Jump to content


Photo

clkads.com


  • This topic is locked This topic is locked
18 replies to this topic

#1 smurf667

smurf667

    Member

  • Full Member
  • Pip
  • 9 posts

Posted 07 April 2012 - 09:50 AM

Hi,

I'm running windows 7 (32bit)

My browser (internet explorer 9)is redirected to clkads.com, not all the time, but every so often. This doesn't happen at all whilst I'm using chrome, just internet explorer.

I tried using Spybot - search and destroy, it came up with nothing at all, the same as avg free, and malwarebytes anti malware (quick scan and full scan)

Here's my hijack this log:


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:57:12, on 07/04/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Philips\CamSuite\2.0.15.0\ACPService.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\3 Mobile Broadband\3Connect\BecHelperService.exe
C:\Windows\system32\crypserv.exe
C:\Windows\system32\svchost.exe
C:\Program Files\OO Software\Defrag\oodag.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Philips\CamSuite\2.0.15.0\ACPGUI.dll
C:\Windows\Explorer.EXE
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Windows\VM331_STI.exe
C:\Windows\Philips\SPZ2000\GUCI_AVS.exe
C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\OO Software\Defrag\oodtray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Sticky Password\stpass.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Users\Pete\AppData\Local\Smartbar\Application\Smartbar.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Users\Pete\AppData\Local\Facebook\Messenger\2.0.4478.0\FacebookMessenger.exe
C:\Users\Pete\AppData\Local\Google\Update\1.3.21.111\GoogleCrashHandler.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\3 Mobile Broadband\3Connect\Wilog.exe
C:\Windows\system32\svchost.exe
C:\Users\Pete\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Pete\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Pete\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Pete\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Pete\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Pete\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Users\Pete\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\msiexec.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://co122w.col122...x&wa=wsignin1.0
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
O2 - BHO: Messenger Plus! Community SmartbarEngine - {31ad400d-1b06-4e33-a59a-90c2c140cba0} - mscoree.dll (file missing)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: FlashGetBHO - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Users\Pete\AppData\Roaming\FlashGetBHO\FlashGetBHO3.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: Messenger Plus! Community Smartbar - {ae07101b-46d4-4a98-af68-0333ea26e113} - mscoree.dll (file missing)
O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [VM331_STI] C:\Windows\VM331_STI.exe
O4 - HKLM\..\Run: [SPZ2000_Monitor] C:\Windows\Philips\SPZ2000\GUCI_AVS.exe
O4 - HKLM\..\Run: [PlusService] C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
O4 - HKLM\..\Run: [OODefragTray] C:\Program Files\OO Software\Defrag\oodtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [StickyPassword] C:\Program Files\Sticky Password\stpass.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] ~"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Google Update] "C:\Users\Pete\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [msnmsgr] ~"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Browser Infrastructure Helper] C:\Users\Pete\AppData\Local\Smartbar\Application\Smartbar.exe startup
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Pete\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-3149207797-2026983667-1932898229-1005\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-3149207797-2026983667-1932898229-1005\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O4 - Startup: Facebook Messenger.lnk = Pete\AppData\Local\Facebook\Messenger\2.0.4478.0\FacebookMessenger.exe
O4 - Startup: Logitech . Product Registration.lnk = C:\Program Files\Common Files\Logishrd\eReg\SetPoint\eReg.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: Download All By FlashGet3 - C:\Users\Pete\AppData\Roaming\FlashGetBHO\GetAllUrl.htm
O8 - Extra context menu item: Download By FlashGet3 - C:\Users\Pete\AppData\Roaming\FlashGetBHO\GetUrl.htm
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://www.facebook.com
O15 - Trusted Zone: http://software.kuaiche.com
O16 - DPF: {01025D1C-BB03-4369-8344-732CD0DCCCF0} (NVIDIA GPU Reader Class) - http://www.geforce.c.../GPU_Reader.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.co...sreqlab_nvd.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1288660748821
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1288661968046
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.ad...Plus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1EF8542D-AD41-4704-B5FD-A72B7759046A}: NameServer = 217.171.132.1 217.171.135.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{1EF8542D-AD41-4704-B5FD-A72B7759046A}: NameServer = 217.171.132.1 217.171.135.1
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: ACPService - Unknown owner - C:\Program Files\Philips\CamSuite\2.0.15.0\ACPService.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe
O23 - Service: BecHelperService - Unknown owner - C:\Program Files\3 Mobile Broadband\3Connect\BecHelperService.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\Windows\SYSTEM32\crypserv.exe
O23 - Service: JetDrive WindowsClosingService - Unknown owner - C:\Windows\System32\WindowsClosingService (file missing)
O23 - Service: Just Flight Limited License Service - Just Flight Limited - C:\Program Files\Common Files\Just Flight Limited Shared\Service\JustFlightLimitedLicSvc.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: O&O Defrag Agent (OODefragAgent) - O&O Software GmbH - C:\Program Files\OO Software\Defrag\oodag.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Sony Ericsson PCCompanion - Avanquest Software - C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 14836 bytes

Here's my DDS.txt:


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by Pete at 15:07:32 on 2012-04-07
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3070.1188 [GMT 1:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Philips\CamSuite\2.0.15.0\ACPService.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\3 Mobile Broadband\3Connect\BecHelperService.exe
C:\Windows\system32\crypserv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\OO Software\Defrag\oodag.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Philips\CamSuite\2.0.15.0\ACPGUI.dll
C:\Windows\Explorer.EXE
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Windows\VM331_STI.exe
C:\Windows\Philips\SPZ2000\GUCI_AVS.exe
C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\OO Software\Defrag\oodtray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Sticky Password\stpass.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Users\Pete\AppData\Local\Smartbar\Application\Smartbar.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Users\Pete\AppData\Local\Facebook\Messenger\2.0.4478.0\FacebookMessenger.exe
C:\Users\Pete\AppData\Local\Google\Update\1.3.21.111\GoogleCrashHandler.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\3 Mobile Broadband\3Connect\Wilog.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Users\Pete\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Pete\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Pete\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Pete\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Pete\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Pete\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Users\Pete\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Pete\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://co122w.col122.mail.live.com/default.aspx?rru=inbox&wa=wsignin1.0
uSearch Bar =
uSearch Page =
mSearchAssistant =
mURLSearchHooks: H - No File
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: FGCatchUrl: {2f364306-aa45-47b5-9f9d-39a8b94e7ef7} - c:\program files\flashget\jccatch.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
BHO: Messenger Plus! Community SmartbarEngine: {31ad400d-1b06-4e33-a59a-90c2c140cba0} - mscoree.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: FlashGetBHO: {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - c:\users\pete\appdata\roaming\flashgetbho\FlashGetBHO3.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: FlashGet GetFlash Class: {f156768e-81ef-470c-9057-481ba8380dba} - c:\program files\flashget\getflash.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll
TB: Messenger Plus! Community Smartbar: {ae07101b-46d4-4a98-af68-0333ea26e113} - mscoree.dll
uRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [StickyPassword] c:\program files\sticky password\stpass.exe
uRun: [Messenger (Yahoo!)] ~"c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [Google Update] "c:\users\pete\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [msnmsgr] ~"c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
uRun: [Browser Infrastructure Helper] c:\users\pete\appdata\local\smartbar\application\Smartbar.exe startup
uRun: [Facebook Update] "c:\users\pete\appdata\local\facebook\update\FacebookUpdate.exe" /c /nocrashserver
mRun: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [VM331_STI] c:\windows\VM331_STI.exe
mRun: [SPZ2000_Monitor] c:\windows\philips\spz2000\GUCI_AVS.exe
mRun: [PlusService] c:\program files\yuna software\messenger plus!\PlusService.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [RIMBBLaunchAgent.exe] c:\program files\common files\research in motion\usb drivers\RIMBBLaunchAgent.exe
mRun: [OODefragTray] c:\program files\oo software\defrag\oodtray.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\users\pete\appdata\roaming\micros~1\windows\startm~1\programs\startup\facebo~1.lnk - c:\users\pete\appdata\local\facebook\messenger\2.0.4478.0\FacebookMessenger.exe
StartupFolder: c:\users\pete\appdata\roaming\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\common files\logishrd\ereg\setpoint\eReg.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Download All By FlashGet3 - c:\users\pete\appdata\roaming\flashgetbho\GetAllUrl.htm
IE: Download By FlashGet3 - c:\users\pete\appdata\roaming\flashgetbho\GetUrl.htm
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: facebook.com\www
Trusted Zone: kuaiche.com\software
Trusted Zone: microsoft.com\*.update
DPF: {01025D1C-BB03-4369-8344-732CD0DCCCF0} - hxxp://www.geforce.com/services_toolkit/ShimGen/1.1.28.1/GPU_Reader.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1288660748821
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1288661968046
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: Interfaces\{1EF8542D-AD41-4704-B5FD-A72B7759046A} : NameServer = 217.171.132.1 217.171.135.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 32592]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-9-27 64288]
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [2009-2-3 63096]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-10-7 230608]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2010-9-28 101720]
R2 ACPService;ACPService;c:\program files\philips\camsuite\2.0.15.0\ACPService.exe [2010-8-26 687104]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
R2 BecHelperService;BecHelperService;c:\program files\3 mobile broadband\3connect\BecHelperService.exe [2011-4-16 1737464]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia update core\daemonu.exe [2012-2-22 2348352]
R2 OODefragAgent;O&O Defrag Agent;c:\program files\oo software\defrag\oodag.exe [2011-11-17 2489680]
R2 PfFilter;PfFilter;c:\program files\iobit\protected folder\pffilter.sys [2011-5-12 140848]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-9-27 1153368]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2012-2-9 382272]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134736]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-10-4 16720]
R3 GUCI_AVS;Philips SPZ2000 Webcam;c:\windows\system32\drivers\GUCI_AVS.sys [2011-2-8 574848]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2010-9-25 278560]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 JetDrive WindowsClosingService;JetDrive WindowsClosingService;c:\windows\system32\windowsclosingservice --> c:\windows\system32\WindowsClosingService [?]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2010-12-12 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2011-5-13 1492840]
S3 jetdrive;jddrv;c:\windows\system32\drivers\jddrv.sys [2011-3-15 29056]
S3 Just Flight Limited License Service;Just Flight Limited License Service;c:\program files\common files\just flight limited shared\service\JustFlightLimitedLicSvc.exe [2010-10-27 69632]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2010-12-10 9216]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2010-9-27 27192]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [2010-12-10 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [2010-12-10 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [2010-12-10 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [2010-12-10 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [2010-12-10 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [2010-12-10 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [2010-12-10 115752]
S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\sony ericsson\sony ericsson pc companion\PCCService.exe [2011-11-24 155344]
S3 SRS_AE_Service;SRS Audio Essentials;c:\windows\system32\drivers\SRS_AE_i386.sys [2011-12-7 404256]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-2-26 52224]
S3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);c:\windows\system32\drivers\vcsvad.sys [2011-6-4 17792]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-9-25 1343400]
S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [2010-12-1 25704]
S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [2010-12-1 25704]
S3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [2010-12-1 25704]
S3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [2010-12-1 25704]
S3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [2010-12-1 25704]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2012-04-07 13:56:24 388096 ----a-r- c:\users\pete\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2012-04-07 13:56:18 -------- d-----w- c:\program files\Trend Micro
2012-04-06 21:53:17 -------- d-----w- c:\users\pete\appdata\local\Facebook
2012-04-05 17:29:54 -------- d-----w- c:\programdata\boost_interprocess
2012-03-27 22:08:55 -------- d-----w- c:\users\pete\appdata\local\Smartbar
2012-03-27 22:06:01 -------- d-----w- c:\users\pete\appdata\local\{51275F5C-89BB-46C3-B7CD-F57C90C27B86}
2012-03-27 22:05:45 -------- d-----w- c:\users\pete\appdata\local\{00EBC5EE-5CC9-4E6E-8A12-3C45B3E79416}
2012-03-14 09:49:23 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-14 09:49:22 3913584 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-14 09:12:50 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 09:12:49 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 09:12:15 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-14 09:12:15 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-14 09:12:15 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-14 09:12:14 826880 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-14 09:12:14 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-14 09:12:14 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-12 14:56:32 -------- d-----w- c:\program files\ToniArts
2012-03-12 14:56:18 733184 ----a-w- c:\program files\common files\installshield\professional\runtime\10\01\intel32\iKernel.dll
2012-03-12 14:56:18 69715 ----a-w- c:\program files\common files\installshield\professional\runtime\10\01\intel32\ctor.dll
2012-03-12 14:56:18 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\10\01\intel32\DotNetInstaller.exe
2012-03-12 14:56:18 266240 ----a-w- c:\program files\common files\installshield\professional\runtime\10\01\intel32\iscript.dll
2012-03-12 14:56:18 172032 ----a-w- c:\program files\common files\installshield\professional\runtime\10\01\intel32\iuser.dll
2012-03-12 14:56:17 303236 ----a-w- c:\program files\common files\installshield\professional\runtime\10\01\intel32\setup.dll
2012-03-12 14:56:17 180356 ----a-w- c:\program files\common files\installshield\professional\runtime\10\01\intel32\iGdi.dll
.
==================== Find3M ====================
.
2012-04-05 17:15:10 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-02-10 04:13:00 881984 ----a-w- c:\windows\system32\nvgenco32.dll
2012-02-10 04:13:00 7713088 ----a-w- c:\windows\system32\nvwgf2um.dll
2012-02-10 04:13:00 61248 ----a-w- c:\windows\system32\OpenCL.dll
2012-02-10 04:13:00 5892928 ----a-w- c:\windows\system32\nvcuda.dll
2012-02-10 04:13:00 2517312 ----a-w- c:\windows\system32\nvcuvid.dll
2012-02-10 04:13:00 2437440 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-02-10 04:13:00 2301248 ----a-w- c:\windows\system32\nvapi.dll
2012-02-10 04:13:00 19443520 ----a-w- c:\windows\system32\nvoglv32.dll
2012-02-10 04:13:00 17543488 ----a-w- c:\windows\system32\nvcompiler.dll
2012-02-10 04:13:00 15009600 ----a-w- c:\windows\system32\nvd3dum.dll
2012-02-10 04:13:00 10816832 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-02-10 04:13:00 1000256 ----a-w- c:\windows\system32\nvdispco32.dll
2012-02-10 03:02:06 3881792 ----a-w- c:\windows\system32\nvcpl.dll
2012-02-10 03:00:44 2719040 ----a-w- c:\windows\system32\nvsvc.dll
2012-02-10 03:00:26 645440 ----a-w- c:\windows\system32\nvvsvc.exe
2012-02-10 03:00:26 62272 ----a-w- c:\windows\system32\nvshext.dll
2012-02-10 03:00:26 108352 ----a-w- c:\windows\system32\nvmctray.dll
2012-02-09 20:05:44 416064 ----a-w- c:\windows\system32\nvStreaming.exe
.
============= FINISH: 15:09:21.77 ===============

And my checkup.txt


Results of screen317's Security Check version 0.99.32
Windows 7 Service Pack 1 x86 (UAC is disabled!)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
AVG 2012
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

MVPS Hosts File
Spybot - Search & Destroy
EasyCleaner
Java™ 6 Update 22
Java™ 6 Update 31
Java version out of date!
Adobe Reader X (10.1.2)
````````````````````````````````
Process Check:
objlist.exe by Laurent

AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
``````````End of Log````````````

Your help would be greatly appreciated

Thanks

#2 The Dark Knight

The Dark Knight

    Malware Vigilante

  • Trusted Advisor*
  • PipPipPipPipPip
  • 2,214 posts

Posted 08 April 2012 - 08:36 AM

Welcome smurf667 to SpywareInfo. I am The Dark Knight and will be assisting you. Please ask questions if anything is unclear. :)

Just a few things before we begin:

:excl: Before proceeding:
  • In the upper right hand corner of this topic there is a button labelled Watch this topic. Please click this button, select Immediate E-Mail notification and then click Proceed to ensure you are notified when I reply.
  • Please back up your personal documents and files by copying them to a location other than your system drive.
  • Please open Notepad>Format and if Word Wrap is ticked, please select it to untick it.

:excl: For the duration of this topic:
Please DO NOT run, install and/or uninstall/remove any tools/ programs other than those I suggest to you in order to avoid conflicts and/or additional problems on your system. :thumbup:


:excl: When you receive new instructions:
  • Please read the whole post before carrying out any of the instructions.
  • All our tools must be downloaded to the Desktop and launched from there (unless I specify otherwise).
  • Please perform all steps in the received order and DO NOT proceed if you need clarification.
  • Please DO NOT re-run any program unless I ask you to.
  • Please DO NOT plug in any external devices like USBs and Hard Drives unless I ask you to.
  • If you encounter any problems please stop and let me know.

:excl: When replying:
  • Please click the Add Reply button Posted Image so that my reply is not posted back to me. Thank you!
  • Please copy and paste your logs into your post unless I specifically ask you to attach one.
_________________________________________________________________________________________________________________________________


Please follow these instructions to run ComboFix.exe. Please visit this webpage for download links and instructions for running this tool:

http://www.bleepingc...to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix (CF).

Please go here to see a list of programs that need to be disabled.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall.**
**Note 2: If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.**

Please include the C:\ComboFix.txt in your next reply for further review.
==========

Next, please download to your Desktop:
  • TDSSKiller.zip from here and extract it (right click on it => "Extract here").

>>> TDSSKiller: Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure. Instead, choose SKIP, then click on Continue Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.


Finally, please download MBRCheck by a_d_13 to your Desktop from one of these locations:

http://ad13.geekstogo.com/MBRCheck.exe
http://download.blee...al/MBRCheck.exe
http://www.kernelmod...fo/MBRCheck.exe

Close all opened programs/ windows and double-click on MBRCheck.exe.
It will produce a log file saved automatically on your Desktop as "MBRCheck_[Date]_[Time].txt".

Press the "Enter" key to close the MBRCheck window and post the contents of the log file.
==========

In your next post please post the following:
  • ComboFix.txt.
  • Log from TDSSKiller.
  • Log from MBCheck.
Are the redirections in Internet Explorer still present?

If you make yourself more than just a man, if you devote yourself to an ideal...you become something else entirely. A legend, Mr. Wayne, a legend!

If I have helped you please consider donating to help keep this forum running; see this topic for more details.

unite_zpse83e3a16.gif


#3 smurf667

smurf667

    Member

  • Full Member
  • Pip
  • 9 posts

Posted 08 April 2012 - 10:09 AM

Here you go,


ComboFix 12-04-07.04 - Pete 08/04/2012 15:15:33.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3070.1881 [GMT 1:00]
Running from: c:\users\Pete\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-03-08 to 2012-04-08 )))))))))))))))))))))))))))))))
.
.
2012-04-08 14:28 . 2012-04-08 14:28 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-04-08 14:28 . 2012-04-08 14:28 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-07 14:24 . 2012-04-07 14:24 -------- d-----w- c:\program files\MALWAREBYTES ANTI-MALWARE
2012-04-07 13:56 . 2012-04-07 13:56 388096 ----a-r- c:\users\Pete\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-04-07 13:56 . 2012-04-07 13:56 -------- d-----w- c:\program files\Trend Micro
2012-04-06 21:53 . 2012-04-06 21:53 -------- d-----w- c:\users\Pete\AppData\Local\Facebook
2012-04-05 17:29 . 2012-04-05 17:29 -------- d-----w- c:\programdata\boost_interprocess
2012-03-27 22:08 . 2012-03-27 22:09 -------- d-----w- c:\users\Pete\AppData\Local\Smartbar
2012-03-14 09:49 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-14 09:49 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-14 09:12 . 2012-02-03 03:54 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 09:12 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 09:12 . 2012-01-25 05:32 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-14 09:12 . 2012-01-25 05:32 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-14 09:12 . 2012-01-25 05:27 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-14 09:12 . 2012-02-17 05:34 826880 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-14 09:12 . 2012-02-17 04:14 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-14 09:12 . 2012-02-17 04:13 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-12 14:56 . 2012-03-12 14:56 -------- d-----w- c:\program files\ToniArts
2012-03-12 14:56 . 2004-07-16 00:20 733184 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iKernel.dll
2012-03-12 14:56 . 2004-07-16 00:20 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\ctor.dll
2012-03-12 14:56 . 2004-07-16 00:19 266240 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iscript.dll
2012-03-12 14:56 . 2004-07-16 00:18 172032 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iuser.dll
2012-03-12 14:56 . 2004-07-16 00:18 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\DotNetInstaller.exe
2012-03-12 14:56 . 2012-03-12 14:56 303236 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\setup.dll
2012-03-12 14:56 . 2012-03-12 14:56 180356 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iGdi.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-05 17:15 . 2010-10-23 07:50 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-02-10 04:13 . 2012-02-22 17:04 7713088 ----a-w- c:\windows\system32\nvwgf2um.dll
2012-02-10 04:13 . 2012-02-22 17:04 61248 ----a-w- c:\windows\system32\OpenCL.dll
2012-02-10 04:13 . 2012-02-22 17:04 5892928 ----a-w- c:\windows\system32\nvcuda.dll
2012-02-10 04:13 . 2012-02-22 17:04 2517312 ----a-w- c:\windows\system32\nvcuvid.dll
2012-02-10 04:13 . 2012-02-22 17:04 2437440 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-02-10 04:13 . 2012-02-22 17:04 19443520 ----a-w- c:\windows\system32\nvoglv32.dll
2012-02-10 04:13 . 2012-02-22 17:04 17543488 ----a-w- c:\windows\system32\nvcompiler.dll
2012-02-10 04:13 . 2012-02-22 17:04 15009600 ----a-w- c:\windows\system32\nvd3dum.dll
2012-02-10 04:13 . 2012-02-22 17:04 10816832 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-02-10 04:13 . 2011-08-10 03:00 881984 ----a-w- c:\windows\system32\nvgenco32.dll
2012-02-10 04:13 . 2011-08-10 03:00 1000256 ----a-w- c:\windows\system32\nvdispco32.dll
2012-02-10 04:13 . 2010-09-24 23:46 2301248 ----a-w- c:\windows\system32\nvapi.dll
2012-02-10 03:02 . 2011-04-07 21:43 3881792 ----a-w- c:\windows\system32\nvcpl.dll
2012-02-10 03:00 . 2011-04-07 21:43 2719040 ----a-w- c:\windows\system32\nvsvc.dll
2012-02-10 03:00 . 2011-04-07 21:43 645440 ----a-w- c:\windows\system32\nvvsvc.exe
2012-02-10 03:00 . 2011-04-07 21:43 108352 ----a-w- c:\windows\system32\nvmctray.dll
2012-02-10 03:00 . 2010-07-09 15:20 62272 ----a-w- c:\windows\system32\nvshext.dll
2012-02-09 20:05 . 2012-02-09 20:05 416064 ----a-w- c:\windows\system32\nvStreaming.exe
2012-01-26 18:39 . 2012-01-26 18:39 53248 ----a-r- c:\users\Pete\AppData\Roaming\Microsoft\Installer\{12BAA98C-F8DD-4BC9-BBE6-1C8463114197}\ARPPRODUCTICON.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-11-13 21:58 3913000 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{31ad400d-1b06-4e33-a59a-90c2c140cba0}]
2010-11-05 01:58 297808 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-17 221184]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"StickyPassword"="c:\program files\Sticky Password\stpass.exe" [2010-08-25 3052376]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
"Browser Infrastructure Helper"="c:\users\Pete\AppData\Local\Smartbar\Application\Smartbar.exe" [2012-03-20 19272]
"Facebook Update"="c:\users\Pete\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-04-06 137536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2009-07-22 83336]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
"VM331_STI"="c:\windows\VM331_STI.exe" [2010-01-15 536576]
"SPZ2000_Monitor"="c:\windows\Philips\SPZ2000\GUCI_AVS.exe" [2007-12-10 323584]
"PlusService"="c:\program files\Yuna Software\Messenger Plus!\PlusService.exe" [2012-02-27 801792]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1387288]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-07-28 9398888]
"RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-09-01 90448]
"OODefragTray"="c:\program files\OO Software\Defrag\oodtray.exe" [2011-11-17 2773328]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\users\Pete\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Facebook Messenger.lnk - c:\users\Pete\AppData\Local\Facebook\Messenger\2.0.4478.0\FacebookMessenger.exe [2012-4-5 204288]
Logitech . Product Registration.lnk - c:\program files\Common Files\Logishrd\eReg\SetPoint\eReg.exe [2009-11-16 517384]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2010-6-28 2721184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2011-09-27 19:03 66328 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart\0OODBS
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 JetDrive WindowsClosingService;JetDrive WindowsClosingService;c:\windows\System32\WindowsClosingService [x]
R3 jetdrive;jddrv;c:\windows\system32\DRIVERS\jddrv.sys [2011-03-12 29056]
R3 Just Flight Limited License Service;Just Flight Limited License Service;c:\program files\Common Files\Just Flight Limited Shared\Service\JustFlightLimitedLicSvc.exe [2010-10-27 69632]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [x]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2010-01-19 9216]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 27192]
R3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\DRIVERS\s0016bus.sys [2008-05-16 89256]
R3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0016mdfl.sys [2008-05-16 15016]
R3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0016mdm.sys [2008-05-16 120744]
R3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0016mgmt.sys [2008-05-16 114216]
R3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\DRIVERS\s0016nd5.sys [2008-05-16 25512]
R3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0016obex.sys [2008-05-16 110632]
R3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\DRIVERS\s0016unic.sys [2008-05-16 115752]
R3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2011-06-29 155344]
R3 SRS_AE_Service;SRS Audio Essentials;c:\windows\system32\drivers\SRS_AE_i386.sys [2011-08-01 404256]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);c:\windows\system32\DRIVERS\vcsvad.sys [2008-12-26 17792]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-09-25 1343400]
R3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [2010-11-26 25704]
R3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [2010-11-26 25704]
R3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [2010-11-26 25704]
R3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [2010-11-26 25704]
R3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [2010-11-26 25704]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2011-07-11 23120]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2011-09-13 32592]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-07-12 64288]
S0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\System32\drivers\sfdrv01a.sys [2009-02-03 63096]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2011-10-07 230608]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2011-07-11 295248]
S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2011-06-28 101720]
S2 ACPService;ACPService;c:\program files\Philips\CamSuite\2.0.15.0\ACPService.exe [2010-08-26 687104]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]
S2 BecHelperService;BecHelperService;c:\program files\3 Mobile Broadband\3Connect\BecHelperService.exe [2010-01-28 1737464]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-02-10 2348352]
S2 OODefragAgent;O&O Defrag Agent;c:\program files\OO Software\Defrag\oodag.exe [2011-11-17 2489680]
S2 PfFilter;PfFilter;c:\program files\IObit\Protected Folder\pffilter.sys [2011-03-16 140848]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-09 382272]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [2011-07-11 134736]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [2011-07-11 24272]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys [2011-10-04 16720]
S3 GUCI_AVS;Philips SPZ2000 Webcam;c:\windows\system32\DRIVERS\GUCI_AVS.sys [2010-06-10 574848]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-03-22 278560]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-08 c:\windows\Tasks\AWC AutoSweep.job
- c:\program files\IObit\Advanced SystemCare 3\AutoSweep.exe [2010-10-06 13:11]
.
2012-04-07 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3149207797-2026983667-1932898229-1000Core.job
- c:\users\Pete\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-06 21:53]
.
2012-04-08 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3149207797-2026983667-1932898229-1000UA.job
- c:\users\Pete\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-06 21:53]
.
2012-04-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3149207797-2026983667-1932898229-1000Core.job
- c:\users\Pete\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-18 23:52]
.
2012-04-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3149207797-2026983667-1932898229-1000UA.job
- c:\users\Pete\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-18 23:52]
.
2012-04-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3149207797-2026983667-1932898229-1003Core.job
- c:\users\Claire\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-20 16:00]
.
2012-04-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3149207797-2026983667-1932898229-1003UA.job
- c:\users\Claire\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-20 16:00]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://co122w.col122.mail.live.com/default.aspx?rru=inbox&wa=wsignin1.0
IE: Download All By FlashGet3 - c:\users\Pete\AppData\Roaming\FlashGetBHO\GetAllUrl.htm
IE: Download By FlashGet3 - c:\users\Pete\AppData\Roaming\FlashGetBHO\GetUrl.htm
Trusted Zone: facebook.com\www
Trusted Zone: kuaiche.com\software
Trusted Zone: microsoft.com\*.update
DPF: {01025D1C-BB03-4369-8344-732CD0DCCCF0} - hxxp://www.geforce.com/services_toolkit/ShimGen/1.1.28.1/GPU_Reader.cab
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKCU-Run-Messenger (Yahoo!) - ~c:\program files\Yahoo!\Messenger\YahooMessenger.exe
AddRemove-Wupper Express 11 Actpack 1.0 - c:\train simulator\Uninstal.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\JetDrive WindowsClosingService]
"ImagePath"="c:\windows\System32\WindowsClosingService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3149207797-2026983667-1932898229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-3149207797-2026983667-1932898229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-3149207797-2026983667-1932898229-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B1E51BE9-9E19-2AA1-5AE0-30693E4CDCDF}*]
"mafeebkianklingcpcbenhmmfi"=hex:6a,61,68,66,63,69,70,6f,68,65,61,6a,6d,69,64,
6c,61,6b,6f,70,00,00
"nadecadlmiabdgjoebiifnbgkjno"=hex:6a,61,68,66,63,69,70,6f,68,65,61,6a,6d,69,
64,6c,61,6b,6f,70,00,00
"hahbbjljccohllin"=hex:61,62,63,63,65,67,6d,6c,64,62,66,6d,6d,6d,6c,69,67,61,
61,64,65,65,6e,62,62,61,6b,65,67,70,70,6b,70,6a,00,00
"hahbbjljpchjpmck"=hex:64,62,65,65,6f,63,70,6d,6b,67,6c,66,70,69,6a,65,6f,69,
6a,6d,6e,69,70,66,65,6e,63,6e,63,66,64,68,69,68,6e,6b,61,6e,61,66,00,40
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OOPM03.00.00.01PRO"="4D6DB634E94BAB10518D41788B55A2E18248F07AB605280B68409CFDD28FE6B97040334856CBB2741834CF6A59F3BE6BE5B399A77EFBA8E0BB9CF3D7A4F05022EDBF7C75EBEA018AB419629C0913E89CE497FDB46BB262267DFEC71932D68AF7854D95DA6E04AD2E3533AE0DB8F47B03F825A7A319F3943735F116623236DA0AE9E9105CD2D022BD1BA1FC81BDBEA72D8F343639D7EDD4F5DD23749A15FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808BA7FD869164D6794A6171C11EC38DE3DA6171C11EC38DE3D5D092FFE5513152E5DA2D294245356DA186ADDEFBEA6859F7F24BE8F47C810400D85E4FE0F70CAE75B7969DE763D979BC13C4540D57A2E7F8C4493D772AC5FECBA756EF392F47C525532D24B8FC2C26ECBAC141A88CD58CD6D90E60F92EDDD26E58175040C38887553D9878FF4ED55F6E6CA365E56C1456C1A43346240E3AC2D6DA4A6C950E20F0DBDCF06D1D260129025FD9961658AF7726FE3FB7138F5307598AD31525334760B65CA4F2C76CA7EC8007F31687BF036292D51C0535BA211A490C14B20307D6713FAD169AFD27465DF505DF3B2854F0C10F8410B90AEFAB99862D8AC29A3A64EFD16C25D5D7F3B554CD678DBED1398495A59B765265CA25C5F7F3E92D710285D57304E3A2E380D1F36B707E6BFD7CEFE6DBB91E0042F56EABD3C123E0AFA118861A678118AD96C597D78939ABE2C8B85E3F07B8F8F98DF9F2AD3C6729210840A103E9B76D36871DF3286FBF9F78CFA780CACF80A23AEA2F550E3A678B41BB7DD8B9D6285DC8BC64D992FF092EB17DB376808E1EB8AA893AD0F6CCA1EAD0E74C6B04CCE5AEA8D2D082E2878F10E900563B0FE60D58665BA4AFB52A433AA019B480FBA3698BADB75321D876DA945E1DCE5CFF07269CD643795DC60F78CCC2B1C2DEBBAC0E47B0C893947C7FB52EE95606861A46B4F074BB81BAEC3DA822AEB7E024083E968CD53E249424A27855B5C9FDABAC072B3D16185AA9E0E3AF24D45DA17382E85D0CB0D91D4D85144E14C093FEF61D10245BC95F6D892B357BCB35DE203B33935507E37B89387847C8AFC95F69F10C86838CEF7F9FDA18F444550FBD51DC809731DE5760FFC016F4FA5171C142535794A45003D0F35955DE77589910C84BE610C6FF49061D029010D5EBB5DF4FDF21D9BA53EBE4C5E6FBF803A372F6E98916EA18691700D129A0D5B62FEBB8F6F9FCE291AE9F85C9FE23C9B03298A7B7FF33EA62297268606A1CB3565E8C1EAFE479110E6570D7ADF573A1FC5A07DC4234843660AD6E25536C156E61E74192578A646C5D3CF41774BE789417AD406F22FA7527B0711FD13F0AEAD14469213ECEA31378E2B917BBAD264DA0E1EEEC53E94DE2856E5FDF271C8D236B09D"
"OODEFRAG14.00.00.01PROFESSIONAL"="D165D114FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808A2D97226D213B555A6A0AC4980AC7933C038D530D6EB34524EA4E50917B51E820907A54BAB5765676D50CD0D5C5F8D8081B66C139F1CA3B55B0AD39F0A4A7E69B503302E0BEAB380CC1B71CC72A8EE7E9383FB78CB4F06322F9E2B168353696CCA0E286E63E4DD4C385412C3579B8C18DD8169F78AA75BAD7971DD35491C1FF32F9A5D3D3F438F6C6BECF9AEFC869DC991419F73D264091C7F54142B7675CE8D5ADA5330FE86662733992C2A273BCD2F7019B934ED46E59519E02785FAB11EE8DAC8C0C05532F3E5F1D3DBB96E0EBA8E52230CE37A16BD56B270A5BB98A926DC529E114C4B4FBDB69D587243C0D978CBA23E1B93699CD0BCCC23D223E6B8F3DFF25E6414BB6B3FCC42290B915DFA8E74E08BA0B401A9D3CD7ADAA47ACE3E08900A4B8EBDD79666FBFB0B7752D9D4F6351FF18921D9106E3265404561129CD8AFF16D96D222E493BE7E86BC971ECB21E2869A7713E2A5BC34493D135CC0BECDA09E913841F2701EB410E812D8E8C9707350F4C0A9DDC4CE4576022252430D446E92C6E2D875D4D01E8AC364F049BDBA02CC336E68604E2877D101B71253790D45E8623A4FA9B267605CECD39CA4174CCCDF4A3DB653A14105D1714FCA00F56E754D7B9640E3AE168607FB3600B3CCE2B7FE749FDF76A88648854F96112CFA2074036F01264B7181BEA1CF131F8358B3C8B7B13B93594CD7418AD8EF5E1004D0DADDDD3B645CA8C4D85688A667F33763ABA7C1E865637A08939691F10D34912065C72A38BFE583ECCDE30B61A5BBEA0FAE03ACB74CCD27DF08F040E75E77A52375BDFC9FE00C387C351C80690B61F944C490BB66A4A6491C0AF770CF768EC8628FD1C3CCD6C67DE9CD64D69630C2EC86852C7CEC2CCE5A6C2A99F0DC5F7E87DCDDA8ABCE9162919D79393F740F90D14CABC34274077C58F41BDBD5F383A370022BFAAC6A67FDB4F73EA6AD4405CF3B02155B23D9BD3A494DB6D574B0B42B17B66A16FB95118CAB49C6CF5C7A5558BD05460C78ADB965AF017633EAE225979355AEDC967DAC58BD585E6A48BF26D7F229647DE0B84C2F9990FAB6948A704280A932433D00BA7A395EF8C2326F81CEF8363CF13E70289D14710932975F10547FF4D0D273322164EE0A2D34A01D579271E5BA3C3785638B318988105A4C66CB33EC0D2881DA2A59B17DB2335A89774B81E774423559FBA58835044A07EF37FBC23A0A75F27401EF5CCE69C5ED301A75D35E9F80677E4F6D3546ADF20E1C2B8CDA7911019A31B895C98751852CBBD9E295621785BFC121B9D4FED72DA257CDF72ABC102189F1470BDB2692A1AB0DB3B7F7FDD975739E99B28A97F8B23ADC108BE48617C5984F04"
"OODEFRAG15.00.00.01PROFESSIONAL"="07725BEB32B05DDC0C797267C0CDDC3E884836A3C42BCD8F02962422CEE4E86668E73CEC1B23A1BBE1B4571A22F086C89380890F29752AC28AAC1FA678EDA9592C1E9E968A7F3490383D60AFE1DC2C62FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808A9C6AECB7A5D1407BA7FD869164D67949DB7CE019D40AA5CDAC89EC09BF93E8A71579DBE33851B9FB2F8C47B713C9D98DD742404042AF8DCB124EE88F4CBDEEE70E6911EF92D980EF1EDD947CD5FBBAEC54EAB4F19B466BA65F3C97BEF518CA778CFA984D88FD7DBA3E4DBE2E9AC94E06F23826C72C933ECB98A564133BC55303429BE852F3366FEFB5DF5F1FD9F57C4BAF3C32C3DFAD046568FC1F607530739B6DEAC2C7D3396A69725568B64C77623EA961052CF6B714CC8FCB9AED7ED38A4F5B05577E83CFCB274E2ACB91CC82779A6B58695A0550C3A8022F36C37FABE0A49331DD7BD11F1B6F30F2F7CC7D964797A4D51A44B03DAFED12026A959FAB8B6704D6CB3E70814FBDD7619C6AEC46B89D4B0981D1156DE3CF56F8D52970206290BBBAEE5790CC300DB39A57FBB6ABEC289050B9355C2DAC988DAE949EEBAC914208C57BB291BA5707B4C9982FCBDA472CF445D919FD055AF0B807DE27F62EB6018255877D04723B431F8B71CA646A719C3BCC3101C9C992F60D311E70F4A1AA740BC2C4E6E366964D1DB4A938F9E16EEE48E7B029AD5B7BA539AEE948756443C4A5FCEEB2323EACB9865209B31F580DA15B1C0CA0FC181F60DEFE89BF2821E1F4AEC40EC36DCDA6B235B8A622B113E7B1D6E58C111380E3F214350A104599E89BB1806E40F43B3F774545E85C14569A2A7E286B2DC2639A181D67E3E907D84667C6A2957BD4FB159F23FF59759FE60D4C400985ED30B236208C1CE000F244D554BBDB4C0738AD6AD685C2E21FE3CC4CBE60E5BF876FA2DF4EFEDA0681F163EA84F433A8E0712E7C38340691CE0927DF5E6A3A1A96F9E7F085B1C56E900B161E9117DCFA17019EDA1D6D30DF7D0273475FE31C20D0AB204F5CD5CD9EF95E6FED3FEC50C514FE5B5FDD9530396C736D69D4FF699B33507EB542F971656EA3C2BD56AC60CE764D251C6E4D0B9D05F0F9779DA8B83A08600A8E74C07FA6FACC936138781F021174E951D38AFA0F0D6956CC588D864CBB495F12D553BF9FEAA3E3C63F0475E31EF591B537429AE3690BF1175A41B22A21BD4C350DE950EBD5AD896D223C27EBE9C8B4073224ADE53141981ABDD65A7043B5D5CB4E1CCB0D954716520806EFDE0700FA5BA29F2ABEE0C4281C4489D63C338633FF0B9EC61F3D5EE8EBE4E198B286022AF97D95A1A24476C95CB5AFCC8A9D9AEB250275426A03FCFB95634E85E15869687306606AD03B85F0A0470124E730C9DC250"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(5548)
c:\program files\Sticky Password\spCapBtn.dll
.
Completion time: 2012-04-08 15:31:41
ComboFix-quarantined-files.txt 2012-04-08 14:31
.
Pre-Run: 433,079,930,880 bytes free
Post-Run: 433,105,821,696 bytes free
.
- - End Of File - - 863981B9884CBE92326E4B1A934B1E00



15:55:22.0381 4908 TDSS rootkit removing tool 2.7.26.0 Apr 4 2012 19:52:02
15:55:24.0382 4908 ============================================================
15:55:24.0382 4908 Current date / time: 2012/04/08 15:55:24.0382
15:55:24.0382 4908 SystemInfo:
15:55:24.0382 4908
15:55:24.0382 4908 OS Version: 6.1.7601 ServicePack: 1.0
15:55:24.0382 4908 Product type: Workstation
15:55:24.0383 4908 ComputerName: PETE-PC
15:55:24.0383 4908 UserName: Pete
15:55:24.0383 4908 Windows directory: C:\Windows
15:55:24.0383 4908 System windows directory: C:\Windows
15:55:24.0383 4908 Processor architecture: Intel x86
15:55:24.0383 4908 Number of processors: 2
15:55:24.0383 4908 Page size: 0x1000
15:55:24.0383 4908 Boot type: Normal boot
15:55:24.0383 4908 ============================================================
15:55:25.0230 4908 Drive \Device\Harddisk0\DR0 - Size: 0x7470AFDE00 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
15:55:25.0242 4908 Drive \Device\Harddisk1\DR1 - Size: 0x1BF286DE00 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
15:55:25.0260 4908 Drive \Device\Harddisk2\DR2 - Size: 0x25432CDE00 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
15:55:25.0283 4908 \Device\Harddisk0\DR0:
15:55:25.0283 4908 MBR used
15:55:25.0283 4908 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A384C02
15:55:25.0283 4908 \Device\Harddisk1\DR1:
15:55:25.0283 4908 MBR used
15:55:25.0283 4908 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xDF93782
15:55:25.0283 4908 \Device\Harddisk2\DR2:
15:55:25.0283 4908 MBR used
15:55:25.0283 4908 \Device\Harddisk2\DR2\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x12A18A82
15:55:25.0433 4908 Initialize success
15:55:25.0433 4908 ============================================================
15:55:48.0568 4276 ============================================================
15:55:48.0568 4276 Scan started
15:55:48.0568 4276 Mode: Manual;
15:55:48.0568 4276 ============================================================
15:55:48.0981 4276 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
15:55:48.0984 4276 1394ohci - ok
15:55:49.0020 4276 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
15:55:49.0023 4276 ACPI - ok
15:55:49.0041 4276 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
15:55:49.0043 4276 AcpiPmi - ok
15:55:49.0093 4276 ACPService (41ee3d758bd1b7acd04136a58b753342) C:\Program Files\Philips\CamSuite\2.0.15.0\ACPService.exe
15:55:49.0097 4276 ACPService - ok
15:55:49.0149 4276 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
15:55:49.0150 4276 AdobeARMservice - ok
15:55:49.0222 4276 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
15:55:49.0227 4276 adp94xx - ok
15:55:49.0248 4276 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
15:55:49.0252 4276 adpahci - ok
15:55:49.0260 4276 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
15:55:49.0263 4276 adpu320 - ok
15:55:49.0293 4276 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
15:55:49.0294 4276 AeLookupSvc - ok
15:55:49.0328 4276 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
15:55:49.0332 4276 AFD - ok
15:55:49.0360 4276 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
15:55:49.0361 4276 agp440 - ok
15:55:49.0409 4276 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
15:55:49.0411 4276 aic78xx - ok
15:55:49.0430 4276 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
15:55:49.0432 4276 ALG - ok
15:55:49.0454 4276 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
15:55:49.0456 4276 aliide - ok
15:55:49.0465 4276 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
15:55:49.0467 4276 amdagp - ok
15:55:49.0476 4276 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
15:55:49.0477 4276 amdide - ok
15:55:49.0493 4276 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
15:55:49.0495 4276 AmdK8 - ok
15:55:49.0508 4276 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
15:55:49.0510 4276 AmdPPM - ok
15:55:49.0545 4276 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
15:55:49.0547 4276 amdsata - ok
15:55:49.0572 4276 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
15:55:49.0575 4276 amdsbs - ok
15:55:49.0611 4276 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
15:55:49.0612 4276 amdxata - ok
15:55:49.0650 4276 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
15:55:49.0652 4276 AppID - ok
15:55:49.0706 4276 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
15:55:49.0724 4276 AppIDSvc - ok
15:55:49.0762 4276 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
15:55:49.0764 4276 Appinfo - ok
15:55:49.0836 4276 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
15:55:49.0838 4276 arc - ok
15:55:49.0847 4276 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
15:55:49.0848 4276 arcsas - ok
15:55:49.0865 4276 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
15:55:49.0866 4276 AsyncMac - ok
15:55:49.0895 4276 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
15:55:49.0895 4276 atapi - ok
15:55:49.0954 4276 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
15:55:49.0960 4276 AudioEndpointBuilder - ok
15:55:49.0968 4276 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
15:55:49.0972 4276 Audiosrv - ok
15:55:50.0091 4276 AVGIDSAgent (6d440ff3f44ca72edfd6176c6d6a89c0) C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
15:55:50.0115 4276 AVGIDSAgent - ok
15:55:50.0185 4276 AVGIDSDriver (f6878b90a8a9795116bce335238e65af) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
15:55:50.0186 4276 AVGIDSDriver - ok
15:55:50.0229 4276 AVGIDSEH (19a08a6728a6e02099d64268218cd799) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
15:55:50.0230 4276 AVGIDSEH - ok
15:55:50.0251 4276 AVGIDSFilter (f8927ab1dd086edeff2924a64dc89869) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
15:55:50.0251 4276 AVGIDSFilter - ok
15:55:50.0280 4276 AVGIDSShim (dadca567891033dcf2ec4a3f9da46ae4) C:\Windows\system32\DRIVERS\AVGIDSShim.Sys
15:55:50.0281 4276 AVGIDSShim - ok
15:55:50.0302 4276 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\Windows\system32\DRIVERS\avgldx86.sys
15:55:50.0304 4276 Avgldx86 - ok
15:55:50.0326 4276 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\Windows\system32\DRIVERS\avgmfx86.sys
15:55:50.0327 4276 Avgmfx86 - ok
15:55:50.0343 4276 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\Windows\system32\DRIVERS\avgrkx86.sys
15:55:50.0344 4276 Avgrkx86 - ok
15:55:50.0407 4276 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\Windows\system32\DRIVERS\avgtdix.sys
15:55:50.0409 4276 Avgtdix - ok
15:55:50.0465 4276 avgwd (6699ece24fe4b3f752a66c66a602ee86) C:\Program Files\AVG\AVG2012\avgwdsvc.exe
15:55:50.0466 4276 avgwd - ok
15:55:50.0509 4276 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
15:55:50.0511 4276 AxInstSV - ok
15:55:50.0544 4276 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
15:55:50.0550 4276 b06bdrv - ok
15:55:50.0600 4276 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
15:55:50.0603 4276 b57nd60x - ok
15:55:50.0634 4276 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
15:55:50.0636 4276 BDESVC - ok
15:55:50.0815 4276 BecHelperService (553e94ae71d233c14a8c8b4af9286ed0) C:\Program Files\3 Mobile Broadband\3Connect\BecHelperService.exe
15:55:50.0824 4276 BecHelperService - ok
15:55:50.0890 4276 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
15:55:50.0891 4276 Beep - ok
15:55:50.0929 4276 BFE (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll
15:55:50.0934 4276 BFE - ok
15:55:50.0964 4276 BITS (e585445d5021971fae10393f0f1c3961) C:\Windows\system32\qmgr.dll
15:55:50.0972 4276 BITS - ok
15:55:50.0990 4276 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
15:55:50.0991 4276 blbdrive - ok
15:55:51.0017 4276 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
15:55:51.0019 4276 bowser - ok
15:55:51.0064 4276 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
15:55:51.0066 4276 BrFiltLo - ok
15:55:51.0092 4276 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
15:55:51.0093 4276 BrFiltUp - ok
15:55:51.0118 4276 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
15:55:51.0119 4276 BridgeMP - ok
15:55:51.0138 4276 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
15:55:51.0140 4276 Browser - ok
15:55:51.0163 4276 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
15:55:51.0166 4276 Brserid - ok
15:55:51.0185 4276 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
15:55:51.0187 4276 BrSerWdm - ok
15:55:51.0204 4276 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
15:55:51.0205 4276 BrUsbMdm - ok
15:55:51.0222 4276 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
15:55:51.0226 4276 BrUsbSer - ok
15:55:51.0273 4276 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\drivers\BthEnum.sys
15:55:51.0274 4276 BthEnum - ok
15:55:51.0304 4276 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
15:55:51.0305 4276 BTHMODEM - ok
15:55:51.0340 4276 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
15:55:51.0341 4276 BthPan - ok
15:55:51.0372 4276 BTHPORT (c2fbf6d271d9a94d839c416bf186ead9) C:\Windows\System32\Drivers\BTHport.sys
15:55:51.0377 4276 BTHPORT - ok
15:55:51.0395 4276 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
15:55:51.0397 4276 bthserv - ok
15:55:51.0428 4276 BTHUSB (c81e9413a25a439f436b1d4b6a0cf9e9) C:\Windows\System32\Drivers\BTHUSB.sys
15:55:51.0430 4276 BTHUSB - ok
15:55:51.0492 4276 catchme - ok
15:55:51.0560 4276 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
15:55:51.0561 4276 cdfs - ok
15:55:51.0615 4276 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys
15:55:51.0617 4276 cdrom - ok
15:55:51.0654 4276 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
15:55:51.0656 4276 CertPropSvc - ok
15:55:51.0673 4276 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
15:55:51.0675 4276 circlass - ok
15:55:51.0722 4276 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
15:55:51.0725 4276 CLFS - ok
15:55:51.0799 4276 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:55:51.0801 4276 clr_optimization_v2.0.50727_32 - ok
15:55:51.0852 4276 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:55:51.0855 4276 clr_optimization_v4.0.30319_32 - ok
15:55:51.0913 4276 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
15:55:51.0938 4276 CmBatt - ok
15:55:51.0971 4276 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
15:55:51.0972 4276 cmdide - ok
15:55:51.0997 4276 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
15:55:51.0999 4276 CNG - ok
15:55:52.0008 4276 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
15:55:52.0009 4276 Compbatt - ok
15:55:52.0029 4276 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
15:55:52.0031 4276 CompositeBus - ok
15:55:52.0052 4276 COMSysApp - ok
15:55:52.0067 4276 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
15:55:52.0068 4276 crcdisk - ok
15:55:52.0071 4276 Crypkey License - ok
15:55:52.0102 4276 CryptSvc (a585bebf7d054bd9618eda0922d5484a) C:\Windows\system32\cryptsvc.dll
15:55:52.0104 4276 CryptSvc - ok
15:55:52.0142 4276 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
15:55:52.0149 4276 DcomLaunch - ok
15:55:52.0180 4276 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
15:55:52.0184 4276 defragsvc - ok
15:55:52.0222 4276 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
15:55:52.0223 4276 DfsC - ok
15:55:52.0239 4276 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
15:55:52.0243 4276 Dhcp - ok
15:55:52.0279 4276 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
15:55:52.0280 4276 discache - ok
15:55:52.0311 4276 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
15:55:52.0313 4276 Disk - ok
15:55:52.0342 4276 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
15:55:52.0344 4276 Dnscache - ok
15:55:52.0381 4276 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
15:55:52.0385 4276 dot3svc - ok
15:55:52.0417 4276 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
15:55:52.0421 4276 DPS - ok
15:55:52.0446 4276 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
15:55:52.0447 4276 drmkaud - ok
15:55:52.0484 4276 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
15:55:52.0488 4276 DXGKrnl - ok
15:55:52.0537 4276 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
15:55:52.0540 4276 EapHost - ok
15:55:52.0612 4276 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
15:55:52.0640 4276 ebdrv - ok
15:55:52.0676 4276 EFS (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe
15:55:52.0678 4276 EFS - ok
15:55:52.0736 4276 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe
15:55:52.0742 4276 ehRecvr - ok
15:55:52.0766 4276 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
15:55:52.0767 4276 ehSched - ok
15:55:52.0825 4276 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
15:55:52.0830 4276 elxstor - ok
15:55:52.0855 4276 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
15:55:52.0856 4276 ErrDev - ok
15:55:52.0908 4276 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
15:55:52.0913 4276 EventSystem - ok
15:55:52.0936 4276 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
15:55:52.0939 4276 exfat - ok
15:55:52.0976 4276 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
15:55:52.0979 4276 fastfat - ok
15:55:53.0013 4276 Fax (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
15:55:53.0020 4276 Fax - ok
15:55:53.0041 4276 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
15:55:53.0043 4276 fdc - ok
15:55:53.0061 4276 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
15:55:53.0063 4276 fdPHost - ok
15:55:53.0094 4276 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
15:55:53.0096 4276 FDResPub - ok
15:55:53.0121 4276 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
15:55:53.0122 4276 FileInfo - ok
15:55:53.0142 4276 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
15:55:53.0143 4276 Filetrace - ok
15:55:53.0177 4276 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
15:55:53.0179 4276 flpydisk - ok
15:55:53.0209 4276 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
15:55:53.0212 4276 FltMgr - ok
15:55:53.0255 4276 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll
15:55:53.0264 4276 FontCache - ok
15:55:53.0317 4276 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
15:55:53.0319 4276 FontCache3.0.0.0 - ok
15:55:53.0370 4276 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
15:55:53.0371 4276 FsDepends - ok
15:55:53.0395 4276 fssfltr (d909075fa72c090f27aa926c32cb4612) C:\Windows\system32\DRIVERS\fssfltr.sys
15:55:53.0397 4276 fssfltr - ok
15:55:53.0472 4276 fsssvc (40cdfad174b3d5e80f95dda003c0b97f) C:\Program Files\Windows Live\Family Safety\fsssvc.exe
15:55:53.0486 4276 fsssvc - ok
15:55:53.0524 4276 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
15:55:53.0525 4276 Fs_Rec - ok
15:55:53.0556 4276 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
15:55:53.0559 4276 fvevol - ok
15:55:53.0610 4276 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
15:55:53.0611 4276 gagp30kx - ok
15:55:53.0651 4276 gdrv (c6e3105b8c68c35cc1eb26a00fd1a8c6) C:\Windows\gdrv.sys
15:55:53.0652 4276 gdrv - ok
15:55:53.0697 4276 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
15:55:53.0704 4276 gpsvc - ok
15:55:53.0744 4276 GUCI_AVS (c483626faaee199b98e61ac9bb219150) C:\Windows\system32\DRIVERS\GUCI_AVS.sys
15:55:53.0751 4276 GUCI_AVS - ok
15:55:53.0781 4276 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
15:55:53.0782 4276 hcw85cir - ok
15:55:53.0813 4276 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
15:55:53.0817 4276 HdAudAddService - ok
15:55:53.0859 4276 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
15:55:53.0860 4276 HDAudBus - ok
15:55:53.0881 4276 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
15:55:53.0882 4276 HidBatt - ok
15:55:53.0904 4276 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
15:55:53.0905 4276 HidBth - ok
15:55:53.0922 4276 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
15:55:53.0923 4276 HidIr - ok
15:55:53.0941 4276 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\System32\hidserv.dll
15:55:53.0944 4276 hidserv - ok
15:55:53.0962 4276 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
15:55:53.0963 4276 HidUsb - ok
15:55:53.0998 4276 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
15:55:54.0001 4276 hkmsvc - ok
15:55:54.0031 4276 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
15:55:54.0035 4276 HomeGroupListener - ok
15:55:54.0085 4276 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
15:55:54.0089 4276 HomeGroupProvider - ok
15:55:54.0114 4276 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
15:55:54.0116 4276 HpSAMD - ok
15:55:54.0149 4276 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
15:55:54.0156 4276 HTTP - ok
15:55:54.0181 4276 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
15:55:54.0182 4276 hwpolicy - ok
15:55:54.0209 4276 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
15:55:54.0211 4276 i8042prt - ok
15:55:54.0248 4276 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
15:55:54.0253 4276 iaStorV - ok
15:55:54.0331 4276 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
15:55:54.0340 4276 idsvc - ok
15:55:54.0471 4276 igfx (ad626f6964f4d364d226c39e06872dd3) C:\Windows\system32\DRIVERS\igdkmd32.sys
15:55:54.0514 4276 igfx - ok
15:55:54.0540 4276 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
15:55:54.0542 4276 iirsp - ok
15:55:54.0600 4276 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
15:55:54.0607 4276 IKEEXT - ok
15:55:54.0709 4276 IntcAzAudAddService (aee99ecf06cd1cea95816ccb5bf73ec8) C:\Windows\system32\drivers\RTKVHDA.sys
15:55:54.0724 4276 IntcAzAudAddService - ok
15:55:54.0783 4276 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
15:55:54.0785 4276 intelide - ok
15:55:54.0837 4276 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
15:55:54.0838 4276 intelppm - ok
15:55:54.0863 4276 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
15:55:54.0865 4276 IPBusEnum - ok
15:55:54.0880 4276 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:55:54.0881 4276 IpFilterDriver - ok
15:55:54.0911 4276 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll
15:55:54.0917 4276 iphlpsvc - ok
15:55:54.0961 4276 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
15:55:54.0963 4276 IPMIDRV - ok
15:55:54.0974 4276 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
15:55:54.0976 4276 IPNAT - ok
15:55:54.0997 4276 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
15:55:54.0998 4276 IRENUM - ok
15:55:55.0012 4276 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
15:55:55.0013 4276 isapnp - ok
15:55:55.0060 4276 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
15:55:55.0064 4276 iScsiPrt - ok
15:55:55.0096 4276 jetdrive (d6c59572d05a6a4e0ce5a283ad97ff29) C:\Windows\system32\DRIVERS\jddrv.sys
15:55:55.0097 4276 jetdrive - ok
15:55:55.0106 4276 JetDrive WindowsClosingService - ok
15:55:55.0152 4276 Just Flight Limited License Service (3818b0097208f2f424d7030024f72816) C:\Program Files\Common Files\Just Flight Limited Shared\Service\JustFlightLimitedLicSvc.exe
15:55:55.0154 4276 Just Flight Limited License Service - ok
15:55:55.0195 4276 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
15:55:55.0196 4276 kbdclass - ok
15:55:55.0219 4276 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\DRIVERS\kbdhid.sys
15:55:55.0220 4276 kbdhid - ok
15:55:55.0245 4276 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
15:55:55.0248 4276 KeyIso - ok
15:55:55.0276 4276 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
15:55:55.0277 4276 KSecDD - ok
15:55:55.0293 4276 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
15:55:55.0295 4276 KSecPkg - ok
15:55:55.0327 4276 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
15:55:55.0332 4276 KtmRm - ok
15:55:55.0361 4276 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\System32\srvsvc.dll
15:55:55.0367 4276 LanmanServer - ok
15:55:55.0420 4276 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
15:55:55.0425 4276 LanmanWorkstation - ok
15:55:55.0435 4276 Lavasoft Kernexplorer - ok
15:55:55.0459 4276 Lbd (b7c19ec8b0dd7efa58ad41ffeb8b8cda) C:\Windows\system32\DRIVERS\Lbd.sys
15:55:55.0461 4276 Lbd - ok
15:55:55.0518 4276 LBTServ (910344e2a984010435ae84783b25e5eb) C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
15:55:55.0520 4276 LBTServ - ok
15:55:55.0557 4276 LHidFilt (01cc7fb6e790ef044b411377f3a1ff41) C:\Windows\system32\DRIVERS\LHidFilt.Sys
15:55:55.0558 4276 LHidFilt - ok
15:55:55.0585 4276 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
15:55:55.0587 4276 lltdio - ok
15:55:55.0639 4276 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
15:55:55.0643 4276 lltdsvc - ok
15:55:55.0666 4276 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
15:55:55.0669 4276 lmhosts - ok
15:55:55.0693 4276 LMouFilt (a2e7eae8898d7b4b8c302b8f4e836bb5) C:\Windows\system32\DRIVERS\LMouFilt.Sys
15:55:55.0694 4276 LMouFilt - ok
15:55:55.0715 4276 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
15:55:55.0717 4276 LSI_FC - ok
15:55:55.0731 4276 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
15:55:55.0733 4276 LSI_SAS - ok
15:55:55.0749 4276 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
15:55:55.0750 4276 LSI_SAS2 - ok
15:55:55.0769 4276 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
15:55:55.0771 4276 LSI_SCSI - ok
15:55:55.0788 4276 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
15:55:55.0790 4276 luafv - ok
15:55:55.0823 4276 massfilter (59a2783aba6019bed0c843c706e10a6a) C:\Windows\system32\drivers\massfilter.sys
15:55:55.0824 4276 massfilter - ok
15:55:55.0872 4276 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll
15:55:55.0876 4276 Mcx2Svc - ok
15:55:55.0966 4276 mdvrmng (4e10e84320a8ec1c12bd0d00973b22ab) C:\Windows\system32\drivers\mdvrmng.sys
15:55:55.0980 4276 mdvrmng - ok
15:55:56.0032 4276 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
15:55:56.0034 4276 megasas - ok
15:55:56.0052 4276 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
15:55:56.0056 4276 MegaSR - ok
15:55:56.0081 4276 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
15:55:56.0084 4276 MMCSS - ok
15:55:56.0104 4276 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
15:55:56.0105 4276 Modem - ok
15:55:56.0129 4276 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
15:55:56.0130 4276 monitor - ok
15:55:56.0157 4276 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
15:55:56.0158 4276 mouclass - ok
15:55:56.0194 4276 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
15:55:56.0196 4276 mouhid - ok
15:55:56.0241 4276 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
15:55:56.0243 4276 mountmgr - ok
15:55:56.0266

#4 The Dark Knight

The Dark Knight

    Malware Vigilante

  • Trusted Advisor*
  • PipPipPipPipPip
  • 2,214 posts

Posted 08 April 2012 - 07:05 PM

Hey smurf667. :)

Thank you for providing the requested logs. :thumbup:

Please print out these instructions or copy them to a Notepad file for an easier reading.


I notice that you have Spybot's TeaTimer running. While this is normally a wonderful tool to protect against hijackers, it can also interfere with many fixes and tools you may run. Please disable TeaTimer by doing the following:
  • Run Spybot-S&D.
  • Go to the Mode menu, and make sure Advanced Mode is selected.
  • On the left hand side, choose Tools -> Resident.
  • Uncheck Resident TeaTimer and OK any prompts.
I will give you instructions on how to re-enable TeaTimer once your system is clean.
==========

I notitce that you have the following programs installed:

Advanced SystemCare 3 (please see IOBitís Denial of Theft Unconvincing for more information).
AVG Security Toolbar (please see here for more information).
Conduit Engine (please see here for more information).
Daemon Tools Toolbar (please see here for more information).
IOBIT (please see IOBitís Denial of Theft Unconvincing for more information).
Messenger Plus! Community SmartbarEngine + Toolbar (please see here for more information).
Yahoo! Toolbar Helper (please see here for more information).


I recommend the removal of all these programs, for the reasons listed in the links provided above.

Please go to Start>Control Panel>Programs>Programs and Features and Uninstall the following programs (if present):

  • Advanced SystemCare 3
  • AVG Security Toolbar
  • Conduit Engine
  • Daemon Tools Toolbar
  • IOBIT
  • Messenger Plus! Community Smartbar Engine
  • Messenger Plus! Toolbar
  • Yahoo! Toolbar Helper
Please restart your computer after these program removals.
==========

Next, please follow these instructions to remove the remaining malicious entries:

  • Please close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Open Notepad and copy/paste the text in the quotebox below into it:

    Please Note: Do NOT use any other text editor than Notepad or the CFScript will fail.

    killall::

    DDS::
    uStart Page = hxxp://co122w.col122.mail.live.com/default.aspx?rru=inbox&wa=wsignin1.0
    uSearch Bar =
    uSearch Page =
    mSearchAssistant =
    Trusted Zone: facebook.com\www
    Trusted Zone: kuaiche.com\software
    Trusted Zone: microsoft.com\*.update

    RegLockDel::
    [HKEY_USERS\S-1-5-21-3149207797-2026983667-1932898229-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B1E51BE9-9E19-2AA1-5AE0-30693E4CDCDF}*]
    "mafeebkianklingcpcbenhmmfi"=hex:6a,61,68,66,63,69,70,6f,68,65,61,6a,6d,69,64,
    6c,61,6b,6f,70,00,00
    "nadecadlmiabdgjoebiifnbgkjno"=hex:6a,61,68,66,63,69,70,6f,68,65,61,6a,6d,69,
    64,6c,61,6b,6f,70,00,00
    "hahbbjljccohllin"=hex:61,62,63,63,65,67,6d,6c,64,62,66,6d,6d,6d,6c,69,67,61,
    61,64,65,65,6e,62,62,61,6b,65,67,70,70,6b,70,6a,00,00
    "hahbbjljpchjpmck"=hex:64,62,65,65,6f,63,70,6d,6b,67,6c,66,70,69,6a,65,6f,69,
    6a,6d,6e,69,70,66,65,6e,63,6e,63,66,64,68,69,68,6e,6b,61,6e,61,66,00,40

  • Save this as CFScript.txt, in the same location as ComboFix.exe.

    Posted Image
  • Referring to the picture above, drag CFScript into ComboFix.exe.
  • When finished, it shall produce a log for you at C:\ComboFix.txt.


Please post the ComboFix.txt in your next reply.
==========

Then, please download Sophos Anti-rootkit & save it to your Desktop.
alternate download link
Note: If using the vendor's download site you will be asked to register with MySophos so an email containing an activation link can be sent to your email address.

Be sure to print out and read the Sophos Anti-Rookit User Manual and Release Notes.
  • Double-click sar_15_sfx.exe to begin the installation, read the license agreement and click Accept.
  • Allow the default location of C:\Program Files\Sophos\Sophos Anti-Rootkit and click Install.
  • A message will appear "Sophos Anti-Rootkit was successfully installed. Click 'yes' to start it now".
  • Click Yes and allow the driver and its randomly named .tmp file (i.e. F.tmp) to load if asked.
  • If the scan did not start automatically, make sure the following are checked:
    • Running processes
    • Windows Registry
    • Local Hard Drives
  • Click Start scan.
  • Sophos Anti-Rootkit will scan the selected areas and display any suspicious files in the upper panel.
  • When the scan is complete, a pop-up screen will appear with "Rootkit Scan Results". Click OK to continue.
  • Click on the suspicious file to display more information about it in the lower panel which also includes whether the item is recommended for removal.
    • Files tagged as Removable: No are not marked for removal and cannot be removed.
    • Files tagged as Removable: Yes (clean up recommended) are marked for removal by default.
    • Files tagged as Removable: Yes (but clean up not recommended) are not marked for removal because Sophos did not recognize them. These files will require further investigation.
  • Select only items recommended for removal, then click "Clean up checked items". You will be asked to confirm, click Yes.
  • A pop up window will appear advising the cleanup will finish when you restart your computer. Click Restart Now.
  • After reboot, a dialog box displays the files you selected for removal and the action taken.
  • Click Empty list and then click Continue to re-scan your computer a second time to ensure everything was cleaned.
  • When done, go to Start > Run and type or copy/paste: %temp%\sarscan.log
  • This should open the log from the rootkit scan. Please post this log in your next reply. If you have a problem, you can find sarscan.log in C:\Documents and Settings\<username>\Local Settings\Temp\.
Before performing an ARK scan it is recommended to do the following to ensure more accurate results and avoid common issues that may cause false detections.
  • Disconnect from the Internet or physically unplug you Internet cable connection.
  • Clean out your temporary files.
  • Close all open programs, scheduling/updating tasks and background processes that might activate during the scan including the screensaver.
  • Temporarily disable your anti-virus and real-time anti-spyware protection.
  • After starting the scan, do not use the computer until the scan has completed.
  • When finished, re-enable your anti-virus/anti-malware (or reboot) and then you can reconnect to the Internet.
==========

In your next post please provide the following:
  • If you had any problems uninstalling any of those programs.
  • ComboFix.txt.
  • Log from Sophos Anti-rootkit.
How is your computer running now?

If you make yourself more than just a man, if you devote yourself to an ideal...you become something else entirely. A legend, Mr. Wayne, a legend!

If I have helped you please consider donating to help keep this forum running; see this topic for more details.

unite_zpse83e3a16.gif


#5 smurf667

smurf667

    Member

  • Full Member
  • Pip
  • 9 posts

Posted 09 April 2012 - 03:30 PM

Hi Dark knight, thanks for your continual help,

I've done as you requested and removed those programs/toolbars, though I must point out that I never actually used the toolbars, as I'm not keen on those BHO's for obvious reasons, and to be honest, I wanted rid of them, but thought that they were integral with the programs that they came with. I never thought of checking in the add/remove programs, so thanks for pointing me there.

Anyway, on to the business in hand, Yes, it's still there unfortunately. I also noticed that there's been one file flagged up twice now, once in tdss and again in the sophos anti-root kit, that is in the windows/drivers folder, namely C:\Windows\System32\drivers\sptd.sys, I also see that it's an hidden file too.

Here's the combo fix.txt:


ComboFix 12-04-07.04 - Pete 09/04/2012 17:03:18.2.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3070.2039 [GMT 1:00]
Running from: c:\users\Pete\Desktop\ComboFix.exe
Command switches used :: c:\users\Pete\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-03-09 to 2012-04-09 )))))))))))))))))))))))))))))))
.
.
2012-04-09 16:15 . 2012-04-09 16:15 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-04-09 16:15 . 2012-04-09 16:15 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-09 16:15 . 2012-04-09 16:15 -------- d-----w- c:\users\Claire\AppData\Local\temp
2012-04-08 15:44 . 2012-04-08 15:44 -------- d-----w- c:\users\Claire\AppData\Roaming\Birdstep Technology
2012-04-08 14:51 . 2012-03-20 02:53 6582328 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4B31C784-38FD-420D-A4C1-72EAE506D523}\mpengine.dll
2012-04-08 14:47 . 2012-04-08 14:47 -------- d-----w- c:\users\Pete\AppData\Roaming\Birdstep Technology
2012-04-08 14:47 . 2010-01-28 12:35 10240 ----a-w- c:\windows\system32\drivers\mdvrmng.sys
2012-04-08 14:47 . 2012-04-08 14:47 -------- d-----w- c:\program files\3 Mobile Broadband
2012-04-07 14:24 . 2012-04-07 14:24 -------- d-----w- c:\program files\MALWAREBYTES ANTI-MALWARE
2012-04-07 13:56 . 2012-04-07 13:56 388096 ----a-r- c:\users\Pete\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-04-07 13:56 . 2012-04-07 13:56 -------- d-----w- c:\program files\Trend Micro
2012-04-06 21:53 . 2012-04-06 21:53 -------- d-----w- c:\users\Pete\AppData\Local\Facebook
2012-04-05 17:29 . 2012-04-05 17:29 -------- d-----w- c:\programdata\boost_interprocess
2012-03-27 22:08 . 2012-04-09 12:36 -------- d-----w- c:\users\Pete\AppData\Local\Smartbar
2012-03-14 09:49 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-14 09:49 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-14 09:12 . 2012-02-03 03:54 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 09:12 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 09:12 . 2012-01-25 05:32 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-14 09:12 . 2012-01-25 05:32 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-14 09:12 . 2012-01-25 05:27 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-14 09:12 . 2012-02-17 05:34 826880 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-14 09:12 . 2012-02-17 04:14 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-14 09:12 . 2012-02-17 04:13 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-12 14:56 . 2012-03-12 14:56 -------- d-----w- c:\program files\ToniArts
2012-03-12 14:56 . 2004-07-16 00:20 733184 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iKernel.dll
2012-03-12 14:56 . 2004-07-16 00:20 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\ctor.dll
2012-03-12 14:56 . 2004-07-16 00:19 266240 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iscript.dll
2012-03-12 14:56 . 2004-07-16 00:18 172032 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iuser.dll
2012-03-12 14:56 . 2004-07-16 00:18 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\DotNetInstaller.exe
2012-03-12 14:56 . 2012-03-12 14:56 303236 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\setup.dll
2012-03-12 14:56 . 2012-03-12 14:56 180356 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iGdi.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-05 17:15 . 2010-10-23 07:50 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-02-23 09:18 . 2010-09-30 12:51 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-02-10 04:13 . 2012-02-22 17:04 7713088 ----a-w- c:\windows\system32\nvwgf2um.dll
2012-02-10 04:13 . 2012-02-22 17:04 61248 ----a-w- c:\windows\system32\OpenCL.dll
2012-02-10 04:13 . 2012-02-22 17:04 5892928 ----a-w- c:\windows\system32\nvcuda.dll
2012-02-10 04:13 . 2012-02-22 17:04 2517312 ----a-w- c:\windows\system32\nvcuvid.dll
2012-02-10 04:13 . 2012-02-22 17:04 2437440 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-02-10 04:13 . 2012-02-22 17:04 19443520 ----a-w- c:\windows\system32\nvoglv32.dll
2012-02-10 04:13 . 2012-02-22 17:04 17543488 ----a-w- c:\windows\system32\nvcompiler.dll
2012-02-10 04:13 . 2012-02-22 17:04 15009600 ----a-w- c:\windows\system32\nvd3dum.dll
2012-02-10 04:13 . 2012-02-22 17:04 10816832 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-02-10 04:13 . 2011-08-10 03:00 881984 ----a-w- c:\windows\system32\nvgenco32.dll
2012-02-10 04:13 . 2011-08-10 03:00 1000256 ----a-w- c:\windows\system32\nvdispco32.dll
2012-02-10 04:13 . 2010-09-24 23:46 2301248 ----a-w- c:\windows\system32\nvapi.dll
2012-02-10 03:02 . 2011-04-07 21:43 3881792 ----a-w- c:\windows\system32\nvcpl.dll
2012-02-10 03:00 . 2011-04-07 21:43 2719040 ----a-w- c:\windows\system32\nvsvc.dll
2012-02-10 03:00 . 2011-04-07 21:43 645440 ----a-w- c:\windows\system32\nvvsvc.exe
2012-02-10 03:00 . 2011-04-07 21:43 108352 ----a-w- c:\windows\system32\nvmctray.dll
2012-02-10 03:00 . 2010-07-09 15:20 62272 ----a-w- c:\windows\system32\nvshext.dll
2012-02-09 20:05 . 2012-02-09 20:05 416064 ----a-w- c:\windows\system32\nvStreaming.exe
2012-01-26 18:39 . 2012-01-26 18:39 53248 ----a-r- c:\users\Pete\AppData\Roaming\Microsoft\Installer\{12BAA98C-F8DD-4BC9-BBE6-1C8463114197}\ARPPRODUCTICON.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-17 221184]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"StickyPassword"="c:\program files\Sticky Password\stpass.exe" [2010-08-25 3052376]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
"Facebook Update"="c:\users\Pete\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-04-06 137536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2009-07-22 83336]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
"VM331_STI"="c:\windows\VM331_STI.exe" [2010-01-15 536576]
"SPZ2000_Monitor"="c:\windows\Philips\SPZ2000\GUCI_AVS.exe" [2007-12-10 323584]
"PlusService"="c:\program files\Yuna Software\Messenger Plus!\PlusService.exe" [2012-02-27 801792]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1387288]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-07-28 9398888]
"RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-09-01 90448]
"OODefragTray"="c:\program files\OO Software\Defrag\oodtray.exe" [2011-11-17 2773328]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\users\Pete\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Facebook Messenger.lnk - c:\users\Pete\AppData\Local\Facebook\Messenger\2.0.4478.0\FacebookMessenger.exe [2012-4-5 204288]
Logitech . Product Registration.lnk - c:\program files\Common Files\Logishrd\eReg\SetPoint\eReg.exe [2009-11-16 517384]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2010-6-28 2721184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2011-09-27 19:03 66328 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart\0OODBS
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 JetDrive WindowsClosingService;JetDrive WindowsClosingService;c:\windows\System32\WindowsClosingService [x]
R3 jetdrive;jddrv;c:\windows\system32\DRIVERS\jddrv.sys [2011-03-12 29056]
R3 Just Flight Limited License Service;Just Flight Limited License Service;c:\program files\Common Files\Just Flight Limited Shared\Service\JustFlightLimitedLicSvc.exe [2010-10-27 69632]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [x]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2010-01-19 9216]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 27192]
R3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\DRIVERS\s0016bus.sys [2008-05-16 89256]
R3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0016mdfl.sys [2008-05-16 15016]
R3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0016mdm.sys [2008-05-16 120744]
R3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0016mgmt.sys [2008-05-16 114216]
R3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\DRIVERS\s0016nd5.sys [2008-05-16 25512]
R3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0016obex.sys [2008-05-16 110632]
R3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\DRIVERS\s0016unic.sys [2008-05-16 115752]
R3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2011-06-29 155344]
R3 SRS_AE_Service;SRS Audio Essentials;c:\windows\system32\drivers\SRS_AE_i386.sys [2011-08-01 404256]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);c:\windows\system32\DRIVERS\vcsvad.sys [2008-12-26 17792]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-09-25 1343400]
R3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [2010-11-26 25704]
R3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [2010-11-26 25704]
R3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [2010-11-26 25704]
R3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [2010-11-26 25704]
R3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [2010-11-26 25704]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2011-07-11 23120]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2011-09-13 32592]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-07-12 64288]
S0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\System32\drivers\sfdrv01a.sys [2009-02-03 63096]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2011-10-07 230608]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2011-07-11 295248]
S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2011-06-28 101720]
S2 ACPService;ACPService;c:\program files\Philips\CamSuite\2.0.15.0\ACPService.exe [2010-08-26 687104]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]
S2 BecHelperService;BecHelperService;c:\program files\3 Mobile Broadband\3Connect\BecHelperService.exe [2010-01-28 1737464]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-02-10 2348352]
S2 OODefragAgent;O&O Defrag Agent;c:\program files\OO Software\Defrag\oodag.exe [2011-11-17 2489680]
S2 PfFilter;PfFilter;c:\program files\IObit\Protected Folder\pffilter.sys [2011-03-16 140848]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-09 382272]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [2011-07-11 134736]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [2011-07-11 24272]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys [2011-10-04 16720]
S3 GUCI_AVS;Philips SPZ2000 Webcam;c:\windows\system32\DRIVERS\GUCI_AVS.sys [2010-06-10 574848]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-03-22 278560]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-08 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3149207797-2026983667-1932898229-1000Core.job
- c:\users\Pete\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-06 21:53]
.
2012-04-09 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3149207797-2026983667-1932898229-1000UA.job
- c:\users\Pete\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-06 21:53]
.
2012-04-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3149207797-2026983667-1932898229-1000Core.job
- c:\users\Pete\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-18 23:52]
.
2012-04-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3149207797-2026983667-1932898229-1000UA.job
- c:\users\Pete\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-18 23:52]
.
2012-04-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3149207797-2026983667-1932898229-1003Core.job
- c:\users\Claire\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-20 16:00]
.
2012-04-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3149207797-2026983667-1932898229-1003UA.job
- c:\users\Claire\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-20 16:00]
.
.
------- Supplementary Scan -------
.
IE: Download All By FlashGet3 - c:\users\Pete\AppData\Roaming\FlashGetBHO\GetAllUrl.htm
IE: Download By FlashGet3 - c:\users\Pete\AppData\Roaming\FlashGetBHO\GetUrl.htm
DPF: {01025D1C-BB03-4369-8344-732CD0DCCCF0} - hxxp://www.geforce.com/services_toolkit/ShimGen/1.1.28.1/GPU_Reader.cab
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\JetDrive WindowsClosingService]
"ImagePath"="c:\windows\System32\WindowsClosingService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3149207797-2026983667-1932898229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-3149207797-2026983667-1932898229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-3149207797-2026983667-1932898229-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B1E51BE9-9E19-2AA1-5AE0-30693E4CDCDF}*]
"mafeebkianklingcpcbenhmmfi"=hex:6a,61,68,66,63,69,70,6f,68,65,61,6a,6d,69,64,
6c,61,6b,6f,70,00,00
"nadecadlmiabdgjoebiifnbgkjno"=hex:6a,61,68,66,63,69,70,6f,68,65,61,6a,6d,69,
64,6c,61,6b,6f,70,00,00
"hahbbjljccohllin"=hex:61,62,63,63,65,67,6d,6c,64,62,66,6d,6d,6d,6c,69,67,61,
61,64,65,65,6e,62,62,61,6b,65,67,70,70,6b,70,6a,00,00
"hahbbjljpchjpmck"=hex:64,62,65,65,6f,63,70,6d,6b,67,6c,66,70,69,6a,65,6f,69,
6a,6d,6e,69,70,66,65,6e,63,6e,63,66,64,68,69,68,6e,6b,61,6e,61,66,00,40
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OOPM03.00.00.01PRO"="4D6DB634E94BAB10518D41788B55A2E18248F07AB605280B68409CFDD28FE6B97040334856CBB2741834CF6A59F3BE6BE5B399A77EFBA8E0BB9CF3D7A4F05022EDBF7C75EBEA018AB419629C0913E89CE497FDB46BB262267DFEC71932D68AF7854D95DA6E04AD2E3533AE0DB8F47B03F825A7A319F3943735F116623236DA0AE9E9105CD2D022BD1BA1FC81BDBEA72D8F343639D7EDD4F5DD23749A15FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808BA7FD869164D6794A6171C11EC38DE3DA6171C11EC38DE3D5D092FFE5513152E5DA2D294245356DA186ADDEFBEA6859F7F24BE8F47C810400D85E4FE0F70CAE75B7969DE763D979BC13C4540D57A2E7F8C4493D772AC5FECBA756EF392F47C525532D24B8FC2C26ECBAC141A88CD58CD6D90E60F92EDDD26E58175040C38887553D9878FF4ED55F6E6CA365E56C1456C1A43346240E3AC2D6DA4A6C950E20F0DBDCF06D1D260129025FD9961658AF7726FE3FB7138F5307598AD31525334760B65CA4F2C76CA7EC8007F31687BF036292D51C0535BA211A490C14B20307D6713FAD169AFD27465DF505DF3B2854F0C10F8410B90AEFAB99862D8AC29A3A64EFD16C25D5D7F3B554CD678DBED1398495A59B765265CA25C5F7F3E92D710285D57304E3A2E380D1F36B707E6BFD7CEFE6DBB91E0042F56EABD3C123E0AFA118861A678118AD96C597D78939ABE2C8B85E3F07B8F8F98DF9F2AD3C6729210840A103E9B76D36871DF3286FBF9F78CFA780CACF80A23AEA2F550E3A678B41BB7DD8B9D6285DC8BC64D992FF092EB17DB376808E1EB8AA893AD0F6CCA1EAD0E74C6B04CCE5AEA8D2D082E2878F10E900563B0FE60D58665BA4AFB52A433AA019B480FBA3698BADB75321D876DA945E1DCE5CFF07269CD643795DC60F78CCC2B1C2DEBBAC0E47B0C893947C7FB52EE95606861A46B4F074BB81BAEC3DA822AEB7E024083E968CD53E249424A27855B5C9FDABAC072B3D16185AA9E0E3AF24D45DA17382E85D0CB0D91D4D85144E14C093FEF61D10245BC95F6D892B357BCB35DE203B33935507E37B89387847C8AFC95F69F10C86838CEF7F9FDA18F444550FBD51DC809731DE5760FFC016F4FA5171C142535794A45003D0F35955DE77589910C84BE610C6FF49061D029010D5EBB5DF4FDF21D9BA53EBE4C5E6FBF803A372F6E98916EA18691700D129A0D5B62FEBB8F6F9FCE291AE9F85C9FE23C9B03298A7B7FF33EA62297268606A1CB3565E8C1EAFE479110E6570D7ADF573A1FC5A07DC4234843660AD6E25536C156E61E74192578A646C5D3CF41774BE789417AD406F22FA7527B0711FD13F0AEAD14469213ECEA31378E2B917BBAD264DA0E1EEEC53E94DE2856E5FDF271C8D236B09D"
"OODEFRAG14.00.00.01PROFESSIONAL"="D165D114FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808A2D97226D213B555A6A0AC4980AC7933C038D530D6EB34524EA4E50917B51E820907A54BAB5765676D50CD0D5C5F8D8081B66C139F1CA3B55B0AD39F0A4A7E69B503302E0BEAB380CC1B71CC72A8EE7E9383FB78CB4F06322F9E2B168353696CCA0E286E63E4DD4C385412C3579B8C18DD8169F78AA75BAD7971DD35491C1FF32F9A5D3D3F438F6C6BECF9AEFC869DC991419F73D264091C7F54142B7675CE8D5ADA5330FE86662733992C2A273BCD2F7019B934ED46E59519E02785FAB11EE8DAC8C0C05532F3E5F1D3DBB96E0EBA8E52230CE37A16BD56B270A5BB98A926DC529E114C4B4FBDB69D587243C0D978CBA23E1B93699CD0BCCC23D223E6B8F3DFF25E6414BB6B3FCC42290B915DFA8E74E08BA0B401A9D3CD7ADAA47ACE3E08900A4B8EBDD79666FBFB0B7752D9D4F6351FF18921D9106E3265404561129CD8AFF16D96D222E493BE7E86BC971ECB21E2869A7713E2A5BC34493D135CC0BECDA09E913841F2701EB410E812D8E8C9707350F4C0A9DDC4CE4576022252430D446E92C6E2D875D4D01E8AC364F049BDBA02CC336E68604E2877D101B71253790D45E8623A4FA9B267605CECD39CA4174CCCDF4A3DB653A14105D1714FCA00F56E754D7B9640E3AE168607FB3600B3CCE2B7FE749FDF76A88648854F96112CFA2074036F01264B7181BEA1CF131F8358B3C8B7B13B93594CD7418AD8EF5E1004D0DADDDD3B645CA8C4D85688A667F33763ABA7C1E865637A08939691F10D34912065C72A38BFE583ECCDE30B61A5BBEA0FAE03ACB74CCD27DF08F040E75E77A52375BDFC9FE00C387C351C80690B61F944C490BB66A4A6491C0AF770CF768EC8628FD1C3CCD6C67DE9CD64D69630C2EC86852C7CEC2CCE5A6C2A99F0DC5F7E87DCDDA8ABCE9162919D79393F740F90D14CABC34274077C58F41BDBD5F383A370022BFAAC6A67FDB4F73EA6AD4405CF3B02155B23D9BD3A494DB6D574B0B42B17B66A16FB95118CAB49C6CF5C7A5558BD05460C78ADB965AF017633EAE225979355AEDC967DAC58BD585E6A48BF26D7F229647DE0B84C2F9990FAB6948A704280A932433D00BA7A395EF8C2326F81CEF8363CF13E70289D14710932975F10547FF4D0D273322164EE0A2D34A01D579271E5BA3C3785638B318988105A4C66CB33EC0D2881DA2A59B17DB2335A89774B81E774423559FBA58835044A07EF37FBC23A0A75F27401EF5CCE69C5ED301A75D35E9F80677E4F6D3546ADF20E1C2B8CDA7911019A31B895C98751852CBBD9E295621785BFC121B9D4FED72DA257CDF72ABC102189F1470BDB2692A1AB0DB3B7F7FDD975739E99B28A97F8B23ADC108BE48617C5984F04"
"OODEFRAG15.00.00.01PROFESSIONAL"="07725BEB32B05DDC0C797267C0CDDC3E884836A3C42BCD8F02962422CEE4E86668E73CEC1B23A1BBE1B4571A22F086C89380890F29752AC28AAC1FA678EDA9592C1E9E968A7F3490383D60AFE1DC2C62FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808A9C6AECB7A5D1407BA7FD869164D67949DB7CE019D40AA5CDAC89EC09BF93E8A71579DBE33851B9FB2F8C47B713C9D98DD742404042AF8DCB124EE88F4CBDEEE70E6911EF92D980EF1EDD947CD5FBBAEC54EAB4F19B466BA65F3C97BEF518CA778CFA984D88FD7DBA3E4DBE2E9AC94E06F23826C72C933ECB98A564133BC55303429BE852F3366FEFB5DF5F1FD9F57C4BAF3C32C3DFAD046568FC1F607530739B6DEAC2C7D3396A69725568B64C77623EA961052CF6B714CC8FCB9AED7ED38A4F5B05577E83CFCB274E2ACB91CC82779A6B58695A0550C3A8022F36C37FABE0A49331DD7BD11F1B6F30F2F7CC7D964797A4D51A44B03DAFED12026A959FAB8B6704D6CB3E70814FBDD7619C6AEC46B89D4B0981D1156DE3CF56F8D52970206290BBBAEE5790CC300DB39A57FBB6ABEC289050B9355C2DAC988DAE949EEBAC914208C57BB291BA5707B4C9982FCBDA472CF445D919FD055AF0B807DE27F62EB6018255877D04723B431F8B71CA646A719C3BCC3101C9C992F60D311E70F4A1AA740BC2C4E6E366964D1DB4A938F9E16EEE48E7B029AD5B7BA539AEE948756443C4A5FCEEB2323EACB9865209B31F580DA15B1C0CA0FC181F60DEFE89BF2821E1F4AEC40EC36DCDA6B235B8A622B113E7B1D6E58C111380E3F214350A104599E89BB1806E40F43B3F774545E85C14569A2A7E286B2DC2639A181D67E3E907D84667C6A2957BD4FB159F23FF59759FE60D4C400985ED30B236208C1CE000F244D554BBDB4C0738AD6AD685C2E21FE3CC4CBE60E5BF876FA2DF4EFEDA0681F163EA84F433A8E0712E7C38340691CE0927DF5E6A3A1A96F9E7F085B1C56E900B161E9117DCFA17019EDA1D6D30DF7D0273475FE31C20D0AB204F5CD5CD9EF95E6FED3FEC50C514FE5B5FDD9530396C736D69D4FF699B33507EB542F971656EA3C2BD56AC60CE764D251C6E4D0B9D05F0F9779DA8B83A08600A8E74C07FA6FACC936138781F021174E951D38AFA0F0D6956CC588D864CBB495F12D553BF9FEAA3E3C63F0475E31EF591B537429AE3690BF1175A41B22A21BD4C350DE950EBD5AD896D223C27EBE9C8B4073224ADE53141981ABDD65A7043B5D5CB4E1CCB0D954716520806EFDE0700FA5BA29F2ABEE0C4281C4489D63C338633FF0B9EC61F3D5EE8EBE4E198B286022AF97D95A1A24476C95CB5AFCC8A9D9AEB250275426A03FCFB95634E85E15869687306606AD03B85F0A0470124E730C9DC250"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(4812)
c:\program files\Sticky Password\spCapBtn.dll
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\AVG\AVG2012\avgrsx.exe
c:\program files\AVG\AVG2012\avgcsrvx.exe
c:\windows\system32\nvvsvc.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\windows\system32\crypserv.exe
c:\program files\AVG\AVG2012\avgnsx.exe
c:\program files\AVG\AVG2012\avgemcx.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\taskhost.exe
c:\program files\Philips\CamSuite\2.0.15.0\ACPGUI.dll
c:\windows\system32\conhost.exe
c:\program files\NVIDIA Corporation\Display\nvtray.exe
c:\program files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2012-04-09 17:24:00 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-09 16:23
.
Pre-Run: 433,179,226,112 bytes free
Post-Run: 433,149,042,688 bytes free
.
- - End Of File - - E3178DDA215B751CCE655FFF2756E992


And Here's the sarscan.log, though at the end of the scan, there was nothing flagged up to remove, these files were flagged as removable but not advised until looked into more thoroughly


Sophos Anti-Rootkit Version 1.5.4 © 2009 Sophos Plc
Started logging on 09/04/2012 at 20:06:21
User "Pete" on computer "PETE-PC"
Windows version 6.1 SP 1.0 Service Pack 1 build 7601 SM=0x300 PT=0x1 Win32
Info: Starting registry scan.
Info: Starting disk scan of C: (NTFS).
Stopped logging on 09/04/2012 at 20:07:15


Sophos Anti-Rootkit Version 1.5.4 © 2009 Sophos Plc
Started logging on 09/04/2012 at 20:07:58
User "Pete" on computer "PETE-PC"
Windows version 6.1 SP 1.0 Service Pack 1 build 7601 SM=0x300 PT=0x1 Win32
Info: Starting registry scan.
Info: Starting disk scan of C: (NTFS).
Hidden: file C:\ProgramData\IObit\Protected Folder\fstile.cds
Hidden: file C:\ProgramData\IObit\Protected Folder\drawposs.db
Hidden: file C:\ProgramData\IObit\Protected Folder\config.ini
Hidden: file C:\Windows\System32\drivers\sptd.sys
Stopped logging on 09/04/2012 at 20:40:56

I hope this helps in the diagnosis

#6 The Dark Knight

The Dark Knight

    Malware Vigilante

  • Trusted Advisor*
  • PipPipPipPipPip
  • 2,214 posts

Posted 09 April 2012 - 06:56 PM

Hey smurf667. :)

This file:

C:\Windows\System32\drivers\sptd.sys

Is legitimate as it is part of DAEMON Tools. :)


As for the other files sarscan found, if you uninstalled IOBIT then please navigate to this folder and delete it (if present):

C:\ProgramData\IObit
==========

Next, please follow these instructions to remove the remaining malicious entries:

  • Please close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Open Notepad and copy/paste the text in the quotebox below into it:

    Please Note: Do NOT use any other text editor than Notepad or the CFScript will fail.

    killall::

    Registry::
    [HKEY_USERS\S-1-5-21-3149207797-2026983667-1932898229-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B1E51BE9-9E19-2AA1-5AE0-30693E4CDCDF}*-]

  • Save this as CFScript.txt, in the same location as ComboFix.exe.

    Posted Image
  • Referring to the picture above, drag CFScript into ComboFix.exe.
  • When finished, it shall produce a log for you at C:\ComboFix.txt.

Please post the ComboFix.txt in your next reply.
==========

In your next post, please provide the ComboFix.txt.

If you make yourself more than just a man, if you devote yourself to an ideal...you become something else entirely. A legend, Mr. Wayne, a legend!

If I have helped you please consider donating to help keep this forum running; see this topic for more details.

unite_zpse83e3a16.gif


#7 smurf667

smurf667

    Member

  • Full Member
  • Pip
  • 9 posts

Posted 10 April 2012 - 12:43 PM

Hi my Friend,

IObit deleted as per instruction. One quick question, have you any ideas as to how the computer got infected (just so I can avoid it happening in the future). If you have any suggestions etc, it would be appreciated.

Here's the Combofix.txt:


ComboFix 12-04-07.04 - Pete 10/04/2012 17:30:38.3.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3070.1905 [GMT 1:00]
Running from: c:\users\Pete\Desktop\ComboFix.exe
Command switches used :: c:\users\Pete\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-03-10 to 2012-04-10 )))))))))))))))))))))))))))))))
.
.
2012-04-10 16:43 . 2012-04-10 16:43 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-04-10 16:43 . 2012-04-10 16:43 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-10 16:43 . 2012-04-10 16:43 -------- d-----w- c:\users\Claire\AppData\Local\temp
2012-04-09 16:50 . 2012-04-09 16:50 -------- d-----w- c:\program files\Sophos
2012-04-08 15:44 . 2012-04-08 15:44 -------- d-----w- c:\users\Claire\AppData\Roaming\Birdstep Technology
2012-04-08 14:51 . 2012-03-20 02:53 6582328 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4B31C784-38FD-420D-A4C1-72EAE506D523}\mpengine.dll
2012-04-08 14:47 . 2012-04-08 14:47 -------- d-----w- c:\users\Pete\AppData\Roaming\Birdstep Technology
2012-04-08 14:47 . 2010-01-28 12:35 10240 ----a-w- c:\windows\system32\drivers\mdvrmng.sys
2012-04-08 14:47 . 2012-04-08 14:47 -------- d-----w- c:\program files\3 Mobile Broadband
2012-04-07 14:24 . 2012-04-07 14:24 -------- d-----w- c:\program files\MALWAREBYTES ANTI-MALWARE
2012-04-07 13:56 . 2012-04-07 13:56 388096 ----a-r- c:\users\Pete\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-04-07 13:56 . 2012-04-07 13:56 -------- d-----w- c:\program files\Trend Micro
2012-04-06 21:53 . 2012-04-06 21:53 -------- d-----w- c:\users\Pete\AppData\Local\Facebook
2012-04-05 17:29 . 2012-04-05 17:29 -------- d-----w- c:\programdata\boost_interprocess
2012-03-27 22:08 . 2012-04-09 12:36 -------- d-----w- c:\users\Pete\AppData\Local\Smartbar
2012-03-14 09:49 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-14 09:49 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-14 09:12 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 09:12 . 2012-01-25 05:32 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-14 09:12 . 2012-01-25 05:32 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-14 09:12 . 2012-01-25 05:27 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-14 09:12 . 2012-02-17 05:34 826880 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-14 09:12 . 2012-02-17 04:14 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-14 09:12 . 2012-02-17 04:13 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-12 14:56 . 2012-03-12 14:56 -------- d-----w- c:\program files\ToniArts
2012-03-12 14:56 . 2004-07-16 00:20 733184 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iKernel.dll
2012-03-12 14:56 . 2004-07-16 00:20 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\ctor.dll
2012-03-12 14:56 . 2004-07-16 00:19 266240 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iscript.dll
2012-03-12 14:56 . 2004-07-16 00:18 172032 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iuser.dll
2012-03-12 14:56 . 2004-07-16 00:18 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\DotNetInstaller.exe
2012-03-12 14:56 . 2012-03-12 14:56 303236 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\setup.dll
2012-03-12 14:56 . 2012-03-12 14:56 180356 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iGdi.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-05 17:15 . 2010-10-23 07:50 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-02-23 09:18 . 2010-09-30 12:51 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-02-10 04:13 . 2012-02-22 17:04 7713088 ----a-w- c:\windows\system32\nvwgf2um.dll
2012-02-10 04:13 . 2012-02-22 17:04 61248 ----a-w- c:\windows\system32\OpenCL.dll
2012-02-10 04:13 . 2012-02-22 17:04 5892928 ----a-w- c:\windows\system32\nvcuda.dll
2012-02-10 04:13 . 2012-02-22 17:04 2517312 ----a-w- c:\windows\system32\nvcuvid.dll
2012-02-10 04:13 . 2012-02-22 17:04 2437440 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-02-10 04:13 . 2012-02-22 17:04 19443520 ----a-w- c:\windows\system32\nvoglv32.dll
2012-02-10 04:13 . 2012-02-22 17:04 17543488 ----a-w- c:\windows\system32\nvcompiler.dll
2012-02-10 04:13 . 2012-02-22 17:04 15009600 ----a-w- c:\windows\system32\nvd3dum.dll
2012-02-10 04:13 . 2012-02-22 17:04 10816832 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-02-10 04:13 . 2011-08-10 03:00 881984 ----a-w- c:\windows\system32\nvgenco32.dll
2012-02-10 04:13 . 2011-08-10 03:00 1000256 ----a-w- c:\windows\system32\nvdispco32.dll
2012-02-10 04:13 . 2010-09-24 23:46 2301248 ----a-w- c:\windows\system32\nvapi.dll
2012-02-10 03:02 . 2011-04-07 21:43 3881792 ----a-w- c:\windows\system32\nvcpl.dll
2012-02-10 03:00 . 2011-04-07 21:43 2719040 ----a-w- c:\windows\system32\nvsvc.dll
2012-02-10 03:00 . 2011-04-07 21:43 645440 ----a-w- c:\windows\system32\nvvsvc.exe
2012-02-10 03:00 . 2011-04-07 21:43 108352 ----a-w- c:\windows\system32\nvmctray.dll
2012-02-10 03:00 . 2010-07-09 15:20 62272 ----a-w- c:\windows\system32\nvshext.dll
2012-02-09 20:05 . 2012-02-09 20:05 416064 ----a-w- c:\windows\system32\nvStreaming.exe
2012-02-03 03:54 . 2012-03-14 09:12 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-01-26 18:39 . 2012-01-26 18:39 53248 ----a-r- c:\users\Pete\AppData\Roaming\Microsoft\Installer\{12BAA98C-F8DD-4BC9-BBE6-1C8463114197}\ARPPRODUCTICON.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-17 221184]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"StickyPassword"="c:\program files\Sticky Password\stpass.exe" [2010-08-25 3052376]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
"Facebook Update"="c:\users\Pete\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-04-06 137536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2009-07-22 83336]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
"VM331_STI"="c:\windows\VM331_STI.exe" [2010-01-15 536576]
"SPZ2000_Monitor"="c:\windows\Philips\SPZ2000\GUCI_AVS.exe" [2007-12-10 323584]
"PlusService"="c:\program files\Yuna Software\Messenger Plus!\PlusService.exe" [2012-02-27 801792]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1387288]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-07-28 9398888]
"RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-09-01 90448]
"OODefragTray"="c:\program files\OO Software\Defrag\oodtray.exe" [2011-11-17 2773328]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\users\Pete\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Facebook Messenger.lnk - c:\users\Pete\AppData\Local\Facebook\Messenger\2.0.4478.0\FacebookMessenger.exe [2012-4-5 204288]
Logitech . Product Registration.lnk - c:\program files\Common Files\Logishrd\eReg\SetPoint\eReg.exe [2009-11-16 517384]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2010-6-28 2721184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2011-09-27 19:03 66328 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart\0OODBS
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 JetDrive WindowsClosingService;JetDrive WindowsClosingService;c:\windows\System32\WindowsClosingService [x]
R3 jetdrive;jddrv;c:\windows\system32\DRIVERS\jddrv.sys [2011-03-12 29056]
R3 Just Flight Limited License Service;Just Flight Limited License Service;c:\program files\Common Files\Just Flight Limited Shared\Service\JustFlightLimitedLicSvc.exe [2010-10-27 69632]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [x]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2010-01-19 9216]
R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\A707.tmp [x]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 27192]
R3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\DRIVERS\s0016bus.sys [2008-05-16 89256]
R3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0016mdfl.sys [2008-05-16 15016]
R3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0016mdm.sys [2008-05-16 120744]
R3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0016mgmt.sys [2008-05-16 114216]
R3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\DRIVERS\s0016nd5.sys [2008-05-16 25512]
R3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0016obex.sys [2008-05-16 110632]
R3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\DRIVERS\s0016unic.sys [2008-05-16 115752]
R3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2011-06-29 155344]
R3 SRS_AE_Service;SRS Audio Essentials;c:\windows\system32\drivers\SRS_AE_i386.sys [2011-08-01 404256]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);c:\windows\system32\DRIVERS\vcsvad.sys [2008-12-26 17792]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-09-25 1343400]
R3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [2010-11-26 25704]
R3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [2010-11-26 25704]
R3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [2010-11-26 25704]
R3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [2010-11-26 25704]
R3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [2010-11-26 25704]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2011-07-11 23120]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2011-09-13 32592]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-07-12 64288]
S0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\System32\drivers\sfdrv01a.sys [2009-02-03 63096]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2011-10-07 230608]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2011-07-11 295248]
S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2011-06-28 101720]
S2 ACPService;ACPService;c:\program files\Philips\CamSuite\2.0.15.0\ACPService.exe [2010-08-26 687104]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]
S2 BecHelperService;BecHelperService;c:\program files\3 Mobile Broadband\3Connect\BecHelperService.exe [2010-01-28 1737464]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-02-10 2348352]
S2 OODefragAgent;O&O Defrag Agent;c:\program files\OO Software\Defrag\oodag.exe [2011-11-17 2489680]
S2 PfFilter;PfFilter;c:\program files\IObit\Protected Folder\pffilter.sys [2011-03-16 140848]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-09 382272]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [2011-07-11 134736]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [2011-07-11 24272]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys [2011-10-04 16720]
S3 GUCI_AVS;Philips SPZ2000 Webcam;c:\windows\system32\DRIVERS\GUCI_AVS.sys [2010-06-10 574848]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-03-22 278560]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-09 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3149207797-2026983667-1932898229-1000Core.job
- c:\users\Pete\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-06 21:53]
.
2012-04-10 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3149207797-2026983667-1932898229-1000UA.job
- c:\users\Pete\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-06 21:53]
.
2012-04-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3149207797-2026983667-1932898229-1000Core.job
- c:\users\Pete\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-18 23:52]
.
2012-04-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3149207797-2026983667-1932898229-1000UA.job
- c:\users\Pete\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-18 23:52]
.
2012-04-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3149207797-2026983667-1932898229-1003Core.job
- c:\users\Claire\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-20 16:00]
.
2012-04-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3149207797-2026983667-1932898229-1003UA.job
- c:\users\Claire\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-20 16:00]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://co122w.col122.mail.live.com/default.aspx
IE: Download All By FlashGet3 - c:\users\Pete\AppData\Roaming\FlashGetBHO\GetAllUrl.htm
IE: Download By FlashGet3 - c:\users\Pete\AppData\Roaming\FlashGetBHO\GetUrl.htm
DPF: {01025D1C-BB03-4369-8344-732CD0DCCCF0} - hxxp://www.geforce.com/services_toolkit/ShimGen/1.1.28.1/GPU_Reader.cab
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\JetDrive WindowsClosingService]
"ImagePath"="c:\windows\System32\WindowsClosingService"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\A707.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3149207797-2026983667-1932898229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-3149207797-2026983667-1932898229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-3149207797-2026983667-1932898229-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B1E51BE9-9E19-2AA1-5AE0-30693E4CDCDF}*]
"mafeebkianklingcpcbenhmmfi"=hex:6a,61,68,66,63,69,70,6f,68,65,61,6a,6d,69,64,
6c,61,6b,6f,70,00,00
"nadecadlmiabdgjoebiifnbgkjno"=hex:6a,61,68,66,63,69,70,6f,68,65,61,6a,6d,69,
64,6c,61,6b,6f,70,00,00
"hahbbjljccohllin"=hex:61,62,63,63,65,67,6d,6c,64,62,66,6d,6d,6d,6c,69,67,61,
61,64,65,65,6e,62,62,61,6b,65,67,70,70,6b,70,6a,00,00
"hahbbjljpchjpmck"=hex:64,62,65,65,6f,63,70,6d,6b,67,6c,66,70,69,6a,65,6f,69,
6a,6d,6e,69,70,66,65,6e,63,6e,63,66,64,68,69,68,6e,6b,61,6e,61,66,00,40
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OOPM03.00.00.01PRO"="4D6DB634E94BAB10518D41788B55A2E18248F07AB605280B68409CFDD28FE6B97040334856CBB2741834CF6A59F3BE6BE5B399A77EFBA8E0BB9CF3D7A4F05022EDBF7C75EBEA018AB419629C0913E89CE497FDB46BB262267DFEC71932D68AF7854D95DA6E04AD2E3533AE0DB8F47B03F825A7A319F3943735F116623236DA0AE9E9105CD2D022BD1BA1FC81BDBEA72D8F343639D7EDD4F5DD23749A15FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808BA7FD869164D6794A6171C11EC38DE3DA6171C11EC38DE3D5D092FFE5513152E5DA2D294245356DA186ADDEFBEA6859F7F24BE8F47C810400D85E4FE0F70CAE75B7969DE763D979BC13C4540D57A2E7F8C4493D772AC5FECBA756EF392F47C525532D24B8FC2C26ECBAC141A88CD58CD6D90E60F92EDDD26E58175040C38887553D9878FF4ED55F6E6CA365E56C1456C1A43346240E3AC2D6DA4A6C950E20F0DBDCF06D1D260129025FD9961658AF7726FE3FB7138F5307598AD31525334760B65CA4F2C76CA7EC8007F31687BF036292D51C0535BA211A490C14B20307D6713FAD169AFD27465DF505DF3B2854F0C10F8410B90AEFAB99862D8AC29A3A64EFD16C25D5D7F3B554CD678DBED1398495A59B765265CA25C5F7F3E92D710285D57304E3A2E380D1F36B707E6BFD7CEFE6DBB91E0042F56EABD3C123E0AFA118861A678118AD96C597D78939ABE2C8B85E3F07B8F8F98DF9F2AD3C6729210840A103E9B76D36871DF3286FBF9F78CFA780CACF80A23AEA2F550E3A678B41BB7DD8B9D6285DC8BC64D992FF092EB17DB376808E1EB8AA893AD0F6CCA1EAD0E74C6B04CCE5AEA8D2D082E2878F10E900563B0FE60D58665BA4AFB52A433AA019B480FBA3698BADB75321D876DA945E1DCE5CFF07269CD643795DC60F78CCC2B1C2DEBBAC0E47B0C893947C7FB52EE95606861A46B4F074BB81BAEC3DA822AEB7E024083E968CD53E249424A27855B5C9FDABAC072B3D16185AA9E0E3AF24D45DA17382E85D0CB0D91D4D85144E14C093FEF61D10245BC95F6D892B357BCB35DE203B33935507E37B89387847C8AFC95F69F10C86838CEF7F9FDA18F444550FBD51DC809731DE5760FFC016F4FA5171C142535794A45003D0F35955DE77589910C84BE610C6FF49061D029010D5EBB5DF4FDF21D9BA53EBE4C5E6FBF803A372F6E98916EA18691700D129A0D5B62FEBB8F6F9FCE291AE9F85C9FE23C9B03298A7B7FF33EA62297268606A1CB3565E8C1EAFE479110E6570D7ADF573A1FC5A07DC4234843660AD6E25536C156E61E74192578A646C5D3CF41774BE789417AD406F22FA7527B0711FD13F0AEAD14469213ECEA31378E2B917BBAD264DA0E1EEEC53E94DE2856E5FDF271C8D236B09D"
"OODEFRAG14.00.00.01PROFESSIONAL"="D165D114FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808A2D97226D213B555A6A0AC4980AC7933C038D530D6EB34524EA4E50917B51E820907A54BAB5765676D50CD0D5C5F8D8081B66C139F1CA3B55B0AD39F0A4A7E69B503302E0BEAB380CC1B71CC72A8EE7E9383FB78CB4F06322F9E2B168353696CCA0E286E63E4DD4C385412C3579B8C18DD8169F78AA75BAD7971DD35491C1FF32F9A5D3D3F438F6C6BECF9AEFC869DC991419F73D264091C7F54142B7675CE8D5ADA5330FE86662733992C2A273BCD2F7019B934ED46E59519E02785FAB11EE8DAC8C0C05532F3E5F1D3DBB96E0EBA8E52230CE37A16BD56B270A5BB98A926DC529E114C4B4FBDB69D587243C0D978CBA23E1B93699CD0BCCC23D223E6B8F3DFF25E6414BB6B3FCC42290B915DFA8E74E08BA0B401A9D3CD7ADAA47ACE3E08900A4B8EBDD79666FBFB0B7752D9D4F6351FF18921D9106E3265404561129CD8AFF16D96D222E493BE7E86BC971ECB21E2869A7713E2A5BC34493D135CC0BECDA09E913841F2701EB410E812D8E8C9707350F4C0A9DDC4CE4576022252430D446E92C6E2D875D4D01E8AC364F049BDBA02CC336E68604E2877D101B71253790D45E8623A4FA9B267605CECD39CA4174CCCDF4A3DB653A14105D1714FCA00F56E754D7B9640E3AE168607FB3600B3CCE2B7FE749FDF76A88648854F96112CFA2074036F01264B7181BEA1CF131F8358B3C8B7B13B93594CD7418AD8EF5E1004D0DADDDD3B645CA8C4D85688A667F33763ABA7C1E865637A08939691F10D34912065C72A38BFE583ECCDE30B61A5BBEA0FAE03ACB74CCD27DF08F040E75E77A52375BDFC9FE00C387C351C80690B61F944C490BB66A4A6491C0AF770CF768EC8628FD1C3CCD6C67DE9CD64D69630C2EC86852C7CEC2CCE5A6C2A99F0DC5F7E87DCDDA8ABCE9162919D79393F740F90D14CABC34274077C58F41BDBD5F383A370022BFAAC6A67FDB4F73EA6AD4405CF3B02155B23D9BD3A494DB6D574B0B42B17B66A16FB95118CAB49C6CF5C7A5558BD05460C78ADB965AF017633EAE225979355AEDC967DAC58BD585E6A48BF26D7F229647DE0B84C2F9990FAB6948A704280A932433D00BA7A395EF8C2326F81CEF8363CF13E70289D14710932975F10547FF4D0D273322164EE0A2D34A01D579271E5BA3C3785638B318988105A4C66CB33EC0D2881DA2A59B17DB2335A89774B81E774423559FBA58835044A07EF37FBC23A0A75F27401EF5CCE69C5ED301A75D35E9F80677E4F6D3546ADF20E1C2B8CDA7911019A31B895C98751852CBBD9E295621785BFC121B9D4FED72DA257CDF72ABC102189F1470BDB2692A1AB0DB3B7F7FDD975739E99B28A97F8B23ADC108BE48617C5984F04"
"OODEFRAG15.00.00.01PROFESSIONAL"="07725BEB32B05DDC0C797267C0CDDC3E884836A3C42BCD8F02962422CEE4E86668E73CEC1B23A1BBE1B4571A22F086C89380890F29752AC28AAC1FA678EDA9592C1E9E968A7F3490383D60AFE1DC2C62FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808A9C6AECB7A5D1407BA7FD869164D67949DB7CE019D40AA5CDAC89EC09BF93E8A71579DBE33851B9FB2F8C47B713C9D98DD742404042AF8DCB124EE88F4CBDEEE70E6911EF92D980EF1EDD947CD5FBBAEC54EAB4F19B466BA65F3C97BEF518CA778CFA984D88FD7DBA3E4DBE2E9AC94E06F23826C72C933ECB98A564133BC55303429BE852F3366FEFB5DF5F1FD9F57C4BAF3C32C3DFAD046568FC1F607530739B6DEAC2C7D3396A69725568B64C77623EA961052CF6B714CC8FCB9AED7ED38A4F5B05577E83CFCB274E2ACB91CC82779A6B58695A0550C3A8022F36C37FABE0A49331DD7BD11F1B6F30F2F7CC7D964797A4D51A44B03DAFED12026A959FAB8B6704D6CB3E70814FBDD7619C6AEC46B89D4B0981D1156DE3CF56F8D52970206290BBBAEE5790CC300DB39A57FBB6ABEC289050B9355C2DAC988DAE949EEBAC914208C57BB291BA5707B4C9982FCBDA472CF445D919FD055AF0B807DE27F62EB6018255877D04723B431F8B71CA646A719C3BCC3101C9C992F60D311E70F4A1AA740BC2C4E6E366964D1DB4A938F9E16EEE48E7B029AD5B7BA539AEE948756443C4A5FCEEB2323EACB9865209B31F580DA15B1C0CA0FC181F60DEFE89BF2821E1F4AEC40EC36DCDA6B235B8A622B113E7B1D6E58C111380E3F214350A104599E89BB1806E40F43B3F774545E85C14569A2A7E286B2DC2639A181D67E3E907D84667C6A2957BD4FB159F23FF59759FE60D4C400985ED30B236208C1CE000F244D554BBDB4C0738AD6AD685C2E21FE3CC4CBE60E5BF876FA2DF4EFEDA0681F163EA84F433A8E0712E7C38340691CE0927DF5E6A3A1A96F9E7F085B1C56E900B161E9117DCFA17019EDA1D6D30DF7D0273475FE31C20D0AB204F5CD5CD9EF95E6FED3FEC50C514FE5B5FDD9530396C736D69D4FF699B33507EB542F971656EA3C2BD56AC60CE764D251C6E4D0B9D05F0F9779DA8B83A08600A8E74C07FA6FACC936138781F021174E951D38AFA0F0D6956CC588D864CBB495F12D553BF9FEAA3E3C63F0475E31EF591B537429AE3690BF1175A41B22A21BD4C350DE950EBD5AD896D223C27EBE9C8B4073224ADE53141981ABDD65A7043B5D5CB4E1CCB0D954716520806EFDE0700FA5BA29F2ABEE0C4281C4489D63C338633FF0B9EC61F3D5EE8EBE4E198B286022AF97D95A1A24476C95CB5AFCC8A9D9AEB250275426A03FCFB95634E85E15869687306606AD03B85F0A0470124E730C9DC250"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(1360)
c:\program files\Sticky Password\spCapBtn.dll
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\AVG\AVG2012\avgrsx.exe
c:\program files\AVG\AVG2012\avgcsrvx.exe
c:\windows\system32\nvvsvc.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\windows\system32\crypserv.exe
c:\program files\AVG\AVG2012\avgnsx.exe
c:\program files\AVG\AVG2012\avgemcx.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\taskhost.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\conhost.exe
c:\windows\system32\WUDFHost.exe
c:\program files\NVIDIA Corporation\Display\nvtray.exe
c:\program files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\DllHost.exe
.
**************************************************************************
.
Completion time: 2012-04-10 17:52:47 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-10 16:52
.
Pre-Run: 433,074,057,216 bytes free
Post-Run: 433,050,378,240 bytes free
.
- - End Of File - - CC67E2454A50F0470E23E78A173C86FA

#8 The Dark Knight

The Dark Knight

    Malware Vigilante

  • Trusted Advisor*
  • PipPipPipPipPip
  • 2,214 posts

Posted 10 April 2012 - 08:17 PM

Hello smurf667. :)

Getting infected is quite common these days. All it takes is visiting one suspicious website or downloading a file or even opening an email attachment. Once your computer looks good I will give you ideas about staying safe for the future. :thumbup:


Before proceeding any further, please follow these instructions to backup your Registry (in case it needs to be restored if something goes wrong):
  • Please go to Start>Run and type in regedit.
  • Click regedit to open the Registry Editor.
  • Go to the File tab.
  • Select Export.
  • Save the file as RegistryBackup.reg to the Desktop.
==========

Once you have made the backup, please proceed:

  • Go to Start>Run and type in the following:

    regedit.exe
  • Click OK to open Regedit.
  • Expand HKEY_USERS by clicking on the + sign next to HKEY_USERS.
  • Scroll down the Registry Keys and continue expanding until you reach this Key:

    HKEY_USERS\S-1-5-21-3149207797-2026983667-1932898229-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B1E51BE9-9E19-2AA1-5AE0-30693E4CDCDF}*
  • Right click on the registry key named {B1E51BE9-9E19-2AA1-5AE0-30693E4CDCDF}* and select Permissions from the menu.
  • Click Advanced.
  • Select the Owner tab.
  • In the Change owner to window, highlight your personal user account.
  • Make sure Replace owner on subcontainers and objects is checked.
  • Click Apply. Your personal user account should now be in the Current Owner box.
  • Click OK. You should now be back to the Security tab.
  • Click OK.
  • Again, right click on the Registry Key named {B1E51BE9-9E19-2AA1-5AE0-30693E4CDCDF}* and select Permissions from the menu.
  • In the Group or user names: window, highlight the one that is your personal user account.
  • In the Permissions for (your user name), the Full Control and Read boxes should be checked under Allow.
  • Click OK to close the Permissions window.
  • Right click on the Registry Key named {B1E51BE9-9E19-2AA1-5AE0-30693E4CDCDF}* and select Delete.
  • Confirm the Delete. The registy key named {B1E51BE9-9E19-2AA1-5AE0-30693E4CDCDF}* should disappear.
  • Close Regedit.
  • Please restart your computer.
Once you have performed these steps please re-run ComboFix and post its log in your next reply.
==========

In your next post please post the ComboFix log. How is your computer currently running?

If you make yourself more than just a man, if you devote yourself to an ideal...you become something else entirely. A legend, Mr. Wayne, a legend!

If I have helped you please consider donating to help keep this forum running; see this topic for more details.

unite_zpse83e3a16.gif


#9 smurf667

smurf667

    Member

  • Full Member
  • Pip
  • 9 posts

Posted 11 April 2012 - 03:36 PM

It seems to be ok, it's not been diverted for around 24 hours, fingers crossed. Oh whilst I'm thinking about it, I should have mentioned this earlier when I first asked for help, but, since I.E.9 started being diverted to clkads.com, I've noticed that to log on to my internet banking, it's taken about 10 times as long as it normally did, could the 2 be connected at all, or do you think it's probably just a coincidence?

Here's the CombFix.txt:

ComboFix 12-04-07.04 - Pete 11/04/2012 20:55:16.4.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3070.2094 [GMT 1:00]
Running from: c:\users\Pete\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-03-11 to 2012-04-11 )))))))))))))))))))))))))))))))
.
.
2012-04-11 20:08 . 2012-04-11 20:08 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-04-11 20:08 . 2012-04-11 20:08 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-11 20:08 . 2012-04-11 20:08 -------- d-----w- c:\users\Claire\AppData\Local\temp
2012-04-11 10:25 . 2012-03-01 05:46 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-11 10:25 . 2012-03-01 05:37 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-04-11 10:25 . 2012-03-01 05:33 159232 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-11 10:25 . 2012-03-01 05:29 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-11 10:25 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-11 10:25 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 10:01 . 2012-03-20 02:53 6582328 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FEC37CA4-45F2-4909-AA82-33295258D805}\mpengine.dll
2012-04-09 16:50 . 2012-04-09 16:50 -------- d-----w- c:\program files\Sophos
2012-04-08 15:44 . 2012-04-08 15:44 -------- d-----w- c:\users\Claire\AppData\Roaming\Birdstep Technology
2012-04-08 14:47 . 2012-04-08 14:47 -------- d-----w- c:\users\Pete\AppData\Roaming\Birdstep Technology
2012-04-08 14:47 . 2010-01-28 12:35 10240 ----a-w- c:\windows\system32\drivers\mdvrmng.sys
2012-04-08 14:47 . 2012-04-08 14:47 -------- d-----w- c:\program files\3 Mobile Broadband
2012-04-07 14:24 . 2012-04-07 14:24 -------- d-----w- c:\program files\MALWAREBYTES ANTI-MALWARE
2012-04-07 13:56 . 2012-04-07 13:56 388096 ----a-r- c:\users\Pete\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-04-07 13:56 . 2012-04-07 13:56 -------- d-----w- c:\program files\Trend Micro
2012-04-06 21:53 . 2012-04-06 21:53 -------- d-----w- c:\users\Pete\AppData\Local\Facebook
2012-04-05 17:29 . 2012-04-05 17:29 -------- d-----w- c:\programdata\boost_interprocess
2012-03-27 22:08 . 2012-04-09 12:36 -------- d-----w- c:\users\Pete\AppData\Local\Smartbar
2012-03-14 09:12 . 2012-02-03 03:54 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 09:12 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 09:12 . 2012-01-25 05:32 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-14 09:12 . 2012-01-25 05:32 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-14 09:12 . 2012-01-25 05:27 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-14 09:12 . 2012-02-17 05:34 826880 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-14 09:12 . 2012-02-17 04:14 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-14 09:12 . 2012-02-17 04:13 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-05 17:15 . 2010-10-23 07:50 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-02-23 09:18 . 2010-09-30 12:51 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-02-10 04:13 . 2012-02-22 17:04 7713088 ----a-w- c:\windows\system32\nvwgf2um.dll
2012-02-10 04:13 . 2012-02-22 17:04 61248 ----a-w- c:\windows\system32\OpenCL.dll
2012-02-10 04:13 . 2012-02-22 17:04 5892928 ----a-w- c:\windows\system32\nvcuda.dll
2012-02-10 04:13 . 2012-02-22 17:04 2517312 ----a-w- c:\windows\system32\nvcuvid.dll
2012-02-10 04:13 . 2012-02-22 17:04 2437440 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-02-10 04:13 . 2012-02-22 17:04 19443520 ----a-w- c:\windows\system32\nvoglv32.dll
2012-02-10 04:13 . 2012-02-22 17:04 17543488 ----a-w- c:\windows\system32\nvcompiler.dll
2012-02-10 04:13 . 2012-02-22 17:04 15009600 ----a-w- c:\windows\system32\nvd3dum.dll
2012-02-10 04:13 . 2012-02-22 17:04 10816832 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-02-10 04:13 . 2011-08-10 03:00 881984 ----a-w- c:\windows\system32\nvgenco32.dll
2012-02-10 04:13 . 2011-08-10 03:00 1000256 ----a-w- c:\windows\system32\nvdispco32.dll
2012-02-10 04:13 . 2010-09-24 23:46 2301248 ----a-w- c:\windows\system32\nvapi.dll
2012-02-10 03:02 . 2011-04-07 21:43 3881792 ----a-w- c:\windows\system32\nvcpl.dll
2012-02-10 03:00 . 2011-04-07 21:43 2719040 ----a-w- c:\windows\system32\nvsvc.dll
2012-02-10 03:00 . 2011-04-07 21:43 645440 ----a-w- c:\windows\system32\nvvsvc.exe
2012-02-10 03:00 . 2011-04-07 21:43 108352 ----a-w- c:\windows\system32\nvmctray.dll
2012-02-10 03:00 . 2010-07-09 15:20 62272 ----a-w- c:\windows\system32\nvshext.dll
2012-02-09 20:05 . 2012-02-09 20:05 416064 ----a-w- c:\windows\system32\nvStreaming.exe
2012-01-26 18:39 . 2012-01-26 18:39 53248 ----a-r- c:\users\Pete\AppData\Roaming\Microsoft\Installer\{12BAA98C-F8DD-4BC9-BBE6-1C8463114197}\ARPPRODUCTICON.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-17 221184]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"StickyPassword"="c:\program files\Sticky Password\stpass.exe" [2010-08-25 3052376]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
"Facebook Update"="c:\users\Pete\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-04-06 137536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2009-07-22 83336]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
"VM331_STI"="c:\windows\VM331_STI.exe" [2010-01-15 536576]
"SPZ2000_Monitor"="c:\windows\Philips\SPZ2000\GUCI_AVS.exe" [2007-12-10 323584]
"PlusService"="c:\program files\Yuna Software\Messenger Plus!\PlusService.exe" [2012-02-27 801792]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1387288]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-07-28 9398888]
"RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-09-01 90448]
"OODefragTray"="c:\program files\OO Software\Defrag\oodtray.exe" [2011-11-17 2773328]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\users\Pete\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Facebook Messenger.lnk - c:\users\Pete\AppData\Local\Facebook\Messenger\2.0.4478.0\FacebookMessenger.exe [2012-4-5 204288]
Logitech . Product Registration.lnk - c:\program files\Common Files\Logishrd\eReg\SetPoint\eReg.exe [2009-11-16 517384]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2010-6-28 2721184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2011-09-27 19:03 66328 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart\0OODBS
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 JetDrive WindowsClosingService;JetDrive WindowsClosingService;c:\windows\System32\WindowsClosingService [x]
R3 jetdrive;jddrv;c:\windows\system32\DRIVERS\jddrv.sys [2011-03-12 29056]
R3 Just Flight Limited License Service;Just Flight Limited License Service;c:\program files\Common Files\Just Flight Limited Shared\Service\JustFlightLimitedLicSvc.exe [2010-10-27 69632]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [x]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2010-01-19 9216]
R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\A707.tmp [x]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 27192]
R3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\DRIVERS\s0016bus.sys [2008-05-16 89256]
R3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0016mdfl.sys [2008-05-16 15016]
R3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0016mdm.sys [2008-05-16 120744]
R3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0016mgmt.sys [2008-05-16 114216]
R3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\DRIVERS\s0016nd5.sys [2008-05-16 25512]
R3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0016obex.sys [2008-05-16 110632]
R3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\DRIVERS\s0016unic.sys [2008-05-16 115752]
R3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2011-06-29 155344]
R3 SRS_AE_Service;SRS Audio Essentials;c:\windows\system32\drivers\SRS_AE_i386.sys [2011-08-01 404256]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);c:\windows\system32\DRIVERS\vcsvad.sys [2008-12-26 17792]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-09-25 1343400]
R3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [2010-11-26 25704]
R3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [2010-11-26 25704]
R3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [2010-11-26 25704]
R3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [2010-11-26 25704]
R3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [2010-11-26 25704]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2011-07-11 23120]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2011-09-13 32592]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-07-12 64288]
S0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\System32\drivers\sfdrv01a.sys [2009-02-03 63096]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2011-10-07 230608]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2011-07-11 295248]
S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2011-06-28 101720]
S2 ACPService;ACPService;c:\program files\Philips\CamSuite\2.0.15.0\ACPService.exe [2010-08-26 687104]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]
S2 BecHelperService;BecHelperService;c:\program files\3 Mobile Broadband\3Connect\BecHelperService.exe [2010-01-28 1737464]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-02-10 2348352]
S2 OODefragAgent;O&O Defrag Agent;c:\program files\OO Software\Defrag\oodag.exe [2011-11-17 2489680]
S2 PfFilter;PfFilter;c:\program files\IObit\Protected Folder\pffilter.sys [2011-03-16 140848]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-09 382272]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [2011-07-11 134736]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [2011-07-11 24272]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys [2011-10-04 16720]
S3 GUCI_AVS;Philips SPZ2000 Webcam;c:\windows\system32\DRIVERS\GUCI_AVS.sys [2010-06-10 574848]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-03-22 278560]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-10 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3149207797-2026983667-1932898229-1000Core.job
- c:\users\Pete\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-06 21:53]
.
2012-04-11 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3149207797-2026983667-1932898229-1000UA.job
- c:\users\Pete\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-06 21:53]
.
2012-04-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3149207797-2026983667-1932898229-1000Core.job
- c:\users\Pete\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-18 23:52]
.
2012-04-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3149207797-2026983667-1932898229-1000UA.job
- c:\users\Pete\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-18 23:52]
.
2012-04-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3149207797-2026983667-1932898229-1003Core.job
- c:\users\Claire\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-20 16:00]
.
2012-04-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3149207797-2026983667-1932898229-1003UA.job
- c:\users\Claire\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-20 16:00]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://co122w.col122.mail.live.com/default.aspx
IE: Download All By FlashGet3 - c:\users\Pete\AppData\Roaming\FlashGetBHO\GetAllUrl.htm
IE: Download By FlashGet3 - c:\users\Pete\AppData\Roaming\FlashGetBHO\GetUrl.htm
DPF: {01025D1C-BB03-4369-8344-732CD0DCCCF0} - hxxp://www.geforce.com/services_toolkit/ShimGen/1.1.28.1/GPU_Reader.cab
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\JetDrive WindowsClosingService]
"ImagePath"="c:\windows\System32\WindowsClosingService"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\A707.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3149207797-2026983667-1932898229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-3149207797-2026983667-1932898229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-3149207797-2026983667-1932898229-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B1E51BE9-9E19-2AA1-5AE0-30693E4CDCDF}*]
"mafeebkianklingcpcbenhmmfi"=hex:6a,61,68,66,63,69,70,6f,68,65,61,6a,6d,69,64,
6c,61,6b,6f,70,00,00
"nadecadlmiabdgjoebiifnbgkjno"=hex:6a,61,68,66,63,69,70,6f,68,65,61,6a,6d,69,
64,6c,61,6b,6f,70,00,00
"hahbbjljccohllin"=hex:61,62,63,63,65,67,6d,6c,64,62,66,6d,6d,6d,6c,69,67,61,
61,64,65,65,6e,62,62,61,6b,65,67,70,70,6b,70,6a,00,00
"hahbbjljpchjpmck"=hex:64,62,65,65,6f,63,70,6d,6b,67,6c,66,70,69,6a,65,6f,69,
6a,6d,6e,69,70,66,65,6e,63,6e,63,66,64,68,69,68,6e,6b,61,6e,61,66,00,40
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OOPM03.00.00.01PRO"="4D6DB634E94BAB10518D41788B55A2E18248F07AB605280B68409CFDD28FE6B97040334856CBB2741834CF6A59F3BE6BE5B399A77EFBA8E0BB9CF3D7A4F05022EDBF7C75EBEA018AB419629C0913E89CE497FDB46BB262267DFEC71932D68AF7854D95DA6E04AD2E3533AE0DB8F47B03F825A7A319F3943735F116623236DA0AE9E9105CD2D022BD1BA1FC81BDBEA72D8F343639D7EDD4F5DD23749A15FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808BA7FD869164D6794A6171C11EC38DE3DA6171C11EC38DE3D5D092FFE5513152E5DA2D294245356DA186ADDEFBEA6859F7F24BE8F47C810400D85E4FE0F70CAE75B7969DE763D979BC13C4540D57A2E7F8C4493D772AC5FECBA756EF392F47C525532D24B8FC2C26ECBAC141A88CD58CD6D90E60F92EDDD26E58175040C38887553D9878FF4ED55F6E6CA365E56C1456C1A43346240E3AC2D6DA4A6C950E20F0DBDCF06D1D260129025FD9961658AF7726FE3FB7138F5307598AD31525334760B65CA4F2C76CA7EC8007F31687BF036292D51C0535BA211A490C14B20307D6713FAD169AFD27465DF505DF3B2854F0C10F8410B90AEFAB99862D8AC29A3A64EFD16C25D5D7F3B554CD678DBED1398495A59B765265CA25C5F7F3E92D710285D57304E3A2E380D1F36B707E6BFD7CEFE6DBB91E0042F56EABD3C123E0AFA118861A678118AD96C597D78939ABE2C8B85E3F07B8F8F98DF9F2AD3C6729210840A103E9B76D36871DF3286FBF9F78CFA780CACF80A23AEA2F550E3A678B41BB7DD8B9D6285DC8BC64D992FF092EB17DB376808E1EB8AA893AD0F6CCA1EAD0E74C6B04CCE5AEA8D2D082E2878F10E900563B0FE60D58665BA4AFB52A433AA019B480FBA3698BADB75321D876DA945E1DCE5CFF07269CD643795DC60F78CCC2B1C2DEBBAC0E47B0C893947C7FB52EE95606861A46B4F074BB81BAEC3DA822AEB7E024083E968CD53E249424A27855B5C9FDABAC072B3D16185AA9E0E3AF24D45DA17382E85D0CB0D91D4D85144E14C093FEF61D10245BC95F6D892B357BCB35DE203B33935507E37B89387847C8AFC95F69F10C86838CEF7F9FDA18F444550FBD51DC809731DE5760FFC016F4FA5171C142535794A45003D0F35955DE77589910C84BE610C6FF49061D029010D5EBB5DF4FDF21D9BA53EBE4C5E6FBF803A372F6E98916EA18691700D129A0D5B62FEBB8F6F9FCE291AE9F85C9FE23C9B03298A7B7FF33EA62297268606A1CB3565E8C1EAFE479110E6570D7ADF573A1FC5A07DC4234843660AD6E25536C156E61E74192578A646C5D3CF41774BE789417AD406F22FA7527B0711FD13F0AEAD14469213ECEA31378E2B917BBAD264DA0E1EEEC53E94DE2856E5FDF271C8D236B09D"
"OODEFRAG14.00.00.01PROFESSIONAL"="D165D114FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808A2D97226D213B555A6A0AC4980AC7933C038D530D6EB34524EA4E50917B51E820907A54BAB5765676D50CD0D5C5F8D8081B66C139F1CA3B55B0AD39F0A4A7E69B503302E0BEAB380CC1B71CC72A8EE7E9383FB78CB4F06322F9E2B168353696CCA0E286E63E4DD4C385412C3579B8C18DD8169F78AA75BAD7971DD35491C1FF32F9A5D3D3F438F6C6BECF9AEFC869DC991419F73D264091C7F54142B7675CE8D5ADA5330FE86662733992C2A273BCD2F7019B934ED46E59519E02785FAB11EE8DAC8C0C05532F3E5F1D3DBB96E0EBA8E52230CE37A16BD56B270A5BB98A926DC529E114C4B4FBDB69D587243C0D978CBA23E1B93699CD0BCCC23D223E6B8F3DFF25E6414BB6B3FCC42290B915DFA8E74E08BA0B401A9D3CD7ADAA47ACE3E08900A4B8EBDD79666FBFB0B7752D9D4F6351FF18921D9106E3265404561129CD8AFF16D96D222E493BE7E86BC971ECB21E2869A7713E2A5BC34493D135CC0BECDA09E913841F2701EB410E812D8E8C9707350F4C0A9DDC4CE4576022252430D446E92C6E2D875D4D01E8AC364F049BDBA02CC336E68604E2877D101B71253790D45E8623A4FA9B267605CECD39CA4174CCCDF4A3DB653A14105D1714FCA00F56E754D7B9640E3AE168607FB3600B3CCE2B7FE749FDF76A88648854F96112CFA2074036F01264B7181BEA1CF131F8358B3C8B7B13B93594CD7418AD8EF5E1004D0DADDDD3B645CA8C4D85688A667F33763ABA7C1E865637A08939691F10D34912065C72A38BFE583ECCDE30B61A5BBEA0FAE03ACB74CCD27DF08F040E75E77A52375BDFC9FE00C387C351C80690B61F944C490BB66A4A6491C0AF770CF768EC8628FD1C3CCD6C67DE9CD64D69630C2EC86852C7CEC2CCE5A6C2A99F0DC5F7E87DCDDA8ABCE9162919D79393F740F90D14CABC34274077C58F41BDBD5F383A370022BFAAC6A67FDB4F73EA6AD4405CF3B02155B23D9BD3A494DB6D574B0B42B17B66A16FB95118CAB49C6CF5C7A5558BD05460C78ADB965AF017633EAE225979355AEDC967DAC58BD585E6A48BF26D7F229647DE0B84C2F9990FAB6948A704280A932433D00BA7A395EF8C2326F81CEF8363CF13E70289D14710932975F10547FF4D0D273322164EE0A2D34A01D579271E5BA3C3785638B318988105A4C66CB33EC0D2881DA2A59B17DB2335A89774B81E774423559FBA58835044A07EF37FBC23A0A75F27401EF5CCE69C5ED301A75D35E9F80677E4F6D3546ADF20E1C2B8CDA7911019A31B895C98751852CBBD9E295621785BFC121B9D4FED72DA257CDF72ABC102189F1470BDB2692A1AB0DB3B7F7FDD975739E99B28A97F8B23ADC108BE48617C5984F04"
"OODEFRAG15.00.00.01PROFESSIONAL"="07725BEB32B05DDC0C797267C0CDDC3E884836A3C42BCD8F02962422CEE4E86668E73CEC1B23A1BBE1B4571A22F086C89380890F29752AC28AAC1FA678EDA9592C1E9E968A7F3490383D60AFE1DC2C62FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808A9C6AECB7A5D1407BA7FD869164D67949DB7CE019D40AA5CDAC89EC09BF93E8A71579DBE33851B9FB2F8C47B713C9D98DD742404042AF8DCB124EE88F4CBDEEE70E6911EF92D980EF1EDD947CD5FBBAEC54EAB4F19B466BA65F3C97BEF518CA778CFA984D88FD7DBA3E4DBE2E9AC94E06F23826C72C933ECB98A564133BC55303429BE852F3366FEFB5DF5F1FD9F57C4BAF3C32C3DFAD046568FC1F607530739B6DEAC2C7D3396A69725568B64C77623EA961052CF6B714CC8FCB9AED7ED38A4F5B05577E83CFCB274E2ACB91CC82779A6B58695A0550C3A8022F36C37FABE0A49331DD7BD11F1B6F30F2F7CC7D964797A4D51A44B03DAFED12026A959FAB8B6704D6CB3E70814FBDD7619C6AEC46B89D4B0981D1156DE3CF56F8D52970206290BBBAEE5790CC300DB39A57FBB6ABEC289050B9355C2DAC988DAE949EEBAC914208C57BB291BA5707B4C9982FCBDA472CF445D919FD055AF0B807DE27F62EB6018255877D04723B431F8B71CA646A719C3BCC3101C9C992F60D311E70F4A1AA740BC2C4E6E366964D1DB4A938F9E16EEE48E7B029AD5B7BA539AEE948756443C4A5FCEEB2323EACB9865209B31F580DA15B1C0CA0FC181F60DEFE89BF2821E1F4AEC40EC36DCDA6B235B8A622B113E7B1D6E58C111380E3F214350A104599E89BB1806E40F43B3F774545E85C14569A2A7E286B2DC2639A181D67E3E907D84667C6A2957BD4FB159F23FF59759FE60D4C400985ED30B236208C1CE000F244D554BBDB4C0738AD6AD685C2E21FE3CC4CBE60E5BF876FA2DF4EFEDA0681F163EA84F433A8E0712E7C38340691CE0927DF5E6A3A1A96F9E7F085B1C56E900B161E9117DCFA17019EDA1D6D30DF7D0273475FE31C20D0AB204F5CD5CD9EF95E6FED3FEC50C514FE5B5FDD9530396C736D69D4FF699B33507EB542F971656EA3C2BD56AC60CE764D251C6E4D0B9D05F0F9779DA8B83A08600A8E74C07FA6FACC936138781F021174E951D38AFA0F0D6956CC588D864CBB495F12D553BF9FEAA3E3C63F0475E31EF591B537429AE3690BF1175A41B22A21BD4C350DE950EBD5AD896D223C27EBE9C8B4073224ADE53141981ABDD65A7043B5D5CB4E1CCB0D954716520806EFDE0700FA5BA29F2ABEE0C4281C4489D63C338633FF0B9EC61F3D5EE8EBE4E198B286022AF97D95A1A24476C95CB5AFCC8A9D9AEB250275426A03FCFB95634E85E15869687306606AD03B85F0A0470124E730C9DC250"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(5204)
c:\program files\Sticky Password\spCapBtn.dll
.
Completion time: 2012-04-11 21:11:01
ComboFix-quarantined-files.txt 2012-04-11 20:11
.
Pre-Run: 432,526,966,784 bytes free
Post-Run: 432,483,766,272 bytes free
.
- - End Of File - - 15889A23965E10DB6237588DD9F6A2C1

#10 The Dark Knight

The Dark Knight

    Malware Vigilante

  • Trusted Advisor*
  • PipPipPipPipPip
  • 2,214 posts

Posted 11 April 2012 - 06:24 PM

Hey smurf667. :)

Not sure about the loading time for your Internet banking. It could be connected to a Registry Key that is still present on your computer.

When you tried to delete the Registry Key from my previous post, were you successful?


It appears it is still present so please follow these instructions to run RegASSASSIN:

  • Please download RegASSASSIN to your Desktop.
  • Double-click on the file to start RegASSASSIN.
  • Agree to the User Agreement.
  • In the box that appears, please copy and paste this Key:

    HKEY_USERS\S-1-5-21-3149207797-2026983667-1932898229-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B1E51BE9-9E19-2AA1-5AE0-30693E4CDCDF}*
  • Make sure both check boxes are ticked.
  • Then click Delete.
  • Please restart your computer if you are not prompted.

After you have run RegASSASSIN, please delete your current copy of ComboFix. Then, please follow these instructions to run ComboFix.exe. Please visit this webpage for download links and instructions for running this tool:

http://www.bleepingc...to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix (CF).

Please go here to see a list of programs that need to be disabled.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall.**

**Note 2: If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.**

Please include the C:\ComboFix.txt in your next reply for further review.
==========

In your next post please post the ComboFix.txt and if were able to delete the Key last time. :thumbup:

If you make yourself more than just a man, if you devote yourself to an ideal...you become something else entirely. A legend, Mr. Wayne, a legend!

If I have helped you please consider donating to help keep this forum running; see this topic for more details.

unite_zpse83e3a16.gif


#11 smurf667

smurf667

    Member

  • Full Member
  • Pip
  • 9 posts

Posted 11 April 2012 - 08:34 PM

Hi Dark Knight,

Yes it the registry key deleted no problem, and when I ran RegASSASSIN, it said that either the key had been deleted or was hidden and that RegASSASSIN might not have permission to delete it, it then asked me if I wanted to continue, so I clicked yes, and when it had finished, it said that the registry key had been deleted. I then restarted the computer.

Thing is, I ran combofix, and then checked the combofix.txt file, and did a search for they reg key, and it's still listed in combofix as being there!!

Here's the combofix.txt:


ComboFix 12-04-11.03 - Pete 12/04/2012 1:59.5.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3070.1986 [GMT 1:00]
Running from: c:\users\Pete\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-03-12 to 2012-04-12 )))))))))))))))))))))))))))))))
.
.
2012-04-12 01:11 . 2012-04-12 01:11 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-04-12 01:11 . 2012-04-12 01:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-12 01:11 . 2012-04-12 01:11 -------- d-----w- c:\users\Claire\AppData\Local\temp
2012-04-11 10:25 . 2012-03-01 05:46 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-11 10:25 . 2012-03-01 05:37 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-04-11 10:25 . 2012-03-01 05:33 159232 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-11 10:25 . 2012-03-01 05:29 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-11 10:25 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-11 10:25 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 10:01 . 2012-03-20 02:53 6582328 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FEC37CA4-45F2-4909-AA82-33295258D805}\mpengine.dll
2012-04-09 16:50 . 2012-04-09 16:50 -------- d-----w- c:\program files\Sophos
2012-04-08 15:44 . 2012-04-08 15:44 -------- d-----w- c:\users\Claire\AppData\Roaming\Birdstep Technology
2012-04-08 14:47 . 2012-04-08 14:47 -------- d-----w- c:\users\Pete\AppData\Roaming\Birdstep Technology
2012-04-08 14:47 . 2010-01-28 12:35 10240 ----a-w- c:\windows\system32\drivers\mdvrmng.sys
2012-04-08 14:47 . 2012-04-08 14:47 -------- d-----w- c:\program files\3 Mobile Broadband
2012-04-07 14:24 . 2012-04-11 20:42 -------- d-----w- c:\program files\MALWAREBYTES ANTI-MALWARE
2012-04-07 13:56 . 2012-04-07 13:56 388096 ----a-r- c:\users\Pete\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-04-07 13:56 . 2012-04-07 13:56 -------- d-----w- c:\program files\Trend Micro
2012-04-06 21:53 . 2012-04-06 21:53 -------- d-----w- c:\users\Pete\AppData\Local\Facebook
2012-04-05 17:29 . 2012-04-05 17:29 -------- d-----w- c:\programdata\boost_interprocess
2012-03-27 22:08 . 2012-04-09 12:36 -------- d-----w- c:\users\Pete\AppData\Local\Smartbar
2012-03-14 09:12 . 2012-02-03 03:54 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 09:12 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 09:12 . 2012-01-25 05:32 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-14 09:12 . 2012-01-25 05:32 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-14 09:12 . 2012-01-25 05:27 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-14 09:12 . 2012-02-17 05:34 826880 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-14 09:12 . 2012-02-17 04:14 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-14 09:12 . 2012-02-17 04:13 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-05 17:15 . 2010-10-23 07:50 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-04 14:56 . 2010-09-27 20:28 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-23 09:18 . 2010-09-30 12:51 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-02-10 04:13 . 2012-02-22 17:04 7713088 ----a-w- c:\windows\system32\nvwgf2um.dll
2012-02-10 04:13 . 2012-02-22 17:04 61248 ----a-w- c:\windows\system32\OpenCL.dll
2012-02-10 04:13 . 2012-02-22 17:04 5892928 ----a-w- c:\windows\system32\nvcuda.dll
2012-02-10 04:13 . 2012-02-22 17:04 2517312 ----a-w- c:\windows\system32\nvcuvid.dll
2012-02-10 04:13 . 2012-02-22 17:04 2437440 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-02-10 04:13 . 2012-02-22 17:04 19443520 ----a-w- c:\windows\system32\nvoglv32.dll
2012-02-10 04:13 . 2012-02-22 17:04 17543488 ----a-w- c:\windows\system32\nvcompiler.dll
2012-02-10 04:13 . 2012-02-22 17:04 15009600 ----a-w- c:\windows\system32\nvd3dum.dll
2012-02-10 04:13 . 2012-02-22 17:04 10816832 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-02-10 04:13 . 2011-08-10 03:00 881984 ----a-w- c:\windows\system32\nvgenco32.dll
2012-02-10 04:13 . 2011-08-10 03:00 1000256 ----a-w- c:\windows\system32\nvdispco32.dll
2012-02-10 04:13 . 2010-09-24 23:46 2301248 ----a-w- c:\windows\system32\nvapi.dll
2012-02-10 03:02 . 2011-04-07 21:43 3881792 ----a-w- c:\windows\system32\nvcpl.dll
2012-02-10 03:00 . 2011-04-07 21:43 2719040 ----a-w- c:\windows\system32\nvsvc.dll
2012-02-10 03:00 . 2011-04-07 21:43 645440 ----a-w- c:\windows\system32\nvvsvc.exe
2012-02-10 03:00 . 2011-04-07 21:43 108352 ----a-w- c:\windows\system32\nvmctray.dll
2012-02-10 03:00 . 2010-07-09 15:20 62272 ----a-w- c:\windows\system32\nvshext.dll
2012-02-09 20:05 . 2012-02-09 20:05 416064 ----a-w- c:\windows\system32\nvStreaming.exe
2012-01-26 18:39 . 2012-01-26 18:39 53248 ----a-r- c:\users\Pete\AppData\Roaming\Microsoft\Installer\{12BAA98C-F8DD-4BC9-BBE6-1C8463114197}\ARPPRODUCTICON.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-17 221184]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"StickyPassword"="c:\program files\Sticky Password\stpass.exe" [2010-08-25 3052376]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
"Facebook Update"="c:\users\Pete\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-04-06 137536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2009-07-22 83336]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
"VM331_STI"="c:\windows\VM331_STI.exe" [2010-01-15 536576]
"SPZ2000_Monitor"="c:\windows\Philips\SPZ2000\GUCI_AVS.exe" [2007-12-10 323584]
"PlusService"="c:\program files\Yuna Software\Messenger Plus!\PlusService.exe" [2012-02-27 801792]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1387288]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-07-28 9398888]
"RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-09-01 90448]
"OODefragTray"="c:\program files\OO Software\Defrag\oodtray.exe" [2011-11-17 2773328]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\users\Pete\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Facebook Messenger.lnk - c:\users\Pete\AppData\Local\Facebook\Messenger\2.0.4478.0\FacebookMessenger.exe [2012-4-5 204288]
Logitech . Product Registration.lnk - c:\program files\Common Files\Logishrd\eReg\SetPoint\eReg.exe [2009-11-16 517384]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2010-6-28 2721184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2011-09-27 19:03 66328 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart\0OODBS
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 JetDrive WindowsClosingService;JetDrive WindowsClosingService;c:\windows\System32\WindowsClosingService [x]
R3 jetdrive;jddrv;c:\windows\system32\DRIVERS\jddrv.sys [2011-03-12 29056]
R3 Just Flight Limited License Service;Just Flight Limited License Service;c:\program files\Common Files\Just Flight Limited Shared\Service\JustFlightLimitedLicSvc.exe [2010-10-27 69632]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [x]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2010-01-19 9216]
R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\A707.tmp [x]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 27192]
R3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\DRIVERS\s0016bus.sys [2008-05-16 89256]
R3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0016mdfl.sys [2008-05-16 15016]
R3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0016mdm.sys [2008-05-16 120744]
R3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0016mgmt.sys [2008-05-16 114216]
R3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\DRIVERS\s0016nd5.sys [2008-05-16 25512]
R3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0016obex.sys [2008-05-16 110632]
R3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\DRIVERS\s0016unic.sys [2008-05-16 115752]
R3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2011-06-29 155344]
R3 SRS_AE_Service;SRS Audio Essentials;c:\windows\system32\drivers\SRS_AE_i386.sys [2011-08-01 404256]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);c:\windows\system32\DRIVERS\vcsvad.sys [2008-12-26 17792]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-09-25 1343400]
R3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [2010-11-26 25704]
R3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [2010-11-26 25704]
R3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [2010-11-26 25704]
R3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [2010-11-26 25704]
R3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [2010-11-26 25704]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2011-07-11 23120]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2011-09-13 32592]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-07-12 64288]
S0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\System32\drivers\sfdrv01a.sys [2009-02-03 63096]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2011-10-07 230608]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2011-07-11 295248]
S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2011-06-28 101720]
S2 ACPService;ACPService;c:\program files\Philips\CamSuite\2.0.15.0\ACPService.exe [2010-08-26 687104]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]
S2 BecHelperService;BecHelperService;c:\program files\3 Mobile Broadband\3Connect\BecHelperService.exe [2010-01-28 1737464]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-02-10 2348352]
S2 OODefragAgent;O&O Defrag Agent;c:\program files\OO Software\Defrag\oodag.exe [2011-11-17 2489680]
S2 PfFilter;PfFilter;c:\program files\IObit\Protected Folder\pffilter.sys [2011-03-16 140848]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-09 382272]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [2011-07-11 134736]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [2011-07-11 24272]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys [2011-10-04 16720]
S3 GUCI_AVS;Philips SPZ2000 Webcam;c:\windows\system32\DRIVERS\GUCI_AVS.sys [2010-06-10 574848]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-03-22 278560]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-11 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3149207797-2026983667-1932898229-1000Core.job
- c:\users\Pete\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-06 21:53]
.
2012-04-12 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3149207797-2026983667-1932898229-1000UA.job
- c:\users\Pete\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-06 21:53]
.
2012-04-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3149207797-2026983667-1932898229-1000Core.job
- c:\users\Pete\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-18 23:52]
.
2012-04-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3149207797-2026983667-1932898229-1000UA.job
- c:\users\Pete\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-18 23:52]
.
2012-04-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3149207797-2026983667-1932898229-1003Core.job
- c:\users\Claire\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-20 16:00]
.
2012-04-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3149207797-2026983667-1932898229-1003UA.job
- c:\users\Claire\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-20 16:00]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://co122w.col122.mail.live.com/default.aspx
IE: Download All By FlashGet3 - c:\users\Pete\AppData\Roaming\FlashGetBHO\GetAllUrl.htm
IE: Download By FlashGet3 - c:\users\Pete\AppData\Roaming\FlashGetBHO\GetUrl.htm
DPF: {01025D1C-BB03-4369-8344-732CD0DCCCF0} - hxxp://www.geforce.com/services_toolkit/ShimGen/1.1.28.1/GPU_Reader.cab
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\JetDrive WindowsClosingService]
"ImagePath"="c:\windows\System32\WindowsClosingService"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\A707.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3149207797-2026983667-1932898229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-3149207797-2026983667-1932898229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-3149207797-2026983667-1932898229-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B1E51BE9-9E19-2AA1-5AE0-30693E4CDCDF}*]
"mafeebkianklingcpcbenhmmfi"=hex:6a,61,68,66,63,69,70,6f,68,65,61,6a,6d,69,64,
6c,61,6b,6f,70,00,00
"nadecadlmiabdgjoebiifnbgkjno"=hex:6a,61,68,66,63,69,70,6f,68,65,61,6a,6d,69,
64,6c,61,6b,6f,70,00,00
"hahbbjljccohllin"=hex:61,62,63,63,65,67,6d,6c,64,62,66,6d,6d,6d,6c,69,67,61,
61,64,65,65,6e,62,62,61,6b,65,67,70,70,6b,70,6a,00,00
"hahbbjljpchjpmck"=hex:64,62,65,65,6f,63,70,6d,6b,67,6c,66,70,69,6a,65,6f,69,
6a,6d,6e,69,70,66,65,6e,63,6e,63,66,64,68,69,68,6e,6b,61,6e,61,66,00,40
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OOPM03.00.00.01PRO"="4D6DB634E94BAB10518D41788B55A2E18248F07AB605280B68409CFDD28FE6B97040334856CBB2741834CF6A59F3BE6BE5B399A77EFBA8E0BB9CF3D7A4F05022EDBF7C75EBEA018AB419629C0913E89CE497FDB46BB262267DFEC71932D68AF7854D95DA6E04AD2E3533AE0DB8F47B03F825A7A319F3943735F116623236DA0AE9E9105CD2D022BD1BA1FC81BDBEA72D8F343639D7EDD4F5DD23749A15FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808BA7FD869164D6794A6171C11EC38DE3DA6171C11EC38DE3D5D092FFE5513152E5DA2D294245356DA186ADDEFBEA6859F7F24BE8F47C810400D85E4FE0F70CAE75B7969DE763D979BC13C4540D57A2E7F8C4493D772AC5FECBA756EF392F47C525532D24B8FC2C26ECBAC141A88CD58CD6D90E60F92EDDD26E58175040C38887553D9878FF4ED55F6E6CA365E56C1456C1A43346240E3AC2D6DA4A6C950E20F0DBDCF06D1D260129025FD9961658AF7726FE3FB7138F5307598AD31525334760B65CA4F2C76CA7EC8007F31687BF036292D51C0535BA211A490C14B20307D6713FAD169AFD27465DF505DF3B2854F0C10F8410B90AEFAB99862D8AC29A3A64EFD16C25D5D7F3B554CD678DBED1398495A59B765265CA25C5F7F3E92D710285D57304E3A2E380D1F36B707E6BFD7CEFE6DBB91E0042F56EABD3C123E0AFA118861A678118AD96C597D78939ABE2C8B85E3F07B8F8F98DF9F2AD3C6729210840A103E9B76D36871DF3286FBF9F78CFA780CACF80A23AEA2F550E3A678B41BB7DD8B9D6285DC8BC64D992FF092EB17DB376808E1EB8AA893AD0F6CCA1EAD0E74C6B04CCE5AEA8D2D082E2878F10E900563B0FE60D58665BA4AFB52A433AA019B480FBA3698BADB75321D876DA945E1DCE5CFF07269CD643795DC60F78CCC2B1C2DEBBAC0E47B0C893947C7FB52EE95606861A46B4F074BB81BAEC3DA822AEB7E024083E968CD53E249424A27855B5C9FDABAC072B3D16185AA9E0E3AF24D45DA17382E85D0CB0D91D4D85144E14C093FEF61D10245BC95F6D892B357BCB35DE203B33935507E37B89387847C8AFC95F69F10C86838CEF7F9FDA18F444550FBD51DC809731DE5760FFC016F4FA5171C142535794A45003D0F35955DE77589910C84BE610C6FF49061D029010D5EBB5DF4FDF21D9BA53EBE4C5E6FBF803A372F6E98916EA18691700D129A0D5B62FEBB8F6F9FCE291AE9F85C9FE23C9B03298A7B7FF33EA62297268606A1CB3565E8C1EAFE479110E6570D7ADF573A1FC5A07DC4234843660AD6E25536C156E61E74192578A646C5D3CF41774BE789417AD406F22FA7527B0711FD13F0AEAD14469213ECEA31378E2B917BBAD264DA0E1EEEC53E94DE2856E5FDF271C8D236B09D"
"OODEFRAG14.00.00.01PROFESSIONAL"="D165D114FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808A2D97226D213B555A6A0AC4980AC7933C038D530D6EB34524EA4E50917B51E820907A54BAB5765676D50CD0D5C5F8D8081B66C139F1CA3B55B0AD39F0A4A7E69B503302E0BEAB380CC1B71CC72A8EE7E9383FB78CB4F06322F9E2B168353696CCA0E286E63E4DD4C385412C3579B8C18DD8169F78AA75BAD7971DD35491C1FF32F9A5D3D3F438F6C6BECF9AEFC869DC991419F73D264091C7F54142B7675CE8D5ADA5330FE86662733992C2A273BCD2F7019B934ED46E59519E02785FAB11EE8DAC8C0C05532F3E5F1D3DBB96E0EBA8E52230CE37A16BD56B270A5BB98A926DC529E114C4B4FBDB69D587243C0D978CBA23E1B93699CD0BCCC23D223E6B8F3DFF25E6414BB6B3FCC42290B915DFA8E74E08BA0B401A9D3CD7ADAA47ACE3E08900A4B8EBDD79666FBFB0B7752D9D4F6351FF18921D9106E3265404561129CD8AFF16D96D222E493BE7E86BC971ECB21E2869A7713E2A5BC34493D135CC0BECDA09E913841F2701EB410E812D8E8C9707350F4C0A9DDC4CE4576022252430D446E92C6E2D875D4D01E8AC364F049BDBA02CC336E68604E2877D101B71253790D45E8623A4FA9B267605CECD39CA4174CCCDF4A3DB653A14105D1714FCA00F56E754D7B9640E3AE168607FB3600B3CCE2B7FE749FDF76A88648854F96112CFA2074036F01264B7181BEA1CF131F8358B3C8B7B13B93594CD7418AD8EF5E1004D0DADDDD3B645CA8C4D85688A667F33763ABA7C1E865637A08939691F10D34912065C72A38BFE583ECCDE30B61A5BBEA0FAE03ACB74CCD27DF08F040E75E77A52375BDFC9FE00C387C351C80690B61F944C490BB66A4A6491C0AF770CF768EC8628FD1C3CCD6C67DE9CD64D69630C2EC86852C7CEC2CCE5A6C2A99F0DC5F7E87DCDDA8ABCE9162919D79393F740F90D14CABC34274077C58F41BDBD5F383A370022BFAAC6A67FDB4F73EA6AD4405CF3B02155B23D9BD3A494DB6D574B0B42B17B66A16FB95118CAB49C6CF5C7A5558BD05460C78ADB965AF017633EAE225979355AEDC967DAC58BD585E6A48BF26D7F229647DE0B84C2F9990FAB6948A704280A932433D00BA7A395EF8C2326F81CEF8363CF13E70289D14710932975F10547FF4D0D273322164EE0A2D34A01D579271E5BA3C3785638B318988105A4C66CB33EC0D2881DA2A59B17DB2335A89774B81E774423559FBA58835044A07EF37FBC23A0A75F27401EF5CCE69C5ED301A75D35E9F80677E4F6D3546ADF20E1C2B8CDA7911019A31B895C98751852CBBD9E295621785BFC121B9D4FED72DA257CDF72ABC102189F1470BDB2692A1AB0DB3B7F7FDD975739E99B28A97F8B23ADC108BE48617C5984F04"
"OODEFRAG15.00.00.01PROFESSIONAL"="07725BEB32B05DDC0C797267C0CDDC3E884836A3C42BCD8F02962422CEE4E86668E73CEC1B23A1BBE1B4571A22F086C89380890F29752AC28AAC1FA678EDA9592C1E9E968A7F3490383D60AFE1DC2C62FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808A9C6AECB7A5D1407BA7FD869164D67949DB7CE019D40AA5CDAC89EC09BF93E8A71579DBE33851B9FB2F8C47B713C9D98DD742404042AF8DCB124EE88F4CBDEEE70E6911EF92D980EF1EDD947CD5FBBAEC54EAB4F19B466BA65F3C97BEF518CA778CFA984D88FD7DBA3E4DBE2E9AC94E06F23826C72C933ECB98A564133BC55303429BE852F3366FEFB5DF5F1FD9F57C4BAF3C32C3DFAD046568FC1F607530739B6DEAC2C7D3396A69725568B64C77623EA961052CF6B714CC8FCB9AED7ED38A4F5B05577E83CFCB274E2ACB91CC82779A6B58695A0550C3A8022F36C37FABE0A49331DD7BD11F1B6F30F2F7CC7D964797A4D51A44B03DAFED12026A959FAB8B6704D6CB3E70814FBDD7619C6AEC46B89D4B0981D1156DE3CF56F8D52970206290BBBAEE5790CC300DB39A57FBB6ABEC289050B9355C2DAC988DAE949EEBAC914208C57BB291BA5707B4C9982FCBDA472CF445D919FD055AF0B807DE27F62EB6018255877D04723B431F8B71CA646A719C3BCC3101C9C992F60D311E70F4A1AA740BC2C4E6E366964D1DB4A938F9E16EEE48E7B029AD5B7BA539AEE948756443C4A5FCEEB2323EACB9865209B31F580DA15B1C0CA0FC181F60DEFE89BF2821E1F4AEC40EC36DCDA6B235B8A622B113E7B1D6E58C111380E3F214350A104599E89BB1806E40F43B3F774545E85C14569A2A7E286B2DC2639A181D67E3E907D84667C6A2957BD4FB159F23FF59759FE60D4C400985ED30B236208C1CE000F244D554BBDB4C0738AD6AD685C2E21FE3CC4CBE60E5BF876FA2DF4EFEDA0681F163EA84F433A8E0712E7C38340691CE0927DF5E6A3A1A96F9E7F085B1C56E900B161E9117DCFA17019EDA1D6D30DF7D0273475FE31C20D0AB204F5CD5CD9EF95E6FED3FEC50C514FE5B5FDD9530396C736D69D4FF699B33507EB542F971656EA3C2BD56AC60CE764D251C6E4D0B9D05F0F9779DA8B83A08600A8E74C07FA6FACC936138781F021174E951D38AFA0F0D6956CC588D864CBB495F12D553BF9FEAA3E3C63F0475E31EF591B537429AE3690BF1175A41B22A21BD4C350DE950EBD5AD896D223C27EBE9C8B4073224ADE53141981ABDD65A7043B5D5CB4E1CCB0D954716520806EFDE0700FA5BA29F2ABEE0C4281C4489D63C338633FF0B9EC61F3D5EE8EBE4E198B286022AF97D95A1A24476C95CB5AFCC8A9D9AEB250275426A03FCFB95634E85E15869687306606AD03B85F0A0470124E730C9DC250"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(388)
c:\program files\Sticky Password\spCapBtn.dll
.
Completion time: 2012-04-12 02:14:09
ComboFix-quarantined-files.txt 2012-04-12 01:14
.
Pre-Run: 432,469,106,688 bytes free
Post-Run: 432,399,618,048 bytes free
.
- - End Of File - - 63129309A6C4F437E4202AA22BBC61DC

#12 The Dark Knight

The Dark Knight

    Malware Vigilante

  • Trusted Advisor*
  • PipPipPipPipPip
  • 2,214 posts

Posted 12 April 2012 - 05:05 AM

Hey smurf667. :)

OK, new idea.

Please follow these instructions to remove the remaining malicious entries:

  • Please close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Open Notepad and copy/paste the text in the quotebox below into it:

    Please Note: Do NOT use any other text editor than Notepad or the CFScript will fail.

    killall::

    RegNull::
    [HKEY_USERS\S-1-5-21-3149207797-2026983667-1932898229-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B1E51BE9-9E19-2AA1-5AE0-30693E4CDCDF}*]
    "mafeebkianklingcpcbenhmmfi"=hex:6a,61,68,66,63,69,70,6f,68,65,61,6a,6d,69,64,
    6c,61,6b,6f,70,00,00
    "nadecadlmiabdgjoebiifnbgkjno"=hex:6a,61,68,66,63,69,70,6f,68,65,61,6a,6d,69,
    64,6c,61,6b,6f,70,00,00
    "hahbbjljccohllin"=hex:61,62,63,63,65,67,6d,6c,64,62,66,6d,6d,6d,6c,69,67,61,
    61,64,65,65,6e,62,62,61,6b,65,67,70,70,6b,70,6a,00,00
    "hahbbjljpchjpmck"=hex:64,62,65,65,6f,63,70,6d,6b,67,6c,66,70,69,6a,65,6f,69,
    6a,6d,6e,69,70,66,65,6e,63,6e,63,66,64,68,69,68,6e,6b,61,6e,61,66,00,40

  • Save this as CFScript.txt, in the same location as ComboFix.exe.

    Posted Image
  • Referring to the picture above, drag CFScript into ComboFix.exe.
  • When finished, it shall produce a log for you at C:\ComboFix.txt.

Please post the ComboFix.txt in your next reply.
==========

In your next post, please provide the ComboFix.txt.

If you make yourself more than just a man, if you devote yourself to an ideal...you become something else entirely. A legend, Mr. Wayne, a legend!

If I have helped you please consider donating to help keep this forum running; see this topic for more details.

unite_zpse83e3a16.gif


#13 smurf667

smurf667

    Member

  • Full Member
  • Pip
  • 9 posts

Posted 12 April 2012 - 08:23 AM

Here You go Dark Knight, Here's the combofix.txt, and I think you might have been successful this time:


ComboFix 12-04-11.03 - Pete 12/04/2012 13:47:24.7.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3070.2182 [GMT 1:00]
Running from: c:\users\Pete\Desktop\ComboFix.exe
Command switches used :: c:\users\Pete\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-03-12 to 2012-04-12 )))))))))))))))))))))))))))))))
.
.
2012-04-12 13:00 . 2012-04-12 13:00 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-04-12 13:00 . 2012-04-12 13:00 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-12 13:00 . 2012-04-12 13:00 -------- d-----w- c:\users\Claire\AppData\Local\temp
2012-04-11 10:25 . 2012-03-01 05:46 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-11 10:25 . 2012-03-01 05:33 159232 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-11 10:25 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-11 10:25 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 10:01 . 2012-03-20 02:53 6582328 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FEC37CA4-45F2-4909-AA82-33295258D805}\mpengine.dll
2012-04-09 16:50 . 2012-04-09 16:50 -------- d-----w- c:\program files\Sophos
2012-04-08 15:44 . 2012-04-08 15:44 -------- d-----w- c:\users\Claire\AppData\Roaming\Birdstep Technology
2012-04-08 14:47 . 2012-04-08 14:47 -------- d-----w- c:\users\Pete\AppData\Roaming\Birdstep Technology
2012-04-08 14:47 . 2010-01-28 12:35 10240 ----a-w- c:\windows\system32\drivers\mdvrmng.sys
2012-04-08 14:47 . 2012-04-08 14:47 -------- d-----w- c:\program files\3 Mobile Broadband
2012-04-07 14:24 . 2012-04-11 20:42 -------- d-----w- c:\program files\MALWAREBYTES ANTI-MALWARE
2012-04-07 13:56 . 2012-04-07 13:56 388096 ----a-r- c:\users\Pete\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-04-07 13:56 . 2012-04-07 13:56 -------- d-----w- c:\program files\Trend Micro
2012-04-06 21:53 . 2012-04-06 21:53 -------- d-----w- c:\users\Pete\AppData\Local\Facebook
2012-04-05 17:29 . 2012-04-05 17:29 -------- d-----w- c:\programdata\boost_interprocess
2012-03-27 22:08 . 2012-04-09 12:36 -------- d-----w- c:\users\Pete\AppData\Local\Smartbar
2012-03-14 09:12 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 09:12 . 2012-01-25 05:32 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-14 09:12 . 2012-01-25 05:32 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-14 09:12 . 2012-01-25 05:27 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-14 09:12 . 2012-02-17 05:34 826880 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-14 09:12 . 2012-02-17 04:14 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-14 09:12 . 2012-02-17 04:13 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-05 17:15 . 2010-10-23 07:50 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-04 14:56 . 2010-09-27 20:28 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-01 05:37 . 2012-04-11 10:25 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-03-01 05:29 . 2012-04-11 10:25 5120 ----a-w- c:\windows\system32\wmi.dll
2012-02-28 01:11 . 2012-04-11 10:28 1127424 ----a-w- c:\windows\system32\wininet.dll
2012-02-23 09:18 . 2010-09-30 12:51 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-02-10 04:13 . 2012-02-22 17:04 7713088 ----a-w- c:\windows\system32\nvwgf2um.dll
2012-02-10 04:13 . 2012-02-22 17:04 61248 ----a-w- c:\windows\system32\OpenCL.dll
2012-02-10 04:13 . 2012-02-22 17:04 5892928 ----a-w- c:\windows\system32\nvcuda.dll
2012-02-10 04:13 . 2012-02-22 17:04 2517312 ----a-w- c:\windows\system32\nvcuvid.dll
2012-02-10 04:13 . 2012-02-22 17:04 2437440 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-02-10 04:13 . 2012-02-22 17:04 19443520 ----a-w- c:\windows\system32\nvoglv32.dll
2012-02-10 04:13 . 2012-02-22 17:04 17543488 ----a-w- c:\windows\system32\nvcompiler.dll
2012-02-10 04:13 . 2012-02-22 17:04 15009600 ----a-w- c:\windows\system32\nvd3dum.dll
2012-02-10 04:13 . 2012-02-22 17:04 10816832 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-02-10 04:13 . 2011-08-10 03:00 881984 ----a-w- c:\windows\system32\nvgenco32.dll
2012-02-10 04:13 . 2011-08-10 03:00 1000256 ----a-w- c:\windows\system32\nvdispco32.dll
2012-02-10 04:13 . 2010-09-24 23:46 2301248 ----a-w- c:\windows\system32\nvapi.dll
2012-02-10 03:02 . 2011-04-07 21:43 3881792 ----a-w- c:\windows\system32\nvcpl.dll
2012-02-10 03:00 . 2011-04-07 21:43 2719040 ----a-w- c:\windows\system32\nvsvc.dll
2012-02-10 03:00 . 2011-04-07 21:43 645440 ----a-w- c:\windows\system32\nvvsvc.exe
2012-02-10 03:00 . 2011-04-07 21:43 108352 ----a-w- c:\windows\system32\nvmctray.dll
2012-02-10 03:00 . 2010-07-09 15:20 62272 ----a-w- c:\windows\system32\nvshext.dll
2012-02-09 20:05 . 2012-02-09 20:05 416064 ----a-w- c:\windows\system32\nvStreaming.exe
2012-02-03 03:54 . 2012-03-14 09:12 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-01-26 18:39 . 2012-01-26 18:39 53248 ----a-r- c:\users\Pete\AppData\Roaming\Microsoft\Installer\{12BAA98C-F8DD-4BC9-BBE6-1C8463114197}\ARPPRODUCTICON.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-17 221184]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"StickyPassword"="c:\program files\Sticky Password\stpass.exe" [2010-08-25 3052376]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
"Facebook Update"="c:\users\Pete\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-04-06 137536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2009-07-22 83336]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
"VM331_STI"="c:\windows\VM331_STI.exe" [2010-01-15 536576]
"SPZ2000_Monitor"="c:\windows\Philips\SPZ2000\GUCI_AVS.exe" [2007-12-10 323584]
"PlusService"="c:\program files\Yuna Software\Messenger Plus!\PlusService.exe" [2012-02-27 801792]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1387288]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-07-28 9398888]
"RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-09-01 90448]
"OODefragTray"="c:\program files\OO Software\Defrag\oodtray.exe" [2011-11-17 2773328]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\users\Pete\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Facebook Messenger.lnk - c:\users\Pete\AppData\Local\Facebook\Messenger\2.0.4478.0\FacebookMessenger.exe [2012-4-5 204288]
Logitech . Product Registration.lnk - c:\program files\Common Files\Logishrd\eReg\SetPoint\eReg.exe [2009-11-16 517384]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2010-6-28 2721184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2011-09-27 19:03 66328 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart\0OODBS
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 JetDrive WindowsClosingService;JetDrive WindowsClosingService;c:\windows\System32\WindowsClosingService [x]
R3 jetdrive;jddrv;c:\windows\system32\DRIVERS\jddrv.sys [2011-03-12 29056]
R3 Just Flight Limited License Service;Just Flight Limited License Service;c:\program files\Common Files\Just Flight Limited Shared\Service\JustFlightLimitedLicSvc.exe [2010-10-27 69632]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [x]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2010-01-19 9216]
R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\A707.tmp [x]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 27192]
R3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\DRIVERS\s0016bus.sys [2008-05-16 89256]
R3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0016mdfl.sys [2008-05-16 15016]
R3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0016mdm.sys [2008-05-16 120744]
R3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0016mgmt.sys [2008-05-16 114216]
R3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\DRIVERS\s0016nd5.sys [2008-05-16 25512]
R3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0016obex.sys [2008-05-16 110632]
R3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\DRIVERS\s0016unic.sys [2008-05-16 115752]
R3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2011-06-29 155344]
R3 SRS_AE_Service;SRS Audio Essentials;c:\windows\system32\drivers\SRS_AE_i386.sys [2011-08-01 404256]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);c:\windows\system32\DRIVERS\vcsvad.sys [2008-12-26 17792]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-09-25 1343400]
R3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [2010-11-26 25704]
R3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [2010-11-26 25704]
R3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [2010-11-26 25704]
R3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [2010-11-26 25704]
R3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [2010-11-26 25704]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2011-07-11 23120]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2011-09-13 32592]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-07-12 64288]
S0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\System32\drivers\sfdrv01a.sys [2009-02-03 63096]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2011-10-07 230608]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2011-07-11 295248]
S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2011-06-28 101720]
S2 ACPService;ACPService;c:\program files\Philips\CamSuite\2.0.15.0\ACPService.exe [2010-08-26 687104]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]
S2 BecHelperService;BecHelperService;c:\program files\3 Mobile Broadband\3Connect\BecHelperService.exe [2010-01-28 1737464]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-02-10 2348352]
S2 OODefragAgent;O&O Defrag Agent;c:\program files\OO Software\Defrag\oodag.exe [2011-11-17 2489680]
S2 PfFilter;PfFilter;c:\program files\IObit\Protected Folder\pffilter.sys [2011-03-16 140848]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-09 382272]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [2011-07-11 134736]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [2011-07-11 24272]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys [2011-10-04 16720]
S3 GUCI_AVS;Philips SPZ2000 Webcam;c:\windows\system32\DRIVERS\GUCI_AVS.sys [2010-06-10 574848]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-03-22 278560]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-11 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3149207797-2026983667-1932898229-1000Core.job
- c:\users\Pete\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-06 21:53]
.
2012-04-12 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3149207797-2026983667-1932898229-1000UA.job
- c:\users\Pete\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-06 21:53]
.
2012-04-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3149207797-2026983667-1932898229-1000Core.job
- c:\users\Pete\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-18 23:52]
.
2012-04-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3149207797-2026983667-1932898229-1000UA.job
- c:\users\Pete\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-18 23:52]
.
2012-04-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3149207797-2026983667-1932898229-1003Core.job
- c:\users\Claire\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-20 16:00]
.
2012-04-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3149207797-2026983667-1932898229-1003UA.job
- c:\users\Claire\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-20 16:00]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://co122w.col122.mail.live.com/default.aspx
IE: Download All By FlashGet3 - c:\users\Pete\AppData\Roaming\FlashGetBHO\GetAllUrl.htm
IE: Download By FlashGet3 - c:\users\Pete\AppData\Roaming\FlashGetBHO\GetUrl.htm
DPF: {01025D1C-BB03-4369-8344-732CD0DCCCF0} - hxxp://www.geforce.com/services_toolkit/ShimGen/1.1.28.1/GPU_Reader.cab
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\JetDrive WindowsClosingService]
"ImagePath"="c:\windows\System32\WindowsClosingService"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\A707.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3149207797-2026983667-1932898229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-3149207797-2026983667-1932898229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OOPM03.00.00.01PRO"="4D6DB634E94BAB10518D41788B55A2E18248F07AB605280B68409CFDD28FE6B97040334856CBB2741834CF6A59F3BE6BE5B399A77EFBA8E0BB9CF3D7A4F05022EDBF7C75EBEA018AB419629C0913E89CE497FDB46BB262267DFEC71932D68AF7854D95DA6E04AD2E3533AE0DB8F47B03F825A7A319F3943735F116623236DA0AE9E9105CD2D022BD1BA1FC81BDBEA72D8F343639D7EDD4F5DD23749A15FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808BA7FD869164D6794A6171C11EC38DE3DA6171C11EC38DE3D5D092FFE5513152E5DA2D294245356DA186ADDEFBEA6859F7F24BE8F47C810400D85E4FE0F70CAE75B7969DE763D979BC13C4540D57A2E7F8C4493D772AC5FECBA756EF392F47C525532D24B8FC2C26ECBAC141A88CD58CD6D90E60F92EDDD26E58175040C38887553D9878FF4ED55F6E6CA365E56C1456C1A43346240E3AC2D6DA4A6C950E20F0DBDCF06D1D260129025FD9961658AF7726FE3FB7138F5307598AD31525334760B65CA4F2C76CA7EC8007F31687BF036292D51C0535BA211A490C14B20307D6713FAD169AFD27465DF505DF3B2854F0C10F8410B90AEFAB99862D8AC29A3A64EFD16C25D5D7F3B554CD678DBED1398495A59B765265CA25C5F7F3E92D710285D57304E3A2E380D1F36B707E6BFD7CEFE6DBB91E0042F56EABD3C123E0AFA118861A678118AD96C597D78939ABE2C8B85E3F07B8F8F98DF9F2AD3C6729210840A103E9B76D36871DF3286FBF9F78CFA780CACF80A23AEA2F550E3A678B41BB7DD8B9D6285DC8BC64D992FF092EB17DB376808E1EB8AA893AD0F6CCA1EAD0E74C6B04CCE5AEA8D2D082E2878F10E900563B0FE60D58665BA4AFB52A433AA019B480FBA3698BADB75321D876DA945E1DCE5CFF07269CD643795DC60F78CCC2B1C2DEBBAC0E47B0C893947C7FB52EE95606861A46B4F074BB81BAEC3DA822AEB7E024083E968CD53E249424A27855B5C9FDABAC072B3D16185AA9E0E3AF24D45DA17382E85D0CB0D91D4D85144E14C093FEF61D10245BC95F6D892B357BCB35DE203B33935507E37B89387847C8AFC95F69F10C86838CEF7F9FDA18F444550FBD51DC809731DE5760FFC016F4FA5171C142535794A45003D0F35955DE77589910C84BE610C6FF49061D029010D5EBB5DF4FDF21D9BA53EBE4C5E6FBF803A372F6E98916EA18691700D129A0D5B62FEBB8F6F9FCE291AE9F85C9FE23C9B03298A7B7FF33EA62297268606A1CB3565E8C1EAFE479110E6570D7ADF573A1FC5A07DC4234843660AD6E25536C156E61E74192578A646C5D3CF41774BE789417AD406F22FA7527B0711FD13F0AEAD14469213ECEA31378E2B917BBAD264DA0E1EEEC53E94DE2856E5FDF271C8D236B09D"
"OODEFRAG14.00.00.01PROFESSIONAL"="D165D114FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808A2D97226D213B555A6A0AC4980AC7933C038D530D6EB34524EA4E50917B51E820907A54BAB5765676D50CD0D5C5F8D8081B66C139F1CA3B55B0AD39F0A4A7E69B503302E0BEAB380CC1B71CC72A8EE7E9383FB78CB4F06322F9E2B168353696CCA0E286E63E4DD4C385412C3579B8C18DD8169F78AA75BAD7971DD35491C1FF32F9A5D3D3F438F6C6BECF9AEFC869DC991419F73D264091C7F54142B7675CE8D5ADA5330FE86662733992C2A273BCD2F7019B934ED46E59519E02785FAB11EE8DAC8C0C05532F3E5F1D3DBB96E0EBA8E52230CE37A16BD56B270A5BB98A926DC529E114C4B4FBDB69D587243C0D978CBA23E1B93699CD0BCCC23D223E6B8F3DFF25E6414BB6B3FCC42290B915DFA8E74E08BA0B401A9D3CD7ADAA47ACE3E08900A4B8EBDD79666FBFB0B7752D9D4F6351FF18921D9106E3265404561129CD8AFF16D96D222E493BE7E86BC971ECB21E2869A7713E2A5BC34493D135CC0BECDA09E913841F2701EB410E812D8E8C9707350F4C0A9DDC4CE4576022252430D446E92C6E2D875D4D01E8AC364F049BDBA02CC336E68604E2877D101B71253790D45E8623A4FA9B267605CECD39CA4174CCCDF4A3DB653A14105D1714FCA00F56E754D7B9640E3AE168607FB3600B3CCE2B7FE749FDF76A88648854F96112CFA2074036F01264B7181BEA1CF131F8358B3C8B7B13B93594CD7418AD8EF5E1004D0DADDDD3B645CA8C4D85688A667F33763ABA7C1E865637A08939691F10D34912065C72A38BFE583ECCDE30B61A5BBEA0FAE03ACB74CCD27DF08F040E75E77A52375BDFC9FE00C387C351C80690B61F944C490BB66A4A6491C0AF770CF768EC8628FD1C3CCD6C67DE9CD64D69630C2EC86852C7CEC2CCE5A6C2A99F0DC5F7E87DCDDA8ABCE9162919D79393F740F90D14CABC34274077C58F41BDBD5F383A370022BFAAC6A67FDB4F73EA6AD4405CF3B02155B23D9BD3A494DB6D574B0B42B17B66A16FB95118CAB49C6CF5C7A5558BD05460C78ADB965AF017633EAE225979355AEDC967DAC58BD585E6A48BF26D7F229647DE0B84C2F9990FAB6948A704280A932433D00BA7A395EF8C2326F81CEF8363CF13E70289D14710932975F10547FF4D0D273322164EE0A2D34A01D579271E5BA3C3785638B318988105A4C66CB33EC0D2881DA2A59B17DB2335A89774B81E774423559FBA58835044A07EF37FBC23A0A75F27401EF5CCE69C5ED301A75D35E9F80677E4F6D3546ADF20E1C2B8CDA7911019A31B895C98751852CBBD9E295621785BFC121B9D4FED72DA257CDF72ABC102189F1470BDB2692A1AB0DB3B7F7FDD975739E99B28A97F8B23ADC108BE48617C5984F04"
"OODEFRAG15.00.00.01PROFESSIONAL"="07725BEB32B05DDC0C797267C0CDDC3E884836A3C42BCD8F02962422CEE4E86668E73CEC1B23A1BBE1B4571A22F086C89380890F29752AC28AAC1FA678EDA9592C1E9E968A7F3490383D60AFE1DC2C62FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808A9C6AECB7A5D1407BA7FD869164D67949DB7CE019D40AA5CDAC89EC09BF93E8A71579DBE33851B9FB2F8C47B713C9D98DD742404042AF8DCB124EE88F4CBDEEE70E6911EF92D980EF1EDD947CD5FBBAEC54EAB4F19B466BA65F3C97BEF518CA778CFA984D88FD7DBA3E4DBE2E9AC94E06F23826C72C933ECB98A564133BC55303429BE852F3366FEFB5DF5F1FD9F57C4BAF3C32C3DFAD046568FC1F607530739B6DEAC2C7D3396A69725568B64C77623EA961052CF6B714CC8FCB9AED7ED38A4F5B05577E83CFCB274E2ACB91CC82779A6B58695A0550C3A8022F36C37FABE0A49331DD7BD11F1B6F30F2F7CC7D964797A4D51A44B03DAFED12026A959FAB8B6704D6CB3E70814FBDD7619C6AEC46B89D4B0981D1156DE3CF56F8D52970206290BBBAEE5790CC300DB39A57FBB6ABEC289050B9355C2DAC988DAE949EEBAC914208C57BB291BA5707B4C9982FCBDA472CF445D919FD055AF0B807DE27F62EB6018255877D04723B431F8B71CA646A719C3BCC3101C9C992F60D311E70F4A1AA740BC2C4E6E366964D1DB4A938F9E16EEE48E7B029AD5B7BA539AEE948756443C4A5FCEEB2323EACB9865209B31F580DA15B1C0CA0FC181F60DEFE89BF2821E1F4AEC40EC36DCDA6B235B8A622B113E7B1D6E58C111380E3F214350A104599E89BB1806E40F43B3F774545E85C14569A2A7E286B2DC2639A181D67E3E907D84667C6A2957BD4FB159F23FF59759FE60D4C400985ED30B236208C1CE000F244D554BBDB4C0738AD6AD685C2E21FE3CC4CBE60E5BF876FA2DF4EFEDA0681F163EA84F433A8E0712E7C38340691CE0927DF5E6A3A1A96F9E7F085B1C56E900B161E9117DCFA17019EDA1D6D30DF7D0273475FE31C20D0AB204F5CD5CD9EF95E6FED3FEC50C514FE5B5FDD9530396C736D69D4FF699B33507EB542F971656EA3C2BD56AC60CE764D251C6E4D0B9D05F0F9779DA8B83A08600A8E74C07FA6FACC936138781F021174E951D38AFA0F0D6956CC588D864CBB495F12D553BF9FEAA3E3C63F0475E31EF591B537429AE3690BF1175A41B22A21BD4C350DE950EBD5AD896D223C27EBE9C8B4073224ADE53141981ABDD65A7043B5D5CB4E1CCB0D954716520806EFDE0700FA5BA29F2ABEE0C4281C4489D63C338633FF0B9EC61F3D5EE8EBE4E198B286022AF97D95A1A24476C95CB5AFCC8A9D9AEB250275426A03FCFB95634E85E15869687306606AD03B85F0A0470124E730C9DC250"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(180)
c:\program files\Sticky Password\spCapBtn.dll
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\AVG\AVG2012\avgrsx.exe
c:\program files\AVG\AVG2012\avgcsrvx.exe
c:\windows\system32\nvvsvc.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\windows\system32\crypserv.exe
c:\program files\AVG\AVG2012\avgnsx.exe
c:\program files\AVG\AVG2012\avgemcx.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\conhost.exe
c:\windows\system32\WUDFHost.exe
c:\program files\NVIDIA Corporation\Display\nvtray.exe
c:\program files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\DllHost.exe
.
**************************************************************************
.
Completion time: 2012-04-12 14:09:25 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-12 13:09
.
Pre-Run: 432,451,158,016 bytes free
Post-Run: 432,383,909,888 bytes free
.
- - End Of File - - 3BA760435EE8108F67FDB45AF6940358

#14 The Dark Knight

The Dark Knight

    Malware Vigilante

  • Trusted Advisor*
  • PipPipPipPipPip
  • 2,214 posts

Posted 12 April 2012 - 07:57 PM

Hey smurf667. :)

Hooray! Looking good. :thumbup:

Please run a free online scan with the ESET Online Scanner.
Note: You will need to use Internet Explorer for this scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start.
  • When asked, allow the ActiveX control to install.
  • Click Start.
  • Make sure that the option Remove found threats is unchecked and the option Scan unwanted applications is checked.
  • Click Scan.
    Wait for the scan to finish.
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

In your next reply please post the log.txt and let me know if any issues on your computer remain. :thumbup:

If you make yourself more than just a man, if you devote yourself to an ideal...you become something else entirely. A legend, Mr. Wayne, a legend!

If I have helped you please consider donating to help keep this forum running; see this topic for more details.

unite_zpse83e3a16.gif


#15 smurf667

smurf667

    Member

  • Full Member
  • Pip
  • 9 posts

Posted 13 April 2012 - 09:18 AM

No issues remain,no redirections at all, Here's the log.txt from ESET Online Scanner:


ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=af336c1edfbe58478d8d1616805a084f
# end=stopped
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-04-13 01:27:39
# local_time=2012-04-13 02:27:39 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=9
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 473448 473448 0 0
# compatibility_mode=1024 16777215 100 0 15842217 15842217 0 0
# compatibility_mode=5893 16776574 100 94 102680 86746817 0 0
# compatibility_mode=8192 67108863 100 0 344 344 0 0
# scanned=2271
# found=0
# cleaned=0
# scan_time=32
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=af336c1edfbe58478d8d1616805a084f
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-04-13 12:24:25
# local_time=2012-04-13 01:24:25 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=9
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 508080 508080 0 0
# compatibility_mode=1024 16777215 100 0 15876849 15876849 0 0
# compatibility_mode=5893 16776574 100 94 137312 86781449 0 0
# compatibility_mode=8192 67108863 100 0 34976 34976 0 0
# scanned=435460
# found=0
# cleaned=0
# scan_time=4807

#16 The Dark Knight

The Dark Knight

    Malware Vigilante

  • Trusted Advisor*
  • PipPipPipPipPip
  • 2,214 posts

Posted 13 April 2012 - 06:55 PM

Hello smurf667. :)

Awesome! :thumbup:

I notice that you had/have UAC disabled. This is an important security feature of Windows Vista/7 that I highly recommend you keep enabled, as it prevents most programs and files from initiating without your consent.

To re-enable UAC:

  • Please go to Start Menu>Control Panel>System and Security>Action Center.
  • Slide the slider bar to the highest value (towards Always Notify).
  • Click OK.
  • Then restart your computer.
===========

Your version of Java is out of date. It's important to remove older versions of Java since it does not do so automatically and older versions can leave you vulnerable.

Please follow the instructions below to update Java:
  • Please go to the below link and download the latest Windows 7 version:

http://www.java.com/...load/manual.jsp

  • Save it to your Desktop.
  • Please go to Start>Control Panel>Programs>Program Features.
  • Navigate to any versions of Java (J2SE Runtime Environment) you have installed (like Java 6 Update 22). They will have this icon next to them: Posted Image
  • Select Remove.
  • Please double-click the installer and follow the prompts to install the latest version once all the previous versions have been successfully removed.
===========

Please let me know in your next post if you had any issues updating Java or re-enabling UAC. :thumbup:

Edited by The Dark Knight, 13 April 2012 - 07:13 PM.

If you make yourself more than just a man, if you devote yourself to an ideal...you become something else entirely. A legend, Mr. Wayne, a legend!

If I have helped you please consider donating to help keep this forum running; see this topic for more details.

unite_zpse83e3a16.gif


#17 smurf667

smurf667

    Member

  • Full Member
  • Pip
  • 9 posts

Posted 14 April 2012 - 07:55 AM

No problems on either item, thanks

#18 The Dark Knight

The Dark Knight

    Malware Vigilante

  • Trusted Advisor*
  • PipPipPipPipPip
  • 2,214 posts

Posted 14 April 2012 - 08:25 AM

Hey smurf667. :)

Please consider using these ideas to help secure your computer. While there is no way to guarantee safety when you use a computer, these steps will make it much less likely that you will need to endure another infection. While we really like to help people, we would rather help you protect yourself so that you won't need that help in the future. :thumbup:


IMPORTANT: Please enable Automatic Updates under Start > Control Panel > Automatic Updates to ensure your Windows updates regularly. This is extremely important in ensuring you remain protected against vulnerabilities and infections. This is a crucial security measure.

As a minimum, you need at least an antivirus, firewall and some type of anti-spyware program.

Please consider installing and running the following program:

SpywareBlaster
A tutorial on using SpywareBlaster to prevent malware from ever installing on your computer may be found here.

Please keep these programs up-to-date and run them whenever you suspect a problem to prevent malware problems. A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall and scanning anti-spyware program at a time. Passive protectors, like SpywareBlaster, can be run with any of them.

Note that there are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you may be able to find out if it is a rogue here:

http://www.spywarewa...nti-spyware.htm

A similar category of programs is now called "scareware." Scareware programs are active infections that will pop-up on your computer and tell you that you are infected. If you look closely, it will usually have a name that looks like it might be legitimate, but it is NOT one of the programs you installed. It tells you to click and install it right away. If you click on any part of it, including the 'X' to close it, you may actually help it infect your computer further. Keeping protection updated and running resident protection can help prevent these infections. If it happens anyway, get offline as quickly as you can. Pull the internet connection cable or shut down the computer if you have to. Contact someone to help by using another computer if possible. These programs are also sometimes called 'rogues', but they are different than the older version of rogues mentioned above.


Please consider using an alternate browser. Mozilla's Firefox browser is a very good alternative. In addition to being generally more secure than Internet Explorer, it has a very good built-in popup blocker and add-ons, like Adblock Plus, NoScript and Web of Trust, can make it even more secure. Google Chrome or Opera are other good options.

Please also read Tony Klein's excellent article: How did I get infected in the first place.

Hopefully these steps will help to keep you error free. If you run into more difficulty, we will certainly do what we can to help. :)

Edited by The Dark Knight, 14 April 2012 - 08:25 AM.

If you make yourself more than just a man, if you devote yourself to an ideal...you become something else entirely. A legend, Mr. Wayne, a legend!

If I have helped you please consider donating to help keep this forum running; see this topic for more details.

unite_zpse83e3a16.gif


#19 The Dark Knight

The Dark Knight

    Malware Vigilante

  • Trusted Advisor*
  • PipPipPipPipPip
  • 2,214 posts

Posted 17 April 2012 - 10:43 PM

Glad we could help. :)

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.

If you make yourself more than just a man, if you devote yourself to an ideal...you become something else entirely. A legend, Mr. Wayne, a legend!

If I have helped you please consider donating to help keep this forum running; see this topic for more details.

unite_zpse83e3a16.gif





1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button