Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google webhp redirect, multiple instances of browser process running


  • This topic is locked This topic is locked
21 replies to this topic

#1 The_Juggler17

The_Juggler17

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:10:05 AM

Posted 05 December 2010 - 12:56 AM

My homepage in Mozilla Firefox is set to http://www.google.com
when I use the google search engine, I am redirected to http://www.google.com/webhp
This page looks and behaves indentical to Google, however clicking on links only redirects me to www.google.com/webhp
I am redirected to the webhp page when I use other search engines as well, also when browsing other websites.

When I open Firefox a process starts, firefox.exe, that only uses about 7kb memory. After several times opening, the Firefox program finally starts and these extra firefox.exe instances stay open. Ending the extra processes does not close Firefox, but also does not solve the problem.

Internet Explorer does not do this, but also behaves strangely. There are also multiple instances of iexplore.exe running, and when I end one of the extra processes it crashes Internet Explorer, and these extra processes are in addition to the multiple instances of iexplore.exe that runs normally when you open a new tab.
During use, I am occasionally redirected to advertisment and solicitation sites; not so much as to completely prevent use but enough to be very very irritating.

Google Chrome behaves almost exactly like Internet Explorer

Also I cannot enable the Windows Firewall, gives the error message:
"Windows Firewall can't change some of your settings."
"Error code 0x80070422"




This is surely a browser hijack of some kind, and I've already done what I would normally do with a computer like this. Used all of my scanners, and tried some that I don't normally use - all of these (except NOD32) were tried in both safe mode and a normal boot.
Scanned with Malwarebytes Anti-Malware
Scanned with NOD32
Scanned with AVG Anti-Virus
Scanned with Spybot S&D
Scanned with Microsoft Security Essentials

I am running realtime protection of NOD32 (other programs protection is disabled to prevent conflict) and it detects nothing.
I have disabled NOD32's realtime and enabled AVG's - also detects nothing during use.
These all found some stuff, but mostly the normal things that all computers have, tracking cookies and such. I could probably get logs of what was found in recent scans, but I'll hold off on those unless they are requested.

While AVG was installed I was getting BSOD. Uninstalled it and I have not had it since, I'm guessing that either AVG was causing it or a virus interfering with AVG was causing it.



At this point I'm ready to reformat an re-install OS, but I'm pretty sure that my product key is not good for that.
I got my copy of Win7 through my college and they told me that the product key will only work once, so don't try to re-install.
I may just have to buy a copy of Win7 that I know can be re-installed.




When running GMER
all options except for
Services
Registry
Files
ADS

are greyed out, the contents of the attached ark.zip were ran with only these settings checked.
Not sure what has caused this, possibly something malicious.





Thank you very much for your help, I work as a computer technician and I use topics discussed at bleeping computer somewhat often to fix problems in the field.
This is the first time I've posted a problem myself, and yes this is a professional computer technician with a problem he can't fix.
Thanks for your support!






------DDS.txt FOLLOWS-------





DDS (Ver_10-11-27.01) - NTFS_AMD64
Run by Alex at 0:35:38.86 on Sun 12/05/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_22
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.6135.4164 [GMT -5:00]

SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\SysWOW64\DWRCS.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe
C:\Program Files\OO Software\Defrag\oodag.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\Alcohol Soft2\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\NVIDIA Corporation\System Update\UpdateCenterService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\SysWOW64\DWRCST.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\OO Software\Defrag\oodtray.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\PeerBlock\peerblock.exe
C:\Program Files\Core Temp\Core Temp.exe
C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner.exe
C:\Program Files (x86)\Razer\Imperator\RazerImperatorTray.exe
C:\Program Files (x86)\Razer\Lycosa\razerhid.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0417.0\mswinext.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Razer\Lycosa\razertra.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\taskmgr.exe
C:\Users\Alex\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Alex\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Alex\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Alex\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Alex\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Alex\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Alex\Desktop\dds.scr
C:\Windows\system32\conhost.exe

============== Pseudo HJT Report ===============

uSearch Bar = Preserve
uStart Page = hxxp://www.google.com/
mStart Page = www.google.com
uInternet Settings,ProxyServer = http=127.0.0.1:43902
uInternet Settings,ProxyOverride = <local>
mURLSearchHooks: SHOUTcast Toolbar Search Class: {14f0d511-36a2-41ca-ae01-ba4f87282c97} - C:\Program Files (x86)\SHOUTcast Radio Toolbar\shoutcasttb.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: WOT Helper: {c920e44a-7f78-4e64-bdd7-a57026e7feb7} - C:\Program Files (x86)\WOT\WOT.dll
BHO: SHOUTcast Loader: {ccec60fc-2608-4e58-9659-3ffc159e8ea9} - C:\Program Files (x86)\SHOUTcast Radio Toolbar\shoutcasttb.dll
BHO: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0417.0\npwinext.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: SHOUTcast Radio Toolbar: {0457331d-8ca6-4f97-9c26-6a9ef2b2dba8} - C:\Program Files (x86)\SHOUTcast Radio Toolbar\shoutcasttb.dll
TB: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0417.0\npwinext.dll
TB: WOT: {71576546-354d-41c9-aae8-31f2ec22bf0d} - C:\Program Files (x86)\WOT\WOT.dll
uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"
uRun: [Skype] "C:\Program Files (x86)\Skype\\Phone\Skype.exe" /nosplash /minimized
uRun: [Steam] "C:\Program Files (x86)\Steamx2\steam.exe" -silent
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe
uRun: [Google Update] "C:\Users\Alex\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [Razer Imperator Driver] C:\Program Files (x86)\Razer\Imperator\RazerImperatorTray.exe
mRun: [Lycosa] "C:\Program Files (x86)\Razer\Lycosa\razerhid.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [MSN Toolbar] "C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0417.0\mswinext.exe"
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRunServices: [freebl3Services1.9.2.12] C:\Program Files (x86)\Mozilla Firefox\mstsc.exe
mRunServices: [Toolsmsosec] c:\program files (x86)\microsoft office\office12\addins\msosecvisual.exe
mRunServices: [QuickTimeWebHelperQuickTime] c:\program files (x86)\quicktime\qtsystem\quicktimewebhelper.resources\sv.lproj\quicktimewebhelperquicktime.exe
mRunServices: [systemstintl] c:\program files (x86)\common files\microsoft shared\smart tag\1033\systemoffice.exe
mRunServices: [OfficeOrganizer] c:\program files (x86)\microsoft office\office12\authzaxsystem.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\CORETE~1.LNK - C:\Program Files\Core Temp\Core Temp.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
mPolicies-system: DisableStartupSound = 1 (0x1)
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522}
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
TB-X64: {0457331D-8CA6-4F97-9C26-6A9EF2B2DBA8} - No File
TB-X64: {71576546-354D-41C9-AAE8-31F2EC22BF0D} - No File
mRun-x64: [OODefragTray] C:\Program Files\OO Software\Defrag\oodtray.exe
mRun-x64: [RivaTunerStartupDaemon] "C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTunerWrapper.exe" /S
mRun-x64: [RivaTuner] "C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTunerWrapper.exe" /T
mRun-x64: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
mRun-x64: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
mRun-x64: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

================= FIREFOX ===================

FF - ProfilePath - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\7g6sp3un.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
FF - plugin: C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0417.0\npwinext.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\UnrealMediaPlayer5Plugin\npUMediaPlayer5.dll
FF - plugin: C:\Users\Alex\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

============= SERVICES / DRIVERS ===============

R0 AVGIDSEH;AVGIDSEH;C:\Windows\System32\drivers\AVGIDSEH.sys [2010-9-13 27216]
R1 dwvkbd;DameWare Virtual Keyboard 64 bit Driver;C:\Windows\System32\drivers\dwvkbd64.sys [2007-2-15 30720]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2010-3-25 173984]
R2 cpuz133;cpuz133;C:\Windows\System32\drivers\cpuz133_x64.sys [2010-6-24 20968]
R2 eamonm;eamonm;C:\Windows\System32\drivers\eamonm.sys [2010-3-24 163888]
R2 ekrn;ESET Service;C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2010-3-24 810120]
R2 epfwwfpr;epfwwfpr;C:\Windows\System32\drivers\epfwwfpr.sys [2010-3-24 124760]
R2 OODefragAgent;O&O Defrag;C:\Program Files\OO Software\Defrag\oodag.exe [2010-9-30 3140424]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2010-1-26 1153368]
R2 StarWindServiceAE;StarWind AE Service;C:\Program Files (x86)\Alcohol Soft2\Alcohol 120\StarWind\StarWindServiceAE.exe [2009-12-23 370688]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-10-16 369256]
R2 WinRing0_1_2_0;WinRing0_1_2_0;C:\Users\Alex\AppData\Local\Microsoft\Windows Sidebar\Gadgets\IntelCoreSeries24.gadget\WinRing0x64.sys [2010-5-28 14544]
R3 Lycosa;Lycosa Keyboard;C:\Windows\System32\drivers\Lycosa.sys [2010-9-2 20352]
R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\System32\drivers\MpNWMon.sys [2010-3-25 40832]
R3 nvoclk64;NVIDIA Enthusiasts Platform KDM;C:\Windows\System32\drivers\nvoclk64.sys [2009-9-15 42088]
R3 pbfilter;pbfilter;C:\Program Files\PeerBlock\pbfilter.sys [2010-10-13 24176]
R3 RivaTuner64;RivaTuner64;C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys [2009-8-22 19952]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-6-23 344680]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 ENTECH64;ENTECH64;C:\Windows\System32\drivers\Entech64.sys [2010-2-10 12744]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-4-9 1038088]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-3-1 1255736]
S4 SandraAgentSrv;SiSoftware Deployment Agent Service;C:\Program Files\SiSoftware\SiSoftware Sandra Professional Business 2010.SP3\RpcAgentSrv.exe [2010-11-11 93848]
S4 TomTomHOMEService;TomTomHOMEService;C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2010-6-24 92008]

=============== Created Last 30 ================

2010-12-04 19:46:06 -------- d-----w- C:\Windows\System32\drivers\AVG
2010-12-04 09:46:20 -------- d-----w- C:\Users\Alex\AppData\Roaming\AVG
2010-12-04 07:50:33 -------- d-----w- C:\Users\Alex\AppData\Roaming\AVG10
2010-12-04 07:49:25 -------- d--h--w- C:\PROGRA~3\Common Files
2010-12-04 07:48:48 -------- d-----w- C:\PROGRA~3\AVG10
2010-12-04 07:47:58 -------- d-----w- C:\Program Files (x86)\AVG
2010-12-04 07:41:32 -------- d-----w- C:\PROGRA~3\MFAData
2010-12-04 05:03:46 -------- d-----w- C:\Users\Alex\AppData\Local\Activision
2010-12-04 03:22:43 -------- d-----w- C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 7
2010-12-03 20:17:18 8199504 ----a-w- C:\PROGRA~3\Microsoft\Microsoft Antimalware\Definition Updates\{894B5A15-01E9-415A-B4AD-D607561EE488}\mpengine.dll
2010-12-03 18:51:37 -------- d-----w- C:\Program Files (x86)\WOT
2010-12-03 18:51:09 -------- d-----w- C:\Program Files (x86)\MSN Toolbar
2010-12-03 18:50:55 -------- d-----w- C:\Program Files (x86)\MSN Toolbar Installer
2010-12-03 18:50:54 -------- d-----w- C:\Program Files (x86)\WOT Services
2010-12-03 09:56:05 388096 ----a-r- C:\Users\Alex\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-12-03 09:54:16 -------- d-----w- C:\Users\Alex\AppData\Local\Google
2010-12-03 09:53:54 -------- d-----w- C:\Users\Alex\AppData\Local\Apps
2010-12-03 09:53:53 -------- d-----w- C:\Users\Alex\AppData\Local\Deployment
2010-12-03 09:37:44 -------- d-----w- C:\Users\Alex\AppData\Roaming\JAM Software
2010-12-03 09:37:37 -------- d-----w- C:\Program Files (x86)\JAM Software
2010-12-03 06:39:42 55808 ----a-w- C:\Windows\SysWow64\DWRCW64.exe
2010-12-02 00:21:59 757760 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iKernel.dll
2010-12-02 00:21:59 69715 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ctor.dll
2010-12-02 00:21:59 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe
2010-12-02 00:21:58 331908 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\setup.dll
2010-12-02 00:21:58 200836 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iGdi.dll
2010-11-30 19:32:20 -------- d-----w- C:\Program Files (x86)\Geeks3D
2010-11-29 05:45:41 168448 ----a-w- C:\Windows\SysWow64\unrar.dll
2010-11-29 05:45:33 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2010-11-29 05:45:32 -------- d-----w- C:\Program Files (x86)\K-Lite Codec Pack
2010-11-28 23:17:06 -------- d-----w- C:\PROGRA~3\DivX
2010-11-23 18:41:13 7680 ----a-w- C:\Program Files\Internet Explorer\iecompat.dll
2010-11-23 18:41:13 7680 ----a-w- C:\Program Files (x86)\Internet Explorer\iecompat.dll
2010-11-18 09:27:48 -------- d-----w- C:\Users\Alex\AppData\Local\bizarre creations
2010-11-18 04:52:32 -------- d-----w- C:\Program Files (x86)\Activision
2010-11-16 20:35:38 -------- d-----w- C:\Program Files (x86)\TNod User & Password Finder
2010-11-16 20:25:25 0 ----a-w- C:\Windows\SysWow64\lspB599.tmp
2010-11-16 09:46:54 -------- d-----w- C:\Windows\CheckSur
2010-11-13 22:33:01 -------- d-----w- C:\Users\Alex\AppData\Roaming\VBA-M
2010-11-11 07:12:46 -------- d-----w- C:\Program Files (x86)\OCCT
2010-11-11 07:12:31 1886 ----a-w- C:\PROGRA~3\xmlE34B.tmp
2010-11-11 07:12:31 13702 ----a-w- C:\PROGRA~3\xmlE1E3.tmp
2010-11-11 07:12:30 5975 ----a-w- C:\PROGRA~3\xmlDD12.tmp
2010-11-11 07:11:18 -------- d-----w- C:\Program Files\SiSoftware
2010-11-11 02:37:20 8199504 ----a-w- C:\PROGRA~3\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2010-11-09 22:58:08 -------- d-----w- C:\Users\Alex\AppData\Local\Windows Live
2010-11-09 22:57:44 257024 ----a-w- C:\Windows\System32\mfreadwrite.dll
2010-11-09 22:57:44 206848 ----a-w- C:\Windows\System32\mfps.dll
2010-11-09 22:57:44 196608 ----a-w- C:\Windows\SysWow64\mfreadwrite.dll
2010-11-09 22:57:44 1888256 ----a-w- C:\Windows\System32\WMVDECOD.DLL
2010-11-09 22:57:44 1619456 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
2010-11-09 22:57:43 4068864 ----a-w- C:\Windows\System32\mf.dll
2010-11-09 22:57:43 3181568 ----a-w- C:\Windows\SysWow64\mf.dll
2010-11-09 22:53:43 -------- d-----w- C:\Program Files (x86)\Microsoft Antimalware
2010-11-09 22:53:40 -------- d-----w- C:\Program Files\Microsoft Security Essentials
2010-11-08 21:20:18 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2010-11-08 21:20:18 472808 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
2010-11-06 13:23:37 -------- d-----w- C:\Windows\System32\oodag
2010-11-06 13:14:55 -------- d-----w- C:\Users\Alex\AppData\Local\Downloaded Installations

==================== Find3M ====================

2010-11-29 22:42:06 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2010-11-03 00:33:34 1146984 ----a-w- C:\Windows\System32\RTSnMg64.cpl
2010-11-03 00:33:22 332392 ----a-w- C:\Windows\System32\RtlCPAPI64.dll
2010-11-03 00:33:22 2096232 ----a-w- C:\Windows\System32\RtPgEx64.dll
2010-11-03 00:33:10 2536040 ----a-w- C:\Windows\System32\drivers\RTKVHD64.sys
2010-11-03 00:33:00 618600 ----a-w- C:\Windows\System32\RtkApi64.dll
2010-11-03 00:33:00 2654824 ----a-w- C:\Windows\System32\RtkAPO64.dll
2010-11-03 00:33:00 149608 ----a-w- C:\Windows\System32\RtkCfg64.dll
2010-10-29 15:05:34 118464 ----a-w- C:\Windows\System32\SFSS_APO.dll
2010-10-28 15:46:00 1251944 ----a-w- C:\Windows\RtlExUpd.dll
2010-10-26 18:03:04 1937312 ----a-w- C:\Windows\System32\FMAPO64.dll
2010-10-26 14:16:00 1716368 ----a-w- C:\Windows\System32\R4EEP64A.dll
2010-10-26 14:15:58 72336 ----a-w- C:\Windows\System32\R4EEG64A.dll
2010-10-26 14:15:58 419472 ----a-w- C:\Windows\System32\R4EED64A.dll
2010-10-26 14:15:58 125584 ----a-w- C:\Windows\System32\R4EEL64A.dll
2010-10-26 14:15:56 106640 ----a-w- C:\Windows\System32\R4EEA64A.dll
2010-10-19 20:51:33 270720 ------w- C:\Windows\System32\MpSigStub.exe
2010-10-16 17:13:54 5901416 ----a-w- C:\Windows\System32\nvcpl.dll
2010-10-16 17:13:34 989800 ----a-w- C:\Windows\System32\nvvsvc.exe
2010-10-16 17:13:34 2590824 ----a-w- C:\Windows\System32\nvsvc64.dll
2010-10-16 17:13:34 116328 ----a-w- C:\Windows\System32\nvmctray.dll
2010-10-14 06:36:52 15451288 ----a-w- C:\Windows\SysWow64\xlive.dll
2010-10-14 06:36:50 13642904 ----a-w- C:\Windows\SysWow64\xlivefnt.dll
2010-10-09 16:07:52 1682 --sha-w- C:\Windows\SysWow64\KGyGaAvL.sys
2010-10-09 04:55:16 56 --sh--r- C:\Windows\SysWow64\9DF2283104.sys
2010-10-04 21:12:18 2580824 ----a-w- C:\Windows\System32\WavesGUILib.dll
2010-10-04 21:12:10 1770328 ----a-w- C:\Windows\System32\MaxxAudioRealtek.dll
2010-10-03 18:46:12 341336 ----a-w- C:\Windows\System32\MaxxAudioAPO30.dll
2010-09-30 16:30:40 2178376 ----a-w- C:\Windows\System32\ooscrsav.scr
2010-09-30 16:29:44 349000 ----a-w- C:\Windows\System32\oodbs.exe
2010-09-30 16:28:30 535880 ----a-w- C:\Windows\System32\oodssrs.dll
2010-09-30 16:28:10 9544 ----a-w- C:\Windows\System32\oodbsrs.dll
2010-09-27 14:34:30 318808 ----a-w- C:\Windows\System32\MaxxAudioAPO20.dll
2010-09-21 19:49:02 252800 ----a-w- C:\Windows\System32\LIVESSP.DLL
2010-09-21 19:03:14 208768 ----a-w- C:\Windows\SysWow64\LIVESSP.DLL
2010-09-13 21:28:00 27216 ----a-w- C:\Windows\System32\drivers\AVGIDSEH.sys
2010-09-11 04:55:08 61032 ----a-w- C:\Windows\System32\nvshext.dll
2010-09-10 05:35:44 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2010-09-10 05:35:43 347648 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2010-09-07 18:15:26 396672 ----a-w- C:\Windows\SysWow64\RzMwApiD.dll

============= FINISH: 0:36:31.83 ===============

eh - something that might throw up a red flag in my logs is DWRCS.exe
This is DameWare Remote Control Service, a remote control program used by the company I work for.
I use it to control my computer at home while I am at work, it is set up in such a way that only one external IP can connect to it - from my computer at work.
So it is highly unlikely that this could be used by anybody other than me.

Just wanted to give the reader a heads up on that one.

EDIT: Posts merged ~BP

just a quick addition:

I have recently discovered that all of this also happens in safe mode. Hadn't tried using the browser in safe mode before - it is constantly redirected to this google.com/webhp thing and advertisement sites.
It is rather concerning that this also runs in safe mode.

EDIT: Posts merged ~BP

Did some testing, hate to keep incessantly posting this stuff but I'm learning new information as I go along and want to share it. Sorry if it's a bother, just want to help get this one fixed.



Ran the same google search in Firefox on my computer and a computer at work. These should give identical (or close enough) URLs.

Searching the term "test search"
Computer at work:
http://www.google.com/#hl=en&biw=1366&bih=603&q=test+search&fp=d1130564c93b4a66

My infected computer: (brackets added to make it not a link)
<http://www.google.com/#hl=en&expIds=17259,24788,27493,27744,27788&sugexp=egsisas&xhr=t&q=test+search&cp=7&pf=p&sclient=psy&aq=0&aqi=&aql=f&oq=test+se&gs_rfai=&pbx=1&fp=7b9141da4f416ce8>

EDIT: Posts merged ~BP

Attached Files


Edited by Budapest, 07 December 2010 - 01:40 AM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:05 AM

Posted 11 December 2010 - 11:28 PM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.


We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.


In order for me to see the status of the infection I will need a new set of logs to start with.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.

Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply



information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 The_Juggler17

The_Juggler17
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:10:05 AM

Posted 13 December 2010 - 02:42 PM

First of all, I should mention that since my posting the first message I have ran this tool:
Kaspersky's TDSSKiller
http://support.kaspersky.com/viruses/solutions?qid=208280684
As it was being used at my work to remove a similar infection.
No I don't think I brought it to work somehow or brought it home - I should just sweep that under the table if I brought a virus to the IT department :whistle:

This tool removed the following infections:
Win32.Smitnyl.A - an infection of the master boot record
Rootkit.Win32.TDSS.tdl4 - an infecion of the boot sector

If you would like the logs from these scans I can post them.

Anyway, since running this I have not experienced the browser redirects at all.
It seems to be fixed, but something this insidious makes be doubt that one removal tool took care of everything.
No other scanner or real-time protection I have used has been able to find this thing, and it even worked in safe mode - so I still feel a bit insecure.


I should also mention that since my first post I have installed the full version of AVG Internet Security 2011
It seems pretty good, protective without being invasive.
However, sometimes when it downloads updates the computer freezes entirely. I've left it for about 2 hours thinking maybe I was just being impatient, but it remained frozen.
That is frozen in that I can move the mouse, click on things, but nothing happens. Also when frozen like this I cannot receive a network ping or use my remote desktop software to connect to the computer.
It just has to be powered off.
If this is related then it is a problem, if you think it is not related then so be it - I'll either figure it out or deal with it, virus is my main concern.


And my sincere thanks for your help.






* Defogger ran - CD emulation disabled

* DDS.txt and Attach.txt follow:


===DDS.txt===

DDS (Ver_10-12-12.02) - NTFS_AMD64
Run by Alex at 14:24:19.59 on Mon 12/13/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_22
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.6135.3622 [GMT -5:00]

AV: ESET NOD32 Antivirus 4.2 *Disabled/Outdated* {CB0F8167-5331-BA19-698E-64816B6801A5}
AV: Microsoft Security Essentials *Enabled/Updated* {BF5CEBDC-F2D3-7540-343C-F0CE11FD6E66}
AV: AVG Internet Security 2011 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: Microsoft Security Essentials *Enabled/Updated* {043D0A38-D4E9-7ACE-0E8C-CBBC6A7A24DB}
SP: AVG Internet Security 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: ESET NOD32 Antivirus 4.2 *Disabled/Outdated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: AVG Firewall *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}

============== Running Processes ===============

C:\PROGRA~2\AVG\AVG10\avgchsva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\AVG\AVG10\avgfws.exe
C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe
C:\Program Files\OO Software\Defrag\oodag.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\Alcohol Soft2\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Program Files (x86)\AVG\AVG10\avgam.exe
C:\Program Files (x86)\NVIDIA Corporation\System Update\UpdateCenterService.exe
C:\Program Files (x86)\AVG\AVG10\avgnsa.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\AVG\AVG10\avgcsrva.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\OO Software\Defrag\oodtray.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Steamx2\Steam.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Core Temp\Core Temp.exe
C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner.exe
C:\Program Files (x86)\Razer\Imperator\RazerImperatorTray.exe
C:\Program Files (x86)\Razer\Lycosa\razerhid.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\AVG\AVG10\avgtray.exe
C:\Program Files (x86)\Razer\Lycosa\razertra.exe
C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\PROGRA~2\AVG\AVG10\avgrsa.exe
C:\Program Files (x86)\AVG\AVG10\avgcsrva.exe
C:\Windows\explorer.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 7\firefox.exe
C:\Windows\system32\notepad.exe
C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 7\plugin-container.exe
C:\Users\Alex\Desktop\dds.scr
C:\Windows\system32\conhost.exe

============== Pseudo HJT Report ===============

uSearch Bar = Preserve
uStart Page = hxxp://www.google.com/
mStart Page = www.google.com
uInternet Settings,ProxyServer = http=127.0.0.1:43902
uInternet Settings,ProxyOverride = <local>
mURLSearchHooks: SHOUTcast Toolbar Search Class: {14f0d511-36a2-41ca-ae01-ba4f87282c97} - C:\Program Files (x86)\SHOUTcast Radio Toolbar\shoutcasttb.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: WOT Helper: {c920e44a-7f78-4e64-bdd7-a57026e7feb7} - C:\Program Files (x86)\WOT\WOT.dll
BHO: SHOUTcast Loader: {ccec60fc-2608-4e58-9659-3ffc159e8ea9} - C:\Program Files (x86)\SHOUTcast Radio Toolbar\shoutcasttb.dll
BHO: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0417.0\npwinext.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: SHOUTcast Radio Toolbar: {0457331d-8ca6-4f97-9c26-6a9ef2b2dba8} - C:\Program Files (x86)\SHOUTcast Radio Toolbar\shoutcasttb.dll
TB: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0417.0\npwinext.dll
TB: WOT: {71576546-354d-41c9-aae8-31f2ec22bf0d} - C:\Program Files (x86)\WOT\WOT.dll
uRun: [Skype] "C:\Program Files (x86)\Skype\\Phone\Skype.exe" /nosplash /minimized
uRun: [Steam] "C:\Program Files (x86)\Steamx2\steam.exe" -silent
uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mRun: [Razer Imperator Driver] C:\Program Files (x86)\Razer\Imperator\RazerImperatorTray.exe
mRun: [Lycosa] "C:\Program Files (x86)\Razer\Lycosa\razerhid.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
mRunServices: [freebl3Services1.9.2.12] C:\Program Files (x86)\Mozilla Firefox\mstsc.exe
mRunServices: [Toolsmsosec] c:\program files (x86)\microsoft office\office12\addins\msosecvisual.exe
mRunServices: [QuickTimeWebHelperQuickTime] c:\program files (x86)\quicktime\qtsystem\quicktimewebhelper.resources\sv.lproj\quicktimewebhelperquicktime.exe
mRunServices: [systemstintl] c:\program files (x86)\common files\microsoft shared\smart tag\1033\systemoffice.exe
mRunServices: [OfficeOrganizer] c:\program files (x86)\microsoft office\office12\authzaxsystem.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\CORETE~1.LNK - C:\Program Files\Core Temp\Core Temp.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
mPolicies-system: DisableStartupSound = 1 (0x1)
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522}
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
TB-X64: {0457331D-8CA6-4F97-9C26-6A9EF2B2DBA8} - No File
TB-X64: {71576546-354D-41C9-AAE8-31F2EC22BF0D} - No File
mRun-x64: [OODefragTray] C:\Program Files\OO Software\Defrag\oodtray.exe
mRun-x64: [RivaTunerStartupDaemon] "C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTunerWrapper.exe" /S
mRun-x64: [RivaTuner] "C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTunerWrapper.exe" /T
mRun-x64: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
mRun-x64: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

================= FIREFOX ===================

FF - ProfilePath - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\7g6sp3un.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
FF - plugin: C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0417.0\npwinext.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\UnrealMediaPlayer5Plugin\npUMediaPlayer5.dll
FF - plugin: C:\Users\Alex\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

============= SERVICES / DRIVERS ===============

R0 AVGIDSEH;AVGIDSEH;C:\Windows\System32\drivers\AVGIDSEH.sys [2010-9-13 27216]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2010-9-7 30288]
R1 Avgfwfd;AVG network filter service;C:\Windows\System32\drivers\avgfwd6a.sys [2010-7-12 57696]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2010-9-7 305232]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2010-9-7 41040]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2010-11-9 382032]
R1 dwvkbd;DameWare Virtual Keyboard 64 bit Driver;C:\Windows\System32\drivers\dwvkbd64.sys [2007-2-15 30720]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2010-3-25 173984]
R2 avgfws;AVG Firewall;C:\Program Files (x86)\AVG\AVG10\avgfws.exe [2010-11-9 3229728]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2010-11-10 6127184]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [2010-10-22 265400]
R2 cpuz133;cpuz133;C:\Windows\System32\drivers\cpuz133_x64.sys [2010-6-24 20968]
R2 eamonm;eamonm;C:\Windows\System32\drivers\eamonm.sys [2010-3-24 163888]
R2 ekrn;ESET Service;C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2010-3-24 810120]
R2 epfwwfpr;epfwwfpr;C:\Windows\System32\drivers\epfwwfpr.sys [2010-3-24 124760]
R2 OODefragAgent;O&O Defrag;C:\Program Files\OO Software\Defrag\oodag.exe [2010-9-30 3140424]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2010-1-26 1153368]
R2 StarWindServiceAE;StarWind AE Service;C:\Program Files (x86)\Alcohol Soft2\Alcohol 120\StarWind\StarWindServiceAE.exe [2009-12-23 370688]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-10-16 369256]
R2 WinRing0_1_2_0;WinRing0_1_2_0;C:\Users\Alex\AppData\Local\Microsoft\Windows Sidebar\Gadgets\IntelCoreSeries24.gadget\WinRing0x64.sys [2010-5-28 14544]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\AVGIDSDriver.sys [2010-8-19 157264]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\System32\drivers\AVGIDSFilter.sys [2010-8-19 35920]
R3 Lycosa;Lycosa Keyboard;C:\Windows\System32\drivers\Lycosa.sys [2010-9-2 20352]
R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\System32\drivers\MpNWMon.sys [2010-3-25 40832]
R3 nvoclk64;NVIDIA Enthusiasts Platform KDM;C:\Windows\System32\drivers\nvoclk64.sys [2009-9-15 42088]
R3 RivaTuner64;RivaTuner64;C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys [2009-8-22 19952]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-6-23 344680]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 ENTECH64;ENTECH64;C:\Windows\System32\drivers\Entech64.sys [2010-2-10 12744]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-4-9 1038088]
S3 MEMSWEEP2;MEMSWEEP2;C:\Windows\System32\6661.tmp [2010-12-6 6144]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-3-1 1255736]
S4 SandraAgentSrv;SiSoftware Deployment Agent Service;C:\Program Files\SiSoftware\SiSoftware Sandra Professional Business 2010.SP3\RpcAgentSrv.exe [2010-11-11 93848]
S4 TomTomHOMEService;TomTomHOMEService;C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2010-6-24 92008]

=============== Created Last 30 ================

2010-12-13 12:56:04 8199504 ----a-w- C:\PROGRA~3\Microsoft\Microsoft Antimalware\Definition Updates\{4C9DB354-8DD8-4211-9781-8EE69C22E4EF}\mpengine.dll
2010-12-08 04:04:03 -------- d-----w- C:\TDSSKiller_Quarantine
2010-12-07 00:34:38 -------- d-----w- C:\Program Files (x86)\ESET
2010-12-06 16:12:15 6144 ------w- C:\Windows\System32\6661.tmp
2010-12-06 16:11:11 6144 ------w- C:\Windows\System32\6A37.tmp
2010-12-06 08:46:27 6144 ------w- C:\Windows\System32\251E.tmp
2010-12-06 08:45:52 6144 ------w- C:\Windows\System32\9BB2.tmp
2010-12-06 08:45:42 -------- d-----w- C:\Program Files (x86)\Sophos
2010-12-06 07:03:20 -------- d-----w- C:\Windows\SysWow64\drivers\AVG
2010-12-06 05:48:47 -------- d-----w- C:\PROGRA~3\Alwil Software
2010-12-06 05:47:51 -------- dc----w- C:\PROGRA~3\{E961CE1B-C3EA-4882-9F67-F859B555D097}
2010-12-06 04:55:14 -------- d-----w- C:\Program Files (x86)\Lavasoft
2010-12-06 04:38:04 -------- d-----w- C:\Program Files (x86)\SpywareGuard
2010-12-05 09:02:17 -------- d-----w- C:\Program Files (x86)\VentSrv
2010-12-05 07:00:14 -------- d-----w- C:\Users\Alex\AppData\Local\Adobe
2010-12-05 06:28:43 -------- d-----w- C:\Program Files (x86)\Xilisoft
2010-12-04 19:46:06 -------- d-----w- C:\Windows\System32\drivers\AVG
2010-12-04 07:50:33 -------- d-----w- C:\Users\Alex\AppData\Roaming\AVG10
2010-12-04 07:49:25 -------- d--h--w- C:\PROGRA~3\Common Files
2010-12-04 07:48:48 -------- d-----w- C:\PROGRA~3\AVG10
2010-12-04 07:47:58 -------- d-----w- C:\Program Files (x86)\AVG
2010-12-04 07:41:32 -------- d-----w- C:\PROGRA~3\MFAData
2010-12-04 05:03:46 -------- d-----w- C:\Users\Alex\AppData\Local\Activision
2010-12-04 03:22:43 -------- d-----w- C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 7
2010-12-03 18:51:37 -------- d-----w- C:\Program Files (x86)\WOT
2010-12-03 18:51:09 -------- d-----w- C:\Program Files (x86)\MSN Toolbar
2010-12-03 18:50:55 -------- d-----w- C:\Program Files (x86)\MSN Toolbar Installer
2010-12-03 18:50:54 -------- d-----w- C:\Program Files (x86)\WOT Services
2010-12-03 09:56:05 388096 ----a-r- C:\Users\Alex\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-12-03 09:54:16 -------- d-----w- C:\Users\Alex\AppData\Local\Google
2010-12-03 09:53:54 -------- d-----w- C:\Users\Alex\AppData\Local\Apps
2010-12-03 09:53:53 -------- d-----w- C:\Users\Alex\AppData\Local\Deployment
2010-12-03 09:37:44 -------- d-----w- C:\Users\Alex\AppData\Roaming\JAM Software
2010-12-03 09:37:37 -------- d-----w- C:\Program Files (x86)\JAM Software
2010-12-03 06:39:42 55808 ----a-w- C:\Windows\SysWow64\DWRCW64.exe
2010-12-02 00:21:59 757760 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iKernel.dll
2010-12-02 00:21:59 69715 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ctor.dll
2010-12-02 00:21:59 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe
2010-12-02 00:21:58 331908 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\setup.dll
2010-12-02 00:21:58 200836 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iGdi.dll
2010-11-30 19:32:20 -------- d-----w- C:\Program Files (x86)\Geeks3D
2010-11-29 05:45:41 168448 ----a-w- C:\Windows\SysWow64\unrar.dll
2010-11-29 05:45:33 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2010-11-29 05:45:32 -------- d-----w- C:\Program Files (x86)\K-Lite Codec Pack
2010-11-28 23:17:06 -------- d-----w- C:\PROGRA~3\DivX
2010-11-23 18:41:13 7680 ----a-w- C:\Program Files\Internet Explorer\iecompat.dll
2010-11-23 18:41:13 7680 ----a-w- C:\Program Files (x86)\Internet Explorer\iecompat.dll
2010-11-18 09:27:48 -------- d-----w- C:\Users\Alex\AppData\Local\bizarre creations
2010-11-18 04:52:32 -------- d-----w- C:\Program Files (x86)\Activision
2010-11-16 20:35:38 -------- d-----w- C:\Program Files (x86)\TNod User & Password Finder
2010-11-16 20:25:25 0 ----a-w- C:\Windows\SysWow64\lspB599.tmp
2010-11-16 09:46:54 -------- d-----w- C:\Windows\CheckSur
2010-11-13 22:33:01 -------- d-----w- C:\Users\Alex\AppData\Roaming\VBA-M

==================== Find3M ====================

2010-11-29 22:42:06 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2010-11-23 10:14:17 5975 ----a-w- C:\PROGRA~3\xmlDD12.tmp
2010-11-23 10:14:17 1886 ----a-w- C:\PROGRA~3\xmlE34B.tmp
2010-11-23 10:14:17 13702 ----a-w- C:\PROGRA~3\xmlE1E3.tmp
2010-11-10 03:20:56 382032 ----a-w- C:\Windows\System32\drivers\avgtdia.sys
2010-11-03 00:33:34 1146984 ----a-w- C:\Windows\System32\RTSnMg64.cpl
2010-11-03 00:33:22 332392 ----a-w- C:\Windows\System32\RtlCPAPI64.dll
2010-11-03 00:33:22 2096232 ----a-w- C:\Windows\System32\RtPgEx64.dll
2010-11-03 00:33:10 2536040 ----a-w- C:\Windows\System32\drivers\RTKVHD64.sys
2010-11-03 00:33:00 618600 ----a-w- C:\Windows\System32\RtkApi64.dll
2010-11-03 00:33:00 2654824 ----a-w- C:\Windows\System32\RtkAPO64.dll
2010-11-03 00:33:00 149608 ----a-w- C:\Windows\System32\RtkCfg64.dll
2010-10-29 15:05:34 118464 ----a-w- C:\Windows\System32\SFSS_APO.dll
2010-10-28 15:46:00 1251944 ----a-w- C:\Windows\RtlExUpd.dll
2010-10-26 18:03:04 1937312 ----a-w- C:\Windows\System32\FMAPO64.dll
2010-10-26 14:16:00 1716368 ----a-w- C:\Windows\System32\R4EEP64A.dll
2010-10-26 14:15:58 72336 ----a-w- C:\Windows\System32\R4EEG64A.dll
2010-10-26 14:15:58 419472 ----a-w- C:\Windows\System32\R4EED64A.dll
2010-10-26 14:15:58 125584 ----a-w- C:\Windows\System32\R4EEL64A.dll
2010-10-26 14:15:56 106640 ----a-w- C:\Windows\System32\R4EEA64A.dll
2010-10-19 20:51:33 270720 ------w- C:\Windows\System32\MpSigStub.exe
2010-10-16 17:13:54 5901416 ----a-w- C:\Windows\System32\nvcpl.dll
2010-10-16 17:13:34 989800 ----a-w- C:\Windows\System32\nvvsvc.exe
2010-10-16 17:13:34 2590824 ----a-w- C:\Windows\System32\nvsvc64.dll
2010-10-16 17:13:34 116328 ----a-w- C:\Windows\System32\nvmctray.dll
2010-10-14 06:36:52 15451288 ----a-w- C:\Windows\SysWow64\xlive.dll
2010-10-14 06:36:50 13642904 ----a-w- C:\Windows\SysWow64\xlivefnt.dll
2010-10-09 16:07:52 1682 --sha-w- C:\Windows\SysWow64\KGyGaAvL.sys
2010-10-09 04:55:16 56 --sh--r- C:\Windows\SysWow64\9DF2283104.sys
2010-10-04 21:12:18 2580824 ----a-w- C:\Windows\System32\WavesGUILib.dll
2010-10-04 21:12:10 1770328 ----a-w- C:\Windows\System32\MaxxAudioRealtek.dll
2010-10-03 18:46:12 341336 ----a-w- C:\Windows\System32\MaxxAudioAPO30.dll
2010-09-30 16:30:40 2178376 ----a-w- C:\Windows\System32\ooscrsav.scr
2010-09-30 16:29:44 349000 ----a-w- C:\Windows\System32\oodbs.exe
2010-09-30 16:28:30 535880 ----a-w- C:\Windows\System32\oodssrs.dll
2010-09-30 16:28:10 9544 ----a-w- C:\Windows\System32\oodbsrs.dll
2010-09-27 14:34:30 318808 ----a-w- C:\Windows\System32\MaxxAudioAPO20.dll
2010-09-21 19:49:02 252800 ----a-w- C:\Windows\System32\LIVESSP.DLL
2010-09-21 19:03:14 208768 ----a-w- C:\Windows\SysWow64\LIVESSP.DLL
2010-09-15 09:50:37 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll

============= FINISH: 14:24:43.66 ===============



===Attach.txt===

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.02)

Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 1/25/2010 8:19:18 PM
System Uptime: 12/12/2010 7:50:07 AM (31 hours ago)

Motherboard: EVGA | | 132-BL-E758
Processor: Intel® Core™ i7 CPU 920 @ 2.67GHz | Socket 423 | 2653/133mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 466 GiB total, 64.224 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP355: 12/13/2010 1:39:13 AM - Scheduled Checkpoint
RP356: 12/13/2010 7:55:53 AM - Windows Update

==== Installed Programs ======================

1400
1400_Help
1400Trb
7-Zip 4.65
Activision®
Adobe Anchor Service CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles CS CS4
Adobe CSI CS4
Adobe Default Language CS4
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Linguistics CS4
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Reader 9.3.2
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
AIO_CDB_ProductContext
AIO_CDB_Software
AIO_Scan
Apple Application Support
Apple Software Update
AVG PC Tuneup 2011
Batman: Arkham Asylum
BOINC
BootDisk2BootStick 0.10
BufferChm
CCleaner
CDBurnerXP
Character Builder
CNC4 Offline Patch
Comcast High-Speed Internet Install Wizard
Connect
Copy
D3DX10
DameWare Mini Remote Control
DameWare Mini Remote Control Client Agent Service
DARK VOID
Dead Rising 2
Destinations
DeviceDiscovery
DH Driver Cleaner Professional Edition
DocProc
Easy GIF Animator 4.6 Pro
ESET Online Scanner v3
Fallout New Vegas
Fax
Folding@home-gpu
Geeks3D PhysX FluidMark v1.3.1
Google Chrome
GPU Caps Viewer 1.9.4
HiJackThis
HP USB Disk Storage Format Tool
HPPhotoGadget
HPPhotoSmartDiscLabelContent1
HPPhotosmartEssential
HPSSupply
James Bond 007™ - Blood Stone
Java Auto Updater
Java™ 6 Update 22
JDownloader
Junk Mail filter update
Just Cause 2
K-Lite Codec Pack 4.9.5 (Full)
kuler
Malwarebytes' Anti-Malware
Mass Effect 2
Microsoft Default Manager
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Live Add-in 1.5
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft WSE 3.0 Runtime
Mozilla Firefox 4.0b7 (x86 en-US)
MSN Toolbar
MSN Toolbar Platform
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NBA 2K11
NV_GEF7_LUNA_SS_nzone Screen Saver
NVIDIA PhysX Unreal Tournament 3 Mods
NVIDIA Stereoscopic 3D Driver
NVIDIA System Monitor
NVIDIA System Update
OCCT Perestroika 3.1.0
OpenAL
oZone3D.Net FurMark v1.7.0
oZone3D.Net FurMark v1.8.2
PDF Settings CS4
Photoshop Camera Raw
QuickTime
Razer Imperator
Razer Imperator Firmware Updater
Razer Lycosa
Realtek High Definition Audio Driver
redist
Rename Master
RGSS-RTP Standard
RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition
RPG Maker 2000 1.07b
RPG Maker 2003 v1.08
RPGXP
RTP 1.32 Add-On for RM2k
RTP for RM2K (Png, Wav, Midi, Fonts)
Scan
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2289158)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office Outlook 2007 (KB2288953)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
Security Update for Microsoft Office Publisher 2007 (KB982124)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
SHOUTcast DNAS (remove only)
SHOUTcast DSP plugin V2
SHOUTcast Radio Toolbar
SHOUTcast Source DSP 1.9.1 (remove only)
Skype Toolbars
Skype™ 4.2
SmartWebPrinting
Sonic & SEGA All-Stars Racing
Sophos Anti-Rootkit 1.5.4
SpeedFan (remove only)
Spider-Man™ - Shattered Dimensions
Spybot - Search & Destroy
Star Wars: The Force Unleashed 2
Starry Night Backyard 3.1
Steam
Suite Shared Configuration CS4
System Requirements Lab
Team Fortress 2
Team Fortress 2 Beta
The Core Media Player 4.0
The Sims 3 Neighborhood Workshop
The Sims™ 3
The Sims™ 3 Ambitions
The Sims™ 3 High-End Loft Stuff
TomTom HOME 2.7.5.2014
TomTom HOME Visual Studio Merge Modules
Toolbox
Transformers™ - War for Cybertron™
TrayApp
TreeSize Free V2.5
Trillian
Ubisoft Game Launcher
Ulead GIF Animator 5
Unigine Heaven Benchmark v1.0
UnloadSupport
Unreal Media Player Plugin
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (KB2443839)
Visual Pinball
Visual Pinball VPInstaller 1.0.3
Visual Studio 2008 x64 Redistributables
VLC media player 1.1.5
WBFS Manager 3.0
WebReg
Winamp
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR archiver
Worms Reloaded
WOT for Internet Explorer
WOT Services

==== Event Viewer Messages From Past Week ========

12/9/2010 8:59:08 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR2.
12/8/2010 6:58:42 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the avgwd service.
12/8/2010 12:17:22 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
12/8/2010 12:15:09 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
12/8/2010 12:15:09 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
12/8/2010 12:15:09 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
12/8/2010 12:15:04 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
12/8/2010 12:14:53 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
12/8/2010 12:14:42 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Avgldx64 Avgmfx64 discache ehdrv MpFilter spldr Wanarpv6
12/8/2010 12:14:42 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
12/7/2010 12:44:25 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
12/7/2010 12:30:54 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
12/7/2010 12:30:54 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
12/7/2010 12:30:53 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
12/7/2010 12:30:28 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Avgfwfd Avgldx64 Avgmfx64 Avgtdia cdrom CSC DfsC discache ehdrv MpFilter NetBIOS NetBT nsiproxy Psched rdbss spldr tdx Wanarpv6 WfpLwf
12/7/2010 12:30:28 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
12/7/2010 12:30:28 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
12/7/2010 12:30:28 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
12/7/2010 12:30:28 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
12/7/2010 12:30:28 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
12/7/2010 12:30:28 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
12/7/2010 12:30:28 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
12/7/2010 12:30:28 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
12/7/2010 12:30:28 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
12/7/2010 12:30:28 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
12/7/2010 12:10:27 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
12/7/2010 11:27:38 PM, Error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort5.
12/7/2010 11:11:50 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom
12/7/2010 11:08:00 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
12/7/2010 11:08:00 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/6/2010 6:39:57 PM, Error: Service Control Manager [7034] - The O&O Defrag service terminated unexpectedly. It has done this 1 time(s).
12/6/2010 3:50:08 AM, Error: Service Control Manager [7000] - The MEMSWEEP2 service failed to start due to the following error: This driver has been blocked from loading
12/6/2010 3:50:08 AM, Error: Application Popup [1060] - \??\C:\Windows\system32\9BB2.tmp has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
12/6/2010 3:49:45 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR3.
12/6/2010 3:46:28 AM, Error: Application Popup [1060] - \??\C:\Windows\system32\251E.tmp has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
12/6/2010 12:53:55 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
12/6/2010 12:51:58 AM, Error: Service Control Manager [7034] - The avast! Web Scanner service terminated unexpectedly. It has done this 3 time(s).
12/6/2010 12:51:58 AM, Error: Service Control Manager [7034] - The avast! Antivirus service terminated unexpectedly. It has done this 3 time(s).
12/6/2010 12:51:40 AM, Error: Service Control Manager [7031] - The avast! Web Scanner service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
12/6/2010 12:51:40 AM, Error: Service Control Manager [7031] - The avast! Antivirus service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
12/6/2010 12:50:32 AM, Error: Service Control Manager [7031] - The avast! Web Scanner service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
12/6/2010 12:50:32 AM, Error: Service Control Manager [7031] - The avast! Antivirus service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
12/6/2010 12:49:10 AM, Error: Service Control Manager [7030] - The Lavasoft Ad-Aware Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
12/6/2010 11:03:45 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Avgldx64 Avgmfx64 cdrom discache ehdrv MpFilter spldr Wanarpv6
12/6/2010 1:37:41 AM, Error: Microsoft Antimalware [2004] - Microsoft Antimalware has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. Signatures Attempted: Current Error Code: 0x80070002 Error description: The system cannot find the file specified. Signature version: 0.0.0.0;0.0.0.0 Engine version: 0.0.0.0
12/6/2010 1:05:56 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect.
12/6/2010 1:03:55 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the SBSD Security Center Service service to connect.
12/6/2010 1:03:55 AM, Error: Service Control Manager [7000] - The SBSD Security Center Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/6/2010 1:03:40 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Ventrilo service to connect.
12/6/2010 1:03:40 AM, Error: Service Control Manager [7000] - The Ventrilo service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/6/2010 1:03:24 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the NVIDIA Stereoscopic 3D Driver Service service to connect.
12/6/2010 1:03:24 AM, Error: Service Control Manager [7000] - The NVIDIA Stereoscopic 3D Driver Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/6/2010 1:03:09 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the StarWind AE Service service to connect.
12/6/2010 1:03:09 AM, Error: Service Control Manager [7000] - The StarWind AE Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/6/2010 1:02:54 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the NMSAccessU service to connect.
12/6/2010 1:02:54 AM, Error: Service Control Manager [7000] - The NMSAccessU service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/6/2010 1:02:39 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the HP CUE DeviceDiscovery Service service to connect.
12/6/2010 1:02:39 AM, Error: Service Control Manager [7000] - The HP CUE DeviceDiscovery Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/6/2010 1:02:24 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the ESET Service service to connect.
12/6/2010 1:02:24 AM, Error: Service Control Manager [7000] - The ESET Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/6/2010 1:02:09 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the DameWare Mini Remote Control service to connect.
12/6/2010 1:02:09 AM, Error: Service Control Manager [7000] - The DameWare Mini Remote Control service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/6/2010 1:01:52 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Lavasoft Ad-Aware Service service to connect.
12/6/2010 1:01:52 AM, Error: Service Control Manager [7000] - The Lavasoft Ad-Aware Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/6/2010 1:01:36 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the avast! Antivirus service to connect.
12/6/2010 1:01:36 AM, Error: Service Control Manager [7000] - The avast! Antivirus service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/6/2010 1:01:24 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
12/13/2010 7:50:36 AM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.
12/12/2010 9:48:07 AM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
12/12/2010 7:53:13 AM, Error: Service Control Manager [7024] - The HomeGroup Listener service terminated with service-specific error %%-2147023143.
12/12/2010 7:50:16 AM, Error: Microsoft-Windows-Kernel-Processor-Power [35] - Performance power management features on processor 7 in group 0 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware.
12/12/2010 7:50:16 AM, Error: Microsoft-Windows-Kernel-Processor-Power [35] - Performance power management features on processor 6 in group 0 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware.
12/12/2010 7:50:16 AM, Error: Microsoft-Windows-Kernel-Processor-Power [35] - Performance power management features on processor 5 in group 0 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware.
12/12/2010 7:50:16 AM, Error: Microsoft-Windows-Kernel-Processor-Power [35] - Performance power management features on processor 4 in group 0 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware.
12/12/2010 7:50:16 AM, Error: Microsoft-Windows-Kernel-Processor-Power [35] - Performance power management features on processor 3 in group 0 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware.
12/12/2010 7:50:16 AM, Error: Microsoft-Windows-Kernel-Processor-Power [35] - Performance power management features on processor 2 in group 0 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware.
12/12/2010 7:50:16 AM, Error: Microsoft-Windows-Kernel-Processor-Power [35] - Performance power management features on processor 1 in group 0 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware.
12/12/2010 7:50:16 AM, Error: Microsoft-Windows-Kernel-Processor-Power [35] - Performance power management features on processor 0 in group 0 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware.
12/12/2010 11:08:12 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
12/10/2010 5:59:18 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR2.
12/10/2010 1:21:53 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.

==== End Of File ===========================

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:05 AM

Posted 13 December 2010 - 02:54 PM

Hello

AVG right now is very hard to shut down long enough to run our scans and is actively going after some of our tools - for this reason we are going to have to remove it until we are finished

I would like you to uninstall AVG and run their AVG removal tool


It also looks like that You have ESET and MSE installed if this is true you will need to remove one of these as well - if they are not installed just let me know and I will fix the false readings



Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 The_Juggler17

The_Juggler17
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:10:05 AM

Posted 13 December 2010 - 06:18 PM

Having some trouble removing AVG.
Ran AVG's uninstaller, ran the removal tool you recommended (remember, I'm using 64-bit so I picked up the x64 version)
Restarted
Combofix still gives the AVG installed warning

I'm going to tinker with this a bit more.



Also keep in mind I am using Windows 7 64-bit
I have read that Combofix is very specifically designed for the 32-bit operating system and that there are no plans to change.
Will I be able to run this tool?

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:05 AM

Posted 13 December 2010 - 06:56 PM

Hello

I want you to run this script for me it will help remove AVG

It must be named CFScript_AVG2011.txt


:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

REGISTRY::
[-HKEY_CURRENT_USER\AppEvents\EventLabels\avgtrayRSAlert]
[-HKEY_CURRENT_USER\AppEvents\EventLabels\avgtrayScanFinished]
[-HKEY_CURRENT_USER\AppEvents\EventLabels\avgtrayScanFinishedThreatFound]
[-HKEY_CURRENT_USER\AppEvents\EventLabels\avgtrayScanStarted]
[-HKEY_CURRENT_USER\AppEvents\EventLabels\avgtrayUpdEnd]
[-HKEY_CURRENT_USER\AppEvents\EventLabels\avgtrayUpdEndFail]
[-HKEY_CURRENT_USER\AppEvents\EventLabels\avgtrayUpdStart]
[-HKEY_CURRENT_USER\AppEvents\Schemes\Apps\avgtray]
[-HKEY_CURRENT_USER\Software\Avg]
[-HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\AVG9 Shell Extension]
[-HKEY_CLASSES_ROOT\.avgdx]
[-HKEY_CLASSES_ROOT\CLSID\{1152F8E0-69DB-4935-AFC3-59F8A5A86A3E}]
[-HKEY_CLASSES_ROOT\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
[-HKEY_CLASSES_ROOT\CLSID\{41B21542-2055-4212-A6F2-395CD109B14B}]
[-HKEY_CLASSES_ROOT\CLSID\{6F59E522-4689-156E-316C-D5B48819DE95} ]
[-HKEY_CLASSES_ROOT\CLSID\{86E8C5B0-75B6-4ff2-B04F-6789CC7AE386}]
[-HKEY_CLASSES_ROOT\CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}]
[-HKEY_CLASSES_ROOT\CLSID\{EF0BB4CD-81FA-48AF-99B3-AB6C1F079BEC}]
[-HKEY_CLASSES_ROOT\CLSID\{F1FE4608-7924-4908-8E12-81CFA206F00A}]
[-HKEY_CLASSES_ROOT\CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1}]
[-HKEY_CLASSES_ROOT\Folder\shellex\ContextMenuHandlers\AVG9 Shell Extension]
[-HKEY_CLASSES_ROOT\Installer\Features\36E852A15FD8BDA48923830A21D156BE]
[-HKEY_CLASSES_ROOT\Installer\Features\69BC3230A1222404483A39DE4E0799CF]
[-HKEY_CLASSES_ROOT\Installer\Features\CFD2C1F142D260E3CB8B271543DA9F98]
[-HKEY_CLASSES_ROOT\Installer\Products\36E852A15FD8BDA48923830A21D156BE]
[-HKEY_CLASSES_ROOT\Installer\Products\69BC3230A1222404483A39DE4E0799CF]
[-HKEY_CLASSES_ROOT\Installer\Products\CFD2C1F142D260E3CB8B271543DA9F98]
[-HKEY_CLASSES_ROOT\Installer\UpgradeCodes\06DD9E4F7F3FF9C41BC2BD64A2CE18FE]
[-HKEY_CLASSES_ROOT\Installer\UpgradeCodes\38F747DBDC97B4E459142E21199F9D10]
[-HKEY_CLASSES_ROOT\Installer\UpgradeCodes\41A387AA3A7A33D3590FA953D1350011]
[-HKEY_CLASSES_ROOT\LinkScannerIE.NavFilter]
[-HKEY_CLASSES_ROOT\LinkScannerIE.NavFilter.1]
[-HKEY_CLASSES_ROOT\MicroScanner.MicroScanner]
[-HKEY_CLASSES_ROOT\piffile\shellex\ContextMenuHandlers\AVG9 Shell Extension]
[-HKEY_CLASSES_ROOT\PROTOCOLS\Handler\linkscanner]
[-HKEY_LOCAL_MACHINE\SOFTWARE\AVG]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DevDiv\VC]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\AVGSE.DLL]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0323CB96-221A-4042-84A3-93EDE47099FC}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1A258E63-8DF5-4ADB-9832-38A0121D65EB}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AlwaysUnloadDll]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG]
[-HKEY_CLASSES_ROOT\CLSID\{50A96677-4378-434d-9F4B-6B28B485933F}\{976BA62F-ABED-40e0-8F7B-6DE4F6756F0B}]
[-HKEY_CLASSES_ROOT\CLSID\{50A96677-4378-434d-9F4B-6B28B485933F}\{976BA62F-ABEE-40e0-8F7B-6DE4F6756F0B}]
[-HKEY_CLASSES_ROOT\CLSID\{50A96677-4378-434d-9F4B-6B28B485933F}\{976BA62F-ABEF-40e0-8F7B-6DE4F6756F0B}]
[-HKEY_CLASSES_ROOT\CLSID\{9781B2D1-AF27-474F-A3A5-C0763FBDF3B7}]
[-HKEY_CLASSES_ROOT\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
[-HKEY_CLASSES_ROOT\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}]
[-HKEY_CLASSES_ROOT\CLSID\{F2DDE6B2-9684-4A55-86D4-E255E237B77C}]
[-HKEY_CLASSES_ROOT\PROTOCOLS\Handler\avgsecuritytoolbar]
[-HKEY_CURRENT_USER\AppEvents\EventLabels\avgtrayWSAlert]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}]
[-HKEY_CURRENT_USER\Software\AppDataLow\Avg]
[-HKEY_CURRENT_USER\Software\AVG Security Toolbar]
[-HKEY_LOCAL_MACHINE\SOFTWARE\AVG Security Toolbar]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG9Uninstall]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\AvgEms]
[-HKEY_USERS\.DEFAULT\AppEvents\EventLabels\avgtrayRSAlert]
[-HKEY_USERS\.DEFAULT\AppEvents\EventLabels\avgtrayScanFinished]
[-HKEY_USERS\.DEFAULT\AppEvents\EventLabels\avgtrayScanFinishedThreatFound]
[-HKEY_USERS\.DEFAULT\AppEvents\EventLabels\avgtrayScanStarted]
[-HKEY_USERS\.DEFAULT\AppEvents\EventLabels\avgtrayWSAlert]
[-HKEY_USERS\.DEFAULT\AppEvents\Schemes\Apps\avgtray]
[-HKEY_USERS\.DEFAULT\Software\AppDataLow\Avg]
[-HKEY_USERS\.DEFAULT\Software\Avg]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG9_TRAY"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"=-
"{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions]
"{3f963a5b-e555-4543-90e2-c3908898db71}"=-
"avg@igeared"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\GroupOrderList]
"AVG"=-

DRIVER::
Avg
AVGIDSAgent
AVGIDSDriver
AVGIDSEH
AVGIDSFilter
AVGIDSShim
Avgldx86
Avgmfx86
Avgrkx86
Avgtdix
avgwd
AVG Security Toolbar Service
avg9emc
avg9wd

FOLDER::
%SYSTEMDRIVE%\$AVG
%COMMONAPPDATA%\AVG10
%COMMONAPPDATA%\MFAData
%COMMONPROGRAMS%\AVG 2011
%APPDATA%\AVG10
%PROGRAMFILES%\AVG
%SYSTEM%\drivers\AVG
%COMMONAPPDATA%\AVG Security Toolbar
%COMMONAPPDATA%\avg9
%COMMONPrograms%\AVG Free 9.0

File::
%COMMONAPPDATA%\Common Files\6F59E522-4689-156E-316C-D5B48819DE95.dat
%COMMONDESKTOP%\AVG 2011.lnk
%SYSTEM%\drivers\AVGIDSDriver.sys
%SYSTEM%\drivers\AVGIDSEH.sys
%SYSTEM%\drivers\AVGIDSFilter.sys
%SYSTEM%\drivers\AVGIDSShim.sys
%SYSTEM%\drivers\avgldx86.sys
%SYSTEM%\drivers\avgmfx86.sys
%SYSTEM%\drivers\avgrkx86.sys
%SYSTEM%\drivers\avgtdix.sys
%COMMONDesktop%\AVG Free 9.0.lnk
%PROGRAMFILES%\Mozilla Firefox\searchplugins\avg_igeared.xml
%SYSTEM%\avgrsstx.dll

SECCENTER::
AVG Anti-Virus Free


Save it to your desktop as CFScript_AVG2011.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 The_Juggler17

The_Juggler17
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:10:05 AM

Posted 13 December 2010 - 09:08 PM

Allright I think that removed the problems with AVG
I still got some error messages about ESET NOD32 - I was under the impression that I had removed that too but apparently something still exists.
Combofix was able to run anyway though - and the folks that told me it would not run on Windows 7 are clearly full of it.

I'm seeing that the combofix log states that NOD32 is enabled, this should not be because the program is completely uninstalled.
Under services.msc I can see that its process is still there and I cannot stop the service or remove it - the .exe that it claims to be running does not even exist.
If this doesn't affect further removal and diagnosis steps then I'm not concerned for now, I'll deal with that later

At this point I am *not* getting the browser redirects, everything seems to be working fine right now.






ComboFix 10-12-13.02 - Alex 12/13/2010 20:42:03.1.8 - x64
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.6135.4314 [GMT -5:00]
Running from: c:\users\Alex\Desktop\ComboFix.exe
Command switches used :: c:\users\Alex\Desktop\CFScript_AVG2011.txt
AV: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
SP: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Resident AV is active


FILE ::
"c:\program files\Mozilla Firefox\searchplugins\avg_igeared.xml"
"c:\programdata\Common Files\6F59E522-4689-156E-316C-D5B48819DE95.dat"
"c:\users\Public\Desktop\AVG 2011.lnk"
"c:\users\Public\Desktop\AVG Free 9.0.lnk"
"c:\windows\SysWow64\avgrsstx.dll"
"c:\windows\SysWow64\drivers\AVGIDSDriver.sys"
"c:\windows\SysWow64\drivers\AVGIDSEH.sys"
"c:\windows\SysWow64\drivers\AVGIDSFilter.sys"
"c:\windows\SysWow64\drivers\AVGIDSShim.sys"
"c:\windows\SysWow64\drivers\avgldx86.sys"
"c:\windows\SysWow64\drivers\avgmfx86.sys"
"c:\windows\SysWow64\drivers\avgrkx86.sys"
"c:\windows\SysWow64\drivers\avgtdix.sys"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files (x86)\Mozilla Firefox\searchplugins\google_search.xml
c:\programdata\MFAData
c:\programdata\MFAData\logs\mfa-20101204-074132.log
c:\programdata\MFAData\logs\mfa-20101204-074640.log
c:\programdata\MFAData\logs\mfa-20101204-191921.log
c:\programdata\MFAData\logs\mfa-20101204-192017.log
c:\programdata\MFAData\logs\mfa-20101204-192051.log
c:\programdata\MFAData\logs\mfa-20101204-194406.log
c:\programdata\MFAData\logs\mfa-20101205-033449.log
c:\programdata\MFAData\logs\mfa-20101205-040453.log
c:\programdata\MFAData\logs\mfa-20101205-040759.log
c:\programdata\MFAData\logs\mfa-20101205-040912.log
c:\programdata\MFAData\logs\mfa-20101205-041021.log
c:\programdata\MFAData\logs\mfa-20101205-050455.log
c:\programdata\MFAData\logs\mfa-20101206-070029.log
c:\programdata\MFAData\logs\mfa-20101213-222547.log
c:\programdata\MFAData\logs\msi-20101204-074640.log
c:\programdata\MFAData\logs\msi-20101204-191921.log
c:\programdata\MFAData\logs\msi-20101204-192017.log
c:\programdata\MFAData\logs\msi-20101204-192051.log
c:\programdata\MFAData\logs\msi-20101204-194406.log
c:\programdata\MFAData\logs\msi-20101205-033449.log
c:\programdata\MFAData\logs\msi-20101205-040453.log
c:\programdata\MFAData\logs\msi-20101205-040759.log
c:\programdata\MFAData\logs\msi-20101205-040912.log
c:\programdata\MFAData\logs\msi-20101205-041021.log
c:\programdata\MFAData\logs\msi-20101205-050455.log
c:\programdata\MFAData\logs\msi-20101206-070029.log
c:\programdata\MFAData\logs\msi-20101213-222547.log
c:\programdata\MFAData\mkt\hi\Installation-Page_LinkScanner.html
c:\programdata\MFAData\mkt\hi\Installation-Page_Smart-Scanning.html
c:\programdata\MFAData\mkt\hi\Installation-Page_Social-Networking.html
c:\programdata\MFAData\mkt\res\LinkScanner-style.css
c:\programdata\MFAData\mkt\res\LinkScanner.jpg
c:\programdata\MFAData\mkt\res\Smart-Scanning.jpg
c:\programdata\MFAData\mkt\res\SmartScanning-style.css
c:\programdata\MFAData\mkt\res\Social-Networking.jpg
c:\programdata\MFAData\mkt\res\SocialNetworking-style.css
c:\programdata\MFAData\mkt\us\Installation-Page_LinkScanner.html
c:\programdata\MFAData\mkt\us\Installation-Page_Smart-Scanning.html
c:\programdata\MFAData\mkt\us\Installation-Page_Social-Networking.html
c:\programdata\MFAData\state.dat
c:\windows\system32\Install.txt
c:\windows\system32\szetyj67v.txt
c:\windows\system32\User.ini
c:\windows\SysWow64\Install.txt
c:\windows\SysWow64\szetyj67v.txt
c:\windows\SysWow64\User.ini

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_AVGIDSDRIVER
-------\Legacy_AVGIDSEH
-------\Legacy_AVGIDSFILTER


((((((((((((((((((((((((( Files Created from 2010-11-14 to 2010-12-14 )))))))))))))))))))))))))))))))
.

2010-12-14 01:44 . 2010-12-14 01:44 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-12-13 23:01 . 2010-12-13 23:01 -------- d-----w- c:\program files (x86)\ESET
2010-12-13 22:48 . 2010-12-13 22:48 -------- d-----w- C:\Rbackup
2010-12-13 22:44 . 2010-12-13 22:49 -------- d-----w- c:\program files\Perfect Uninstaller
2010-12-08 04:04 . 2010-12-08 04:04 -------- d-----w- C:\TDSSKiller_Quarantine
2010-12-06 16:12 . 2010-05-26 15:39 6144 ------w- c:\windows\system32\6661.tmp
2010-12-06 16:11 . 2010-05-26 15:39 6144 ------w- c:\windows\system32\6A37.tmp
2010-12-06 08:46 . 2010-05-26 15:39 6144 ------w- c:\windows\system32\251E.tmp
2010-12-06 08:45 . 2010-05-26 15:39 6144 ------w- c:\windows\system32\9BB2.tmp
2010-12-06 08:45 . 2010-12-06 08:45 -------- d-----w- c:\program files (x86)\Sophos
2010-12-06 05:48 . 2010-12-06 05:48 -------- d-----w- c:\programdata\Alwil Software
2010-12-06 05:48 . 2010-12-06 05:48 -------- d-----w- c:\program files\Alwil Software
2010-12-06 05:47 . 2010-12-06 06:17 -------- dc----w- c:\programdata\{E961CE1B-C3EA-4882-9F67-F859B555D097}
2010-12-06 04:55 . 2010-12-06 04:56 -------- d-----w- c:\programdata\Lavasoft
2010-12-06 04:55 . 2010-12-06 04:55 -------- d-----w- c:\program files (x86)\Lavasoft
2010-12-06 04:38 . 2010-12-06 06:17 -------- d-----w- c:\program files (x86)\SpywareGuard
2010-12-05 09:02 . 2010-12-06 06:17 -------- d-----w- c:\program files (x86)\VentSrv
2010-12-05 07:00 . 2010-12-10 18:44 -------- d-----w- c:\users\Alex\AppData\Local\Adobe
2010-12-05 06:28 . 2010-12-05 06:28 -------- d-----w- c:\program files (x86)\Xilisoft
2010-12-04 07:49 . 2010-12-04 07:49 -------- d--h--w- c:\programdata\Common Files
2010-12-04 07:47 . 2010-12-13 23:09 -------- d-----w- c:\program files (x86)\AVG
2010-12-04 05:03 . 2010-12-04 05:03 -------- d-----w- c:\users\Alex\AppData\Local\Activision
2010-12-04 03:22 . 2010-12-04 03:22 -------- d-----w- c:\program files (x86)\Mozilla Firefox 4.0 Beta 7
2010-12-03 18:51 . 2010-12-03 18:51 -------- d-----w- c:\program files (x86)\WOT
2010-12-03 18:51 . 2010-12-06 06:17 -------- d-----w- c:\program files (x86)\MSN Toolbar
2010-12-03 18:50 . 2010-12-06 06:17 -------- d-----w- c:\program files (x86)\MSN Toolbar Installer
2010-12-03 18:50 . 2010-12-03 18:50 -------- d-----w- c:\program files (x86)\WOT Services
2010-12-03 09:56 . 2010-12-03 09:56 388096 ----a-r- c:\users\Alex\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-12-03 09:54 . 2010-12-03 09:54 -------- d-----w- c:\users\Alex\AppData\Local\Google
2010-12-03 09:53 . 2010-12-03 09:53 -------- d-----w- c:\users\Alex\AppData\Local\Apps
2010-12-03 09:53 . 2010-12-03 09:54 -------- d-----w- c:\users\Alex\AppData\Local\Deployment
2010-12-03 09:37 . 2010-12-03 09:37 -------- d-----w- c:\users\Alex\AppData\Roaming\JAM Software
2010-12-03 09:37 . 2010-12-03 09:37 -------- d-----w- c:\program files (x86)\JAM Software
2010-12-03 06:39 . 2010-12-03 06:39 55808 ----a-w- c:\windows\SysWow64\DWRCW64.exe
2010-12-02 00:21 . 2006-02-07 20:45 757760 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iKernel.dll
2010-12-02 00:21 . 2006-02-07 20:40 69715 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ctor.dll
2010-12-02 00:21 . 2005-11-14 04:19 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe
2010-12-02 00:21 . 2010-12-02 00:21 331908 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\setup.dll
2010-12-02 00:21 . 2010-12-02 00:21 200836 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iGdi.dll
2010-11-30 19:32 . 2010-12-03 17:50 -------- d-----w- c:\program files (x86)\Geeks3D
2010-11-29 05:48 . 2010-12-13 22:43 -------- d-----w- c:\users\Alex\AppData\Roaming\Media Player Classic
2010-11-29 05:45 . 2008-09-16 19:23 168448 ----a-w- c:\windows\SysWow64\unrar.dll
2010-11-29 05:45 . 2004-01-11 22:00 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2010-11-29 05:45 . 2010-11-29 05:45 -------- d-----w- c:\program files (x86)\K-Lite Codec Pack
2010-11-28 23:17 . 2010-11-28 23:17 -------- d-----w- c:\programdata\DivX
2010-11-23 18:41 . 2010-10-19 08:47 7680 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2010-11-23 18:41 . 2010-10-19 08:10 7680 ----a-w- c:\program files (x86)\Internet Explorer\iecompat.dll
2010-11-18 09:27 . 2010-11-18 09:27 -------- d-----w- c:\users\Alex\AppData\Local\bizarre creations
2010-11-18 04:52 . 2010-11-30 00:54 -------- d-----w- c:\program files (x86)\Activision
2010-11-17 08:57 . 2010-12-07 08:05 -------- d-----w- c:\users\Alex\AppData\Roaming\vlc
2010-11-16 20:25 . 2010-11-16 20:25 0 ----a-w- c:\windows\SysWow64\lspB599.tmp
2010-11-16 09:46 . 2010-11-16 09:46 -------- d-----w- c:\windows\CheckSur

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-29 22:42 . 2010-01-26 22:05 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2010-11-29 22:42 . 2010-01-26 22:05 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-23 10:14 . 2010-11-11 07:12 1886 ----a-w- c:\programdata\xmlE34B.tmp
2010-11-23 10:14 . 2010-11-11 07:12 13702 ----a-w- c:\programdata\xmlE1E3.tmp
2010-11-23 10:14 . 2010-11-11 07:12 5975 ----a-w- c:\programdata\xmlDD12.tmp
2010-10-19 20:51 . 2010-01-26 01:36 270720 ------w- c:\windows\system32\MpSigStub.exe
2010-10-16 18:55 . 2010-10-28 22:47 67176 ----a-w- c:\windows\system32\OpenCL.dll
2010-10-16 18:55 . 2010-10-28 22:47 6471784 ----a-w- c:\windows\system32\nvcuda.dll
2010-10-16 18:55 . 2010-10-28 22:47 57960 ----a-w- c:\windows\SysWow64\OpenCL.dll
2010-10-16 18:55 . 2010-10-28 22:47 5473896 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2010-10-16 18:55 . 2010-10-28 22:47 4837480 ----a-w- c:\windows\SysWow64\nvcuda.dll
2010-10-16 18:55 . 2010-10-28 22:47 386152 ----a-w- c:\windows\system32\nvdecodemft.dll
2010-10-16 18:55 . 2010-10-28 22:47 319080 ----a-w- c:\windows\SysWow64\nvdecodemft.dll
2010-10-16 18:55 . 2010-10-28 22:47 3112552 ----a-w- c:\windows\system32\nvcuvid.dll
2010-10-16 18:55 . 2010-10-28 22:47 2934888 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-10-16 18:55 . 2010-10-28 22:47 2912360 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2010-10-16 18:55 . 2010-10-28 22:47 2666600 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2010-10-16 18:55 . 2010-10-28 22:47 20284008 ----a-w- c:\windows\system32\nvoglv64.dll
2010-10-16 18:55 . 2010-10-28 22:47 18597480 ----a-w- c:\windows\system32\nvcompiler.dll
2010-10-16 18:55 . 2010-10-28 22:47 1719912 ----a-w- c:\windows\SysWow64\nvapi.dll
2010-10-16 18:55 . 2010-10-28 22:47 14899816 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2010-10-16 18:55 . 2010-10-28 22:47 13019752 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2010-10-16 18:55 . 2010-10-28 22:47 12788840 ----a-w- c:\windows\system32\nvd3dumx.dll
2010-10-16 18:55 . 2010-10-28 22:47 12432616 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2010-10-16 18:55 . 2010-10-28 22:47 10023528 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2010-10-16 18:55 . 2010-10-20 23:47 7491688 ----a-w- c:\windows\system32\nvwgf2umx.dll
2010-10-16 18:55 . 2010-10-20 23:47 1500264 ----a-w- c:\windows\system32\nvdispco642050.dll
2010-10-16 18:55 . 2010-10-20 23:47 1308776 ----a-w- c:\windows\system32\nvgenco642030.dll
2010-10-16 18:55 . 2010-09-16 04:15 2161256 ----a-w- c:\windows\system32\nvapi64.dll
2010-10-16 17:13 . 2010-10-16 17:13 5901416 ----a-w- c:\windows\system32\nvcpl.dll
2010-10-16 17:13 . 2010-10-16 17:13 989800 ----a-w- c:\windows\system32\nvvsvc.exe
2010-10-16 17:13 . 2010-10-16 17:13 2590824 ----a-w- c:\windows\system32\nvsvc64.dll
2010-10-16 17:13 . 2010-10-16 17:13 116328 ----a-w- c:\windows\system32\nvmctray.dll
2010-10-14 06:36 . 2010-10-14 06:36 15451288 ----a-w- c:\windows\SysWow64\xlive.dll
2010-10-14 06:36 . 2010-10-14 06:36 13642904 ----a-w- c:\windows\SysWow64\xlivefnt.dll
2010-09-30 16:30 . 2010-09-30 16:30 2178376 ----a-w- c:\windows\system32\ooscrsav.scr
2010-09-30 16:29 . 2010-09-30 16:29 349000 ----a-w- c:\windows\system32\oodbs.exe
2010-09-30 16:28 . 2010-09-30 16:28 535880 ----a-w- c:\windows\system32\oodssrs.dll
2010-09-30 16:28 . 2010-09-30 16:28 9544 ----a-w- c:\windows\system32\oodbsrs.dll
2010-09-21 19:49 . 2010-09-21 19:49 252800 ----a-w- c:\windows\system32\LIVESSP.DLL
2010-09-21 19:03 . 2010-09-21 19:03 208768 ----a-w- c:\windows\SysWow64\LIVESSP.DLL
2010-09-15 09:50 . 2010-11-08 21:20 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2010-09-15 07:45 . 2010-08-09 20:21 0 ----a-w- c:\users\Alex\AppData\Local\Vcoyetaped.bin
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\\Phone\Skype.exe" [2010-09-02 13351304]
"Steam"="c:\program files (x86)\Steamx2\steam.exe" [2010-11-17 1242448]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2010-09-25 328056]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Razer Imperator Driver"="c:\program files (x86)\Razer\Imperator\RazerImperatorTray.exe" [2010-03-18 2787224]
"Lycosa"="c:\program files (x86)\Razer\Lycosa\razerhid.exe" [2010-04-13 238592]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"DameWare MRC Agent"="c:\windows\SysWOW64\DWRCST.exe" [2010-08-06 85528]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Core Temp.lnk - c:\program files\Core Temp\Core Temp.exe [2010-10-12 530448]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"DisableStartupSound"= 1 (0x1)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0oodbs

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

R0 muijuo;muijuo;c:\windows\system32\drivers\bqrne.sys [x]
R1 aeadspbb;aeadspbb;c:\windows\system32\drivers\aeadspbb.sys [x]
R1 aeqxdwrk;aeqxdwrk;c:\windows\system32\drivers\aeqxdwrk.sys [x]
R1 cbchydda;cbchydda;c:\windows\system32\drivers\cbchydda.sys [x]
R1 cgwlantd;cgwlantd;c:\windows\system32\drivers\cgwlantd.sys [x]
R1 cvosvuue;cvosvuue;c:\windows\system32\drivers\cvosvuue.sys [x]
R1 ecvoqmfo;ecvoqmfo;c:\windows\system32\drivers\ecvoqmfo.sys [x]
R1 egecoosg;egecoosg;c:\windows\system32\drivers\egecoosg.sys [x]
R1 eqbfhlku;eqbfhlku;c:\windows\system32\drivers\eqbfhlku.sys [x]
R1 fmuclszo;fmuclszo;c:\windows\system32\drivers\fmuclszo.sys [x]
R1 gphqfvtm;gphqfvtm;c:\windows\system32\drivers\gphqfvtm.sys [x]
R1 ididsyjh;ididsyjh;c:\windows\system32\drivers\ididsyjh.sys [x]
R1 ivzicnkb;ivzicnkb;c:\windows\system32\drivers\ivzicnkb.sys [x]
R1 lpigrsbe;lpigrsbe;c:\windows\system32\drivers\lpigrsbe.sys [x]
R1 mqxuijiy;mqxuijiy;c:\windows\system32\drivers\mqxuijiy.sys [x]
R1 mumsbvgs;mumsbvgs;c:\windows\system32\drivers\mumsbvgs.sys [x]
R1 neeflrwf;neeflrwf;c:\windows\system32\drivers\neeflrwf.sys [x]
R1 netqovri;netqovri;c:\windows\system32\drivers\netqovri.sys [x]
R1 oedhnqrd;oedhnqrd;c:\windows\system32\drivers\oedhnqrd.sys [x]
R1 pclurfaj;pclurfaj;c:\windows\system32\drivers\pclurfaj.sys [x]
R1 pqcixhfj;pqcixhfj;c:\windows\system32\drivers\pqcixhfj.sys [x]
R1 ptsdfyuo;ptsdfyuo;c:\windows\system32\drivers\ptsdfyuo.sys [x]
R1 qkqhexjf;qkqhexjf;c:\windows\system32\drivers\qkqhexjf.sys [x]
R1 upohwzko;upohwzko;c:\windows\system32\drivers\upohwzko.sys [x]
R1 vehcpjbt;vehcpjbt;c:\windows\system32\drivers\vehcpjbt.sys [x]
R1 vnxlljoc;vnxlljoc;c:\windows\system32\drivers\vnxlljoc.sys [x]
R1 xnhzzwrq;xnhzzwrq;c:\windows\system32\drivers\xnhzzwrq.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 ENTECH64;ENTECH64;c:\windows\system32\DRIVERS\ENTECH64.sys [2008-04-22 12744]
R3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\users\Alex\AppData\Local\Temp\EverestDriver.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-04-10 1038088]
R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\6661.tmp [2010-05-26 6144]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-02 1255736]
R4 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Professional Business 2010.SP3\RpcAgentSrv.exe [2009-08-10 93848]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-08-19 828912]
R4 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2010-06-24 92008]
S1 dwvkbd;DameWare Virtual Keyboard 64 bit Driver;c:\windows\system32\DRIVERS\dwvkbd64.sys [2007-02-15 30720]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2010-03-25 139704]
S2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x64.sys [2010-03-31 20968]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2010-03-25 163888]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2010-03-25 810120]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2010-03-25 124760]
S2 OODefragAgent;O&O Defrag;c:\program files\OO Software\Defrag\oodag.exe [2010-09-30 3140424]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-10-16 369256]
S2 WinRing0_1_2_0;WinRing0_1_2_0;c:\users\Alex\AppData\Local\Microsoft\Windows Sidebar\Gadgets\IntelCoreSeries24.gadget\WinRing0x64.sys [2010-05-28 14544]
S3 ALSysIO;ALSysIO;c:\users\Alex\AppData\Local\Temp\ALSysIO64.sys [x]
S3 Lycosa;Lycosa Keyboard;c:\windows\system32\drivers\Lycosa.sys [2009-09-30 20352]
S3 nvoclk64;NVIDIA Enthusiasts Platform KDM;c:\windows\system32\DRIVERS\nvoclk64.sys [2009-09-15 42088]
S3 RivaTuner64;RivaTuner64;c:\program files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys [2010-05-06 19952]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-06-23 344680]


--- Other Services/Drivers In Memory ---

*NewlyCreated* - ALSYSIO

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2010-12-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3617804587-3882986815-3225921778-1001Core.job
- c:\users\Alex\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-03 09:54]

2010-12-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3617804587-3882986815-3225921778-1001UA.job
- c:\users\Alex\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-03 09:54]
.

--------- x86-64 -----------


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"combofix"="c:\combofix\CF18443.cfxxe" [X]
"OODefragTray"="c:\program files\OO Software\Defrag\oodtray.exe" [2010-09-30 4042568]
"RivaTunerStartupDaemon"="c:\program files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTunerWrapper.exe" [2009-08-22 24576]
"RivaTuner"="c:\program files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTunerWrapper.exe" [2009-08-22 24576]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-03 11545192]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-10-16 5901416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mStart Page = www.google.com
mLocal Page = c:\windows\SYSTEM32\blank.htm
uInternet Settings,ProxyServer = http=127.0.0.1:43902
uInternet Settings,ProxyOverride = <local>
FF - ProfilePath - c:\users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\7g6sp3un.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
AddRemove-NV_GEF7_LUNA_SS_nzone - c:\windows\system32\NV_GEF7_LUNA_SS_nzone.scr



[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\6661.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3617804587-3882986815-3225921778-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"

[HKEY_USERS\S-1-5-21-3617804587-3882986815-3225921778-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG12.00.00.01PROFESSIONAL"="1780D9DBF1503C70FC6050EC60316042133C33D66D045872884E1246946133B32F6A78FED36B4579646540E71310BF2AF349F6E19D2BDD231E574C7024729F84A4E01832D6339355E5E6EB2989D9AC73901436576C54B5515E7BF01D4EBB450AE332E87E794F493F70AF0EA193C5A34CF805552C9AE3D2C11A612E69646EADBDA36281463B60AC053AC0C3160200C3F684BB1D2B69B24ECC68631543B72F0D2D5BAAD93D217727093DCE101EA9A64ECB4F083672A08B645F268F986D2218B57A46F4D0E8349AC6C036C25928654CABB533EFB2730AAEF2F8F1A992FEFEB5A2D965FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6171C11EC38DE3DA6A0AC4980AC79335D575E7D6A3B9808916A2C1C25D41F592B11ED0F9750267A39D04FF7F2BCA943CD0DD6A3BACDD0822FD9940B82D9676322A58F969AD1F43B7882FB7708D293E87873420ED8BA2AC01154DA5DB653E41360C57697DD908AAD833770AC52D69B863FF11F796C574165F241EA76B9FA109EDD223083295B17E8318781BB02D04337F729A75C34060BA6486C7F3CF72BF202CA4F21D2B3285B490E71D7CBBD6F22D52AA167AFE4CE16853505AD1AD063AFFB09C480812C8FAB6E5955EC0A9F83E18412C4BE7124DBFE43131E58FE98C97A11AEDF570F31CDF1BE85F99329B684C1A821DF64230E7CF9E66FAFB95C17A49B8608E104FEDAC5ABDEBB08ECDA830C136A7A275FCAAFA34E380D16612988DFEDE8916CBB582FF9E9BD560CF15A7D573B3979B08C710E67D648E00EAEE09C8B64867F0A03A8AC14D08A6579EE628D48374327F59DA59F83046793BC5A02F6DB80F23627B6FDC4629C3AABA4023491E5137F465616F84F57D72C042AEB0E31A9DB06529204EB5B539782A146A015DBD971A6CA935000FBE36AF04340C18D566E23592203EC8A4A7D24E2F2FC914D337008B65D54F7D57852E6D316CF8C09E54B154C268ECA755E1A3819FE497129519CA3EEDAA20E968C6B8CB6F60BD4115504088497B347CC58855BA957912F79E2F49F56526DE7E4F120ADBF130971B78B0262E4DFD160B36E3F2D5E471E8F138C3270358987ADE5D9013359CB47121365CEA11D9C2D69D1486EDCC0C69CA9CEE1B31A98F8265B44E4C717B13723B73D311C5619A16D895303DAB0A3081F6888EDF839D14DE3442DABCD693B9E61B857B43CA38C74A03BE630F102986C1A0DA12FAA7B75E5C08A51B8914D2B7E28BE012729C16F51B64C41D4C33E7A8C68AAFE1790A1DED81DA8678B37F8FB89044663B5FCFD7DA383E11AE906656334C4A9880B1A0329EDC06AA896043AEC25632227FE78B83412BF70ABDC110FB362D345AAE6588BB421D470D2C0646D7E6A1A78FC977E64D66F0944360EE1E1"
"OODEFRAG14.00.00.01PROFESSIONAL"="BAC827FA5B68B53A538A35FCEF1169030DDA1134CCB56C9882AB23B174BE5468E27B4088E95771F7A44CBD21C8338C41FBB34E152A64E99028EDB51CD4B82501138FC80DC830D6823D3ABD6B0CFA91EAF76CCB87D590A525EF581B28FCCFBEE093CC084F43B3C35BB1B5320562111B3603A1DA34F56D29DCEADD9AA02FE0AD7D9F20DA5BD706EB0C0C442CD82602215A138F648AE210CF409A950F9360A85551E619307F38B1D41FC70DCF97E6C16F151398DFBA2AF4C95FF63BE9D2B9CB6ADA0E6C0E50CC9F5AA4565DD835E7A3262760435D398A791EC8E8ABAB7599D2F61E2E700CA3AE232BAF9C28926AA26138D4CD38FEBFF8DFA4FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808A2D97226D213B5559DB7CE019D40AA5C9DB7CE019D40AA5C777F6098C3D95F086C5196BC3BB4D4465253BEC361C00A142198B766A76C6E012FA847AC57B19B20867F29D3ECFAAB1B4CDBA7FC09D59A8533D4C4AC717C39820C4FF72097A22FC2CF347566BFA00C4B4F000AD4ACE66E8CE29C07C95B3C2FCBB8903BB8D35D2C5B25797A0E87D492250959415CBE3CC8FE4DB4D2609BB45C57E47C7CCFA0C406AAE5CAE0F855F7BA4EABF14B3674D3510816D59D29271E31F44419CED255F01844F69C716B061CE840ED494B19C8DE9324E2A90671B96802468FDE66C10FAD9D1042D49839338C624708D1885278447EA65FD2CA1853B5074280BB1CB3AEF9BAC9B3CBEA4D41C4520438F16D3F071CE53339E3CF12B6DCDC34578E6D5056097200BBD09CA6D37447EABF068953B93501C324E59C676AE604BAD8AF79566E42AF97CFA508D65301B145E4DC0F969B0FEB2857D3DD343A93E1C8CB658615A4C2BF48E6012B056E03EAAFF0B85524FA61A4818B1E63A9B556BC24FBEDFCF368D9531E000BA76A16472B1BB1D058AA68158F448028A00B2FD3C1683979EAEA6E0900F81964C3D57ECD12CC7751B46D3B4674BA78CBAD31BC67030457AD7F09AC893F0B3A1DE8A922CAA1DB1A582FC40D487D83BA534688BBA0F1BA2D24116D62466EDE68BB265C3C27BF3672782D9B3DA03B0F1100CA10CABFE9A29668174D8D5FCECDB2BAABF6CF7F371E5D3ABBF06C86A0254B04BF5E4C3D2625737C30F3722706882907CF1AA1A4B6A43D170758026A845D3B89CA99E7C34504A8569BBD1B269D92DF040E753A1B513678FDE3F728EC23A6B72CBAFE88AFCE4F9BDCBF1BD09804C3700702D0661A7B8E77D3490CCBE11C439AF97CDE5D95296F396EA412A66B08C776D9EF86398F90BCA76E51E31FD4F148C379A69C59BA219DF05B77BBEDC4E12093BB3C83059CCF277B18BAE219828C9F1622EE32B49BE76AB6E98846C1FB281E6C5D70CB66135A86E8106980745D3706F7"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SysWOW64\DWRCS.EXE
c:\program files (x86)\CDBurnerXP\NMSAccessU.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Alcohol Soft2\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\program files (x86)\Razer\Lycosa\razertra.exe
.
**************************************************************************
.
Completion time: 2010-12-13 20:48:44 - machine was rebooted
ComboFix-quarantined-files.txt 2010-12-14 01:48

Pre-Run: 70,331,359,232 bytes free
Post-Run: 69,838,376,960 bytes free

- - End Of File - - F375AE8A222787763FE98A279E6F871F

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:05 AM

Posted 13 December 2010 - 09:31 PM

Greetings

Good That cleaned up some bad guys but I see some other stuff that we need to go after, so I want you to run this custom script for me.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

Driver::
muijuo
aeadspbb
aeqxdwrk
cbchydda
cgwlantd
cvosvuue
ecvoqmfo
egecoosg
eqbfhlku
fmuclszo
gphqfvtm
ididsyjh
ivzicnkb
lpigrsbe
mqxuijiy
mumsbvgs
neeflrwf
netqovri
oedhnqrd
pclurfaj
pqcixhfj
ptsdfyuo
qkqhexjf
upohwzko
vehcpjbt
vnxlljoc
xnhzzwrq

DDS::
uInternet Settings,ProxyServer = http=127.0.0.1:43902
uInternet Settings,ProxyOverride = <local>



Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 The_Juggler17

The_Juggler17
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:10:05 AM

Posted 13 December 2010 - 10:54 PM

Allright, that has been ran - yeah those are some fishy looking drivers.
It still gave the error message about having AVG installed so I renamed the custom script CFScript_AVG2011 to get it to run.

And it is still not giving the browser redirects anymore - good to see some of this stuff getting cleaned up.
Log from Combofix follows:






ComboFix 10-12-13.02 - Alex 12/13/2010 22:42:00.2.8 - x64
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.6135.4295 [GMT -5:00]
Running from: c:\users\Alex\Desktop\ComboFix.exe
Command switches used :: c:\users\Alex\Desktop\CFScript_AVG2011.txt
AV: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
SP: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_aeadspbb
-------\Service_aeqxdwrk
-------\Service_cbchydda
-------\Service_cgwlantd
-------\Service_cvosvuue
-------\Service_ecvoqmfo
-------\Service_egecoosg
-------\Service_eqbfhlku
-------\Service_fmuclszo
-------\Service_gphqfvtm
-------\Service_ididsyjh
-------\Service_ivzicnkb
-------\Service_lpigrsbe
-------\Service_mqxuijiy
-------\Service_muijuo
-------\Service_mumsbvgs
-------\Service_neeflrwf
-------\Service_netqovri
-------\Service_oedhnqrd
-------\Service_pclurfaj
-------\Service_pqcixhfj
-------\Service_ptsdfyuo
-------\Service_qkqhexjf
-------\Service_upohwzko
-------\Service_vehcpjbt
-------\Service_vnxlljoc
-------\Service_xnhzzwrq


((((((((((((((((((((((((( Files Created from 2010-11-14 to 2010-12-14 )))))))))))))))))))))))))))))))
.

2010-12-14 03:45 . 2010-12-14 03:45 -------- d-----w- c:\users\SRV\AppData\Local\temp
2010-12-13 22:48 . 2010-12-13 22:48 -------- d-----w- C:\Rbackup
2010-12-13 22:44 . 2010-12-13 22:49 -------- d-----w- c:\program files\Perfect Uninstaller
2010-12-08 04:04 . 2010-12-08 04:04 -------- d-----w- C:\TDSSKiller_Quarantine
2010-12-06 16:12 . 2010-05-26 15:39 6144 ------w- c:\windows\system32\6661.tmp
2010-12-06 16:11 . 2010-05-26 15:39 6144 ------w- c:\windows\system32\6A37.tmp
2010-12-06 08:46 . 2010-05-26 15:39 6144 ------w- c:\windows\system32\251E.tmp
2010-12-06 08:45 . 2010-05-26 15:39 6144 ------w- c:\windows\system32\9BB2.tmp
2010-12-06 08:45 . 2010-12-06 08:45 -------- d-----w- c:\program files (x86)\Sophos
2010-12-06 05:48 . 2010-12-06 05:48 -------- d-----w- c:\programdata\Alwil Software
2010-12-06 05:48 . 2010-12-06 05:48 -------- d-----w- c:\program files\Alwil Software
2010-12-06 05:47 . 2010-12-06 06:17 -------- dc----w- c:\programdata\{E961CE1B-C3EA-4882-9F67-F859B555D097}
2010-12-06 04:55 . 2010-12-06 04:56 -------- d-----w- c:\programdata\Lavasoft
2010-12-06 04:55 . 2010-12-06 04:55 -------- d-----w- c:\program files (x86)\Lavasoft
2010-12-06 04:38 . 2010-12-06 06:17 -------- d-----w- c:\program files (x86)\SpywareGuard
2010-12-05 09:02 . 2010-12-06 06:17 -------- d-----w- c:\program files (x86)\VentSrv
2010-12-05 07:00 . 2010-12-10 18:44 -------- d-----w- c:\users\Alex\AppData\Local\Adobe
2010-12-05 06:28 . 2010-12-05 06:28 -------- d-----w- c:\program files (x86)\Xilisoft
2010-12-04 07:49 . 2010-12-04 07:49 -------- d--h--w- c:\programdata\Common Files
2010-12-04 07:47 . 2010-12-13 23:09 -------- d-----w- c:\program files (x86)\AVG
2010-12-04 05:03 . 2010-12-04 05:03 -------- d-----w- c:\users\Alex\AppData\Local\Activision
2010-12-04 03:22 . 2010-12-04 03:22 -------- d-----w- c:\program files (x86)\Mozilla Firefox 4.0 Beta 7
2010-12-03 18:51 . 2010-12-03 18:51 -------- d-----w- c:\program files (x86)\WOT
2010-12-03 18:51 . 2010-12-06 06:17 -------- d-----w- c:\program files (x86)\MSN Toolbar
2010-12-03 18:50 . 2010-12-06 06:17 -------- d-----w- c:\program files (x86)\MSN Toolbar Installer
2010-12-03 18:50 . 2010-12-03 18:50 -------- d-----w- c:\program files (x86)\WOT Services
2010-12-03 09:56 . 2010-12-03 09:56 388096 ----a-r- c:\users\Alex\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-12-03 09:54 . 2010-12-03 09:54 -------- d-----w- c:\users\Alex\AppData\Local\Google
2010-12-03 09:53 . 2010-12-03 09:53 -------- d-----w- c:\users\Alex\AppData\Local\Apps
2010-12-03 09:53 . 2010-12-03 09:54 -------- d-----w- c:\users\Alex\AppData\Local\Deployment
2010-12-03 09:37 . 2010-12-03 09:37 -------- d-----w- c:\users\Alex\AppData\Roaming\JAM Software
2010-12-03 09:37 . 2010-12-03 09:37 -------- d-----w- c:\program files (x86)\JAM Software
2010-12-03 06:39 . 2010-12-03 06:39 55808 ----a-w- c:\windows\SysWow64\DWRCW64.exe
2010-12-02 00:21 . 2006-02-07 20:45 757760 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iKernel.dll
2010-12-02 00:21 . 2006-02-07 20:40 69715 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ctor.dll
2010-12-02 00:21 . 2005-11-14 04:19 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe
2010-12-02 00:21 . 2010-12-02 00:21 331908 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\setup.dll
2010-12-02 00:21 . 2010-12-02 00:21 200836 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iGdi.dll
2010-11-30 19:32 . 2010-12-03 17:50 -------- d-----w- c:\program files (x86)\Geeks3D
2010-11-29 05:48 . 2010-12-13 22:43 -------- d-----w- c:\users\Alex\AppData\Roaming\Media Player Classic
2010-11-29 05:45 . 2008-09-16 19:23 168448 ----a-w- c:\windows\SysWow64\unrar.dll
2010-11-29 05:45 . 2004-01-11 22:00 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2010-11-29 05:45 . 2010-11-29 05:45 -------- d-----w- c:\program files (x86)\K-Lite Codec Pack
2010-11-28 23:17 . 2010-11-28 23:17 -------- d-----w- c:\programdata\DivX
2010-11-23 18:41 . 2010-10-19 08:47 7680 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2010-11-23 18:41 . 2010-10-19 08:10 7680 ----a-w- c:\program files (x86)\Internet Explorer\iecompat.dll
2010-11-18 09:27 . 2010-11-18 09:27 -------- d-----w- c:\users\Alex\AppData\Local\bizarre creations
2010-11-18 04:52 . 2010-11-30 00:54 -------- d-----w- c:\program files (x86)\Activision
2010-11-17 08:57 . 2010-12-07 08:05 -------- d-----w- c:\users\Alex\AppData\Roaming\vlc
2010-11-16 20:35 . 2010-12-03 23:10 -------- d-----w- c:\program files (x86)\TNod User & Password Finder
2010-11-16 20:25 . 2010-11-16 20:25 0 ----a-w- c:\windows\SysWow64\lspB599.tmp
2010-11-16 09:46 . 2010-11-16 09:46 -------- d-----w- c:\windows\CheckSur

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-29 22:42 . 2010-01-26 22:05 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2010-11-29 22:42 . 2010-01-26 22:05 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-23 10:14 . 2010-11-11 07:12 1886 ----a-w- c:\programdata\xmlE34B.tmp
2010-11-23 10:14 . 2010-11-11 07:12 13702 ----a-w- c:\programdata\xmlE1E3.tmp
2010-11-23 10:14 . 2010-11-11 07:12 5975 ----a-w- c:\programdata\xmlDD12.tmp
2010-10-19 20:51 . 2010-01-26 01:36 270720 ------w- c:\windows\system32\MpSigStub.exe
2010-10-16 18:55 . 2010-10-28 22:47 67176 ----a-w- c:\windows\system32\OpenCL.dll
2010-10-16 18:55 . 2010-10-28 22:47 6471784 ----a-w- c:\windows\system32\nvcuda.dll
2010-10-16 18:55 . 2010-10-28 22:47 57960 ----a-w- c:\windows\SysWow64\OpenCL.dll
2010-10-16 18:55 . 2010-10-28 22:47 5473896 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2010-10-16 18:55 . 2010-10-28 22:47 4837480 ----a-w- c:\windows\SysWow64\nvcuda.dll
2010-10-16 18:55 . 2010-10-28 22:47 386152 ----a-w- c:\windows\system32\nvdecodemft.dll
2010-10-16 18:55 . 2010-10-28 22:47 319080 ----a-w- c:\windows\SysWow64\nvdecodemft.dll
2010-10-16 18:55 . 2010-10-28 22:47 3112552 ----a-w- c:\windows\system32\nvcuvid.dll
2010-10-16 18:55 . 2010-10-28 22:47 2934888 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-10-16 18:55 . 2010-10-28 22:47 2912360 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2010-10-16 18:55 . 2010-10-28 22:47 2666600 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2010-10-16 18:55 . 2010-10-28 22:47 20284008 ----a-w- c:\windows\system32\nvoglv64.dll
2010-10-16 18:55 . 2010-10-28 22:47 18597480 ----a-w- c:\windows\system32\nvcompiler.dll
2010-10-16 18:55 . 2010-10-28 22:47 1719912 ----a-w- c:\windows\SysWow64\nvapi.dll
2010-10-16 18:55 . 2010-10-28 22:47 14899816 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2010-10-16 18:55 . 2010-10-28 22:47 13019752 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2010-10-16 18:55 . 2010-10-28 22:47 12788840 ----a-w- c:\windows\system32\nvd3dumx.dll
2010-10-16 18:55 . 2010-10-28 22:47 12432616 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2010-10-16 18:55 . 2010-10-28 22:47 10023528 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2010-10-16 18:55 . 2010-10-20 23:47 7491688 ----a-w- c:\windows\system32\nvwgf2umx.dll
2010-10-16 18:55 . 2010-10-20 23:47 1500264 ----a-w- c:\windows\system32\nvdispco642050.dll
2010-10-16 18:55 . 2010-10-20 23:47 1308776 ----a-w- c:\windows\system32\nvgenco642030.dll
2010-10-16 18:55 . 2010-09-16 04:15 2161256 ----a-w- c:\windows\system32\nvapi64.dll
2010-10-16 17:13 . 2010-10-16 17:13 5901416 ----a-w- c:\windows\system32\nvcpl.dll
2010-10-16 17:13 . 2010-10-16 17:13 989800 ----a-w- c:\windows\system32\nvvsvc.exe
2010-10-16 17:13 . 2010-10-16 17:13 2590824 ----a-w- c:\windows\system32\nvsvc64.dll
2010-10-16 17:13 . 2010-10-16 17:13 116328 ----a-w- c:\windows\system32\nvmctray.dll
2010-10-14 06:36 . 2010-10-14 06:36 15451288 ----a-w- c:\windows\SysWow64\xlive.dll
2010-10-14 06:36 . 2010-10-14 06:36 13642904 ----a-w- c:\windows\SysWow64\xlivefnt.dll
2010-09-30 16:30 . 2010-09-30 16:30 2178376 ----a-w- c:\windows\system32\ooscrsav.scr
2010-09-30 16:29 . 2010-09-30 16:29 349000 ----a-w- c:\windows\system32\oodbs.exe
2010-09-30 16:28 . 2010-09-30 16:28 535880 ----a-w- c:\windows\system32\oodssrs.dll
2010-09-30 16:28 . 2010-09-30 16:28 9544 ----a-w- c:\windows\system32\oodbsrs.dll
2010-09-21 19:49 . 2010-09-21 19:49 252800 ----a-w- c:\windows\system32\LIVESSP.DLL
2010-09-21 19:03 . 2010-09-21 19:03 208768 ----a-w- c:\windows\SysWow64\LIVESSP.DLL
2010-09-15 09:50 . 2010-11-08 21:20 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2010-09-15 07:45 . 2010-08-09 20:21 0 ----a-w- c:\users\Alex\AppData\Local\Vcoyetaped.bin
.

((((((((((((((((((((((((((((( SnapShot@2010-12-14_01.46.37 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 05:10 . 2010-12-14 01:48 39756 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2009-07-14 05:10 . 2010-12-13 23:12 39756 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-01-26 01:58 . 2010-12-14 01:48 19334 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3617804587-3882986815-3225921778-1001_UserData.bin
+ 2010-01-26 01:33 . 2010-12-14 03:46 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-01-26 01:33 . 2010-12-14 01:46 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-01-26 01:33 . 2010-12-14 01:46 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-01-26 01:33 . 2010-12-14 03:46 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-01-26 01:33 . 2010-12-14 03:46 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-01-26 01:33 . 2010-12-14 01:46 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-01-26 01:33 . 2010-12-14 01:46 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-01-26 01:33 . 2010-12-14 03:46 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-01-26 01:33 . 2010-12-14 03:46 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-01-26 01:33 . 2010-12-14 01:46 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-12-14 01:46 . 2010-12-14 01:46 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-12-14 03:46 . 2010-12-14 03:46 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 05:01 . 2010-12-14 01:45 404936 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2010-12-14 03:45 404936 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 02:34 . 2010-12-14 00:04 10223616 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2009-07-14 02:34 . 2010-12-14 03:42 10223616 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2010-02-24 08:16 . 2010-12-14 03:45 21672908 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3617804587-3882986815-3225921778-1001-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\\Phone\Skype.exe" [2010-09-02 13351304]
"Steam"="c:\program files (x86)\Steamx2\steam.exe" [2010-11-17 1242448]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2010-09-25 328056]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Razer Imperator Driver"="c:\program files (x86)\Razer\Imperator\RazerImperatorTray.exe" [2010-03-18 2787224]
"Lycosa"="c:\program files (x86)\Razer\Lycosa\razerhid.exe" [2010-04-13 238592]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"DameWare MRC Agent"="c:\windows\SysWOW64\DWRCST.exe" [2010-08-06 85528]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Core Temp.lnk - c:\program files\Core Temp\Core Temp.exe [2010-10-12 530448]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"DisableStartupSound"= 1 (0x1)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0oodbs

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 ENTECH64;ENTECH64;c:\windows\system32\DRIVERS\ENTECH64.sys [2008-04-22 12744]
R3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\users\Alex\AppData\Local\Temp\EverestDriver.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-04-10 1038088]
R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\6661.tmp [2010-05-26 6144]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-02 1255736]
R4 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Professional Business 2010.SP3\RpcAgentSrv.exe [2009-08-10 93848]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-08-19 828912]
R4 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2010-06-24 92008]
S1 dwvkbd;DameWare Virtual Keyboard 64 bit Driver;c:\windows\system32\DRIVERS\dwvkbd64.sys [2007-02-15 30720]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2010-03-25 139704]
S2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x64.sys [2010-03-31 20968]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2010-03-25 163888]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2010-03-25 810120]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2010-03-25 124760]
S2 OODefragAgent;O&O Defrag;c:\program files\OO Software\Defrag\oodag.exe [2010-09-30 3140424]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-10-16 369256]
S2 WinRing0_1_2_0;WinRing0_1_2_0;c:\users\Alex\AppData\Local\Microsoft\Windows Sidebar\Gadgets\IntelCoreSeries24.gadget\WinRing0x64.sys [2010-05-28 14544]
S3 ALSysIO;ALSysIO;c:\users\Alex\AppData\Local\Temp\ALSysIO64.sys [x]
S3 Lycosa;Lycosa Keyboard;c:\windows\system32\drivers\Lycosa.sys [2009-09-30 20352]
S3 nvoclk64;NVIDIA Enthusiasts Platform KDM;c:\windows\system32\DRIVERS\nvoclk64.sys [2009-09-15 42088]
S3 RivaTuner64;RivaTuner64;c:\program files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys [2010-05-06 19952]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-06-23 344680]


[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2010-12-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3617804587-3882986815-3225921778-1001Core.job
- c:\users\Alex\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-03 09:54]

2010-12-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3617804587-3882986815-3225921778-1001UA.job
- c:\users\Alex\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-03 09:54]
.

--------- x86-64 -----------


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"combofix"="c:\combofix\CF9210.cfxxe" [X]
"OODefragTray"="c:\program files\OO Software\Defrag\oodtray.exe" [2010-09-30 4042568]
"RivaTunerStartupDaemon"="c:\program files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTunerWrapper.exe" [2009-08-22 24576]
"RivaTuner"="c:\program files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTunerWrapper.exe" [2009-08-22 24576]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-03 11545192]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-10-16 5901416]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mStart Page = www.google.com
mLocal Page = c:\windows\SYSTEM32\blank.htm
FF - ProfilePath - c:\users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\7g6sp3un.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)



[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\6661.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3617804587-3882986815-3225921778-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"

[HKEY_USERS\S-1-5-21-3617804587-3882986815-3225921778-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG12.00.00.01PROFESSIONAL"="1780D9DBF1503C70FC6050EC60316042133C33D66D045872884E1246946133B32F6A78FED36B4579646540E71310BF2AF349F6E19D2BDD231E574C7024729F84A4E01832D6339355E5E6EB2989D9AC73901436576C54B5515E7BF01D4EBB450AE332E87E794F493F70AF0EA193C5A34CF805552C9AE3D2C11A612E69646EADBDA36281463B60AC053AC0C3160200C3F684BB1D2B69B24ECC68631543B72F0D2D5BAAD93D217727093DCE101EA9A64ECB4F083672A08B645F268F986D2218B57A46F4D0E8349AC6C036C25928654CABB533EFB2730AAEF2F8F1A992FEFEB5A2D965FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6171C11EC38DE3DA6A0AC4980AC79335D575E7D6A3B9808916A2C1C25D41F592B11ED0F9750267A39D04FF7F2BCA943CD0DD6A3BACDD0822FD9940B82D9676322A58F969AD1F43B7882FB7708D293E87873420ED8BA2AC01154DA5DB653E41360C57697DD908AAD833770AC52D69B863FF11F796C574165F241EA76B9FA109EDD223083295B17E8318781BB02D04337F729A75C34060BA6486C7F3CF72BF202CA4F21D2B3285B490E71D7CBBD6F22D52AA167AFE4CE16853505AD1AD063AFFB09C480812C8FAB6E5955EC0A9F83E18412C4BE7124DBFE43131E58FE98C97A11AEDF570F31CDF1BE85F99329B684C1A821DF64230E7CF9E66FAFB95C17A49B8608E104FEDAC5ABDEBB08ECDA830C136A7A275FCAAFA34E380D16612988DFEDE8916CBB582FF9E9BD560CF15A7D573B3979B08C710E67D648E00EAEE09C8B64867F0A03A8AC14D08A6579EE628D48374327F59DA59F83046793BC5A02F6DB80F23627B6FDC4629C3AABA4023491E5137F465616F84F57D72C042AEB0E31A9DB06529204EB5B539782A146A015DBD971A6CA935000FBE36AF04340C18D566E23592203EC8A4A7D24E2F2FC914D337008B65D54F7D57852E6D316CF8C09E54B154C268ECA755E1A3819FE497129519CA3EEDAA20E968C6B8CB6F60BD4115504088497B347CC58855BA957912F79E2F49F56526DE7E4F120ADBF130971B78B0262E4DFD160B36E3F2D5E471E8F138C3270358987ADE5D9013359CB47121365CEA11D9C2D69D1486EDCC0C69CA9CEE1B31A98F8265B44E4C717B13723B73D311C5619A16D895303DAB0A3081F6888EDF839D14DE3442DABCD693B9E61B857B43CA38C74A03BE630F102986C1A0DA12FAA7B75E5C08A51B8914D2B7E28BE012729C16F51B64C41D4C33E7A8C68AAFE1790A1DED81DA8678B37F8FB89044663B5FCFD7DA383E11AE906656334C4A9880B1A0329EDC06AA896043AEC25632227FE78B83412BF70ABDC110FB362D345AAE6588BB421D470D2C0646D7E6A1A78FC977E64D66F0944360EE1E1"
"OODEFRAG14.00.00.01PROFESSIONAL"="BAC827FA5B68B53A538A35FCEF1169030DDA1134CCB56C9882AB23B174BE5468E27B4088E95771F7A44CBD21C8338C41FBB34E152A64E99028EDB51CD4B82501138FC80DC830D6823D3ABD6B0CFA91EAF76CCB87D590A525EF581B28FCCFBEE093CC084F43B3C35BB1B5320562111B3603A1DA34F56D29DCEADD9AA02FE0AD7D9F20DA5BD706EB0C0C442CD82602215A138F648AE210CF409A950F9360A85551E619307F38B1D41FC70DCF97E6C16F151398DFBA2AF4C95FF63BE9D2B9CB6ADA0E6C0E50CC9F5AA4565DD835E7A3262760435D398A791EC8E8ABAB7599D2F61E2E700CA3AE232BAF9C28926AA26138D4CD38FEBFF8DFA4FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808A2D97226D213B5559DB7CE019D40AA5C9DB7CE019D40AA5C777F6098C3D95F086C5196BC3BB4D4465253BEC361C00A142198B766A76C6E012FA847AC57B19B20867F29D3ECFAAB1B4CDBA7FC09D59A8533D4C4AC717C39820C4FF72097A22FC2CF347566BFA00C4B4F000AD4ACE66E8CE29C07C95B3C2FCBB8903BB8D35D2C5B25797A0E87D492250959415CBE3CC8FE4DB4D2609BB45C57E47C7CCFA0C406AAE5CAE0F855F7BA4EABF14B3674D3510816D59D29271E31F44419CED255F01844F69C716B061CE840ED494B19C8DE9324E2A90671B96802468FDE66C10FAD9D1042D49839338C624708D1885278447EA65FD2CA1853B5074280BB1CB3AEF9BAC9B3CBEA4D41C4520438F16D3F071CE53339E3CF12B6DCDC34578E6D5056097200BBD09CA6D37447EABF068953B93501C324E59C676AE604BAD8AF79566E42AF97CFA508D65301B145E4DC0F969B0FEB2857D3DD343A93E1C8CB658615A4C2BF48E6012B056E03EAAFF0B85524FA61A4818B1E63A9B556BC24FBEDFCF368D9531E000BA76A16472B1BB1D058AA68158F448028A00B2FD3C1683979EAEA6E0900F81964C3D57ECD12CC7751B46D3B4674BA78CBAD31BC67030457AD7F09AC893F0B3A1DE8A922CAA1DB1A582FC40D487D83BA534688BBA0F1BA2D24116D62466EDE68BB265C3C27BF3672782D9B3DA03B0F1100CA10CABFE9A29668174D8D5FCECDB2BAABF6CF7F371E5D3ABBF06C86A0254B04BF5E4C3D2625737C30F3722706882907CF1AA1A4B6A43D170758026A845D3B89CA99E7C34504A8569BBD1B269D92DF040E753A1B513678FDE3F728EC23A6B72CBAFE88AFCE4F9BDCBF1BD09804C3700702D0661A7B8E77D3490CCBE11C439AF97CDE5D95296F396EA412A66B08C776D9EF86398F90BCA76E51E31FD4F148C379A69C59BA219DF05B77BBEDC4E12093BB3C83059CCF277B18BAE219828C9F1622EE32B49BE76AB6E98846C1FB281E6C5D70CB66135A86E8106980745D3706F7"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SysWOW64\DWRCS.EXE
c:\program files (x86)\CDBurnerXP\NMSAccessU.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Alcohol Soft2\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\program files (x86)\Razer\Lycosa\razertra.exe
.
**************************************************************************
.
Completion time: 2010-12-13 22:49:08 - machine was rebooted
ComboFix-quarantined-files.txt 2010-12-14 03:49
ComboFix2.txt 2010-12-14 01:48

Pre-Run: 69,833,625,600 bytes free
Post-Run: 69,771,517,952 bytes free

- - End Of File - - 9E171E5BECB4873634E1D290A7605474

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:05 AM

Posted 13 December 2010 - 11:14 PM

These logs are looking alot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

1. click on start
2. then go to settings
3. after that you need control panel
4. look for the icon add/remove programs
click on the following programs

Adobe Reader 9.3.2

and click on remove

Update Adobe Reader

Recently there have been vunerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be carefull not to install anything to do with AskBar.
[/list]Clear your Java Cache

  • click on Start-> Control Panel (Classic View)-> Java (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cache - Leave BOTH Checked
      Applications and Applets
      Trace and Log Files
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Temporary Files Window
  • Click OK to leave the Java Control Panel.

TFC(Temp File Cleaner):

  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • If prompted, click "Yes" to reboot.
Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidently close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 The_Juggler17

The_Juggler17
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:10:05 AM

Posted 13 December 2010 - 11:30 PM

This will have to wait until tomorrow - thank you very much for your help so far.

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:05 AM

Posted 14 December 2010 - 12:20 AM

no problem I will be around


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 The_Juggler17

The_Juggler17
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:10:05 AM

Posted 15 December 2010 - 08:41 PM

My apologies for a late response, didn't have time to spend on this I'm afraid.
Eh that's how it goes - working on it now though.


* Removed Adobe Reader
* Installed Foxit Reader (and although I chose not to install the Ask.com toolbar it went ahead and installed it anyway)
* removed the Ask.com toolbar

* Java Cache Cleared

* TFC Installed and ran
* Rebooted

* MBAM updated and ran
* Log attached

* HijackThis ran
* Log attached


The computer seems to be running fine - not getting the browser redirects and not having any apparent problems.







=====MBAM LOG=====
Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Database version: 5324

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

12/15/2010 8:13:49 PM
mbam-log-2010-12-15 (20-13-49).txt

Scan type: Full scan (C:\|)
Objects scanned: 393952
Time elapsed: 24 minute(s), 41 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)






=====LOG FROM HIJACKTHIS=====
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:40:06 PM, on 12/15/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\SysWOW64\DWRCST.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Razer\Imperator\RazerImperatorTray.exe
C:\Program Files (x86)\Razer\Lycosa\razerhid.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Razer\Lycosa\razertra.exe
C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 7\firefox.exe
C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 7\plugin-container.exe
C:\Program Files (x86)\hijackthis\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files (x86)\WOT\WOT.dll
O2 - BHO: SHOUTcast Loader - {ccec60fc-2608-4e58-9659-3ffc159e8ea9} - C:\Program Files (x86)\SHOUTcast Radio Toolbar\shoutcasttb.dll
O2 - BHO: MSN Toolbar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0417.0\npwinext.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: SHOUTcast Radio Toolbar - {0457331d-8ca6-4f97-9c26-6a9ef2b2dba8} - C:\Program Files (x86)\SHOUTcast Radio Toolbar\shoutcasttb.dll
O3 - Toolbar: MSN Toolbar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0417.0\npwinext.dll
O3 - Toolbar: WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll
O3 - Toolbar: Foxit Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [Razer Imperator Driver] C:\Program Files (x86)\Razer\Imperator\RazerImperatorTray.exe
O4 - HKLM\..\Run: [Lycosa] "C:\Program Files (x86)\Razer\Lycosa\razerhid.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [DameWare MRC Agent] C:\Windows\SysWOW64\DWRCST.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
O4 - Global Startup: Core Temp.lnk = C:\Program Files\Core Temp\Core Temp.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - (no file)
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: DameWare Mini Remote Control (DWMRCS) - DameWare Development LLC - C:\Windows\SysWOW64\DWRCS.EXE
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: O&O Defrag (OODefragAgent) - O&O Software GmbH - C:\Program Files\OO Software\Defrag\oodag.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files (x86)\Alcohol Soft2\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Update Center Service (UpdateCenterService) - NVIDIA - C:\Program Files (x86)\NVIDIA Corporation\System Update\UpdateCenterService.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8851 bytes

Edited by The_Juggler17, 15 December 2010 - 08:42 PM.


#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:05 AM

Posted 15 December 2010 - 09:43 PM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded startup entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [Razer Imperator Driver] C:\Program Files (x86)\Razer\Imperator\RazerImperatorTray.exe
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
      O4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"
      O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
      O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
      O4 - Global Startup: Core Temp.lnk = C:\Program Files\Core Temp\Core Temp.exe
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brakets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the activex control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt
Copy and paste that log as a reply to this topic

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:05 AM

Posted 17 December 2010 - 11:23 PM

Hello

three day bump

It has been Three days since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users