Jump to content


Photo

Notebook Checkup


  • This topic is locked This topic is locked
13 replies to this topic

#1 Cookie.

Cookie.

    Member

  • Full Member
  • Pip
  • 54 posts

Posted 08 August 2011 - 11:26 AM

Hello, I would be very greatful If someone could run their thumb over my logs to check for anything suspicious. My notebook has been slower then usual recently and I'd like to put my mind at risk. Thanks.
----
Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7410

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

08/08/2011 18:24:13
mbam-log-2011-08-08 (18-24-13).txt

Scan type: Full scan (C:\|)
Objects scanned: 297805
Time elapsed: 51 minute(s), 16 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Titan Poker (PUP.Casino) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Poker\titan poker\_titanpsetup_8c12f6.exe (PUP.Casino) -> Quarantined and deleted successfully.

#2 Cookie.

Cookie.

    Member

  • Full Member
  • Pip
  • 54 posts

Posted 08 August 2011 - 11:29 AM

DDS

.
DDS (Ver_2011-06-23.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_24
Run by Craig at 18:26:59 on 2011-08-08
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.1790.912 [GMT 1:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Launch Manager\dsiwmis.exe
C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\PLFSetI.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
C:\Program Files (x86)\Launch Manager\LMworker.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = https://britishgasto....com/login.aspx
uDefault_Page_URL = hxxp://acer.msn.com
mDefault_Page_URL = hxxp://acer.msn.com
mStart Page = hxxp://acer.msn.com
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
mRunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
DPF: {0920DBB1-D098-4ACE-9DDD-7A6F18A9ED66} - hxxps://britishgastopup.paypoint.com/HomeVend.cab
DPF: {283B7DE7-A1ED-4D27-AA59-C6E7427544D2} - hxxps://bg.itronenergypoint.net/IHVConnect/KeyBoxControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{4C079C63-52F9-47E3-89CF-0C3369CDE867} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{4C079C63-52F9-47E3-89CF-0C3369CDE867}\35B4956343632323 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{55D09FC0-2AE0-47B3-8B60-E71D65507945} : DhcpNameServer = 192.31.120.29
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
mASetup: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun-x64: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
mRunOnce-x64: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Craig\AppData\Roaming\Mozilla\Firefox\Profiles\zaprewj1.default\
FF - prefs.js: browser.startup.homepage - dailymail.co.uk | facebook.com
FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Veetle\Player\npvlc.dll
FF - plugin: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Craig\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\system32\DRIVERS\mwlPSDFilter.sys --> C:\Windows\system32\DRIVERS\mwlPSDFilter.sys [?]
R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\system32\DRIVERS\mwlPSDNServ.sys --> C:\Windows\system32\DRIVERS\mwlPSDNServ.sys [?]
R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys --> C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-7-5 42184]
R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2010-12-29 321104]
R2 ePowerSvc;Acer ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2010-12-28 868896]
R2 GREGService;GREGService;C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2010-1-8 23584]
R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-6-28 255744]
R2 Updater Service;Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2010-9-21 243232]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atipmdag.sys --> C:\Windows\system32\DRIVERS\atipmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 MWLService;MyWinLocker Service;C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [2010-5-27 305520]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2011-08-08 16:28:49 -------- d-----w- C:\Users\Craig\AppData\Roaming\Malwarebytes
2011-08-08 16:28:23 41272 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-08-08 16:28:22 -------- d-----w- C:\ProgramData\Malwarebytes
2011-08-08 16:28:19 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-08-08 16:28:19 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-08-05 12:05:38 8578896 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{BFA772C6-5106-47F3-A2F8-64B1A1D20BB3}\mpengine.dll
2011-07-19 20:23:49 -------- d-----w- C:\Users\Craig\AppData\Local\PokerStars
2011-07-19 20:23:45 -------- d-----w- C:\Program Files (x86)\PokerStars
2011-07-15 18:28:28 -------- d-----w- C:\Users\Craig\spain
2011-07-15 18:25:12 3137536 ----a-w- C:\Windows\System32\win32k.sys
2011-07-15 18:25:01 362496 ----a-w- C:\Windows\System32\wow64win.dll
2011-07-15 18:25:01 338944 ----a-w- C:\Windows\System32\conhost.exe
2011-07-15 18:25:00 214528 ----a-w- C:\Windows\System32\winsrv.dll
2011-07-15 18:24:55 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2011-07-15 18:24:55 243200 ----a-w- C:\Windows\System32\wow64.dll
2011-07-15 18:24:54 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2011-07-15 18:24:54 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2011-07-15 18:24:53 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2011-07-15 18:24:53 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2011-07-15 18:24:53 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2011-07-15 18:24:50 2048 ----a-w- C:\Windows\SysWow64\user.exe
.
==================== Find3M ====================
.
2011-07-04 11:43:53 40112 ----a-w- C:\Windows\avastSS.scr
2011-07-04 11:36:56 600920 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2011-07-04 11:32:24 64856 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2011-06-03 06:56:38 421888 ----a-w- C:\Windows\System32\KernelBase.dll
2011-06-03 05:57:52 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2011-06-03 05:56:11 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2011-06-03 03:48:32 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2011-06-03 03:48:31 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2011-06-03 03:48:31 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2011-06-03 03:48:31 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2011-05-28 03:30:09 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-05-28 02:53:58 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-05-24 18:14:10 270720 ------w- C:\Windows\System32\MpSigStub.exe
2011-05-24 11:42:55 404480 ----a-w- C:\Windows\System32\umpnpmgr.dll
2011-05-24 10:40:05 64512 ----a-w- C:\Windows\SysWow64\devobj.dll
2011-05-24 10:40:05 44544 ----a-w- C:\Windows\SysWow64\devrtl.dll
2011-05-24 10:39:38 145920 ----a-w- C:\Windows\SysWow64\cfgmgr32.dll
2011-05-24 10:37:54 252928 ----a-w- C:\Windows\SysWow64\drvinst.exe
.
============= FINISH: 18:28:00.60 ===============

#3 Cookie.

Cookie.

    Member

  • Full Member
  • Pip
  • 54 posts

Posted 08 August 2011 - 11:32 AM

HijackThis

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:31:47, on 08/08/2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
C:\Windows\PLFSetI.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Launch Manager\LMworker.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://britishgasto....com/login.aspx
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O16 - DPF: {0920DBB1-D098-4ACE-9DDD-7A6F18A9ED66} (HomeVendGasCard Class) - https://britishgasto...om/HomeVend.cab
O16 - DPF: {283B7DE7-A1ED-4D27-AA59-C6E7427544D2} (KeyBox Class) - https://bg.itronener...yBoxControl.cab
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files (x86)\Launch Manager\dsiwmis.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GREGService - Acer Incorporated - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: MyWinLocker Service (MWLService) - Egis Technology Inc. - C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Updater Service - Acer Group - C:\Program Files\Acer\Acer Updater\UpdaterService.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8243 bytes

#4 Cookie.

Cookie.

    Member

  • Full Member
  • Pip
  • 54 posts

Posted 08 August 2011 - 11:34 AM

Security Check

Results of screen317's Security Check version 0.99.18
Windows 7 (UAC is enabled)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
avast! Free Antivirus
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
Java™ 6 Update 22
Java™ 6 Update 24
Out of date Java installed!
Flash Player Out of Date!
Adobe Flash Player 10.2.159.1
Mozilla Firefox (x86 en-US..)
````````````````````````````````
Process Check:
objlist.exe by Laurent

system32 AvastSvc.exe -?-
AVAST Software Avast AvastUI.exe
``````````End of Log````````````

EDIT: Please note - you do not need a separate post for each log -- we allow a lot to be posted in each post... Thank you...

Edited by Budfred, 08 August 2011 - 11:36 AM.


#5 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 08 August 2011 - 10:29 PM

Hello Cookie. Welcome to SWI.

First of all, I see some items I must ask you about. These are both University of Tokyo. Do you know about this connection? Your PC will use those addresses to look up internet sites.
DhcpNameServer = 192.168.1.254
DhcpNameServer = 192.31.120.29

Other than that, I don't spot anything suspicious.

Please do important update;
Updating Java:
  • Go
    here
    and download the latest version of Java:
  • Go to Start -> Control Panel -> Add or Remove Programs.
  • Search in the list for all previous installed versions of Java. (J2SE Runtime Environment.... )
    They should have this icon next to any that are there: Posted Image
    Select any found and choose Uninstall.
  • Then install the version you downloaded earlier.

And them do some additional scans.

Download MBRCheck by a_d_13 to your Desktop from one of these locations:
http://ad13.geekstogo.com/MBRCheck.exe
http://download.blee...al/MBRCheck.exe
http://www.kernelmod...fo/MBRCheck.exe
Close all opened programs/ windows and double-click on MBRCheck.exe.
It will produce a log file saved automatically on your Desktop as "MBRCheck_[Date]_[Time].txt".
Press the "Enter" key to close the MBRCheck window and post the contents of the log file.

After that,
Please download ComboFix.exe. Visit this webpage for download links, and instructions for running the tool:
how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please go here to see a list of programs that should be disabled.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall**

Please include the contents of C:\ComboFix.txt in a separate reply. Also give me a status report -
Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE

#6 Cookie.

Cookie.

    Member

  • Full Member
  • Pip
  • 54 posts

Posted 09 August 2011 - 04:53 PM

Hello,

I'm writing this from my phone as I followed your advice, and since ComboFix has restarted my system,
I am unable to run any applications.
It comes up with the error:

"[Program path]

Illegal operation attempted on a registry key that has been marked for deletion."

I'm gonna restart.

#7 Cookie.

Cookie.

    Member

  • Full Member
  • Pip
  • 54 posts

Posted 09 August 2011 - 04:58 PM

Okay after a restart everything seems back to normal.

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: Service Pack 1 (build 7601), 64-bit
Base Board Manufacturer: Acer
BIOS Manufacturer: Phoenix Technologies LTD
System Manufacturer: Acer
System Product Name: Aspire One 721
Logical Drives Mask: 0x0000000c

Kernel Drivers (total 195):
0x02018000 \SystemRoot\system32\ntoskrnl.exe
0x02601000 \SystemRoot\system32\hal.dll
0x01EB6000 \SystemRoot\system32\kdcom.dll
0x00CA3000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll
0x00CB0000 \SystemRoot\system32\PSHED.dll
0x00CC4000 \SystemRoot\system32\CLFS.SYS
0x00D22000 \SystemRoot\system32\CI.dll
0x00EC5000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00F69000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00F78000 \SystemRoot\system32\drivers\ACPI.sys
0x00FCF000 \SystemRoot\system32\drivers\WMILIB.SYS
0x00FD8000 \SystemRoot\system32\drivers\msisadrv.sys
0x00E00000 \SystemRoot\system32\drivers\pci.sys
0x00E33000 \SystemRoot\system32\drivers\vdrvroot.sys
0x00E40000 \SystemRoot\System32\drivers\partmgr.sys
0x00E55000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x00E5E000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x00E6A000 \SystemRoot\system32\drivers\volmgr.sys
0x00C00000 \SystemRoot\System32\drivers\volmgrx.sys
0x00E7F000 \SystemRoot\system32\drivers\pciide.sys
0x00E86000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x00E96000 \SystemRoot\System32\drivers\mountmgr.sys
0x00EB0000 \SystemRoot\system32\drivers\atapi.sys
0x00C5C000 \SystemRoot\system32\drivers\ataport.SYS
0x00EB9000 \SystemRoot\system32\drivers\msahci.sys
0x00FE2000 \SystemRoot\system32\drivers\amdxata.sys
0x01015000 \SystemRoot\system32\drivers\fltmgr.sys
0x01061000 \SystemRoot\system32\drivers\fileinfo.sys
0x01222000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01075000 \SystemRoot\System32\Drivers\msrpc.sys
0x013C5000 \SystemRoot\System32\Drivers\ksecdd.sys
0x010D3000 \SystemRoot\System32\Drivers\cng.sys
0x013E0000 \SystemRoot\System32\drivers\pcw.sys
0x013F1000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x01482000 \SystemRoot\system32\drivers\ndis.sys
0x01575000 \SystemRoot\system32\drivers\NETIO.SYS
0x015D5000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01667000 \SystemRoot\System32\drivers\tcpip.sys
0x0186B000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x018B5000 \SystemRoot\system32\drivers\volsnap.sys
0x01901000 \SystemRoot\System32\Drivers\spldr.sys
0x01909000 \SystemRoot\System32\drivers\rdyboost.sys
0x01943000 \SystemRoot\System32\Drivers\mup.sys
0x01955000 \SystemRoot\System32\drivers\hwpolicy.sys
0x0195E000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x01998000 \SystemRoot\system32\DRIVERS\disk.sys
0x019AE000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x019DE000 \SystemRoot\system32\DRIVERS\AtiPcie.sys
0x01145000 \SystemRoot\System32\Drivers\aswSnx.SYS
0x0161E000 \SystemRoot\system32\DRIVERS\mwlPSDFilter.sys
0x01627000 \SystemRoot\System32\Drivers\Null.SYS
0x01630000 \SystemRoot\System32\Drivers\Beep.SYS
0x01637000 \SystemRoot\System32\drivers\vga.sys
0x01400000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x01645000 \SystemRoot\System32\drivers\watchdog.sys
0x01655000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x0165E000 \SystemRoot\system32\drivers\rdpencdd.sys
0x01425000 \SystemRoot\system32\drivers\rdprefmp.sys
0x0142E000 \SystemRoot\System32\Drivers\Msfs.SYS
0x01439000 \SystemRoot\System32\Drivers\Npfs.SYS
0x0144A000 \SystemRoot\system32\DRIVERS\tdx.sys
0x0146C000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x01200000 \SystemRoot\System32\Drivers\aswTdi.SYS
0x02467000 \SystemRoot\System32\DRIVERS\netbt.sys
0x024AC000 \SystemRoot\system32\drivers\afd.sys
0x02535000 \SystemRoot\System32\Drivers\aswRdr.SYS
0x0253F000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x02548000 \SystemRoot\system32\DRIVERS\pacer.sys
0x0256E000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x02584000 \SystemRoot\system32\DRIVERS\netbios.sys
0x02593000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x025AE000 \SystemRoot\system32\drivers\termdd.sys
0x025C2000 \SystemRoot\System32\Drivers\SCDEmu.SYS
0x02400000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x02451000 \SystemRoot\system32\drivers\nsiproxy.sys
0x025DC000 \SystemRoot\system32\DRIVERS\mwlPSDVDisk.sys
0x025EF000 \SystemRoot\system32\DRIVERS\mwlPSDNServ.sys
0x0120E000 \SystemRoot\system32\drivers\mssmbios.sys
0x011DD000 \SystemRoot\System32\drivers\discache.sys
0x00DE2000 \SystemRoot\System32\Drivers\dfsc.sys
0x011EC000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x0262C000 \SystemRoot\System32\Drivers\aswSP.SYS
0x02679000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x0269F000 \SystemRoot\system32\DRIVERS\amdppm.sys
0x026B4000 \SystemRoot\system32\DRIVERS\atikmpag.sys
0x02A7C000 \SystemRoot\system32\DRIVERS\atipmdag.sys
0x030C0000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x031B4000 \SystemRoot\System32\drivers\dxgmms1.sys
0x02A00000 \SystemRoot\system32\drivers\HDAudBus.sys
0x02A24000 \SystemRoot\system32\DRIVERS\L1C62x64.sys
0x03201000 \SystemRoot\system32\DRIVERS\bcmwl664.sys
0x02A39000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x02A46000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x026E0000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x02A51000 \SystemRoot\system32\DRIVERS\usbfilter.sys
0x02A5E000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x02A60000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x02A71000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x02736000 \SystemRoot\system32\drivers\i8042prt.sys
0x02754000 \SystemRoot\system32\drivers\kbdclass.sys
0x02763000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x027B0000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x027BF000 \SystemRoot\system32\drivers\wmiacpi.sys
0x027C8000 \SystemRoot\system32\drivers\CompositeBus.sys
0x027D8000 \SystemRoot\System32\Drivers\RootMdm.sys
0x027E0000 \SystemRoot\system32\drivers\modem.sys
0x02600000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x038BB000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x038DF000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x038EB000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x0391A000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x03935000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x03956000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x03970000 \SystemRoot\system32\DRIVERS\RimSerial_AMD64.sys
0x03978000 \SystemRoot\system32\drivers\swenum.sys
0x0397A000 \SystemRoot\system32\drivers\ks.sys
0x039BD000 \SystemRoot\system32\DRIVERS\umbus.sys
0x03800000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x0385A000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x0386F000 \SystemRoot\system32\drivers\AtiHdmi.sys
0x03A41000 \SystemRoot\system32\drivers\portcls.sys
0x03A7E000 \SystemRoot\system32\drivers\drmk.sys
0x03AA0000 \SystemRoot\system32\drivers\ksthunk.sys
0x03C06000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x03E5A000 \SystemRoot\System32\Drivers\crashdmp.sys
0x03E68000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x03E74000 \SystemRoot\System32\Drivers\dump_msahci.sys
0x03E7F000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x00070000 \SystemRoot\System32\win32k.sys
0x03ED1000 \SystemRoot\System32\drivers\Dxapi.sys
0x03EEB000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x03F08000 \SystemRoot\System32\Drivers\usbvideo.sys
0x00450000 \SystemRoot\System32\TSDDD.dll
0x00790000 \SystemRoot\System32\cdd.dll
0x03F36000 \SystemRoot\system32\drivers\luafv.sys
0x03F59000 \??\C:\Windows\system32\drivers\aswMonFlt.sys
0x03F93000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0x03F9C000 \SystemRoot\system32\drivers\WudfPf.sys
0x03FBD000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x03AA6000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x03FD2000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x03FE5000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x03AF9000 \SystemRoot\system32\drivers\HTTP.sys
0x03E92000 \SystemRoot\system32\DRIVERS\bowser.sys
0x03EB0000 \SystemRoot\System32\drivers\mpsdrv.sys
0x03BC2000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x05C5A000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x05CA8000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x05CCC000 \SystemRoot\system32\drivers\peauth.sys
0x05D72000 \SystemRoot\System32\Drivers\secdrv.SYS
0x05D7D000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x05DAE000 \SystemRoot\System32\drivers\tcpipreg.sys
0x062A8000 \SystemRoot\System32\DRIVERS\srv2.sys
0x06311000 \SystemRoot\System32\DRIVERS\srv.sys
0x0628D000 \SystemRoot\system32\DRIVERS\monitor.sys
0x063D0000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x776C0000 \Windows\System32\ntdll.dll
0x47620000 \Windows\System32\smss.exe
0xFF9E0000 \Windows\System32\apisetschema.dll
0xFF6E0000 \Windows\System32\autochk.exe
0xFF930000 \Windows\System32\clbcatq.dll
0xFF7B0000 \Windows\System32\urlmon.dll
0xFF740000 \Windows\System32\gdi32.dll
0xFF610000 \Windows\System32\rpcrt4.dll
0xFF600000 \Windows\System32\lpk.dll
0xFF420000 \Windows\System32\setupapi.dll
0x775A0000 \Windows\System32\kernel32.dll
0xFF3F0000 \Windows\System32\imm32.dll
0xFF350000 \Windows\System32\msvcrt.dll
0xFF240000 \Windows\System32\msctf.dll
0xFE4B0000 \Windows\System32\shell32.dll
0x77890000 \Windows\System32\psapi.dll
0xFE490000 \Windows\System32\imagehlp.dll
0xFE280000 \Windows\System32\ole32.dll
0xFE1E0000 \Windows\System32\comdlg32.dll
0xFE180000 \Windows\System32\Wldap32.dll
0xFDF20000 \Windows\System32\iertutil.dll
0xFDDF0000 \Windows\System32\wininet.dll
0xFDD20000 \Windows\System32\usp10.dll
0xFDCA0000 \Windows\System32\shlwapi.dll
0x77880000 \Windows\System32\normaliz.dll
0xFDC50000 \Windows\System32\ws2_32.dll
0xFDB70000 \Windows\System32\oleaut32.dll
0xFDB50000 \Windows\System32\sechost.dll
0xFDB40000 \Windows\System32\nsi.dll
0xFDAC0000 \Windows\System32\difxapi.dll
0x774A0000 \Windows\System32\user32.dll
0xFD9E0000 \Windows\System32\advapi32.dll
0xFD9C0000 \Windows\System32\devobj.dll
0xFD920000 \Windows\System32\comctl32.dll
0xFD7B0000 \Windows\System32\crypt32.dll
0xFD770000 \Windows\System32\cfgmgr32.dll
0xFD730000 \Windows\System32\wintrust.dll
0xFD6C0000 \Windows\System32\KernelBase.dll
0xFD6B0000 \Windows\System32\msasn1.dll

Processes (total 62):
0 System Idle Process
4 System
396 C:\Windows\System32\smss.exe
520 csrss.exe
608 C:\Windows\System32\wininit.exe
620 csrss.exe
660 C:\Windows\System32\winlogon.exe
716 C:\Windows\System32\services.exe
732 C:\Windows\System32\lsass.exe
740 C:\Windows\System32\lsm.exe
844 C:\Windows\System32\svchost.exe
924 C:\Windows\System32\svchost.exe
972 C:\Windows\System32\atiesrxx.exe
528 C:\Windows\System32\svchost.exe
432 C:\Windows\System32\svchost.exe
1028 C:\Windows\System32\svchost.exe
1144 C:\Windows\System32\svchost.exe
1212 C:\Windows\System32\atieclxx.exe
1324 C:\Windows\System32\svchost.exe
1400 C:\Windows\System32\wlanext.exe
1408 C:\Windows\System32\conhost.exe
1420 C:\Program Files\AVAST Software\Avast\AvastSvc.exe
1748 C:\Windows\System32\spoolsv.exe
1808 C:\Windows\System32\svchost.exe
1840 C:\Windows\System32\svchost.exe
1924 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
2016 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
1052 C:\Program Files (x86)\Launch Manager\dsiwmis.exe
1352 C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
1192 C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
1504 C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
1124 C:\Windows\System32\svchost.exe
2060 C:\Program Files\Acer\Acer Updater\UpdaterService.exe
2232 C:\Windows\System32\taskhost.exe
2516 C:\Windows\System32\dwm.exe
2564 C:\Windows\explorer.exe
2692 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
2704 C:\Windows\PLFSetI.exe
2716 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
2724 C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
2948 C:\Program Files (x86)\Launch Manager\LManager.exe
2956 C:\Program Files\AVAST Software\Avast\AvastUI.exe
2120 C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
1908 C:\Windows\System32\wbem\unsecapp.exe
2368 C:\Program Files (x86)\Launch Manager\LMworker.exe
624 WmiPrvSE.exe
2336 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
2832 C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
3112 C:\Windows\System32\svchost.exe
3280 C:\Program Files\Windows Media Player\wmpnetwk.exe
3792 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
3872 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
2444 C:\Windows\System32\svchost.exe
932 C:\Windows\System32\wuauclt.exe
3628 C:\Windows\System32\atibtmon.exe
2004 C:\Windows\System32\audiodg.exe
4496 C:\Windows\System32\msiexec.exe
1300 C:\Windows\System32\svchost.exe
3996 C:\Windows\System32\VSSVC.exe
3752 C:\Users\Craig\Desktop\MBRCheck.exe
4104 C:\Windows\System32\conhost.exe
2028 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000003`32d00000 (NTFS)

PhysicalDrive0 Model Number: WDCWD2500BEVT-22A23T0, Rev: 01.01A01

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979


Done!

______________________________________________________


ComboFix 11-08-09.02 - Craig 09/08/2011 23:27:53.1.1 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.1790.1015 [GMT 1:00]
Running from: c:\users\Craig\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\programdata\FullRemove.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-07-09 to 2011-08-09 )))))))))))))))))))))))))))))))
.
.
2011-08-09 22:34 . 2011-08-09 22:34 -------- d-----w- c:\users\Guest\AppData\Local\temp
2011-08-09 22:34 . 2011-08-09 22:34 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-08-09 22:16 . 2011-08-09 22:16 627600 ----a-w- c:\windows\system32\deployJava1.dll
2011-08-09 22:15 . 2011-08-09 22:16 -------- d-----w- c:\program files\Java
2011-08-09 11:41 . 2011-07-13 04:53 8578896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6FC6E7B0-754A-48AD-87D0-F9E467BFCC5E}\mpengine.dll
2011-08-08 17:30 . 2011-08-08 17:30 388096 ----a-r- c:\users\Craig\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-08-08 17:30 . 2011-08-08 17:30 -------- d-----w- c:\program files (x86)\Trend Micro
2011-08-08 16:28 . 2011-08-08 16:28 -------- d-----w- c:\users\Craig\AppData\Roaming\Malwarebytes
2011-08-08 16:28 . 2011-07-06 18:52 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-08-08 16:28 . 2011-08-08 16:28 -------- d-----w- c:\programdata\Malwarebytes
2011-08-08 16:28 . 2011-08-08 16:28 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-08-08 16:28 . 2011-07-06 18:52 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-19 20:23 . 2011-08-03 12:29 -------- d-----w- c:\users\Craig\AppData\Local\PokerStars
2011-07-19 20:23 . 2011-07-25 12:47 -------- d-----w- c:\program files (x86)\PokerStars
2011-07-15 18:28 . 2011-07-15 18:28 -------- d-----w- c:\users\Craig\spain
2011-07-15 18:25 . 2011-06-11 03:07 3137536 ----a-w- c:\windows\system32\win32k.sys
2011-07-15 18:25 . 2011-06-03 06:57 362496 ----a-w- c:\windows\system32\wow64win.dll
2011-07-15 18:25 . 2011-06-03 06:53 338944 ----a-w- c:\windows\system32\conhost.exe
2011-07-15 18:25 . 2011-06-03 06:57 214528 ----a-w- c:\windows\system32\winsrv.dll
2011-07-15 18:24 . 2011-06-03 06:57 243200 ----a-w- c:\windows\system32\wow64.dll
2011-07-15 18:24 . 2011-06-03 05:57 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2011-07-15 18:24 . 2011-06-03 06:57 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2011-07-15 18:24 . 2011-06-03 06:00 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2011-07-15 18:24 . 2011-06-03 06:57 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2011-07-15 18:24 . 2011-06-03 05:56 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2011-07-15 18:24 . 2011-06-03 03:53 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2011-07-15 18:24 . 2011-06-03 03:53 2048 ----a-w- c:\windows\SysWow64\user.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-04 11:43 . 2011-06-15 14:33 40112 ----a-w- c:\windows\avastSS.scr
2011-07-04 11:43 . 2011-06-15 14:33 199304 ----a-w- c:\windows\SysWow64\aswBoot.exe
2011-07-04 11:43 . 2011-06-15 14:34 253888 ----a-w- c:\windows\system32\aswBoot.exe
2011-07-04 11:36 . 2011-06-15 14:34 600920 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-07-04 11:36 . 2011-06-15 14:34 288088 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-07-04 11:35 . 2011-06-15 14:34 45400 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-07-04 11:32 . 2011-06-15 14:34 31064 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-07-04 11:32 . 2011-06-15 14:34 64856 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-07-04 11:32 . 2011-06-15 14:34 22360 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-06-03 05:57 . 2011-07-15 18:24 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2011-05-28 03:30 . 2011-06-16 20:23 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-05-28 02:53 . 2011-06-16 20:23 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-05-24 18:14 . 2011-06-15 14:46 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-05-24 11:42 . 2011-06-29 13:41 404480 ----a-w- c:\windows\system32\umpnpmgr.dll
2011-05-24 10:40 . 2011-06-29 13:41 64512 ----a-w- c:\windows\SysWow64\devobj.dll
2011-05-24 10:40 . 2011-06-29 13:41 44544 ----a-w- c:\windows\SysWow64\devrtl.dll
2011-05-24 10:39 . 2011-06-29 13:41 145920 ----a-w- c:\windows\SysWow64\cfgmgr32.dll
2011-05-24 10:37 . 2011-06-29 13:41 252928 ----a-w- c:\windows\SysWow64\drvinst.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-05-27 02:40 120176 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x86\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-01-22 98304]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-08-11 975952]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-07-04 3493720]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [2010-05-27 305520]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-08-11 321104]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2010-06-11 868896]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2010-01-08 23584]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-06-28 255744]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2010-01-28 243232]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}]
2010-11-20 12:17 302592 ----a-w- c:\windows\System32\cmd.exe
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-07-04 11:43 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-05-27 02:42 137584 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-29 11101800]
"PLFSetI"="c:\windows\PLFSetI.exe" [2010-12-28 206208]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2010-06-11 861216]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = https://britishgasto....com/login.aspx
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://acer.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.254
DPF: {0920DBB1-D098-4ACE-9DDD-7A6F18A9ED66} - hxxps://britishgastopup.paypoint.com/HomeVend.cab
DPF: {283B7DE7-A1ED-4D27-AA59-C6E7427544D2} - hxxps://bg.itronenergypoint.net/IHVConnect/KeyBoxControl.cab
FF - ProfilePath - c:\users\Craig\AppData\Roaming\Mozilla\Firefox\Profiles\zaprewj1.default\
FF - prefs.js: browser.startup.homepage - dailymail.co.uk | facebook.com
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\atibtmon.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
.
**************************************************************************
.
Completion time: 2011-08-09 23:42:36 - machine was rebooted
ComboFix-quarantined-files.txt 2011-08-09 22:42
.
Pre-Run: 168,455,335,936 bytes free
Post-Run: 167,954,784,256 bytes free
.
- - End Of File - - 9E7E5EBD70DB230D53A05E115C585BE0

#8 Cookie.

Cookie.

    Member

  • Full Member
  • Pip
  • 54 posts

Posted 09 August 2011 - 05:04 PM

Hello Cookie. Welcome to SWI.

First of all, I see some items I must ask you about. These are both University of Tokyo. Do you know about this connection? Your PC will use those addresses to look up internet sites.
DhcpNameServer = 192.168.1.254
DhcpNameServer = 192.31.120.29


Could you explain what this means or could mean please? I have no links with Tokyo whatsoever.

Edited by Cookie., 09 August 2011 - 05:06 PM.


#9 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 09 August 2011 - 05:17 PM

It means something bad is trying to contact Tokyo. I just need to figure out what it is. I'll have a fix for you later.
Edit: I was wrong. Those are harmless local router addresses.

Is Bonjour running because you have a network printer?

Edited by cnm, 09 August 2011 - 07:01 PM.

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE

#10 Cookie.

Cookie.

    Member

  • Full Member
  • Pip
  • 54 posts

Posted 10 August 2011 - 04:53 AM

Nope, I don't have a network printer?

#11 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 10 August 2011 - 09:09 AM

In that case, you can optionally uninstall Bonjour as you do not need it. See http://support.apple.com/kb/dl999 for info.

It appears that your notebook had an earlier life. It has Windows 2008 MBR code (Master Boot Record).

I believe your notebook is clean. Do you notice any problems?
Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE

#12 Cookie.

Cookie.

    Member

  • Full Member
  • Pip
  • 54 posts

Posted 10 August 2011 - 09:55 AM

Nope, everything seems fine. Thanks very much for your advice! It's much appreciated.

#13 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 10 August 2011 - 12:20 PM

Great. :D

Cleanup:

Start > Run and enter 'combofix /uninstall'. Note the space after 'combofix'. Among other things your Restore Points will be purged and a new clean one created.

Delete the DDS files, MBRCheck, and Security Check folder from your Desktop.


Advice for malware prevention:
Some of this may not apply to you..

Configure Windows to do automatic updates or get into the habit of checking Windows Update regularly. They usually have security updates every month. You can set Windows to notify you of Updates so that you can choose, but only do this if you believe you are able to understand which ones are needed. This is a crucial security measure.

Keep MalwareBytes Anti-Malware updated and run it whenever you suspect a problem.

The free FileHippo Update Checker makes it easy to keep all your programs up to date - run it every few weeks.

Please consider using an alternate browser. Mozilla's Firefox browser is a very good alternative. In addition to being generally more secure than Internet Explorer, it has a very good built-in popup blocker and add-ons, like NoScripts, can make it even more secure. Chrome is another good option.
If you are interested, Firefox may be downloaded from here
Chrome is available here: http://www.google.co...e/features.html

Note that there are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you may be able to find out if it is a rogue here:

http://www.systemloo...p?type=filename

A similar category of programs is now called "scareware." Scareware programs are active infections that will pop-up on your computer and tell you that you are infected. If you look closely, it will usually have a name that looks like it might be legitimate, but it is NOT one of the programs you installed. It tells you to click and install it right away. If you click on any part of it, including the 'X' to close it, you may actually help it infect your computer further. Keeping protection updated and running resident protection can help prevent these infections. If it happens anyway, get offline as quickly as you can. Pull the internet connection cable or shut down the computer if you have to. Contact someone to help by using another computer if possible. These programs are also sometimes called 'rogues', but they are different from the rogues mentioned above.

For much more old but still useful information, read Tony Klein's excellent article: How did I get infected in the first place
Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE

#14 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 17 August 2011 - 09:40 AM

Glad we could help. :)

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.
Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE




Member of UNITE
Support SpywareInfo Forum - click the button