sys [2008-05-16 120744]

R3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0016mgmt.sys [2008-05-16 114216]

R3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\DRIVERS\s0016nd5.sys [2008-05-16 25512]

R3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0016obex.sys [2008-05-16 110632]

R3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\DRIVERS\s0016unic.sys [2008-05-16 115752]

R3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2011-06-29 155344]

R3 SRS_AE_Service;SRS Audio Essentials;c:\windows\system32\drivers\SRS_AE_i386.sys [2011-08-01 404256]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]

R3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);c:\windows\system32\DRIVERS\vcsvad.sys [2008-12-26 17792]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-09-25 1343400]

R3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [2010-11-26 25704]

R3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [2010-11-26 25704]

R3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [2010-11-26 25704]

R3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [2010-11-26 25704]

R3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [2010-11-26 25704]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]

S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2011-07-11 23120]

S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2011-09-13 32592]

S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-07-12 64288]

S0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\System32\drivers\sfdrv01a.sys [2009-02-03 63096]

S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]

S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2011-10-07 230608]

S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2011-07-11 295248]

S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2011-06-28 101720]

S2 ACPService;ACPService;c:\program files\Philips\CamSuite\2.0.15.0\ACPService.exe [2010-08-26 687104]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]

S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]

S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]

S2 BecHelperService;BecHelperService;c:\program files\3 Mobile Broadband\3Connect\BecHelperService.exe [2010-01-28 1737464]

S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-02-10 2348352]

S2 OODefragAgent;O&O Defrag Agent;c:\program files\OO Software\Defrag\oodag.exe [2011-11-17 2489680]

S2 PfFilter;PfFilter;c:\program files\IObit\Protected Folder\pffilter.sys [2011-03-16 140848]

S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-09 382272]

S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [2011-07-11 134736]

S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [2011-07-11 24272]

S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys [2011-10-04 16720]

S3 GUCI_AVS;Philips SPZ2000 Webcam;c:\windows\system32\DRIVERS\GUCI_AVS.sys [2010-06-10 574848]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-03-22 278560]

.

.

Contents of the 'Scheduled Tasks' folder

.

2012-04-09 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3149207797-2026983667-1932898229-1000Core.job

- c:\users\Pete\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-06 21:53]

.

2012-04-10 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3149207797-2026983667-1932898229-1000UA.job

- c:\users\Pete\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-06 21:53]

.

2012-04-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3149207797-2026983667-1932898229-1000Core.job

- c:\users\Pete\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-18 23:52]

.

2012-04-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3149207797-2026983667-1932898229-1000UA.job

- c:\users\Pete\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-18 23:52]

.

2012-04-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3149207797-2026983667-1932898229-1003Core.job

- c:\users\Claire\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-20 16:00]

.

2012-04-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3149207797-2026983667-1932898229-1003UA.job

- c:\users\Claire\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-20 16:00]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://co122w.col122.mail.live.com/default.aspx

IE: Download All By FlashGet3 - c:\users\Pete\AppData\Roaming\FlashGetBHO\GetAllUrl.htm

IE: Download By FlashGet3 - c:\users\Pete\AppData\Roaming\FlashGetBHO\GetUrl.htm

DPF: {01025D1C-BB03-4369-8344-732CD0DCCCF0} - hxxp://www.geforce.com/services_toolkit/ShimGen/1.1.28.1/GPU_Reader.cab

.

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\JetDrive WindowsClosingService]

"ImagePath"="c:\windows\System32\WindowsClosingService"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MEMSWEEP2]

"ImagePath"="\??\c:\windows\system32\A707.tmp"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-3149207797-2026983667-1932898229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.Email.1"

.

[HKEY_USERS\S-1-5-21-3149207797-2026983667-1932898229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.VCard.1"

.

[HKEY_USERS\S-1-5-21-3149207797-2026983667-1932898229-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B1E51BE9-9E19-2AA1-5AE0-30693E4CDCDF}*]

"mafeebkianklingcpcbenhmmfi"=hex:6a,61,68,66,63,69,70,6f,68,65,61,6a,6d,69,64,

6c,61,6b,6f,70,00,00

"nadecadlmiabdgjoebiifnbgkjno"=hex:6a,61,68,66,63,69,70,6f,68,65,61,6a,6d,69,

64,6c,61,6b,6f,70,00,00

"hahbbjljccohllin"=hex:61,62,63,63,65,67,6d,6c,64,62,66,6d,6d,6d,6c,69,67,61,

61,64,65,65,6e,62,62,61,6b,65,67,70,70,6b,70,6a,00,00

"hahbbjljpchjpmck"=hex:64,62,65,65,6f,63,70,6d,6b,67,6c,66,70,69,6a,65,6f,69,

6a,6d,6e,69,70,66,65,6e,63,6e,63,66,64,68,69,68,6e,6b,61,6e,61,66,00,40

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]

"OOPM03.00.00.01PRO"="4D6DB634E94BAB10518D41788B55A2E18248F07AB605280B68409CFDD28FE6B97040334856CBB2741834CF6A59F3BE6BE5B399A77EFBA8E0BB9CF3D7A4F05022EDBF7C75EBEA018AB419629C0913E89CE497FDB46BB262267DFEC71932D68AF7854D95DA6E04AD2E3533AE0DB8F47B03F825A7A319F3943735F116623236DA0AE9E9105CD2D022BD1BA1FC81BDBEA72D8F343639D7EDD4F5DD23749A15FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808BA7FD869164D6794A6171C11EC38DE3DA6171C11EC38DE3D5D092FFE5513152E5DA2D294245356DA186ADDEFBEA6859F7F24BE8F47C810400D85E4FE0F70CAE75B7969DE763D979BC13C4540D57A2E7F8C4493D772AC5FECBA756EF392F47C525532D24B8FC2C26ECBAC141A88CD58CD6D90E60F92EDDD26E58175040C38887553D9878FF4ED55F6E6CA365E56C1456C1A43346240E3AC2D6DA4A6C950E20F0DBDCF06D1D260129025FD9961658AF7726FE3FB7138F5307598AD31525334760B65CA4F2C76CA7EC8007F31687BF036292D51C0535BA211A490C14B20307D6713FAD169AFD27465DF505DF3B2854F0C10F8410B90AEFAB99862D8AC29A3A64EFD16C25D5D7F3B554CD678DBED1398495A59B765265CA25C5F7F3E92D710285D57304E3A2E380D1F36B707E6BFD7CEFE6DBB91E0042F56EABD3C123E0AFA118861A678118AD96C597D78939ABE2C8B85E3F07B8F8F98DF9F2AD3C6729210840A103E9B76D36871DF3286FBF9F78CFA780CACF80A23AEA2F550E3A678B41BB7DD8B9D6285DC8BC64D992FF092EB17DB376808E1EB8AA893AD0F6CCA1EAD0E74C6B04CCE5AEA8D2D082E2878F10E900563B0FE60D58665BA4AFB52A433AA019B480FBA3698BADB75321D876DA945E1DCE5CFF07269CD643795DC60F78CCC2B1C2DEBBAC0E47B0C893947C7FB52EE95606861A46B4F074BB81BAEC3DA822AEB7E024083E968CD53E249424A27855B5C9FDABAC072B3D16185AA9E0E3AF24D45DA17382E85D0CB0D91D4D85144E14C093FEF61D10245BC95F6D892B357BCB35DE203B33935507E37B89387847C8AFC95F69F10C86838CEF7F9FDA18F444550FBD51DC809731DE5760FFC016F4FA5171C142535794A45003D0F35955DE77589910C84BE610C6FF49061D029010D5EBB5DF4FDF21D9BA53EBE4C5E6FBF803A372F6E98916EA18691700D129A0D5B62FEBB8F6F9FCE291AE9F85C9FE23C9B03298A7B7FF33EA62297268606A1CB3565E8C1EAFE479110E6570D7ADF573A1FC5A07DC4234843660AD6E25536C156E61E74192578A646C5D3CF41774BE789417AD406F22FA7527B0711FD13F0AEAD14469213ECEA31378E2B917BBAD264DA0E1EEEC53E94DE2856E5FDF271C8D236B09D"

"OODEFRAG14.00.00.01PROFESSIONAL"="D165D114FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808A2D97226D213B555A6A0AC4980AC7933C038D530D6EB34524EA4E50917B51E820907A54BAB5765676D50CD0D5C5F8D8081B66C139F1CA3B55B0AD39F0A4A7E69B503302E0BEAB380CC1B71CC72A8EE7E9383FB78CB4F06322F9E2B168353696CCA0E286E63E4DD4C385412C3579B8C18DD8169F78AA75BAD7971DD35491C1FF32F9A5D3D3F438F6C6BECF9AEFC869DC991419F73D264091C7F54142B7675CE8D5ADA5330FE86662733992C2A273BCD2F7019B934ED46E59519E02785FAB11EE8DAC8C0C05532F3E5F1D3DBB96E0EBA8E52230CE37A16BD56B270A5BB98A926DC529E114C4B4FBDB69D587243C0D978CBA23E1B93699CD0BCCC23D223E6B8F3DFF25E6414BB6B3FCC42290B915DFA8E74E08BA0B401A9D3CD7ADAA47ACE3E08900A4B8EBDD79666FBFB0B7752D9D4F6351FF18921D9106E3265404561129CD8AFF16D96D222E493BE7E86BC971ECB21E2869A7713E2A5BC34493D135CC0BECDA09E913841F2701EB410E812D8E8C9707350F4C0A9DDC4CE4576022252430D446E92C6E2D875D4D01E8AC364F049BDBA02CC336E68604E2877D101B71253790D45E8623A4FA9B267605CECD39CA4174CCCDF4A3DB653A14105D1714FCA00F56E754D7B9640E3AE168607FB3600B3CCE2B7FE749FDF76A88648854F96112CFA2074036F01264B7181BEA1CF131F8358B3C8B7B13B93594CD7418AD8EF5E1004D0DADDDD3B645CA8C4D85688A667F33763ABA7C1E865637A08939691F10D34912065C72A38BFE583ECCDE30B61A5BBEA0FAE03ACB74CCD27DF08F040E75E77A52375BDFC9FE00C387C351C80690B61F944C490BB66A4A6491C0AF770CF768EC8628FD1C3CCD6C67DE9CD64D69630C2EC86852C7CEC2CCE5A6C2A99F0DC5F7E87DCDDA8ABCE9162919D79393F740F90D14CABC34274077C58F41BDBD5F383A370022BFAAC6A67FDB4F73EA6AD4405CF3B02155B23D9BD3A494DB6D574B0B42B17B66A16FB95118CAB49C6CF5C7A5558BD05460C78ADB965AF017633EAE225979355AEDC967DAC58BD585E6A48BF26D7F229647DE0B84C2F9990FAB6948A704280A932433D00BA7A395EF8C2326F81CEF8363CF13E70289D14710932975F10547FF4D0D273322164EE0A2D34A01D579271E5BA3C3785638B318988105A4C66CB33EC0D2881DA2A59B17DB2335A89774B81E774423559FBA58835044A07EF37FBC23A0A75F27401EF5CCE69C5ED301A75D35E9F80677E4F6D3546ADF20E1C2B8CDA7911019A31B895C98751852CBBD9E295621785BFC121B9D4FED72DA257CDF72ABC102189F1470BDB2692A1AB0DB3B7F7FDD975739E99B28A97F8B23ADC108BE48617C5984F04"

"OODEFRAG15.00.00.01PROFESSIONAL"="07725BEB32B05DDC0C797267C0CDDC3E884836A3C42BCD8F02962422CEE4E86668E73CEC1B23A1BBE1B4571A22F086C89380890F29752AC28AAC1FA678EDA9592C1E9E968A7F3490383D60AFE1DC2C62FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808A9C6AECB7A5D1407BA7FD869164D67949DB7CE019D40AA5CDAC89EC09BF93E8A71579DBE33851B9FB2F8C47B713C9D98DD742404042AF8DCB124EE88F4CBDEEE70E6911EF92D980EF1EDD947CD5FBBAEC54EAB4F19B466BA65F3C97BEF518CA778CFA984D88FD7DBA3E4DBE2E9AC94E06F23826C72C933ECB98A564133BC55303429BE852F3366FEFB5DF5F1FD9F57C4BAF3C32C3DFAD046568FC1F607530739B6DEAC2C7D3396A69725568B64C77623EA961052CF6B714CC8FCB9AED7ED38A4F5B05577E83CFCB274E2ACB91CC82779A6B58695A0550C3A8022F36C37FABE0A49331DD7BD11F1B6F30F2F7CC7D964797A4D51A44B03DAFED12026A959FAB8B6704D6CB3E70814FBDD7619C6AEC46B89D4B0981D1156DE3CF56F8D52970206290BBBAEE5790CC300DB39A57FBB6ABEC289050B9355C2DAC988DAE949EEBAC914208C57BB291BA5707B4C9982FCBDA472CF445D919FD055AF0B807DE27F62EB6018255877D04723B431F8B71CA646A719C3BCC3101C9C992F60D311E70F4A1AA740BC2C4E6E366964D1DB4A938F9E16EEE48E7B029AD5B7BA539AEE948756443C4A5FCEEB2323EACB9865209B31F580DA15B1C0CA0FC181F60DEFE89BF2821E1F4AEC40EC36DCDA6B235B8A622B113E7B1D6E58C111380E3F214350A104599E89BB1806E40F43B3F774545E85C14569A2A7E286B2DC2639A181D67E3E907D84667C6A2957BD4FB159F23FF59759FE60D4C400985ED30B236208C1CE000F244D554BBDB4C0738AD6AD685C2E21FE3CC4CBE60E5BF876FA2DF4EFEDA0681F163EA84F433A8E0712E7C38340691CE0927DF5E6A3A1A96F9E7F085B1C56E900B161E9117DCFA17019EDA1D6D30DF7D0273475FE31C20D0AB204F5CD5CD9EF95E6FED3FEC50C514FE5B5FDD9530396C736D69D4FF699B33507EB542F971656EA3C2BD56AC60CE764D251C6E4D0B9D05F0F9779DA8B83A08600A8E74C07FA6FACC936138781F021174E951D38AFA0F0D6956CC588D864CBB495F12D553BF9FEAA3E3C63F0475E31EF591B537429AE3690BF1175A41B22A21BD4C350DE950EBD5AD896D223C27EBE9C8B4073224ADE53141981ABDD65A7043B5D5CB4E1CCB0D954716520806EFDE0700FA5BA29F2ABEE0C4281C4489D63C338633FF0B9EC61F3D5EE8EBE4E198B286022AF97D95A1A24476C95CB5AFCC8A9D9AEB250275426A03FCFB95634E85E15869687306606AD03B85F0A0470124E730C9DC250"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'Explorer.exe'(1360)

c:\program files\Sticky Password\spCapBtn.dll

.

------------------------ Other Running Processes ------------------------

.

c:\progra~1\AVG\AVG2012\avgrsx.exe

c:\program files\AVG\AVG2012\avgcsrvx.exe

c:\windows\system32\nvvsvc.exe

c:\program files\NVIDIA Corporation\Display\nvxdsync.exe

c:\windows\system32\nvvsvc.exe

c:\windows\system32\crypserv.exe

c:\program files\AVG\AVG2012\avgnsx.exe

c:\program files\AVG\AVG2012\avgemcx.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

c:\windows\system32\taskhost.exe

c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

c:\windows\system32\conhost.exe

c:\windows\system32\WUDFHost.exe

c:\program files\NVIDIA Corporation\Display\nvtray.exe

c:\program files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE

c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe

c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe

c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe

c:\windows\system32\sppsvc.exe

c:\program files\Windows Media Player\wmpnetwk.exe

c:\windows\system32\DllHost.exe

.

**************************************************************************

.

Completion time: 2012-04-10 17:52:47 - machine was rebooted

ComboFix-quarantined-files.txt 2012-04-10 16:52

.

Pre-Run: 433,074,057,216 bytes free

Post-Run: 433,050,378,240 bytes free

.

- - End Of File - - CC67E2454A50F0470E23E78A173C86FA

Share this post


Link to post
Share on other sites

Hello smurf667. :)

 

Getting infected is quite common these days. All it takes is visiting one suspicious website or downloading a file or even opening an email attachment. Once your computer looks good I will give you ideas about staying safe for the future. :thumbup:

 

 

Before proceeding any further, please follow these instructions to backup your Registry (in case it needs to be restored if something goes wrong):

  • Please go to Start>Run and type in regedit.
  • Click regedit to open the Registry Editor.
  • Go to the File tab.
  • Select Export.
  • Save the file as RegistryBackup.reg to the Desktop.

==========

 

Once you have made the backup, please proceed:

 

  • Go to Start>Run and type in the following:
     
    regedit.exe
     
  • Click OK to open Regedit.
  • Expand HKEY_USERS by clicking on the + sign next to HKEY_USERS.
  • Scroll down the Registry Keys and continue expanding until you reach this Key:
     
    HKEY_USERS\S-1-5-21-3149207797-2026983667-1932898229-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B1E51BE9-9E19-2AA1-5AE0-30693E4CDCDF}*
     
  • Right click on the registry key named {B1E51BE9-9E19-2AA1-5AE0-30693E4CDCDF}* and select Permissions from the menu.
  • Click Advanced.
  • Select the Owner tab.
  • In the Change owner to window, highlight your personal user account.
  • Make sure Replace owner on subcontainers and objects is checked.
  • Click Apply. Your personal user account should now be in the Current Owner box.
  • Click OK. You should now be back to the Security tab.
  • Click OK.
  • Again, right click on the Registry Key named {B1E51BE9-9E19-2AA1-5AE0-30693E4CDCDF}* and select Permissions from the menu.
  • In the Group or user names: window, highlight the one that is your personal user account.
  • In the Permissions for (your user name), the Full Control and Read boxes should be checked under Allow.
  • Click OK to close the Permissions window.
  • Right click on the Registry Key named {B1E51BE9-9E19-2AA1-5AE0-30693E4CDCDF}* and select Delete.
  • Confirm the Delete. The registy key named {B1E51BE9-9E19-2AA1-5AE0-30693E4CDCDF}* should disappear.
  • Close Regedit.
  • Please restart your computer.

Once you have performed these steps please re-run ComboFix and post its log in your next reply.

==========

 

In your next post please post the ComboFix log. How is your computer currently running?

Share this post


Link to post
Share on other sites

It seems to be ok, it's not been diverted for around 24 hours, fingers crossed. Oh whilst I'm thinking about it, I should have mentioned this earlier when I first asked for help, but, since I.E.9 started being diverted to clkads.com, I've noticed that to log on to my internet banking, it's taken about 10 times as long as it normally did, could the 2 be connected at all, or do you think it's probably just a coincidence?

 

Here's the CombFix.txt:

 

ComboFix 12-04-07.04 - Pete 11/04/2012 20:55:16.4.2 - x86

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3070.2094 [GMT 1:00]

Running from: c:\users\Pete\Desktop\ComboFix.exe

AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((( Files Created from 2012-03-11 to 2012-04-11 )))))))))))))))))))))))))))))))

.

.

2012-04-11 20:08 . 2012-04-11 20:08 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2012-04-11 20:08 . 2012-04-11 20:08 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-04-11 20:08 . 2012-04-11 20:08 -------- d-----w- c:\users\Claire\AppData\Local\temp

2012-04-11 10:25 . 2012-03-01 05:46 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys

2012-04-11 10:25 . 2012-03-01 05:37 172544 ----a-w- c:\windows\system32\wintrust.dll

2012-04-11 10:25 . 2012-03-01 05:33 159232 ----a-w- c:\windows\system32\imagehlp.dll

2012-04-11 10:25 . 2012-03-01 05:29 5120 ----a-w- c:\windows\system32\wmi.dll

2012-04-11 10:25 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-04-11 10:25 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-04-11 10:01 . 2012-03-20 02:53 6582328 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FEC37CA4-45F2-4909-AA82-33295258D805}\mpengine.dll

2012-04-09 16:50 . 2012-04-09 16:50 -------- d-----w- c:\program files\Sophos

2012-04-08 15:44 . 2012-04-08 15:44 -------- d-----w- c:\users\Claire\AppData\Roaming\Birdstep Technology

2012-04-08 14:47 . 2012-04-08 14:47 -------- d-----w- c:\users\Pete\AppData\Roaming\Birdstep Technology

2012-04-08 14:47 . 2010-01-28 12:35 10240 ----a-w- c:\windows\system32\drivers\mdvrmng.sys

2012-04-08 14:47 . 2012-04-08 14:47 -------- d-----w- c:\program files\3 Mobile Broadband

2012-04-07 14:24 . 2012-04-07 14:24 -------- d-----w- c:\program files\MALWAREBYTES ANTI-MALWARE

2012-04-07 13:56 . 2012-04-07 13:56 388096 ----a-r- c:\users\Pete\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2012-04-07 13:56 . 2012-04-07 13:56 -------- d-----w- c:\program files\Trend Micro

2012-04-06 21:53 . 2012-04-06 21:53 -------- d-----w- c:\users\Pete\AppData\Local\Facebook

2012-04-05 17:29 . 2012-04-05 17:29 -------- d-----w- c:\programdata\boost_interprocess

2012-03-27 22:08 . 2012-04-09 12:36 -------- d-----w- c:\users\Pete\AppData\Local\Smartbar

2012-03-14 09:12 . 2012-02-03 03:54 2343424 ----a-w- c:\windows\system32\win32k.sys

2012-03-14 09:12 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\system32\DWrite.dll

2012-03-14 09:12 . 2012-01-25 05:32 58880 ----a-w- c:\windows\system32\rdpwsx.dll

2012-03-14 09:12 . 2012-01-25 05:32 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll

2012-03-14 09:12 . 2012-01-25 05:27 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe

2012-03-14 09:12 . 2012-02-17 05:34 826880 ----a-w- c:\windows\system32\rdpcore.dll

2012-03-14 09:12 . 2012-02-17 04:14 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-03-14 09:12 . 2012-02-17 04:13 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-04-05 17:15 . 2010-10-23 07:50 472808 ----a-w- c:\windows\system32\deployJava1.dll

2012-02-23 09:18 . 2010-09-30 12:51 237072 ------w- c:\windows\system32\MpSigStub.exe

2012-02-10 04:13 . 2012-02-22 17:04 7713088 ----a-w- c:\windows\system32\nvwgf2um.dll

2012-02-10 04:13 . 2012-02-22 17:04 61248 ----a-w- c:\windows\system32\OpenCL.dll

2012-02-10 04:13 . 2012-02-22 17:04 5892928 ----a-w- c:\windows\system32\nvcuda.dll

2012-02-10 04:13 . 2012-02-22 17:04 2517312 ----a-w- c:\windows\system32\nvcuvid.dll

2012-02-10 04:13 . 2012-02-22 17:04 2437440 ----a-w- c:\windows\system32\nvcuvenc.dll

2012-02-10 04:13 . 2012-02-22 17:04 19443520 ----a-w- c:\windows\system32\nvoglv32.dll

2012-02-10 04:13 . 2012-02-22 17:04 17543488 ----a-w- c:\windows\system32\nvcompiler.dll

2012-02-10 04:13 . 2012-02-22 17:04 15009600 ----a-w- c:\windows\system32\nvd3dum.dll

2012-02-10 04:13 . 2012-02-22 17:04 10816832 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys

2012-02-10 04:13 . 2011-08-10 03:00 881984 ----a-w- c:\windows\system32\nvgenco32.dll

2012-02-10 04:13 . 2011-08-10 03:00 1000256 ----a-w- c:\windows\system32\nvdispco32.dll

2012-02-10 04:13 . 2010-09-24 23:46 2301248 ----a-w- c:\windows\system32\nvapi.dll

2012-02-10 03:02 . 2011-04-07 21:43 3881792 ----a-w- c:\windows\system32\nvcpl.dll

2012-02-10 03:00 . 2011-04-07 21:43 2719040 ----a-w- c:\windows\system32\nvsvc.dll

2012-02-10 03:00 . 2011-04-07 21:43 645440 ----a-w- c:\windows\system32\nvvsvc.exe

2012-02-10 03:00 . 2011-04-07 21:43 108352 ----a-w- c:\windows\system32\nvmctray.dll

2012-02-10 03:00 . 2010-07-09 15:20 62272 ----a-w- c:\windows\system32\nvshext.dll

2012-02-09 20:05 . 2012-02-09 20:05 416064 ----a-w- c:\windows\system32\nvStreaming.exe

2012-01-26 18:39 . 2012-01-26 18:39 53248 ----a-r- c:\users\Pete\AppData\Roaming\Microsoft\Installer\{12BAA98C-F8DD-4BC9-BBE6-1C8463114197}\ARPPRODUCTICON.exe

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-17 221184]

"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

"StickyPassword"="c:\program files\Sticky Password\stpass.exe" [2010-08-25 3052376]

"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]

"Facebook Update"="c:\users\Pete\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-04-06 137536]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2009-07-22 83336]

"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]

"VM331_STI"="c:\windows\VM331_STI.exe" [2010-01-15 536576]

"SPZ2000_Monitor"="c:\windows\Philips\SPZ2000\GUCI_AVS.exe" [2007-12-10 323584]

"PlusService"="c:\program files\Yuna Software\Messenger Plus!\PlusService.exe" [2012-02-27 801792]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1387288]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-07-28 9398888]

"RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-09-01 90448]

"OODefragTray"="c:\program files\OO Software\Defrag\oodtray.exe" [2011-11-17 2773328]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

.

c:\users\Pete\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Facebook Messenger.lnk - c:\users\Pete\AppData\Local\Facebook\Messenger\2.0.4478.0\FacebookMessenger.exe [2012-4-5 204288]

Logitech . Product Registration.lnk - c:\program files\Common Files\Logishrd\eReg\SetPoint\eReg.exe [2009-11-16 517384]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2010-6-28 2721184]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]

2011-09-27 19:03 66328 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart\0OODBS

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@=""

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 JetDrive WindowsClosingService;JetDrive WindowsClosingService;c:\windows\System32\WindowsClosingService [x]

R3 jetdrive;jddrv;c:\windows\system32\DRIVERS\jddrv.sys [2011-03-12 29056]

R3 Just Flight Limited License Service;Just Flight Limited License Service;c:\program files\Common Files\Just Flight Limited Shared\Service\JustFlightLimitedLicSvc.exe [2010-10-27 69632]

R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [x]

R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2010-01-19 9216]

R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\A707.tmp [x]

R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 27192]

R3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\DRIVERS\s0016bus.sys [2008-05-16 89256]

R3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0016mdfl.sys [2008-05-16 15016]

R3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0016mdm.sys [2008-05-16 120744]

R3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0016mgmt.sys [2008-05-16 114216]

R3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\DRIVERS\s0016nd5.sys [2008-05-16 25512]

R3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0016obex.sys [2008-05-16 110632]

R3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\DRIVERS\s0016unic.sys [2008-05-16 115752]

R3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2011-06-29 155344]

R3 SRS_AE_Service;SRS Audio Essentials;c:\windows\system32\drivers\SRS_AE_i386.sys [2011-08-01 404256]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]

R3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);c:\windows\system32\DRIVERS\vcsvad.sys [2008-12-26 17792]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-09-25 1343400]

R3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [2010-11-26 25704]

R3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [2010-11-26 25704]

R3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [2010-11-26 25704]

R3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [2010-11-26 25704]

R3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [2010-11-26 25704]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]

S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2011-07-11 23120]

S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2011-09-13 32592]

S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-07-12 64288]

S0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\System32\drivers\sfdrv01a.sys [2009-02-03 63096]

S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]

S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2011-10-07 230608]

S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2011-07-11 295248]

S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2011-06-28 101720]

S2 ACPService;ACPService;c:\program files\Philips\CamSuite\2.0.15.0\ACPService.exe [2010-08-26 687104]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]

S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]

S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]

S2 BecHelperService;BecHelperService;c:\program files\3 Mobile Broadband\3Connect\BecHelperService.exe [2010-01-28 1737464]

S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-02-10 2348352]

S2 OODefragAgent;O&O Defrag Agent;c:\program files\OO Software\Defrag\oodag.exe [2011-11-17 2489680]

S2 PfFilter;PfFilter;c:\program files\IObit\Protected Folder\pffilter.sys [2011-03-16 140848]

S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-09 382272]

S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [2011-07-11 134736]

S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [2011-07-11 24272]

S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys [2011-10-04 16720]

S3 GUCI_AVS;Philips SPZ2000 Webcam;c:\windows\system32\DRIVERS\GUCI_AVS.sys [2010-06-10 574848]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-03-22 278560]

.

.

Contents of the 'Scheduled Tasks' folder

.

2012-04-10 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3149207797-2026983667-1932898229-1000Core.job

- c:\users\Pete\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-06 21:53]

.

2012-04-11 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3149207797-2026983667-1932898229-1000UA.job

- c:\users\Pete\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-06 21:53]

.

2012-04-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3149207797-2026983667-1932898229-1000Core.job

- c:\users\Pete\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-18 23:52]

.

2012-04-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3149207797-2026983667-1932898229-1000UA.job

- c:\users\Pete\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-18 23:52]

.

2012-04-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3149207797-2026983667-1932898229-1003Core.job

- c:\users\Claire\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-20 16:00]

.

2012-04-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3149207797-2026983667-1932898229-1003UA.job

- c:\users\Claire\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-20 16:00]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://co122w.col122.mail.live.com/default.aspx

IE: Download All By FlashGet3 - c:\users\Pete\AppData\Roaming\FlashGetBHO\GetAllUrl.htm

IE: Download By FlashGet3 - c:\users\Pete\AppData\Roaming\FlashGetBHO\GetUrl.htm

DPF: {01025D1C-BB03-4369-8344-732CD0DCCCF0} - hxxp://www.geforce.com/services_toolkit/ShimGen/1.1.28.1/GPU_Reader.cab

.

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\JetDrive WindowsClosingService]

"ImagePath"="c:\windows\System32\WindowsClosingService"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MEMSWEEP2]

"ImagePath"="\??\c:\windows\system32\A707.tmp"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-3149207797-2026983667-1932898229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.Email.1"

.

[HKEY_USERS\S-1-5-21-3149207797-2026983667-1932898229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.VCard.1"

.

[HKEY_USERS\S-1-5-21-3149207797-2026983667-1932898229-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B1E51BE9-9E19-2AA1-5AE0-30693E4CDCDF}*]

"mafeebkianklingcpcbenhmmfi"=hex:6a,61,68,66,63,69,70,6f,68,65,61,6a,6d,69,64,

6c,61,6b,6f,70,00,00

"nadecadlmiabdgjoebiifnbgkjno"=hex:6a,61,68,66,63,69,70,6f,68,65,61,6a,6d,69,

64,6c,61,6b,6f,70,00,00

"hahbbjljccohllin"=hex:61,62,63,63,65,67,6d,6c,64,62,66,6d,6d,6d,6c,69,67,61,

61,64,65,65,6e,62,62,61,6b,65,67,70,70,6b,70,6a,00,00

"hahbbjljpchjpmck"=hex:64,62,65,65,6f,63,70,6d,6b,67,6c,66,70,69,6a,65,6f,69,

6a,6d,6e,69,70,66,65,6e,63,6e,63,66,64,68,69,68,6e,6b,61,6e,61,66,00,40

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]

"OOPM03.00.00.01PRO"="4D6DB634E94BAB10518D41788B55A2E18248F07AB605280B68409CFDD28FE6B97040334856CBB2741834CF6A59F3BE6BE5B399A77EFBA8E0BB9CF3D7A4F05022EDBF7C75EBEA018AB419629C0913E89CE497FDB46BB262267DFEC71932D68AF7854D95DA6E04AD2E3533AE0DB8F47B03F825A7A319F3943735F116623236DA0AE9E9105CD2D022BD1BA1FC81BDBEA72D8F343639D7EDD4F5DD23749A15FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808BA7FD869164D6794A6171C11EC38DE3DA6171C11EC38DE3D5D092FFE5513152E5DA2D294245356DA186ADDEFBEA6859F7F24BE8F47C810400D85E4FE0F70CAE75B7969DE763D979BC13C4540D57A2E7F8C4493D772AC5FECBA756EF392F47C525532D24B8FC2C26ECBAC141A88CD58CD6D90E60F92EDDD26E58175040C38887553D9878FF4ED55F6E6CA365E56C1456C1A43346240E3AC2D6DA4A6C950E20F0DBDCF06D1D260129025FD9961658AF7726FE3FB7138F5307598AD31525334760B65CA4F2C76CA7EC8007F31687BF036292D51C0535BA211A490C14B20307D6713FAD169AFD27465DF505DF3B2854F0C10F8410B90AEFAB99862D8AC29A3A64EFD16C25D5D7F3B554CD678DBED1398495A59B765265CA25C5F7F3E92D710285D57304E3A2E380D1F36B707E6BFD7CEFE6DBB91E0042F56EABD3C123E0AFA118861A678118AD96C597D78939ABE2C8B85E3F07B8F8F98DF9F2AD3C6729210840A103E9B76D36871DF3286FBF9F78CFA780CACF80A23AEA2F550E3A678B41BB7DD8B9D6285DC8BC64D992FF092EB17DB376808E1EB8AA893AD0F6CCA1EAD0E74C6B04CCE5AEA8D2D082E2878F10E900563B0FE60D58665BA4AFB52A433AA019B480FBA3698BADB75321D876DA945E1DCE5CFF07269CD643795DC60F78CCC2B1C2DEBBAC0E47B0C893947C7FB52EE95606861A46B4F074BB81BAEC3DA822AEB7E024083E968CD53E249424A27855B5C9FDABAC072B3D16185AA9E0E3AF24D45DA17382E85D0CB0D91D4D85144E14C093FEF61D10245BC95F6D892B357BCB35DE203B33935507E37B89387847C8AFC95F69F10C86838CEF7F9FDA18F444550FBD51DC809731DE5760FFC016F4FA5171C142535794A45003D0F35955DE77589910C84BE610C6FF49061D029010D5EBB5DF4FDF21D9BA53EBE4C5E6FBF803A372F6E98916EA18691700D129A0D5B62FEBB8F6F9FCE291AE9F85C9FE23C9B03298A7B7FF33EA62297268606A1CB3565E8C1EAFE479110E6570D7ADF573A1FC5A07DC4234843660AD6E25536C156E61E74192578A646C5D3CF41774BE789417AD406F22FA7527B0711FD13F0AEAD14469213ECEA31378E2B917BBAD264DA0E1EEEC53E94DE2856E5FDF271C8D236B09D"

"OODEFRAG14.00.00.01PROFESSIONAL"="D165D114FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808A2D97226D213B555A6A0AC4980AC7933C038D530D6EB34524EA4E50917B51E820907A54BAB5765676D50CD0D5C5F8D8081B66C139F1CA3B55B0AD39F0A4A7E69B503302E0BEAB380CC1B71CC72A8EE7E9383FB78CB4F06322F9E2B168353696CCA0E286E63E4DD4C385412C3579B8C18DD8169F78AA75BAD7971DD35491C1FF32F9A5D3D3F438F6C6BECF9AEFC869DC991419F73D264091C7F54142B7675CE8D5ADA5330FE86662733992C2A273BCD2F7019B934ED46E59519E02785FAB11EE8DAC8C0C05532F3E5F1D3DBB96E0EBA8E52230CE37A16BD56B270A5BB98A926DC529E114C4B4FBDB69D587243C0D978CBA23E1B93699CD0BCCC23D223E6B8F3DFF25E6414BB6B3FCC42290B915DFA8E74E08BA0B401A9D3CD7ADAA47ACE3E08900A4B8EBDD79666FBFB0B7752D9D4F6351FF18921D9106E3265404561129CD8AFF16D96D222E493BE7E86BC971ECB21E2869A7713E2A5BC34493D135CC0BECDA09E913841F2701EB410E812D8E8C9707350F4C0A9DDC4CE4576022252430D446E92C6E2D875D4D01E8AC364F049BDBA02CC336E68604E2877D101B71253790D45E8623A4FA9B267605CECD39CA4174CCCDF4A3DB653A14105D1714FCA00F56E754D7B9640E3AE168607FB3600B3CCE2B7FE749FDF76A88648854F96112CFA2074036F01264B7181BEA1CF131F8358B3C8B7B13B93594CD7418AD8EF5E1004D0DADDDD3B645CA8C4D85688A667F33763ABA7C1E865637A08939691F10D34912065C72A38BFE583ECCDE30B61A5BBEA0FAE03ACB74CCD27DF08F040E75E77A52375BDFC9FE00C387C351C80690B61F944C490BB66A4A6491C0AF770CF768EC8628FD1C3CCD6C67DE9CD64D69630C2EC86852C7CEC2CCE5A6C2A99F0DC5F7E87DCDDA8ABCE9162919D79393F740F90D14CABC34274077C58F41BDBD5F383A370022BFAAC6A67FDB4F73EA6AD4405CF3B02155B23D9BD3A494DB6D574B0B42B17B66A16FB95118CAB49C6CF5C7A5558BD05460C78ADB965AF017633EAE225979355AEDC967DAC58BD585E6A48BF26D7F229647DE0B84C2F9990FAB6948A704280A932433D00BA7A395EF8C2326F81CEF8363CF13E70289D14710932975F10547FF4D0D273322164EE0A2D34A01D579271E5BA3C3785638B318988105A4C66CB33EC0D2881DA2A59B17DB2335A89774B81E774423559FBA58835044A07EF37FBC23A0A75F27401EF5CCE69C5ED301A75D35E9F80677E4F6D3546ADF20E1C2B8CDA7911019A31B895C98751852CBBD9E295621785BFC121B9D4FED72DA257CDF72ABC102189F1470BDB2692A1AB0DB3B7F7FDD975739E99B28A97F8B23ADC108BE48617C5984F04"

"OODEFRAG15.00.00.01PROFESSIONAL"="07725BEB32B05DDC0C797267C0CDDC3E884836A3C42BCD8F02962422CEE4E86668E73CEC1B23A1BBE1B4571A22F086C89380890F29752AC28AAC1FA678EDA9592C1E9E968A7F3490383D60AFE1DC2C62FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808A9C6AECB7A5D1407BA7FD869164D67949DB7CE019D40AA5CDAC89EC09BF93E8A71579DBE33851B9FB2F8C47B713C9D98DD742404042AF8DCB124EE88F4CBDEEE70E6911EF92D980EF1EDD947CD5FBBAEC54EAB4F19B466BA65F3C97BEF518CA778CFA984D88FD7DBA3E4DBE2E9AC94E06F23826C72C933ECB98A564133BC55303429BE852F3366FEFB5DF5F1FD9F57C4BAF3C32C3DFAD046568FC1F607530739B6DEAC2C7D3396A69725568B64C77623EA961052CF6B714CC8FCB9AED7ED38A4F5B05577E83CFCB274E2ACB91CC82779A6B58695A0550C3A8022F36C37FABE0A49331DD7BD11F1B6F30F2F7CC7D964797A4D51A44B03DAFED12026A959FAB8B6704D6CB3E70814FBDD7619C6AEC46B89D4B0981D1156DE3CF56F8D52970206290BBBAEE5790CC300DB39A57FBB6ABEC289050B9355C2DAC988DAE949EEBAC914208C57BB291BA5707B4C9982FCBDA472CF445D919FD055AF0B807DE27F62EB6018255877D04723B431F8B71CA646A719C3BCC3101C9C992F60D311E70F4A1AA740BC2C4E6E366964D1DB4A938F9E16EEE48E7B029AD5B7BA539AEE948756443C4A5FCEEB2323EACB9865209B31F580DA15B1C0CA0FC181F60DEFE89BF2821E1F4AEC40EC36DCDA6B235B8A622B113E7B1D6E58C111380E3F214350A104599E89BB1806E40F43B3F774545E85C14569A2A7E286B2DC2639A181D67E3E907D84667C6A2957BD4FB159F23FF59759FE60D4C400985ED30B236208C1CE000F244D554BBDB4C0738AD6AD685C2E21FE3CC4CBE60E5BF876FA2DF4EFEDA0681F163EA84F433A8E0712E7C38340691CE0927DF5E6A3A1A96F9E7F085B1C56E900B161E9117DCFA17019EDA1D6D30DF7D0273475FE31C20D0AB204F5CD5CD9EF95E6FED3FEC50C514FE5B5FDD9530396C736D69D4FF699B33507EB542F971656EA3C2BD56AC60CE764D251C6E4D0B9D05F0F9779DA8B83A08600A8E74C07FA6FACC936138781F021174E951D38AFA0F0D6956CC588D864CBB495F12D553BF9FEAA3E3C63F0475E31EF591B537429AE3690BF1175A41B22A21BD4C350DE950EBD5AD896D223C27EBE9C8B4073224ADE53141981ABDD65A7043B5D5CB4E1CCB0D954716520806EFDE0700FA5BA29F2ABEE0C4281C4489D63C338633FF0B9EC61F3D5EE8EBE4E198B286022AF97D95A1A24476C95CB5AFCC8A9D9AEB250275426A03FCFB95634E85E15869687306606AD03B85F0A0470124E730C9DC250"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'Explorer.exe'(5204)

c:\program files\Sticky Password\spCapBtn.dll

.

Completion time: 2012-04-11 21:11:01

ComboFix-quarantined-files.txt 2012-04-11 20:11

.

Pre-Run: 432,526,966,784 bytes free

Post-Run: 432,483,766,272 bytes free

.

- - End Of File - - 15889A23965E10DB6237588DD9F6A2C1

Share this post


Link to post
Share on other sites

Hey smurf667. :)

 

Not sure about the loading time for your Internet banking. It could be connected to a Registry Key that is still present on your computer.

 

When you tried to delete the Registry Key from my previous post, were you successful?

 

 

It appears it is still present so please follow these instructions to run RegASSASSIN:

 

  • Please download RegASSASSIN to your Desktop.
  • Double-click on the file to start RegASSASSIN.
  • Agree to the User Agreement.
  • In the box that appears, please copy and paste this Key:
     
    HKEY_USERS\S-1-5-21-3149207797-2026983667-1932898229-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B1E51BE9-9E19-2AA1-5AE0-30693E4CDCDF}*
     
  • Make sure both check boxes are ticked.
  • Then click Delete.
  • Please restart your computer if you are not prompted.

 

After you have run RegASSASSIN, please delete your current copy of ComboFix. Then, please follow these instructions to run ComboFix.exe. Please visit this webpage for download links and instructions for running this tool:

 

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

 

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix (CF).

 

Please go here to see a list of programs that need to be disabled.

 

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall.**

 

**Note 2: If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.**

 

Please include the C:\ComboFix.txt in your next reply for further review.

==========

 

In your next post please post the ComboFix.txt and if were able to delete the Key last time. :thumbup:

Share this post


Link to post
Share on other sites

Hi Dark Knight,

 

Yes it the registry key deleted no problem, and when I ran RegASSASSIN, it said that either the key had been deleted or was hidden and that RegASSASSIN might not have permission to delete it, it then asked me if I wanted to continue, so I clicked yes, and when it had finished, it said that the registry key had been deleted. I then restarted the computer.

 

Thing is, I ran combofix, and then checked the combofix.txt file, and did a search for they reg key, and it's still listed in combofix as being there!!

 

Here's the combofix.txt:

 

 

ComboFix 12-04-11.03 - Pete 12/04/2012 1:59.5.2 - x86

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3070.1986 [GMT 1:00]

Running from: c:\users\Pete\Desktop\ComboFix.exe

AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((( Files Created from 2012-03-12 to 2012-04-12 )))))))))))))))))))))))))))))))

.

.

2012-04-12 01:11 . 2012-04-12 01:11 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2012-04-12 01:11 . 2012-04-12 01:11 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-04-12 01:11 . 2012-04-12 01:11 -------- d-----w- c:\users\Claire\AppData\Local\temp

2012-04-11 10:25 . 2012-03-01 05:46 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys

2012-04-11 10:25 . 2012-03-01 05:37 172544 ----a-w- c:\windows\system32\wintrust.dll

2012-04-11 10:25 . 2012-03-01 05:33 159232 ----a-w- c:\windows\system32\imagehlp.dll

2012-04-11 10:25 . 2012-03-01 05:29 5120 ----a-w- c:\windows\system32\wmi.dll

2012-04-11 10:25 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-04-11 10:25 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-04-11 10:01 . 2012-03-20 02:53 6582328 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FEC37CA4-45F2-4909-AA82-33295258D805}\mpengine.dll

2012-04-09 16:50 . 2012-04-09 16:50 -------- d-----w- c:\program files\Sophos

2012-04-08 15:44 . 2012-04-08 15:44 -------- d-----w- c:\users\Claire\AppData\Roaming\Birdstep Technology

2012-04-08 14:47 . 2012-04-08 14:47 -------- d-----w- c:\users\Pete\AppData\Roaming\Birdstep Technology

2012-04-08 14:47 . 2010-01-28 12:35 10240 ----a-w- c:\windows\system32\drivers\mdvrmng.sys

2012-04-08 14:47 . 2012-04-08 14:47 -------- d-----w- c:\program files\3 Mobile Broadband

2012-04-07 14:24 . 2012-04-11 20:42 -------- d-----w- c:\program files\MALWAREBYTES ANTI-MALWARE

2012-04-07 13:56 . 2012-04-07 13:56 388096 ----a-r- c:\users\Pete\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2012-04-07 13:56 . 2012-04-07 13:56 -------- d-----w- c:\program files\Trend Micro

2012-04-06 21:53 . 2012-04-06 21:53 -------- d-----w- c:\users\Pete\AppData\Local\Facebook

2012-04-05 17:29 . 2012-04-05 17:29 -------- d-----w- c:\programdata\boost_interprocess

2012-03-27 22:08 . 2012-04-09 12:36 -------- d-----w- c:\users\Pete\AppData\Local\Smartbar

2012-03-14 09:12 . 2012-02-03 03:54 2343424 ----a-w- c:\windows\system32\win32k.sys

2012-03-14 09:12 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\system32\DWrite.dll

2012-03-14 09:12 . 2012-01-25 05:32 58880 ----a-w- c:\windows\system32\rdpwsx.dll

2012-03-14 09:12 . 2012-01-25 05:32 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll

2012-03-14 09:12 . 2012-01-25 05:27 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe

2012-03-14 09:12 . 2012-02-17 05:34 826880 ----a-w- c:\windows\system32\rdpcore.dll

2012-03-14 09:12 . 2012-02-17 04:14 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-03-14 09:12 . 2012-02-17 04:13 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-04-05 17:15 . 2010-10-23 07:50 472808 ----a-w- c:\windows\system32\deployJava1.dll

2012-04-04 14:56 . 2010-09-27 20:28 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-02-23 09:18 . 2010-09-30 12:51 237072 ------w- c:\windows\system32\MpSigStub.exe

2012-02-10 04:13 . 2012-02-22 17:04 7713088 ----a-w- c:\windows\system32\nvwgf2um.dll

2012-02-10 04:13 . 2012-02-22 17:04 61248 ----a-w- c:\windows\system32\OpenCL.dll

2012-02-10 04:13 . 2012-02-22 17:04 5892928 ----a-w- c:\windows\system32\nvcuda.dll

2012-02-10 04:13 . 2012-02-22 17:04 2517312 ----a-w- c:\windows\system32\nvcuvid.dll

2012-02-10 04:13 . 2012-02-22 17:04 2437440 ----a-w- c:\windows\system32\nvcuvenc.dll

2012-02-10 04:13 . 2012-02-22 17:04 19443520 ----a-w- c:\windows\system32\nvoglv32.dll

2012-02-10 04:13 . 2012-02-22 17:04 17543488 ----a-w- c:\windows\system32\nvcompiler.dll

2012-02-10 04:13 . 2012-02-22 17:04 15009600 ----a-w- c:\windows\system32\nvd3dum.dll

2012-02-10 04:13 . 2012-02-22 17:04 10816832 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys

2012-02-10 04:13 . 2011-08-10 03:00 881984 ----a-w- c:\windows\system32\nvgenco32.dll

2012-02-10 04:13 . 2011-08-10 03:00 1000256 ----a-w- c:\windows\system32\nvdispco32.dll

2012-02-10 04:13 . 2010-09-24 23:46 2301248 ----a-w- c:\windows\system32\nvapi.dll

2012-02-10 03:02 . 2011-04-07 21:43 3881792 ----a-w- c:\windows\system32\nvcpl.dll

2012-02-10 03:00 . 2011-04-07 21:43 2719040 ----a-w- c:\windows\system32\nvsvc.dll

2012-02-10 03:00 . 2011-04-07 21:43 645440 ----a-w- c:\windows\system32\nvvsvc.exe

2012-02-10 03:00 . 2011-04-07 21:43 108352 ----a-w- c:\windows\system32\nvmctray.dll

2012-02-10 03:00 . 2010-07-09 15:20 62272 ----a-w- c:\windows\system32\nvshext.dll

2012-02-09 20:05 . 2012-02-09 20:05 416064 ----a-w- c:\windows\system32\nvStreaming.exe

2012-01-26 18:39 . 2012-01-26 18:39 53248 ----a-r- c:\users\Pete\AppData\Roaming\Microsoft\Installer\{12BAA98C-F8DD-4BC9-BBE6-1C8463114197}\ARPPRODUCTICON.exe

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-17 221184]

"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

"StickyPassword"="c:\program files\Sticky Password\stpass.exe" [2010-08-25 3052376]

"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]

"Facebook Update"="c:\users\Pete\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-04-06 137536]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2009-07-22 83336]

"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]

"VM331_STI"="c:\windows\VM331_STI.exe" [2010-01-15 536576]

"SPZ2000_Monitor"="c:\windows\Philips\SPZ2000\GUCI_AVS.exe" [2007-12-10 323584]

"PlusService"="c:\program files\Yuna Software\Messenger Plus!\PlusService.exe" [2012-02-27 801792]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1387288]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-07-28 9398888]

"RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-09-01 90448]

"OODefragTray"="c:\program files\OO Software\Defrag\oodtray.exe" [2011-11-17 2773328]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

.

c:\users\Pete\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Facebook Messenger.lnk - c:\users\Pete\AppData\Local\Facebook\Messenger\2.0.4478.0\FacebookMessenger.exe [2012-4-5 204288]

Logitech . Product Registration.lnk - c:\program files\Common Files\Logishrd\eReg\SetPoint\eReg.exe [2009-11-16 517384]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2010-6-28 2721184]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]

2011-09-27 19:03 66328 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart\0OODBS

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@=""

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 JetDrive WindowsClosingService;JetDrive WindowsClosingService;c:\windows\System32\WindowsClosingService [x]

R3 jetdrive;jddrv;c:\windows\system32\DRIVERS\jddrv.sys [2011-03-12 29056]

R3 Just Flight Limited License Service;Just Flight Limited License Service;c:\program files\Common Files\Just Flight Limited Shared\Service\JustFlightLimitedLicSvc.exe [2010-10-27 69632]

R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [x]

R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2010-01-19 9216]

R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\A707.tmp [x]

R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 27192]

R3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\DRIVERS\s0016bus.sys [2008-05-16 89256]

R3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0016mdfl.sys [2008-05-16 15016]

R3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0016mdm.sys [2008-05-16 120744]

R3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0016mgmt.sys [2008-05-16 114216]

R3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\DRIVERS\s0016nd5.sys [2008-05-16 25512]

R3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0016obex.sys [2008-05-16 110632]

R3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\DRIVERS\s0016unic.sys [2008-05-16 115752]

R3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2011-06-29 155344]

R3 SRS_AE_Service;SRS Audio Essentials;c:\windows\system32\drivers\SRS_AE_i386.sys [2011-08-01 404256]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]

R3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);c:\windows\system32\DRIVERS\vcsvad.sys [2008-12-26 17792]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-09-25 1343400]

R3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [2010-11-26 25704]

R3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [2010-11-26 25704]

R3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [2010-11-26 25704]

R3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [2010-11-26 25704]

R3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [2010-11-26 25704]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]

S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2011-07-11 23120]

S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2011-09-13 32592]

S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-07-12 64288]

S0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\System32\drivers\sfdrv01a.sys [2009-02-03 63096]

S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]

S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2011-10-07 230608]

S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2011-07-11 295248]

S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2011-06-28 101720]

S2 ACPService;ACPService;c:\program files\Philips\CamSuite\2.0.15.0\ACPService.exe [2010-08-26 687104]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]

S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]

S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]

S2 BecHelperService;BecHelperService;c:\program files\3 Mobile Broadband\3Connect\BecHelperService.exe [2010-01-28 1737464]

S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-02-10 2348352]

S2 OODefragAgent;O&O Defrag Agent;c:\program files\OO Software\Defrag\oodag.exe [2011-11-17 2489680]

S2 PfFilter;PfFilter;c:\program files\IObit\Protected Folder\pffilter.sys [2011-03-16 140848]

S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-09 382272]

S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [2011-07-11 134736]

S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [2011-07-11 24272]

S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys [2011-10-04 16720]

S3 GUCI_AVS;Philips SPZ2000 Webcam;c:\windows\system32\DRIVERS\GUCI_AVS.sys [2010-06-10 574848]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-03-22 278560]

.

.

Contents of the 'Scheduled Tasks' folder

.

2012-04-11 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3149207797-2026983667-1932898229-1000Core.job

- c:\users\Pete\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-06 21:53]

.

2012-04-12 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3149207797-2026983667-1932898229-1000UA.job

- c:\users\Pete\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-06 21:53]

.

2012-04-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3149207797-2026983667-1932898229-1000Core.job

- c:\users\Pete\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-18 23:52]

.

2012-04-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3149207797-2026983667-1932898229-1000UA.job

- c:\users\Pete\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-18 23:52]

.

2012-04-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3149207797-2026983667-1932898229-1003Core.job

- c:\users\Claire\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-20 16:00]

.

2012-04-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3149207797-2026983667-1932898229-1003UA.job

- c:\users\Claire\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-20 16:00]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://co122w.col122.mail.live.com/default.aspx

IE: Download All By FlashGet3 - c:\users\Pete\AppData\Roaming\FlashGetBHO\GetAllUrl.htm

IE: Download By FlashGet3 - c:\users\Pete\AppData\Roaming\FlashGetBHO\GetUrl.htm

DPF: {01025D1C-BB03-4369-8344-732CD0DCCCF0} - hxxp://www.geforce.com/services_toolkit/ShimGen/1.1.28.1/GPU_Reader.cab

.

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\JetDrive WindowsClosingService]

"ImagePath"="c:\windows\System32\WindowsClosingService"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MEMSWEEP2]

"ImagePath"="\??\c:\windows\system32\A707.tmp"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-3149207797-2026983667-1932898229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.Email.1"

.

[HKEY_USERS\S-1-5-21-3149207797-2026983667-1932898229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.VCard.1"

.

[HKEY_USERS\S-1-5-21-3149207797-2026983667-1932898229-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B1E51BE9-9E19-2AA1-5AE0-30693E4CDCDF}*]

"mafeebkianklingcpcbenhmmfi"=hex:6a,61,68,66,63,69,70,6f,68,65,61,6a,6d,69,64,

6c,61,6b,6f,70,00,00

"nadecadlmiabdgjoebiifnbgkjno"=hex:6a,61,68,66,63,69,70,6f,68,65,61,6a,6d,69,

64,6c,61,6b,6f,70,00,00

"hahbbjljccohllin"=hex:61,62,63,63,65,67,6d,6c,64,62,66,6d,6d,6d,6c,69,67,61,

61,64,65,65,6e,62,62,61,6b,65,67,70,70,6b,70,6a,00,00

"hahbbjljpchjpmck"=hex:64,62,65,65,6f,63,70,6d,6b,67,6c,66,70,69,6a,65,6f,69,

6a,6d,6e,69,70,66,65,6e,63,6e,63,66,64,68,69,68,6e,6b,61,6e,61,66,00,40

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]

"OOPM03.00.00.01PRO"="4D6DB634E94BAB10518D41788B55A2E18248F07AB605280B68409CFDD28FE6B97040334856CBB2741834CF6A59F3BE6BE5B399A77EFBA8E0BB9CF3D7A4F05022EDBF7C75EBEA018AB419629C0913E89CE497FDB46BB262267DFEC71932D68AF7854D95DA6E04AD2E3533AE0DB8F47B03F825A7A319F3943735F116623236DA0AE9E9105CD2D022BD1BA1FC81BDBEA72D8F343639D7EDD4F5DD23749A15FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808BA7FD869164D6794A6171C11EC38DE3DA6171C11EC38DE3D5D092FFE5513152E5DA2D294245356DA186ADDEFBEA6859F7F24BE8F47C810400D85E4FE0F70CAE75B7969DE763D979BC13C4540D57A2E7F8C4493D772AC5FECBA756EF392F47C525532D24B8FC2C26ECBAC141A88CD58CD6D90E60F92EDDD26E58175040C38887553D9878FF4ED55F6E6CA365E56C1456C1A43346240E3AC2D6DA4A6C950E20F0DBDCF06D1D260129025FD9961658AF7726FE3FB7138F5307598AD31525334760B65CA4F2C76CA7EC8007F31687BF036292D51C0535BA211A490C14B20307D6713FAD169AFD27465DF505DF3B2854F0C10F8410B90AEFAB99862D8AC29A3A64EFD16C25D5D7F3B554CD678DBED1398495A59B765265CA25C5F7F3E92D710285D57304E3A2E380D1F36B707E6BFD7CEFE6DBB91E0042F56EABD3C123E0AFA118861A678118AD96C597D78939ABE2C8B85E3F07B8F8F98DF9F2AD3C6729210840A103E9B76D36871DF3286FBF9F78CFA780CACF80A23AEA2F550E3A678B41BB7DD8B9D6285DC8BC64D992FF092EB17DB376808E1EB8AA893AD0F6CCA1EAD0E74C6B04CCE5AEA8D2D082E2878F10E900563B0FE60D58665BA4AFB52A433AA019B480FBA3698BADB75321D876DA945E1DCE5CFF07269CD643795DC60F78CCC2B1C2DEBBAC0E47B0C893947C7FB52EE95606861A46B4F074BB81BAEC3DA822AEB7E024083E968CD53E249424A27855B5C9FDABAC072B3D16185AA9E0E3AF24D45DA17382E85D0CB0D91D4D85144E14C093FEF61D10245BC95F6D892B357BCB35DE203B33935507E37B89387847C8AFC95F69F10C86838CEF7F9FDA18F444550FBD51DC809731DE5760FFC016F4FA5171C142535794A45003D0F35955DE77589910C84BE610C6FF49061D029010D5EBB5DF4FDF21D9BA53EBE4C5E6FBF803A372F6E98916EA18691700D129A0D5B62FEBB8F6F9FCE291AE9F85C9FE23C9B03298A7B7FF33EA62297268606A1CB3565E8C1EAFE479110E6570D7ADF573A1FC5A07DC4234843660AD6E25536C156E61E74192578A646C5D3CF41774BE789417AD406F22FA7527B0711FD13F0AEAD14469213ECEA31378E2B917BBAD264DA0E1EEEC53E94DE2856E5FDF271C8D236B09D"

"OODEFRAG14.00.00.01PROFESSIONAL"="D165D114FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808A2D97226D213B555A6A0AC4980AC7933C038D530D6EB34524EA4E50917B51E820907A54BAB5765676D50CD0D5C5F8D8081B66C139F1CA3B55B0AD39F0A4A7E69B503302E0BEAB380CC1B71CC72A8EE7E9383FB78CB4F06322F9E2B168353696CCA0E286E63E4DD4C385412C3579B8C18DD8169F78AA75BAD7971DD35491C1FF32F9A5D3D3F438F6C6BECF9AEFC869DC991419F73D264091C7F54142B7675CE8D5ADA5330FE86662733992C2A273BCD2F7019B934ED46E59519E02785FAB11EE8DAC8C0C05532F3E5F1D3DBB96E0EBA8E52230CE37A16BD56B270A5BB98A926DC529E114C4B4FBDB69D587243C0D978CBA23E1B93699CD0BCCC23D223E6B8F3DFF25E6414BB6B3FCC42290B915DFA8E74E08BA0B401A9D3CD7ADAA47ACE3E08900A4B8EBDD79666FBFB0B7752D9D4F6351FF18921D9106E3265404561129CD8AFF16D96D222E493BE7E86BC971ECB21E2869A7713E2A5BC34493D135CC0BECDA09E913841F2701EB410E812D8E8C9707350F4C0A9DDC4CE4576022252430D446E92C6E2D875D4D01E8AC364F049BDBA02CC336E68604E2877D101B71253790D45E8623A4FA9B267605CECD39CA4174CCCDF4A3DB653A14105D1714FCA00F56E754D7B9640E3AE168607FB3600B3CCE2B7FE749FDF76A88648854F96112CFA2074036F01264B7181BEA1CF131F8358B3C8B7B13B93594CD7418AD8EF5E1004D0DADDDD3B645CA8C4D85688A667F33763ABA7C1E865637A08939691F10D34912065C72A38BFE583ECCDE30B61A5BBEA0FAE03ACB74CCD27DF08F040E75E77A52375BDFC9FE00C387C351C80690B61F944C490BB66A4A6491C0AF770CF768EC8628FD1C3CCD6C67DE9CD64D69630C2EC86852C7CEC2CCE5A6C2A99F0DC5F7E87DCDDA8ABCE9162919D79393F740F90D14CABC34274077C58F41BDBD5F383A370022BFAAC6A67FDB4F73EA6AD4405CF3B02155B23D9BD3A494DB6D574B0B42B17B66A16FB95118CAB49C6CF5C7A5558BD05460C78ADB965AF017633EAE225979355AEDC967DAC58BD585E6A48BF26D7F229647DE0B84C2F9990FAB6948A704280A932433D00BA7A395EF8C2326F81CEF8363CF13E70289D14710932975F10547FF4D0D273322164EE0A2D34A01D579271E5BA3C3785638B318988105A4C66CB33EC0D2881DA2A59B17DB2335A89774B81E774423559FBA58835044A07EF37FBC23A0A75F27401EF5CCE69C5ED301A75D35E9F80677E4F6D3546ADF20E1C2B8CDA7911019A31B895C98751852CBBD9E295621785BFC121B9D4FED72DA257CDF72ABC102189F1470BDB2692A1AB0DB3B7F7FDD975739E99B28A97F8B23ADC108BE48617C5984F04"

"OODEFRAG15.00.00.01PROFESSIONAL"="07725BEB32B05DDC0C797267C0CDDC3E884836A3C42BCD8F02962422CEE4E86668E73CEC1B23A1BBE1B4571A22F086C89380890F29752AC28AAC1FA678EDA9592C1E9E968A7F3490383D60AFE1DC2C62FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808A9C6AECB7A5D1407BA7FD869164D67949DB7CE019D40AA5CDAC89EC09BF93E8A71579DBE33851B9FB2F8C47B713C9D98DD742404042AF8DCB124EE88F4CBDEEE70E6911EF92D980EF1EDD947CD5FBBAEC54EAB4F19B466BA65F3C97BEF518CA778CFA984D88FD7DBA3E4DBE2E9AC94E06F23826C72C933ECB98A564133BC55303429BE852F3366FEFB5DF5F1FD9F57C4BAF3C32C3DFAD046568FC1F607530739B6DEAC2C7D3396A69725568B64C77623EA961052CF6B714CC8FCB9AED7ED38A4F5B05577E83CFCB274E2ACB91CC82779A6B58695A0550C3A8022F36C37FABE0A49331DD7BD11F1B6F30F2F7CC7D964797A4D51A44B03DAFED12026A959FAB8B6704D6CB3E70814FBDD7619C6AEC46B89D4B0981D1156DE3CF56F8D52970206290BBBAEE5790CC300DB39A57FBB6ABEC289050B9355C2DAC988DAE949EEBAC914208C57BB291BA5707B4C9982FCBDA472CF445D919FD055AF0B807DE27F62EB6018255877D04723B431F8B71CA646A719C3BCC3101C9C992F60D311E70F4A1AA740BC2C4E6E366964D1DB4A938F9E16EEE48E7B029AD5B7BA539AEE948756443C4A5FCEEB2323EACB9865209B31F580DA15B1C0CA0FC181F60DEFE89BF2821E1F4AEC40EC36DCDA6B235B8A622B113E7B1D6E58C111380E3F214350A104599E89BB1806E40F43B3F774545E85C14569A2A7E286B2DC2639A181D67E3E907D84667C6A2957BD4FB159F23FF59759FE60D4C400985ED30B236208C1CE000F244D554BBDB4C0738AD6AD685C2E21FE3CC4CBE60E5BF876FA2DF4EFEDA0681F163EA84F433A8E0712E7C38340691CE0927DF5E6A3A1A96F9E7F085B1C56E900B161E9117DCFA17019EDA1D6D30DF7D0273475FE31C20D0AB204F5CD5CD9EF95E6FED3FEC50C514FE5B5FDD9530396C736D69D4FF699B33507EB542F971656EA3C2BD56AC60CE764D251C6E4D0B9D05F0F9779DA8B83A08600A8E74C07FA6FACC936138781F021174E951D38AFA0F0D6956CC588D864CBB495F12D553BF9FEAA3E3C63F0475E31EF591B537429AE3690BF1175A41B22A21BD4C350DE950EBD5AD896D223C27EBE9C8B4073224ADE53141981ABDD65A7043B5D5CB4E1CCB0D954716520806EFDE0700FA5BA29F2ABEE0C4281C4489D63C338633FF0B9EC61F3D5EE8EBE4E198B286022AF97D95A1A24476C95CB5AFCC8A9D9AEB250275426A03FCFB95634E85E15869687306606AD03B85F0A0470124E730C9DC250"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'Explorer.exe'(388)

c:\program files\Sticky Password\spCapBtn.dll

.

Completion time: 2012-04-12 02:14:09

ComboFix-quarantined-files.txt 2012-04-12 01:14

.

Pre-Run: 432,469,106,688 bytes free

Post-Run: 432,399,618,048 bytes free

.

- - End Of File - - 63129309A6C4F437E4202AA22BBC61DC

Share this post


Link to post
Share on other sites

Hey smurf667. :)

 

OK, new idea.

 

Please follow these instructions to remove the remaining malicious entries:

 

  • Please close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Open Notepad and copy/paste the text in the quotebox below into it:
     
    Please Note: Do NOT use any other text editor than Notepad or the CFScript will fail.
     

    killall::
     
    RegNull::
    [HKEY_USERS\S-1-5-21-3149207797-2026983667-1932898229-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B1E51BE9-9E19-2AA1-5AE0-30693E4CDCDF}*]
    "mafeebkianklingcpcbenhmmfi"=hex:6a,61,68,66,63,69,70,6f,68,65,61,6a,6d,69,64,
    6c,61,6b,6f,70,00,00
    "nadecadlmiabdgjoebiifnbgkjno"=hex:6a,61,68,66,63,69,70,6f,68,65,61,6a,6d,69,
    64,6c,61,6b,6f,70,00,00
    "hahbbjljccohllin"=hex:61,62,63,63,65,67,6d,6c,64,62,66,6d,6d,6d,6c,69,67,61,
    61,64,65,65,6e,62,62,61,6b,65,67,70,70,6b,70,6a,00,00
    "hahbbjljpchjpmck"=hex:64,62,65,65,6f,63,70,6d,6b,67,6c,66,70,69,6a,65,6f,69,
    6a,6d,6e,69,70,66,65,6e,63,6e,63,66,64,68,69,68,6e,6b,61,6e,61,66,00,40
     
     
  • Save this as CFScript.txt, in the same location as ComboFix.exe.
     
    CFScriptB-4.gif
     
  • Referring to the picture above, drag CFScript into ComboFix.exe.
  • When finished, it shall produce a log for you at C:\ComboFix.txt.

 

Please post the ComboFix.txt in your next reply.

==========

 

In your next post, please provide the ComboFix.txt.

Share this post


Link to post
Share on other sites

Here You go Dark Knight, Here's the combofix.txt, and I think you might have been successful this time:

 

 

ComboFix 12-04-11.03 - Pete 12/04/2012 13:47:24.7.2 - x86

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3070.2182 [GMT 1:00]

Running from: c:\users\Pete\Desktop\ComboFix.exe

Command switches used :: c:\users\Pete\Desktop\CFScript.txt

AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((( Files Created from 2012-03-12 to 2012-04-12 )))))))))))))))))))))))))))))))

.

.

2012-04-12 13:00 . 2012-04-12 13:00 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2012-04-12 13:00 . 2012-04-12 13:00 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-04-12 13:00 . 2012-04-12 13:00 -------- d-----w- c:\users\Claire\AppData\Local\temp

2012-04-11 10:25 . 2012-03-01 05:46 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys

2012-04-11 10:25 . 2012-03-01 05:33 159232 ----a-w- c:\windows\system32\imagehlp.dll

2012-04-11 10:25 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-04-11 10:25 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-04-11 10:01 . 2012-03-20 02:53 6582328 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FEC37CA4-45F2-4909-AA82-33295258D805}\mpengine.dll

2012-04-09 16:50 . 2012-04-09 16:50 -------- d-----w- c:\program files\Sophos

2012-04-08 15:44 . 2012-04-08 15:44 -------- d-----w- c:\users\Claire\AppData\Roaming\Birdstep Technology

2012-04-08 14:47 . 2012-04-08 14:47 -------- d-----w- c:\users\Pete\AppData\Roaming\Birdstep Technology

2012-04-08 14:47 . 2010-01-28 12:35 10240 ----a-w- c:\windows\system32\drivers\mdvrmng.sys

2012-04-08 14:47 . 2012-04-08 14:47 -------- d-----w- c:\program files\3 Mobile Broadband

2012-04-07 14:24 . 2012-04-11 20:42 -------- d-----w- c:\program files\MALWAREBYTES ANTI-MALWARE

2012-04-07 13:56 . 2012-04-07 13:56 388096 ----a-r- c:\users\Pete\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2012-04-07 13:56 . 2012-04-07 13:56 -------- d-----w- c:\program files\Trend Micro

2012-04-06 21:53 . 2012-04-06 21:53 -------- d-----w- c:\users\Pete\AppData\Local\Facebook

2012-04-05 17:29 . 2012-04-05 17:29 -------- d-----w- c:\programdata\boost_interprocess

2012-03-27 22:08 . 2012-04-09 12:36 -------- d-----w- c:\users\Pete\AppData\Local\Smartbar

2012-03-14 09:12 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\system32\DWrite.dll

2012-03-14 09:12 . 2012-01-25 05:32 58880 ----a-w- c:\windows\system32\rdpwsx.dll

2012-03-14 09:12 . 2012-01-25 05:32 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll

2012-03-14 09:12 . 2012-01-25 05:27 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe

2012-03-14 09:12 . 2012-02-17 05:34 826880 ----a-w- c:\windows\system32\rdpcore.dll

2012-03-14 09:12 . 2012-02-17 04:14 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-03-14 09:12 . 2012-02-17 04:13 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-04-05 17:15 . 2010-10-23 07:50 472808 ----a-w- c:\windows\system32\deployJava1.dll

2012-04-04 14:56 . 2010-09-27 20:28 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-03-01 05:37 . 2012-04-11 10:25 172544 ----a-w- c:\windows\system32\wintrust.dll

2012-03-01 05:29 . 2012-04-11 10:25 5120 ----a-w- c:\windows\system32\wmi.dll

2012-02-28 01:11 . 2012-04-11 10:28 1127424 ----a-w- c:\windows\system32\wininet.dll

2012-02-23 09:18 . 2010-09-30 12:51 237072 ------w- c:\windows\system32\MpSigStub.exe

2012-02-10 04:13 . 2012-02-22 17:04 7713088 ----a-w- c:\windows\system32\nvwgf2um.dll

2012-02-10 04:13 . 2012-02-22 17:04 61248 ----a-w- c:\windows\system32\OpenCL.dll

2012-02-10 04:13 . 2012-02-22 17:04 5892928 ----a-w- c:\windows\system32\nvcuda.dll

2012-02-10 04:13 . 2012-02-22 17:04 2517312 ----a-w- c:\windows\system32\nvcuvid.dll

2012-02-10 04:13 . 2012-02-22 17:04 2437440 ----a-w- c:\windows\system32\nvcuvenc.dll

2012-02-10 04:13 . 2012-02-22 17:04 19443520 ----a-w- c:\windows\system32\nvoglv32.dll

2012-02-10 04:13 . 2012-02-22 17:04 17543488 ----a-w- c:\windows\system32\nvcompiler.dll

2012-02-10 04:13 . 2012-02-22 17:04 15009600 ----a-w- c:\windows\system32\nvd3dum.dll

2012-02-10 04:13 . 2012-02-22 17:04 10816832 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys

2012-02-10 04:13 . 2011-08-10 03:00 881984 ----a-w- c:\windows\system32\nvgenco32.dll

2012-02-10 04:13 . 2011-08-10 03:00 1000256 ----a-w- c:\windows\system32\nvdispco32.dll

2012-02-10 04:13 . 2010-09-24 23:46 2301248 ----a-w- c:\windows\system32\nvapi.dll

2012-02-10 03:02 . 2011-04-07 21:43 3881792 ----a-w- c:\windows\system32\nvcpl.dll

2012-02-10 03:00 . 2011-04-07 21:43 2719040 ----a-w- c:\windows\system32\nvsvc.dll

2012-02-10 03:00 . 2011-04-07 21:43 645440 ----a-w- c:\windows\system32\nvvsvc.exe

2012-02-10 03:00 . 2011-04-07 21:43 108352 ----a-w- c:\windows\system32\nvmctray.dll

2012-02-10 03:00 . 2010-07-09 15:20 62272 ----a-w- c:\windows\system32\nvshext.dll

2012-02-09 20:05 . 2012-02-09 20:05 416064 ----a-w- c:\windows\system32\nvStreaming.exe

2012-02-03 03:54 . 2012-03-14 09:12 2343424 ----a-w- c:\windows\system32\win32k.sys

2012-01-26 18:39 . 2012-01-26 18:39 53248 ----a-r- c:\users\Pete\AppData\Roaming\Microsoft\Installer\{12BAA98C-F8DD-4BC9-BBE6-1C8463114197}\ARPPRODUCTICON.exe

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-17 221184]

"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

"StickyPassword"="c:\program files\Sticky Password\stpass.exe" [2010-08-25 3052376]

"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]

"Facebook Update"="c:\users\Pete\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-04-06 137536]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2009-07-22 83336]

"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]

"VM331_STI"="c:\windows\VM331_STI.exe" [2010-01-15 536576]

"SPZ2000_Monitor"="c:\windows\Philips\SPZ2000\GUCI_AVS.exe" [2007-12-10 323584]

"PlusService"="c:\program files\Yuna Software\Messenger Plus!\PlusService.exe" [2012-02-27 801792]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1387288]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-07-28 9398888]

"RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-09-01 90448]

"OODefragTray"="c:\program files\OO Software\Defrag\oodtray.exe" [2011-11-17 2773328]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

.

c:\users\Pete\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Facebook Messenger.lnk - c:\users\Pete\AppData\Local\Facebook\Messenger\2.0.4478.0\FacebookMessenger.exe [2012-4-5 204288]

Logitech . Product Registration.lnk - c:\program files\Common Files\Logishrd\eReg\SetPoint\eReg.exe [2009-11-16 517384]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2010-6-28 2721184]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]

2011-09-27 19:03 66328 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart\0OODBS

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@=""

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 JetDrive WindowsClosingService;JetDrive WindowsClosingService;c:\windows\System32\WindowsClosingService [x]

R3 jetdrive;jddrv;c:\windows\system32\DRIVERS\jddrv.sys [2011-03-12 29056]

R3 Just Flight Limited License Service;Just Flight Limited License Service;c:\program files\Common Files\Just Flight Limited Shared\Service\JustFlightLimitedLicSvc.exe [2010-10-27 69632]

R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [x]

R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2010-01-19 9216]

R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\A707.tmp [x]

R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 27192]

R3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\DRIVERS\s0016bus.sys [2008-05-16 89256]

R3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0016mdfl.sys [2008-05-16 15016]

R3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0016mdm.sys [2008-05-16 120744]

R3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0016mgmt.sys [2008-05-16 114216]

R3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\DRIVERS\s0016nd5.sys [2008-05-16 25512]

R3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0016obex.sys [2008-05-16 110632]

R3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\DRIVERS\s0016unic.sys [2008-05-16 115752]

R3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2011-06-29 155344]

R3 SRS_AE_Service;SRS Audio Essentials;c:\windows\system32\drivers\SRS_AE_i386.sys [2011-08-01 404256]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]

R3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);c:\windows\system32\DRIVERS\vcsvad.sys [2008-12-26 17792]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-09-25 1343400]

R3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [2010-11-26 25704]

R3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [2010-11-26 25704]

R3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [2010-11-26 25704]

R3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [2010-11-26 25704]

R3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [2010-11-26 25704]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]

S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2011-07-11 23120]

S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2011-09-13 32592]

S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-07-12 64288]

S0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\System32\drivers\sfdrv01a.sys [2009-02-03 63096]

S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]

S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2011-10-07 230608]

S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2011-07-11 295248]

S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2011-06-28 101720]

S2 ACPService;ACPService;c:\program files\Philips\CamSuite\2.0.15.0\ACPService.exe [2010-08-26 687104]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]

S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]

S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]

S2 BecHelperService;BecHelperService;c:\program files\3 Mobile Broadband\3Connect\BecHelperService.exe [2010-01-28 1737464]

S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-02-10 2348352]

S2 OODefragAgent;O&O Defrag Agent;c:\program files\OO Software\Defrag\oodag.exe [2011-11-17 2489680]

S2 PfFilter;PfFilter;c:\program files\IObit\Protected Folder\pffilter.sys [2011-03-16 140848]

S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-09 382272]

S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [2011-07-11 134736]

S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [2011-07-11 24272]

S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys [2011-10-04 16720]

S3 GUCI_AVS;Philips SPZ2000 Webcam;c:\windows\system32\DRIVERS\GUCI_AVS.sys [2010-06-10 574848]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-03-22 278560]

.

.

Contents of the 'Scheduled Tasks' folder

.

2012-04-11 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3149207797-2026983667-1932898229-1000Core.job

- c:\users\Pete\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-06 21:53]

.

2012-04-12 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3149207797-2026983667-1932898229-1000UA.job

- c:\users\Pete\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-06 21:53]

.

2012-04-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3149207797-2026983667-1932898229-1000Core.job

- c:\users\Pete\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-18 23:52]

.

2012-04-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3149207797-2026983667-1932898229-1000UA.job

- c:\users\Pete\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-18 23:52]

.

2012-04-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3149207797-2026983667-1932898229-1003Core.job

- c:\users\Claire\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-20 16:00]

.

2012-04-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3149207797-2026983667-1932898229-1003UA.job

- c:\users\Claire\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-20 16:00]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://co122w.col122.mail.live.com/default.aspx

IE: Download All By FlashGet3 - c:\users\Pete\AppData\Roaming\FlashGetBHO\GetAllUrl.htm

IE: Download By FlashGet3 - c:\users\Pete\AppData\Roaming\FlashGetBHO\GetUrl.htm

DPF: {01025D1C-BB03-4369-8344-732CD0DCCCF0} - hxxp://www.geforce.com/services_toolkit/ShimGen/1.1.28.1/GPU_Reader.cab

.

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\JetDrive WindowsClosingService]

"ImagePath"="c:\windows\System32\WindowsClosingService"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MEMSWEEP2]

"ImagePath"="\??\c:\windows\system32\A707.tmp"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-3149207797-2026983667-1932898229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.Email.1"

.

[HKEY_USERS\S-1-5-21-3149207797-2026983667-1932898229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.VCard.1"

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]

"OOPM03.00.00.01PRO"="4D6DB634E94BAB10518D41788B55A2E18248F07AB605280B68409CFDD28FE6B97040334856CBB2741834CF6A59F3BE6BE5B399A77EFBA8E0BB9CF3D7A4F05022EDBF7C75EBEA018AB419629C0913E89CE497FDB46BB262267DFEC71932D68AF7854D95DA6E04AD2E3533AE0DB8F47B03F825A7A319F3943735F116623236DA0AE9E9105CD2D022BD1BA1FC81BDBEA72D8F343639D7EDD4F5DD23749A15FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808BA7FD869164D6794A6171C11EC38DE3DA6171C11EC38DE3D5D092FFE5513152E5DA2D294245356DA186ADDEFBEA6859F7F24BE8F47C810400D85E4FE0F70CAE75B7969DE763D979BC13C4540D57A2E7F8C4493D772AC5FECBA756EF392F47C525532D24B8FC2C26ECBAC141A88CD58CD6D90E60F92EDDD26E58175040C38887553D9878FF4ED55F6E6CA365E56C1456C1A43346240E3AC2D6DA4A6C950E20F0DBDCF06D1D260129025FD9961658AF7726FE3FB7138F5307598AD31525334760B65CA4F2C76CA7EC8007F31687BF036292D51C0535BA211A490C14B20307D6713FAD169AFD27465DF505DF3B2854F0C10F8410B90AEFAB99862D8AC29A3A64EFD16C25D5D7F3B554CD678DBED1398495A59B765265CA25C5F7F3E92D710285D57304E3A2E380D1F36B707E6BFD7CEFE6DBB91E0042F56EABD3C123E0AFA118861A678118AD96C597D78939ABE2C8B85E3F07B8F8F98DF9F2AD3C6729210840A103E9B76D36871DF3286FBF9F78CFA780CACF80A23AEA2F550E3A678B41BB7DD8B9D6285DC8BC64D992FF092EB17DB376808E1EB8AA893AD0F6CCA1EAD0E74C6B04CCE5AEA8D2D082E2878F10E900563B0FE60D58665BA4AFB52A433AA019B480FBA3698BADB75321D876DA945E1DCE5CFF07269CD643795DC60F78CCC2B1C2DEBBAC0E47B0C893947C7FB52EE95606861A46B4F074BB81BAEC3DA822AEB7E024083E968CD53E249424A27855B5C9FDABAC072B3D16185AA9E0E3AF24D45DA17382E85D0CB0D91D4D85144E14C093FEF61D10245BC95F6D892B357BCB35DE203B33935507E37B89387847C8AFC95F69F10C86838CEF7F9FDA18F444550FBD51DC809731DE5760FFC016F4FA5171C142535794A45003D0F35955DE77589910C84BE610C6FF49061D029010D5EBB5DF4FDF21D9BA53EBE4C5E6FBF803A372F6E98916EA18691700D129A0D5B62FEBB8F6F9FCE291AE9F85C9FE23C9B03298A7B7FF33EA62297268606A1CB3565E8C1EAFE479110E6570D7ADF573A1FC5A07DC4234843660AD6E25536C156E61E74192578A646C5D3CF41774BE789417AD406F22FA7527B0711FD13F0AEAD14469213ECEA31378E2B917BBAD264DA0E1EEEC53E94DE2856E5FDF271C8D236B09D"

"OODEFRAG14.00.00.01PROFESSIONAL"="D165D114FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808A2D97226D213B555A6A0AC4980AC7933C038D530D6EB34524EA4E50917B51E820907A54BAB5765676D50CD0D5C5F8D8081B66C139F1CA3B55B0AD39F0A4A7E69B503302E0BEAB380CC1B71CC72A8EE7E9383FB78CB4F06322F9E2B168353696CCA0E286E63E4DD4C385412C3579B8C18DD8169F78AA75BAD7971DD35491C1FF32F9A5D3D3F438F6C6BECF9AEFC869DC991419F73D264091C7F54142B7675CE8D5ADA5330FE86662733992C2A273BCD2F7019B934ED46E59519E02785FAB11EE8DAC8C0C05532F3E5F1D3DBB96E0EBA8E52230CE37A16BD56B270A5BB98A926DC529E114C4B4FBDB69D587243C0D978CBA23E1B93699CD0BCCC23D223E6B8F3DFF25E6414BB6B3FCC42290B915DFA8E74E08BA0B401A9D3CD7ADAA47ACE3E08900A4B8EBDD79666FBFB0B7752D9D4F6351FF18921D9106E3265404561129CD8AFF16D96D222E493BE7E86BC971ECB21E2869A7713E2A5BC34493D135CC0BECDA09E913841F2701EB410E812D8E8C9707350F4C0A9DDC4CE4576022252430D446E92C6E2D875D4D01E8AC364F049BDBA02CC336E68604E2877D101B71253790D45E8623A4FA9B267605CECD39CA4174CCCDF4A3DB653A14105D1714FCA00F56E754D7B9640E3AE168607FB3600B3CCE2B7FE749FDF76A88648854F96112CFA2074036F01264B7181BEA1CF131F8358B3C8B7B13B93594CD7418AD8EF5E1004D0DADDDD3B645CA8C4D85688A667F33763ABA7C1E865637A08939691F10D34912065C72A38BFE583ECCDE30B61A5BBEA0FAE03ACB74CCD27DF08F040E75E77A52375BDFC9FE00C387C351C80690B61F944C490BB66A4A6491C0AF770CF768EC8628FD1C3CCD6C67DE9CD64D69630C2EC86852C7CEC2CCE5A6C2A99F0DC5F7E87DCDDA8ABCE9162919D79393F740F90D14CABC34274077C58F41BDBD5F383A370022BFAAC6A67FDB4F73EA6AD4405CF3B02155B23D9BD3A494DB6D574B0B42B17B66A16FB95118CAB49C6CF5C7A5558BD05460C78ADB965AF017633EAE225979355AEDC967DAC58BD585E6A48BF26D7F229647DE0B84C2F9990FAB6948A704280A932433D00BA7A395EF8C2326F81CEF8363CF13E70289D14710932975F10547FF4D0D273322164EE0A2D34A01D579271E5BA3C3785638B318988105A4C66CB33EC0D2881DA2A59B17DB2335A89774B81E774423559FBA58835044A07EF37FBC23A0A75F27401EF5CCE69C5ED301A75D35E9F80677E4F6D3546ADF20E1C2B8CDA7911019A31B895C98751852CBBD9E295621785BFC121B9D4FED72DA257CDF72ABC102189F1470BDB2692A1AB0DB3B7F7FDD975739E99B28A97F8B23ADC108BE48617C5984F04"

"OODEFRAG15.00.00.01PROFESSIONAL"="07725BEB32B05DDC0C797267C0CDDC3E884836A3C42BCD8F02962422CEE4E86668E73CEC1B23A1BBE1B4571A22F086C89380890F29752AC28AAC1FA678EDA9592C1E9E968A7F3490383D60AFE1DC2C62FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808A9C6AECB7A5D1407BA7FD869164D67949DB7CE019D40AA5CDAC89EC09BF93E8A71579DBE33851B9FB2F8C47B713C9D98DD742404042AF8DCB124EE88F4CBDEEE70E6911EF92D980EF1EDD947CD5FBBAEC54EAB4F19B466BA65F3C97BEF518CA778CFA984D88FD7DBA3E4DBE2E9AC94E06F23826C72C933ECB98A564133BC55303429BE852F3366FEFB5DF5F1FD9F57C4BAF3C32C3DFAD046568FC1F607530739B6DEAC2C7D3396A69725568B64C77623EA961052CF6B714CC8FCB9AED7ED38A4F5B05577E83CFCB274E2ACB91CC82779A6B58695A0550C3A8022F36C37FABE0A49331DD7BD11F1B6F30F2F7CC7D964797A4D51A44B03DAFED12026A959FAB8B6704D6CB3E70814FBDD7619C6AEC46B89D4B0981D1156DE3CF56F8D52970206290BBBAEE5790CC300DB39A57FBB6ABEC289050B9355C2DAC988DAE949EEBAC914208C57BB291BA5707B4C9982FCBDA472CF445D919FD055AF0B807DE27F62EB6018255877D04723B431F8B71CA646A719C3BCC3101C9C992F60D311E70F4A1AA740BC2C4E6E366964D1DB4A938F9E16EEE48E7B029AD5B7BA539AEE948756443C4A5FCEEB2323EACB9865209B31F580DA15B1C0CA0FC181F60DEFE89BF2821E1F4AEC40EC36DCDA6B235B8A622B113E7B1D6E58C111380E3F214350A104599E89BB1806E40F43B3F774545E85C14569A2A7E286B2DC2639A181D67E3E907D84667C6A2957BD4FB159F23FF59759FE60D4C400985ED30B236208C1CE000F244D554BBDB4C0738AD6AD685C2E21FE3CC4CBE60E5BF876FA2DF4EFEDA0681F163EA84F433A8E0712E7C38340691CE0927DF5E6A3A1A96F9E7F085B1C56E900B161E9117DCFA17019EDA1D6D30DF7D0273475FE31C20D0AB204F5CD5CD9EF95E6FED3FEC50C514FE5B5FDD9530396C736D69D4FF699B33507EB542F971656EA3C2BD56AC60CE764D251C6E4D0B9D05F0F9779DA8B83A08600A8E74C07FA6FACC936138781F021174E951D38AFA0F0D6956CC588D864CBB495F12D553BF9FEAA3E3C63F0475E31EF591B537429AE3690BF1175A41B22A21BD4C350DE950EBD5AD896D223C27EBE9C8B4073224ADE53141981ABDD65A7043B5D5CB4E1CCB0D954716520806EFDE0700FA5BA29F2ABEE0C4281C4489D63C338633FF0B9EC61F3D5EE8EBE4E198B286022AF97D95A1A24476C95CB5AFCC8A9D9AEB250275426A03FCFB95634E85E15869687306606AD03B85F0A0470124E730C9DC250"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'Explorer.exe'(180)

c:\program files\Sticky Password\spCapBtn.dll

.

------------------------ Other Running Processes ------------------------

.

c:\progra~1\AVG\AVG2012\avgrsx.exe

c:\program files\AVG\AVG2012\avgcsrvx.exe

c:\windows\system32\nvvsvc.exe

c:\program files\NVIDIA Corporation\Display\nvxdsync.exe

c:\windows\system32\nvvsvc.exe

c:\windows\system32\crypserv.exe

c:\program files\AVG\AVG2012\avgnsx.exe

c:\program files\AVG\AVG2012\avgemcx.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe

c:\windows\system32\taskhost.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

c:\windows\system32\conhost.exe

c:\windows\system32\WUDFHost.exe

c:\program files\NVIDIA Corporation\Display\nvtray.exe

c:\program files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE

c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe

c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe

c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe

c:\windows\system32\sppsvc.exe

c:\program files\Windows Media Player\wmpnetwk.exe

c:\windows\system32\DllHost.exe

.

**************************************************************************

.

Completion time: 2012-04-12 14:09:25 - machine was rebooted

ComboFix-quarantined-files.txt 2012-04-12 13:09

.

Pre-Run: 432,451,158,016 bytes free

Post-Run: 432,383,909,888 bytes free

.

- - End Of File - - 3BA760435EE8108F67FDB45AF6940358

Share this post


Link to post
Share on other sites

Hey smurf667. :)

 

Hooray! Looking good. :thumbup:

 

Please run a free online scan with the ESET Online Scanner.

Note: You will need to use Internet Explorer for this scan.

  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start.
  • When asked, allow the ActiveX control to install.
  • Click Start.
  • Make sure that the option Remove found threats is unchecked and the option Scan unwanted applications is checked.
  • Click Scan.
    Wait for the scan to finish.
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

 

In your next reply please post the log.txt and let me know if any issues on your computer remain. :thumbup:

Share this post


Link to post
Share on other sites

No issues remain,no redirections at all, Here's the log.txt from ESET Online Scanner:

 

 

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=af336c1edfbe58478d8d1616805a084f

# end=stopped

# remove_checked=false

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-04-13 01:27:39

# local_time=2012-04-13 02:27:39 (+0000, GMT Daylight Time)

# country="United Kingdom"

# lang=9

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=512 16777215 100 0 473448 473448 0 0

# compatibility_mode=1024 16777215 100 0 15842217 15842217 0 0

# compatibility_mode=5893 16776574 100 94 102680 86746817 0 0

# compatibility_mode=8192 67108863 100 0 344 344 0 0

# scanned=2271

# found=0

# cleaned=0

# scan_time=32

# version=7

# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=af336c1edfbe58478d8d1616805a084f

# end=finished

# remove_checked=false

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-04-13 12:24:25

# local_time=2012-04-13 01:24:25 (+0000, GMT Daylight Time)

# country="United Kingdom"

# lang=9

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=512 16777215 100 0 508080 508080 0 0

# compatibility_mode=1024 16777215 100 0 15876849 15876849 0 0

# compatibility_mode=5893 16776574 100 94 137312 86781449 0 0

# compatibility_mode=8192 67108863 100 0 34976 34976 0 0

# scanned=435460

# found=0

# cleaned=0

# scan_time=4807

Share this post


Link to post
Share on other sites

Hello smurf667. :)

 

Awesome! :thumbup:

 

I notice that you had/have UAC disabled. This is an important security feature of Windows Vista/7 that I highly recommend you keep enabled, as it prevents most programs and files from initiating without your consent.

 

To re-enable UAC:

 

  • Please go to Start Menu>Control Panel>System and Security>Action Center.
  • Slide the slider bar to the highest value (towards Always Notify).
  • Click OK.
  • Then restart your computer.

===========

 

Your version of Java is out of date. It's important to remove older versions of Java since it does not do so automatically and older versions can leave you vulnerable.

 

Please follow the instructions below to update Java:

  • Please go to the below link and download the latest Windows 7 version:

 

http://www.java.com/en/download/manual.jsp

 

  • Save it to your Desktop.
  • Please go to Start>Control Panel>Programs>Program Features.
  • Navigate to any versions of Java (J2SE Runtime Environment) you have installed (like Java 6 Update 22). They will have this icon next to them: javaicon.gif
  • Select Remove.
  • Please double-click the installer and follow the prompts to install the latest version once all the previous versions have been successfully removed.

===========

 

Please let me know in your next post if you had any issues updating Java or re-enabling UAC. :thumbup:

Edited by The Dark Knight

Share this post


Link to post
Share on other sites

Hey smurf667. :)

 

Please consider using these ideas to help secure your computer. While there is no way to guarantee safety when you use a computer, these steps will make it much less likely that you will need to endure another infection. While we really like to help people, we would rather help you protect yourself so that you won't need that help in the future. :thumbup:

 

 

IMPORTANT: Please enable Automatic Updates under Start > Control Panel > Automatic Updates to ensure your Windows updates regularly. This is extremely important in ensuring you remain protected against vulnerabilities and infections. This is a crucial security measure.

 

As a minimum, you need at least an antivirus, firewall and some type of anti-spyware program.

 

Please consider installing and running the following program:

 

SpywareBlaster

A tutorial on using SpywareBlaster to prevent malware from ever installing on your computer may be found here.

 

Please keep these programs up-to-date and run them whenever you suspect a problem to prevent malware problems. A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall and scanning anti-spyware program at a time. Passive protectors, like SpywareBlaster, can be run with any of them.

 

Note that there are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you may be able to find out if it is a rogue here:

 

http://www.spywarewarrior.com/rogue_anti-spyware.htm

 

A similar category of programs is now called "scareware." Scareware programs are active infections that will pop-up on your computer and tell you that you are infected. If you look closely, it will usually have a name that looks like it might be legitimate, but it is NOT one of the programs you installed. It tells you to click and install it right away. If you click on any part of it, including the 'X' to close it, you may actually help it infect your computer further. Keeping protection updated and running resident protection can help prevent these infections. If it happens anyway, get offline as quickly as you can. Pull the internet connection cable or shut down the computer if you have to. Contact someone to help by using another computer if possible. These programs are also sometimes called 'rogues', but they are different than the older version of rogues mentioned above.

 

 

Please consider using an alternate browser. Mozilla's Firefox browser is a very good alternative. In addition to being generally more secure than Internet Explorer, it has a very good built-in popup blocker and add-ons, like Adblock Plus, NoScript and Web of Trust, can make it even more secure. Google Chrome or Opera are other good options.

 

Please also read Tony Klein's excellent article: How did I get infected in the first place.

 

Hopefully these steps will help to keep you error free. If you run into more difficulty, we will certainly do what we can to help. :)

Edited by The Dark Knight

Share this post


Link to post
Share on other sites

Glad we could help. :)

 

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.