TechSpot

Keylogger detected, hopefully removed

By gubar
Apr 23, 2011
  1. Hi,

    unknowingly had my antivirus disabled for a while today and got a keylogger, which was detected when I re-enabled it. I followed the link to the file in appData and it had my personal and work email loggons/passwords right there in black and white. I've since ran all the steps here, installed a keyscrambler and changed those listed passwords. Lucking I don't have any personal info on my computer, or stored on those email accounts. Anyway, here are my logs - would be very grateful is someone could take a look:

    System: Windows 7 pro 64 bit, k8we m/board, 2 x opteron 280, 4 gigs, gtx 275

    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 6428

    Windows 6.1.7600
    Internet Explorer 9.0.8112.16421

    24/04/2011 01:23:01
    mbam-log-2011-04-24 (01-23-01).txt

    Scan type: Quick scan
    Objects scanned: 180482
    Time elapsed: 2 minute(s), 36 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

    gmer (no information saved in log - 0kb file produced. It did complete it's run though)

    .
    DDS (Ver_11-03-05.01) - NTFS_AMD64
    Run by Steven at 1:29:03.12 on 24/04/2011
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_24
    Microsoft Windows 7 Professional 6.1.7600.0.1252.44.1033.18.4095.2870 [GMT 1:00]
    .
    AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Program Files\WTouch\WTouchService.exe
    C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\sesinetd.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\WTouch\WTouchUser.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\EVGA Precision\EVGAPrecision.exe
    C:\Windows\system32\hserver.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\system32\Pen_Tablet.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\soundman.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe
    C:\Windows\system32\WTablet\Pen_TabletUser.exe
    C:\Windows\system32\Pen_Tablet.exe
    C:\Program Files (x86)\Razer\Diamondback 3G\razerhid.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files (x86)\Razer\Diamondback 3G\razertra.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files (x86)\Razer\Diamondback 3G\razerofa.exe
    C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
    C:\Windows\servicing\TrustedInstaller.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Users\Steven\Desktop\dds.scr
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.co.uk/
    mWinlogon: Userinit=userinit.exe,
    BHO: KeyScramblerBHO Class: {2b9f5787-88a5-4945-90e7-c4b18563bc5e} - C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
    uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    uRun: [AdobeBridge]
    uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    uRun: [SoftAuto.exe] "C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe"
    mRun: [Diamondback] C:\Program Files (x86)\Razer\Diamondback 3G\razerhid.exe
    mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
    mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    IE: {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - {B745F984-EF2E-40D6-A9AC-D8CED7230E61} - C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    BHO-X64: KeyScramblerBHO Class: {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files (x86)\KeyScrambler\x64\KeyScramblerIE.dll
    BHO-X64: QFX Software KeyScrambler - No File
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    TB-X64: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
    mRun-x64: [SoundMan] SOUNDMAN.EXE
    Hosts: 127.0.0.1 www.spywareinfo.com
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Steven\AppData\Roaming\Mozilla\Firefox\Profiles\ki2x551s.default\
    FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
    FF - plugin: C:\Program Files (x86)\TabletPlugins\npwacom.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-8-13 55856]
    R0 SI3112r;SiI-3112 SATARaid Controller;C:\Windows\System32\drivers\SI3112r.sys [2010-10-1 162144]
    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2010-1-20 135336]
    R2 AntiVirService;Avira AntiVir Guard;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2010-1-20 269480]
    R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2010-1-20 83120]
    R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2010-1-20 1153368]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-1-7 378984]
    R2 TabletServicePen;TabletServicePen;C:\Windows\System32\Pen_Tablet.exe [2010-3-24 5556520]
    R2 WTouchService;WTouch Service;C:\Program Files\WTouch\WTouchService.exe [2010-3-24 127784]
    R3 KeyScrambler;KeyScrambler;C:\Windows\System32\drivers\keyscrambler.sys [2011-4-24 130696]
    R3 Razerlow;Razer Pro|Solutions;C:\Windows\System32\drivers\DB3G.sys [2005-11-7 21120]
    R3 RTCore64;RTCore64;C:\Program Files (x86)\EVGA Precision\RTCore64.sys [2011-1-17 14440]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-5-13 136176]
    S3 CTUPnPSv;Creative Centrale Media Server;C:\Program Files (x86)\Creative\Creative Centrale\CTUPnPSv.exe [2008-5-21 64000]
    S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
    S3 SysTool;SysTool Overclocking Utility;C:\Windows\System32\drivers\SysTool64.sys [2006-11-10 30720]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-6-6 1255736]
    S4 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
    .
    =============== Created Last 30 ================
    .
    2011-04-23 23:20:15 130696 ----a-w- C:\Windows\System32\drivers\keyscrambler.sys
    2011-04-23 23:20:15 -------- d-----w- C:\Program Files (x86)\KeyScrambler
    2011-04-23 10:33:28 -------- d-----w- C:\Users\Steven\AppData\Roaming\AVS4YOU
    2011-04-23 10:30:18 10915840 ----a-w- C:\Windows\SysWow64\libmfxhw32.dll
    2011-04-23 10:30:18 10833920 ----a-w- C:\Windows\SysWow64\libmfxsw32.dll
    2011-04-23 10:30:12 24576 ----a-w- C:\Windows\SysWow64\msxml3a.dll
    2011-04-23 10:30:12 1700352 ----a-w- C:\Windows\SysWow64\GdiPlus.dll
    2011-04-23 10:30:12 -------- d-----w- C:\Program Files (x86)\Common Files\AVSMedia
    2011-04-23 10:30:12 -------- d-----w- C:\Program Files (x86)\AVS4YOU
    2011-04-23 10:30:12 -------- d-----w- C:\PROGRA~3\AVS4YOU
    2011-04-22 22:57:28 8802128 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{9DE0B43C-76F5-4CD8-B8DD-C79260618A47}\mpengine.dll
    2011-04-18 18:05:00 -------- d-----w- C:\Users\Steven\AppData\Local\Cyberlink
    2011-04-16 10:23:35 540688 ----a-w- C:\Windows\System32\d3dx10_39.dll
    2011-04-16 10:23:35 467984 ----a-w- C:\Windows\SysWow64\d3dx10_39.dll
    2011-04-16 10:23:35 1942552 ----a-w- C:\Windows\System32\D3DCompiler_39.dll
    2011-04-16 10:23:35 1493528 ----a-w- C:\Windows\SysWow64\D3DCompiler_39.dll
    2011-04-16 10:23:34 4992520 ----a-w- C:\Windows\System32\D3DX9_39.dll
    2011-04-16 10:23:34 3851784 ----a-w- C:\Windows\SysWow64\D3DX9_39.dll
    2011-04-16 10:13:54 -------- d-----w- C:\Program Files (x86)\Codemasters
    2011-04-16 09:43:35 -------- d-----w- C:\Windows\Back to the Future Episode 1
    2011-04-16 09:43:35 -------- d-----w- C:\Program Files (x86)\Back to the Future Episode 1
    2011-04-14 18:15:48 476160 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
    2011-04-07 21:32:37 -------- d-----w- C:\Users\Steven\.nuke
    2011-04-07 21:29:24 -------- d-----w- C:\Program Files\The Foundry
    2011-04-07 21:29:24 -------- d-----w- C:\Program Files\Nuke6.0v4
    2011-04-05 18:45:49 -------- d-----w- C:\Program Files (x86)\SystemRequirementsLab
    2011-04-03 11:29:08 -------- d-----w- C:\Users\Steven\AppData\Local\{3D8565C1-2387-47A9-80AE-52E8AA335C27}
    2011-04-02 16:50:41 -------- d-----w- C:\Users\Steven\AppData\Local\{6E63F4FD-74B8-412D-A503-DBB896391D84}
    .
    ==================== Find3M ====================
    .
    2011-03-15 21:30:21 73 ----a-w- C:\Windows\SysWow64\ssprs.dll
    2011-03-15 21:30:21 205 ----a-w- C:\Windows\SysWow64\lsprst7.dll
    2011-03-11 06:19:26 1395712 ----a-w- C:\Windows\System32\mfc42.dll
    2011-03-11 06:19:26 1359872 ----a-w- C:\Windows\System32\mfc42u.dll
    2011-03-11 05:40:24 1164288 ----a-w- C:\Windows\SysWow64\mfc42u.dll
    2011-03-11 05:40:24 1137664 ----a-w- C:\Windows\SysWow64\mfc42.dll
    2011-03-08 06:14:30 976896 ----a-w- C:\Windows\System32\inetcomm.dll
    2011-03-08 05:38:13 740864 ----a-w- C:\Windows\SysWow64\inetcomm.dll
    2011-03-03 06:17:10 182272 ----a-w- C:\Windows\System32\dnsrslvr.dll
    2011-03-03 06:14:38 30208 ----a-w- C:\Windows\System32\dnscacheugc.exe
    2011-03-03 05:27:30 28672 ----a-w- C:\Windows\SysWow64\dnscacheugc.exe
    2011-03-03 03:58:32 3133440 ----a-w- C:\Windows\System32\win32k.sys
    2011-02-24 05:32:52 288256 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
    2011-02-23 05:16:28 461312 ----a-w- C:\Windows\System32\drivers\srv.sys
    2011-02-23 05:16:01 401920 ----a-w- C:\Windows\System32\drivers\srv2.sys
    2011-02-23 05:15:50 161792 ----a-w- C:\Windows\System32\drivers\srvnet.sys
    2011-02-23 05:15:27 157696 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
    2011-02-23 05:15:14 286720 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
    2011-02-23 05:15:13 126464 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
    2011-02-23 05:15:06 90624 ----a-w- C:\Windows\System32\drivers\bowser.sys
    2011-02-19 06:37:44 1135104 ----a-w- C:\Windows\System32\FntCache.dll
    2011-02-19 06:37:10 1540608 ----a-w- C:\Windows\System32\DWrite.dll
    2011-02-19 06:36:49 902656 ----a-w- C:\Windows\System32\d2d1.dll
    2011-02-19 06:36:13 46080 ----a-w- C:\Windows\System32\atmlib.dll
    2011-02-19 05:32:48 1074176 ----a-w- C:\Windows\SysWow64\DWrite.dll
    2011-02-19 05:32:35 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
    2011-02-19 05:32:08 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
    2011-02-19 04:13:39 367104 ----a-w- C:\Windows\System32\atmfd.dll
    2011-02-19 03:37:02 294912 ----a-w- C:\Windows\SysWow64\atmfd.dll
    2011-02-12 06:14:41 267776 ----a-w- C:\Windows\System32\FXSCOVER.exe
    2011-02-05 12:41:43 556928 ----a-w- C:\Windows\System32\winresume.efi
    2011-02-05 12:41:35 640896 ----a-w- C:\Windows\System32\winload.efi
    2011-02-05 12:41:24 20352 ----a-w- C:\Windows\System32\kdusb.dll
    2011-02-05 12:41:24 19328 ----a-w- C:\Windows\System32\kd1394.dll
    2011-02-05 12:41:23 17792 ----a-w- C:\Windows\System32\kdcom.dll
    2011-02-05 12:39:21 603976 ----a-w- C:\Windows\System32\winload.exe
    2011-02-05 12:39:21 518160 ----a-w- C:\Windows\System32\winresume.exe
    2011-02-02 21:40:23 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    2011-02-02 17:11:20 270720 ------w- C:\Windows\System32\MpSigStub.exe
    2011-01-26 06:53:10 982912 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
    2011-01-26 06:53:10 265088 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
    2011-01-26 06:31:20 144384 ----a-w- C:\Windows\System32\cdd.dll
    .
    ============= FINISH: 1:29:49.65 ===============


    DDS attach file:

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_11-03-05.01)
    .
    Microsoft Windows 7 Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 20/01/2010 21:01:04
    System Uptime: 24/04/2011 01:18:17 (0 hours ago)
    .
    Motherboard: Tyan Computer Corp | | S2895
    Processor: Dual Core AMD Opteron(tm) Processor 280 | CPU0-Socket 940 | 2411/200mhz
    Processor: Dual Core AMD Opteron(tm) Processor 280 | CPU1-Socket 940 | 2411/200mhz
    .
    ==== Disk Partitions =========================
    .
    A: is Removable
    C: is FIXED (NTFS) - 931 GiB total, 687.548 GiB free.
    D: is CDROM ()
    F: is FIXED (NTFS) - 149 GiB total, 45.061 GiB free.
    H: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4d36e96b-e325-11ce-bfc1-08002be10318}
    Description: Standard PS/2 Keyboard
    Device ID: ACPI\PNP0303\3&13C0B0C5&0
    Manufacturer: (Standard keyboards)
    Name: Standard PS/2 Keyboard
    PNP Device ID: ACPI\PNP0303\3&13C0B0C5&0
    Service: i8042prt
    .
    Class GUID: {4d36e96f-e325-11ce-bfc1-08002be10318}
    Description: PS/2 Compatible Mouse
    Device ID: ACPI\PNP0F13\3&13C0B0C5&0
    Manufacturer: Microsoft
    Name: PS/2 Compatible Mouse
    PNP Device ID: ACPI\PNP0F13\3&13C0B0C5&0
    Service: i8042prt
    .
    ==== System Restore Points ===================
    .
    RP281: 18/04/2011 19:02:53 - Installed MediaEspresso
    RP282: 18/04/2011 19:06:29 - Installed MediaEspresso
    RP283: 19/04/2011 19:44:04 - Windows Update
    RP284: 20/04/2011 20:37:09 - Windows Update
    RP285: 20/04/2011 22:26:11 - Configured MediaEspresso
    RP286: 22/04/2011 23:57:10 - Windows Update
    .
    ==== Installed Programs ======================
    .
    AC3Filter 1.63b
    Adobe After Effects CS5
    Adobe After Effects CS5 Third Party Content
    Adobe After Effects CS5 Third Party Royalty Content
    Adobe AIR
    Adobe Anchor Service CS4
    Adobe Bridge CS4
    Adobe CMaps CS4
    Adobe Color Video Profiles CS CS4
    Adobe Community Help
    Adobe CS4 American English Speech Analysis Models
    Adobe Default Language CS4
    Adobe Device Central CS4
    Adobe Dreamweaver CS5
    Adobe Dynamiclink Support
    Adobe Encore CS4
    Adobe Encore CS4 Codecs
    Adobe ExtendScript Toolkit CS4
    Adobe Extension Manager CS4
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Fonts All
    Adobe Media Encoder CS4
    Adobe Media Encoder CS4 Additional Exporter
    Adobe Media Encoder CS4 Dolby
    Adobe Media Encoder CS4 Exporter
    Adobe Media Encoder CS4 Importer
    Adobe Media Encoder CS5 PCI X64
    Adobe Media Player
    Adobe OnLocation CS4
    Adobe Output Module
    Adobe PDF Library Files CS4
    Adobe Photoshop CS5
    Adobe Premiere Pro CS4
    Adobe Premiere Pro CS4 Functional Content
    Adobe Premiere Pro CS4 Third Party Content
    Adobe Setup
    Adobe Type Support CS4
    Adobe Update Manager CS4
    Adobe XMP Panels CS4
    AdobeColorCommonSetRGB
    Any DVD Cloner Platinum 1.0.7
    Any Video Converter 3.0.7
    Apple Application Support
    Apple Software Update
    ArmA 2 Uninstall
    Avira AntiVir Personal - Free Antivirus
    AviSynth 2.5
    AVS Update Manager 1.0
    AVS Video Converter 7
    AVS4YOU Software Navigator 1.4
    AVStoDVD 2.3.2
    Back to the Future Episode 1
    Company of Heroes
    Company of Heroes - FAKEMSI
    ConvertXtoDVD 4.0.9.322
    Creative Centrale
    Creative Software Update
    D3DX10
    Driver Sweeper 2.1.0
    DVD Shrink 3.2
    EA Download Manager
    EVGA Precision 2.0.2
    Foxit Reader
    Google Earth
    Google Update Helper
    ImgBurn
    Java Auto Updater
    Java(TM) 6 Update 20
    Java(TM) 6 Update 24
    KeyScrambler
    Malwarebytes' Anti-Malware
    MediaInfo 0.7.34 (32-bit)
    Microsoft Silverlight
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft_VC80_ATL_x86
    Microsoft_VC80_CRT_x86
    Microsoft_VC80_MFC_x86
    Microsoft_VC80_MFCLOC_x86
    Microsoft_VC90_ATL_x86
    Microsoft_VC90_CRT_x86
    Microsoft_VC90_MFC_x86
    Mozilla Firefox 4.0 (x86 en-GB)
    Mp3tag v2.48c
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Nero BurnLite 10
    Nero Control Center 10
    Nero ControlCenter 10 Help (CHM)
    Nero Core Components 10
    NVIDIA PhysX
    NVIDIA Stereoscopic 3D Driver
    OpenOffice.org 3.2
    PDF Settings CS5
    Pen Tablet
    PFTrack V5.0
    Photoshop Camera Raw
    QuickTime
    Razer Diamondback 3G
    Realtek AC'97 Audio
    S.T.A.L.K.E.R. - Call of Pripyat [v1.6.02]
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Spybot - Search & Destroy
    SpywareBlaster 4.4
    Suite Shared Configuration CS4
    System Requirements Lab
    The Longest Journey
    Vicon boujou 5.0
    Visual C++ 2008 x86 Runtime - (v9.0.30729)
    Visual C++ 2008 x86 Runtime - v9.0.30729.01
    VLC media player 1.1.7
    WebTablet IE Plugin
    WebTablet Netscape Plugin
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Installer
    Windows Live Messenger
    Windows Live Photo Common
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    WinX DVD Ripper Platinum 5.21.0
    Wondershare DVD Ripper Platinum(Build 4.4.8.0)
    Xilisoft DVD Ripper Ultimate 6
    xNormal 3.17.2
    ZBrush 3.5 R3
    ZBrush 4
    .
    ==== End Of File ===========================



    Thanks in advance for any help,

    regards,

    gubar
     
  2. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    =================================================================

    So far, I don't see much....

    Download MBRCheck to your desktop

    Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
    It will show a black screen with some data on it.
    Enter N to exit.
    A report called MBRcheckxxxx.txt will be on your desktop
    Open this report and post its content in your next reply.

    =====================================================================

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  3. gubar

    gubar TS Enthusiast Topic Starter Posts: 105

    Thanks for your help - here are the logs you asked for:

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows 7 Professional
    Windows Information: (build 7600), 64-bit
    Logical Drives Mask: 0x000000ad

    Kernel Drivers (total 164):
    0x02A52000 \SystemRoot\system32\ntoskrnl.exe
    0x02A09000 \SystemRoot\system32\hal.dll
    0x00BCF000 \SystemRoot\system32\kdcom.dll
    0x00CCF000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll
    0x00CDC000 \SystemRoot\system32\PSHED.dll
    0x00CF0000 \SystemRoot\system32\CLFS.SYS
    0x00C00000 \SystemRoot\system32\CI.dll
    0x00D4E000 \SystemRoot\system32\drivers\Wdf01000.sys
    0x00CC0000 \SystemRoot\system32\drivers\WDFLDR.SYS
    0x00E37000 \SystemRoot\System32\Drivers\spny.sys
    0x00F5D000 \SystemRoot\System32\Drivers\WMILIB.SYS
    0x00F66000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
    0x00F95000 \SystemRoot\system32\DRIVERS\ACPI.sys
    0x00FEC000 \SystemRoot\system32\DRIVERS\msisadrv.sys
    0x00E00000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
    0x0102B000 \SystemRoot\system32\DRIVERS\pci.sys
    0x0105E000 \SystemRoot\System32\drivers\partmgr.sys
    0x01073000 \SystemRoot\system32\DRIVERS\volmgr.sys
    0x01088000 \SystemRoot\System32\drivers\volmgrx.sys
    0x010E4000 \SystemRoot\system32\DRIVERS\pciide.sys
    0x010EB000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
    0x010FB000 \SystemRoot\System32\drivers\mountmgr.sys
    0x01115000 \SystemRoot\system32\DRIVERS\atapi.sys
    0x0111E000 \SystemRoot\system32\DRIVERS\ataport.SYS
    0x01148000 \SystemRoot\system32\DRIVERS\SI3112r.sys
    0x01174000 \SystemRoot\system32\DRIVERS\amdxata.sys
    0x0117F000 \SystemRoot\system32\drivers\fltmgr.sys
    0x011CB000 \SystemRoot\system32\drivers\fileinfo.sys
    0x011DF000 \SystemRoot\system32\DRIVERS\SiWinAcc.sys
    0x011E8000 \SystemRoot\System32\Drivers\PxHlpa64.sys
    0x0123E000 \SystemRoot\System32\Drivers\Ntfs.sys
    0x014D1000 \SystemRoot\System32\Drivers\msrpc.sys
    0x0152F000 \SystemRoot\System32\Drivers\ksecdd.sys
    0x01549000 \SystemRoot\System32\Drivers\cng.sys
    0x015BC000 \SystemRoot\System32\drivers\pcw.sys
    0x015CD000 \SystemRoot\System32\Drivers\Fs_Rec.sys
    0x0162B000 \SystemRoot\system32\drivers\ndis.sys
    0x0171D000 \SystemRoot\system32\drivers\NETIO.SYS
    0x0177D000 \SystemRoot\System32\Drivers\ksecpkg.sys
    0x01800000 \SystemRoot\System32\drivers\tcpip.sys
    0x017A8000 \SystemRoot\System32\drivers\fwpkclnt.sys
    0x01600000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
    0x01400000 \SystemRoot\system32\DRIVERS\volsnap.sys
    0x01610000 \SystemRoot\System32\Drivers\spldr.sys
    0x0144C000 \SystemRoot\System32\drivers\rdyboost.sys
    0x01618000 \SystemRoot\System32\Drivers\mup.sys
    0x017F2000 \SystemRoot\System32\drivers\hwpolicy.sys
    0x01486000 \SystemRoot\System32\DRIVERS\fvevol.sys
    0x015D7000 \SystemRoot\system32\DRIVERS\disk.sys
    0x01200000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
    0x01000000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0x013F4000 \SystemRoot\System32\Drivers\Null.SYS
    0x011F5000 \SystemRoot\System32\Drivers\Beep.SYS
    0x00E0D000 \SystemRoot\System32\drivers\vga.sys
    0x02C90000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
    0x02CB5000 \SystemRoot\System32\drivers\watchdog.sys
    0x02CC5000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0x02CCE000 \SystemRoot\system32\drivers\rdpencdd.sys
    0x02CD7000 \SystemRoot\system32\drivers\rdprefmp.sys
    0x02CE0000 \SystemRoot\System32\Drivers\Msfs.SYS
    0x02CEB000 \SystemRoot\System32\Drivers\Npfs.SYS
    0x02CFC000 \SystemRoot\system32\DRIVERS\tdx.sys
    0x02D1A000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0x02D27000 \SystemRoot\system32\drivers\afd.sys
    0x02DB1000 \SystemRoot\System32\DRIVERS\netbt.sys
    0x02DF6000 \SystemRoot\system32\DRIVERS\wfplwf.sys
    0x02C00000 \SystemRoot\system32\DRIVERS\pacer.sys
    0x02C26000 \SystemRoot\system32\DRIVERS\netbios.sys
    0x02C35000 \SystemRoot\system32\DRIVERS\serial.sys
    0x02C52000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0x02C6D000 \SystemRoot\system32\DRIVERS\termdd.sys
    0x03EE7000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0x03F38000 \SystemRoot\system32\drivers\nsiproxy.sys
    0x03F44000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0x03F4F000 \SystemRoot\System32\drivers\discache.sys
    0x03F5E000 \SystemRoot\system32\drivers\csc.sys
    0x03FE1000 \SystemRoot\System32\Drivers\dfsc.sys
    0x03E00000 \SystemRoot\system32\DRIVERS\blbdrive.sys
    0x03E11000 \SystemRoot\system32\DRIVERS\avipbb.sys
    0x03E33000 \SystemRoot\system32\DRIVERS\tunnel.sys
    0x03E59000 \SystemRoot\system32\DRIVERS\amdk8.sys
    0x03E70000 \SystemRoot\system32\DRIVERS\usbohci.sys
    0x03E7B000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0x03ED1000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0x0405A000 \SystemRoot\system32\drivers\ALCWDM64.SYS
    0x043A6000 \SystemRoot\system32\drivers\portcls.sys
    0x04000000 \SystemRoot\system32\drivers\drmk.sys
    0x044D2000 \SystemRoot\system32\drivers\ks.sys
    0x04515000 \SystemRoot\system32\drivers\ksthunk.sys
    0x0451B000 \SystemRoot\system32\DRIVERS\1394ohci.sys
    0x04559000 \SystemRoot\system32\DRIVERS\nvm62x64.sys
    0x0FED5000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
    0x10B31000 \SystemRoot\System32\Drivers\nvBridge.kmd
    0x04A02000 \SystemRoot\System32\drivers\dxgkrnl.sys
    0x04AF6000 \SystemRoot\System32\drivers\dxgmms1.sys
    0x04B3C000 \SystemRoot\System32\Drivers\ahx7yb0q.SYS
    0x04B81000 \SystemRoot\system32\DRIVERS\serenum.sys
    0x04B8D000 \SystemRoot\system32\DRIVERS\fdc.sys
    0x04BDD000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0x04BEC000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0x10B33000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
    0x04BFB000 \SystemRoot\system32\DRIVERS\wacomvhid.sys
    0x10B43000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    0x10B5C000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0x10B65000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
    0x10B7B000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0x10B9F000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0x10BAB000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0x10BDA000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0x0FE00000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0x0FE21000 \SystemRoot\system32\DRIVERS\rassstp.sys
    0x0FE3B000 \SystemRoot\System32\Drivers\pcouffin.sys
    0x0FE50000 \SystemRoot\system32\DRIVERS\rdpbus.sys
    0x04BFE000 \SystemRoot\system32\DRIVERS\swenum.sys
    0x0FE5B000 \SystemRoot\system32\DRIVERS\umbus.sys
    0x0FE6D000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0x0FEC7000 \SystemRoot\system32\DRIVERS\flpydisk.sys
    0x045BD000 \SystemRoot\system32\DRIVERS\mouhid.sys
    0x10BF5000 \SystemRoot\system32\DRIVERS\wacommousefilter.sys
    0x045CA000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0x04B9A000 \SystemRoot\system32\drivers\DB3G.sys
    0x04BA0000 \SystemRoot\system32\DRIVERS\hidusb.sys
    0x04BAE000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0x04BB0000 \SystemRoot\System32\Drivers\crashdmp.sys
    0x04BBE000 \SystemRoot\System32\Drivers\dump_dumpata.sys
    0x04BCA000 \SystemRoot\System32\Drivers\dump_atapi.sys
    0x045DF000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
    0x04400000 \SystemRoot\system32\DRIVERS\usbccgp.sys
    0x0441D000 \SystemRoot\system32\DRIVERS\kbdhid.sys
    0x0442B000 \SystemRoot\System32\drivers\keyscrambler.sys
    0x00070000 \SystemRoot\System32\win32k.sys
    0x04450000 \SystemRoot\System32\drivers\Dxapi.sys
    0x0445C000 \SystemRoot\system32\DRIVERS\monitor.sys
    0x00440000 \SystemRoot\System32\TSDDD.dll
    0x00700000 \SystemRoot\System32\cdd.dll
    0x00820000 \SystemRoot\System32\ATMFD.DLL
    0x0446A000 \SystemRoot\system32\drivers\luafv.sys
    0x0448D000 \SystemRoot\system32\DRIVERS\avgntflt.sys
    0x044AA000 \SystemRoot\system32\drivers\WudfPf.sys
    0x04022000 \SystemRoot\system32\DRIVERS\lltdio.sys
    0x04037000 \SystemRoot\system32\DRIVERS\rspndr.sys
    0x0646F000 \SystemRoot\system32\drivers\HTTP.sys
    0x06537000 \SystemRoot\system32\DRIVERS\bowser.sys
    0x06555000 \SystemRoot\System32\drivers\mpsdrv.sys
    0x0656D000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0x0659A000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    0x06400000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    0x06423000 \SystemRoot\System32\Drivers\adfs.SYS
    0x07EC8000 \SystemRoot\system32\drivers\peauth.sys
    0x07F6E000 \SystemRoot\System32\Drivers\secdrv.SYS
    0x07F79000 \SystemRoot\System32\DRIVERS\srvnet.sys
    0x07FA6000 \SystemRoot\System32\drivers\tcpipreg.sys
    0x07E00000 \SystemRoot\System32\DRIVERS\srv2.sys
    0x08650000 \SystemRoot\System32\DRIVERS\srv.sys
    0x086E5000 \??\C:\Program Files (x86)\EVGA Precision\RTCore64.sys
    0x086EB000 \SystemRoot\System32\drivers\rdpdr.sys
    0x08719000 \SystemRoot\system32\drivers\tdtcp.sys
    0x08724000 \SystemRoot\System32\DRIVERS\tssecsrv.sys
    0x08733000 \SystemRoot\System32\Drivers\RDPWD.SYS
    0x0876B000 \SystemRoot\system32\drivers\spsys.sys
    0x087DC000 \SystemRoot\system32\DRIVERS\asyncmac.sys
    0x76FC0000 \Windows\System32\ntdll.dll
    0x48300000 \Windows\System32\smss.exe
    0xFF2E0000 \Windows\System32\apisetschema.dll

    Processes (total 71):
    0 System Idle Process
    4 System
    296 C:\Windows\System32\smss.exe
    384 csrss.exe
    444 C:\Windows\System32\wininit.exe
    480 csrss.exe
    504 C:\Windows\System32\services.exe
    520 C:\Windows\System32\lsass.exe
    528 C:\Windows\System32\lsm.exe
    652 C:\Windows\System32\svchost.exe
    716 C:\Windows\System32\winlogon.exe
    796 C:\Windows\System32\nvvsvc.exe
    836 C:\Windows\System32\svchost.exe
    904 C:\Windows\System32\svchost.exe
    940 C:\Windows\System32\svchost.exe
    996 C:\Windows\System32\svchost.exe
    396 C:\Windows\System32\audiodg.exe
    1004 C:\Windows\System32\svchost.exe
    1100 C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
    1120 C:\Windows\System32\nvvsvc.exe
    1128 C:\Program Files\WTouch\WTouchService.exe
    1300 C:\Windows\System32\svchost.exe
    1424 C:\Windows\System32\spoolsv.exe
    1460 C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
    1540 C:\Windows\System32\svchost.exe
    1648 C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
    1704 C:\Windows\System32\svchost.exe
    1756 C:\Windows\System32\sesinetd.exe
    1884 C:\Windows\System32\taskeng.exe
    1944 C:\Windows\System32\dwm.exe
    1968 C:\Windows\explorer.exe
    1980 C:\Windows\System32\taskhost.exe
    1992 C:\Program Files\WTouch\WTouchUser.exe
    1576 C:\Windows\System32\taskeng.exe
    1516 C:\Program Files (x86)\EVGA Precision\EVGAPrecision.exe
    2212 C:\Windows\System32\hserver.exe
    2220 C:\Windows\soundman.exe
    2236 C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    2244 C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
    2256 C:\Windows\System32\conhost.exe
    2268 C:\Program Files\Windows Sidebar\sidebar.exe
    2292 C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe
    2448 C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    2500 C:\Windows\System32\svchost.exe
    2528 C:\Windows\System32\Pen_Tablet.exe
    2672 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    2748 C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    2888 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    1604 C:\Windows\System32\WTablet\Pen_TabletUser.exe
    1160 C:\Windows\System32\Pen_Tablet.exe
    3208 C:\Program Files (x86)\Razer\Diamondback 3G\razerhid.exe
    3216 C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
    3244 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    3704 C:\Windows\System32\SearchIndexer.exe
    3792 C:\Windows\System32\svchost.exe
    3820 C:\Windows\System32\svchost.exe
    3276 C:\Program Files\Windows Media Player\wmpnetwk.exe
    3336 C:\Program Files (x86)\Razer\Diamondback 3G\razertra.exe
    4076 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    3324 WmiPrvSE.exe
    3304 C:\Program Files (x86)\Razer\Diamondback 3G\razerofa.exe
    668 C:\Windows\System32\SearchProtocolHost.exe
    3224 C:\Windows\System32\SearchFilterHost.exe
    3532 C:\Windows\System32\svchost.exe
    4344 C:\Windows\explorer.exe
    2324 C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    3692 C:\Windows\System32\sppsvc.exe
    976 C:\Users\Steven\Desktop\MBRCheck.exe
    3672 C:\Windows\System32\conhost.exe
    620 C:\Windows\System32\dllhost.exe
    3188 C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06500000 (NTFS)
    \\.\F: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)

    PhysicalDrive0 Model Number: SAMSUNGHD103SJ, Rev: 1AJ100E4
    PhysicalDrive1 Model Number: ST3160811AS, Rev: 3.AAE

    Size Device Name MBR Status
    --------------------------------------------
    931 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
    SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
    149 GB \\.\PhysicalDrive1 RE: Windows 2008 MBR code detected
    SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979


    Done!



    ComboFix 11-04-23.02 - Steven 24/04/2011 13:37:29.4.4 - x64
    Microsoft Windows 7 Professional 6.1.7600.0.1252.44.1033.18.4095.2468 [GMT 1:00]
    Running from: c:\users\Steven\Desktop\ComboFix.exe
    AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
    SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-03-24 to 2011-04-24 )))))))))))))))))))))))))))))))
    .
    .
    2011-04-24 12:41 . 2011-04-24 12:41 -------- d-----w- c:\users\Mcx1-STEVEN-PC\AppData\Local\temp
    2011-04-24 12:41 . 2011-04-24 12:41 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-04-23 23:20 . 2011-04-23 23:20 -------- d-----w- c:\program files (x86)\KeyScrambler
    2011-04-23 23:20 . 2010-02-11 15:04 130696 ----a-w- c:\windows\system32\drivers\keyscrambler.sys
    2011-04-23 10:33 . 2011-04-23 10:33 -------- d-----w- c:\users\Steven\AppData\Roaming\AVS4YOU
    2011-04-23 10:30 . 2010-12-13 13:37 10915840 ----a-w- c:\windows\SysWow64\libmfxhw32.dll
    2011-04-23 10:30 . 2010-12-13 13:37 10833920 ----a-w- c:\windows\SysWow64\libmfxsw32.dll
    2011-04-23 10:30 . 2011-04-23 10:33 -------- d-----w- c:\programdata\AVS4YOU
    2011-04-23 10:30 . 2011-04-23 10:32 -------- d-----w- c:\program files (x86)\AVS4YOU
    2011-04-23 10:30 . 2011-04-23 10:30 -------- d-----w- c:\program files (x86)\Common Files\AVSMedia
    2011-04-23 10:30 . 2010-09-14 16:38 1700352 ----a-w- c:\windows\SysWow64\GdiPlus.dll
    2011-04-23 10:30 . 2010-09-14 16:38 24576 ----a-w- c:\windows\SysWow64\msxml3a.dll
    2011-04-22 22:57 . 2011-04-11 08:21 8802128 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9DE0B43C-76F5-4CD8-B8DD-C79260618A47}\mpengine.dll
    2011-04-18 18:08 . 2011-04-18 18:08 -------- d-----w- c:\users\Public\CyberLink
    2011-04-18 18:06 . 2011-04-18 18:06 -------- d-----w- c:\users\Steven\AppData\Roaming\CyberLink
    2011-04-18 18:05 . 2011-04-18 18:05 -------- d-----w- c:\programdata\CyberLink
    2011-04-18 18:05 . 2011-04-20 21:35 -------- d-----w- c:\users\Steven\AppData\Local\Cyberlink
    2011-04-16 10:23 . 2008-07-12 07:18 467984 ----a-w- c:\windows\SysWow64\d3dx10_39.dll
    2011-04-16 10:23 . 2008-07-12 07:18 1493528 ----a-w- c:\windows\SysWow64\D3DCompiler_39.dll
    2011-04-16 10:23 . 2008-07-12 07:18 540688 ----a-w- c:\windows\system32\d3dx10_39.dll
    2011-04-16 10:23 . 2008-07-12 07:18 1942552 ----a-w- c:\windows\system32\D3DCompiler_39.dll
    2011-04-16 10:23 . 2008-07-12 07:18 3851784 ----a-w- c:\windows\SysWow64\D3DX9_39.dll
    2011-04-16 10:23 . 2008-07-12 07:18 4992520 ----a-w- c:\windows\system32\D3DX9_39.dll
    2011-04-16 10:13 . 2011-04-16 11:11 -------- d-----w- c:\program files (x86)\Codemasters
    2011-04-16 09:43 . 2011-04-16 09:43 -------- d-----w- c:\program files (x86)\Back to the Future Episode 1
    2011-04-16 09:43 . 2011-04-16 09:43 -------- d-----w- c:\windows\Back to the Future Episode 1
    2011-04-14 18:15 . 2011-02-24 06:30 476160 ----a-w- c:\windows\system32\XpsGdiConverter.dll
    2011-04-07 21:32 . 2011-04-07 21:34 -------- d-----w- c:\users\Steven\.nuke
    2011-04-07 21:29 . 2011-04-07 21:30 -------- d-----w- c:\program files\Nuke6.0v4
    2011-04-07 21:29 . 2011-04-07 21:29 -------- d-----w- c:\program files\The Foundry
    2011-04-05 18:45 . 2011-04-05 18:45 -------- d-----w- c:\program files (x86)\SystemRequirementsLab
    2011-04-05 18:45 . 2011-04-05 18:45 -------- d-----w- c:\users\Steven\AppData\Roaming\SystemRequirementsLab
    2011-04-03 11:29 . 2011-04-03 11:29 -------- d-----w- c:\users\Steven\AppData\Local\{3D8565C1-2387-47A9-80AE-52E8AA335C27}
    2011-04-02 16:50 . 2011-04-02 16:50 -------- d-----w- c:\users\Steven\AppData\Local\{6E63F4FD-74B8-412D-A503-DBB896391D84}
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-03-10 18:42 . 2010-06-24 10:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
    2011-03-08 20:17 . 2011-03-08 20:17 61440 ----a-r- c:\users\Steven\AppData\Roaming\Microsoft\Installer\{44BBD1DC-F713-4FD2-8B27-C19495A1CDBB}\NewShortcut4_5CAB993EDD3D46CC9A9960173F42D18C.exe
    2011-02-23 07:28 . 2011-02-23 07:28 67176 ----a-w- c:\windows\system32\OpenCL.dll
    2011-02-23 07:28 . 2011-02-23 07:28 6606440 ----a-w- c:\windows\system32\nvcuda.dll
    2011-02-23 07:28 . 2011-02-23 07:28 3112040 ----a-w- c:\windows\system32\nvcuvid.dll
    2011-02-23 07:28 . 2011-02-23 07:28 2895976 ----a-w- c:\windows\SysWow64\nvcuvid.dll
    2011-02-23 07:28 . 2011-02-23 07:28 2479720 ----a-w- c:\windows\system32\nvcuvenc.dll
    2011-02-23 07:28 . 2011-02-23 07:28 2251368 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
    2011-02-23 07:28 . 2011-02-23 07:28 20473960 ----a-w- c:\windows\system32\nvoglv64.dll
    2011-02-23 07:28 . 2011-02-23 07:28 18580072 ----a-w- c:\windows\system32\nvcompiler.dll
    2011-02-23 07:28 . 2011-02-23 07:28 13011560 ----a-w- c:\windows\SysWow64\nvcompiler.dll
    2011-02-23 07:28 . 2011-02-23 07:28 12962792 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
    2011-02-23 07:28 . 2011-02-23 07:28 12862568 ----a-w- c:\windows\system32\nvd3dumx.dll
    2011-02-23 07:28 . 2011-02-23 07:28 10079336 ----a-w- c:\windows\SysWow64\nvd3dum.dll
    2011-02-23 07:28 . 2011-02-10 19:29 7732328 ----a-w- c:\windows\system32\nvwgf2umx.dll
    2011-02-23 07:28 . 2011-02-10 19:29 57960 ----a-w- c:\windows\SysWow64\OpenCL.dll
    2011-02-23 07:28 . 2011-02-10 19:29 5654120 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
    2011-02-23 07:28 . 2011-02-10 19:29 4942952 ----a-w- c:\windows\SysWow64\nvcuda.dll
    2011-02-23 07:28 . 2011-02-10 19:29 2200680 ----a-w- c:\windows\system32\nvapi64.dll
    2011-02-23 07:28 . 2011-02-10 19:29 1965672 ----a-w- c:\windows\SysWow64\nvapi.dll
    2011-02-23 07:28 . 2011-02-10 19:29 1614440 ----a-w- c:\windows\system32\nvdispco642090.dll
    2011-02-23 07:28 . 2011-02-10 19:29 15047272 ----a-w- c:\windows\SysWow64\nvoglv32.dll
    2011-02-23 07:28 . 2011-02-10 19:29 1359976 ----a-w- c:\windows\system32\nvgenco642040.dll
    2011-02-19 06:37 . 2011-03-09 18:57 1135104 ----a-w- c:\windows\system32\FntCache.dll
    2011-02-19 06:37 . 2011-03-09 18:57 1540608 ----a-w- c:\windows\system32\DWrite.dll
    2011-02-19 06:36 . 2011-03-09 18:57 902656 ----a-w- c:\windows\system32\d2d1.dll
    2011-02-19 05:32 . 2011-03-09 18:57 1074176 ----a-w- c:\windows\SysWow64\DWrite.dll
    2011-02-19 05:32 . 2011-03-09 18:57 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
    2011-02-10 19:24 . 2011-02-10 19:24 41984 ----a-w- c:\programdata\Microsoft\Windows\Start Menu\Programs\Phyxion.net\Driver Sweeper\~WebUpdateHelper.exe
    2011-02-02 21:40 . 2010-06-04 19:47 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2011-02-02 17:11 . 2010-01-20 21:11 270720 ------w- c:\windows\system32\MpSigStub.exe
    2011-01-26 06:53 . 2011-02-09 10:38 982912 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
    2011-01-26 06:53 . 2011-02-09 10:38 265088 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
    2011-01-26 06:31 . 2011-02-09 10:38 144384 ----a-w- c:\windows\system32\cdd.dll
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2011-04-24_12.01.42 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2009-07-14 02:36 . 2011-04-24 11:57 628024 c:\windows\system32\perfh009.dat
    + 2009-07-14 02:36 . 2011-04-24 12:07 628024 c:\windows\system32\perfh009.dat
    + 2009-07-14 02:36 . 2011-04-24 12:07 110208 c:\windows\system32\perfc009.dat
    - 2009-07-14 02:36 . 2011-04-24 11:57 110208 c:\windows\system32\perfc009.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
    "SoftAuto.exe"="c:\program files (x86)\Creative\Software Update 3\SoftAuto.exe" [2008-08-13 405504]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "Diamondback"="c:\program files (x86)\Razer\Diamondback 3G\razerhid.exe" [2009-10-12 226816]
    "avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2010-11-03 281768]
    "AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "mixer"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk /k:F *
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-13 136176]
    R3 CTUPnPSv;Creative Centrale Media Server;c:\program files (x86)\Creative\Creative Centrale\CTUPnPSv.exe [2008-05-21 64000]
    R3 SysTool;SysTool Overclocking Utility;c:\windows\system32\DRIVERS\SysTool64.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    R4 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
    S0 SI3112r;SiI-3112 SATARaid Controller;c:\windows\system32\DRIVERS\SI3112r.sys [x]
    S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
    S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2010-11-03 135336]
    S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-01-07 378984]
    S2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [x]
    S2 WTouchService;WTouch Service;c:\program files\WTouch\WTouchService.exe [2009-11-23 127784]
    S3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [x]
    S3 Razerlow;Razer Pro|Solutions;c:\windows\system32\drivers\DB3G.sys [x]
    S3 RTCore64;RTCore64;c:\program files (x86)\EVGA Precision\RTCore64.sys [2011-01-17 14440]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-04-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-13 19:06]
    .
    2011-04-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-13 19:06]
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SoundMan"="SOUNDMAN.EXE" [2006-11-17 577536]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.google.co.uk/
    mLocal Page = c:\windows\SysWOW64\blank.htm
    FF - ProfilePath - c:\users\Steven\AppData\Roaming\Mozilla\Firefox\Profiles\ki2x551s.default\
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-2236794595-2926511892-2532432918-1001\Software\SecuROM\License information*]
    "datasecu"=hex:02,02,de,f4,4a,6b,14,f5,54,f4,01,d7,8b,be,e9,c2,83,b7,c7,a3,c8,
    da,54,84,b0,b0,72,3e,d6,fb,8d,2c,4e,2d,90,a8,b1,2d,7f,21,bb,b4,65,63,19,15,\
    "rkeysecu"=hex:b5,c9,e5,f9,35,0d,12,cd,ec,89,f0,74,71,cf,e1,9d
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
    "Version"=hex:8f,53,c3,60,95,91,37,e5,7e,cc,bd,1a,46,27,83,9c,bb,0e,c8,97,ba,
    32,81,41,cf,97,36,ff,05,fb,fc,bf,ba,ba,38,0e,ba,85,89,72,4e,46,62,5b,5a,55,\
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker3"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
    "Version"=hex:8f,53,c3,60,95,91,37,e5,7e,cc,bd,1a,46,27,83,9c,bb,0e,c8,97,ba,
    32,81,41,cf,97,36,ff,05,fb,fc,bf,ba,ba,38,0e,ba,85,89,72,4e,46,62,5b,5a,55,\
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2011-04-24 13:43:27
    ComboFix-quarantined-files.txt 2011-04-24 12:43
    ComboFix2.txt 2011-04-24 12:03
    .
    Pre-Run: 735,549,444,096 bytes free
    Post-Run: 735,245,930,496 bytes free
    .
    - - End Of File - - C23831C4C7078F72D0E7F598133E9D21


    One more things - I have tried KL-Detector, and it gives warning, which I'll post below. I am thinking they may be false positives though, here's hoping:

    KL-Detector has found a suspicious file:
    C:\Users\Steven\AppData\Roaming\Mozilla\Firefox\Profiles\ki2x551s.default\sessionstore-1.js

    Please check; someone might have installed a keylogger on your computer!


    You MAY want to take a look at:
    C:\Users\Steven\AppData\Roaming\Mozilla\Firefox\Profiles\ki2x551s.default\
    C:\Users\Steven\AppData\Roaming\Mozilla\Firefox\Profiles\

    FULL REPORT:

    Below are some file operations that were done during the monitoring process.
    Review them carefully and check for suspicious files.


    C:\Windows\Prefetch\ReadyBoot\Trace4.fx
    was created.

    C:\Windows\Prefetch\ReadyBoot
    was modified.

    C:\Windows\Prefetch\ReadyBoot\Trace4.fx
    was modified.

    C:\Windows\Prefetch\ReadyBoot\ReadyBoot.etl
    was removed.

    C:\Windows\Prefetch\ReadyBoot
    was modified.

    C:\Windows\Prefetch\ReadyBoot
    was modified.

    C:\Users\Steven\AppData\Roaming\Mozilla\Firefox\Profiles\ki2x551s.default\parent.lock
    was created.

    C:\Users\Steven\AppData\Roaming\Mozilla\Firefox\Profiles\ki2x551s.default
    was modified.

    C:\ProgramData\Spybot - Search & Destroy\ProcCache.sbc
    was modified.

    C:\ProgramData\Spybot - Search & Destroy\ProcCache.sbc
    was modified.

    C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReadyBoost%4Operational.evtx
    was modified.

    C:\Users\Steven\AppData\Roaming\Mozilla\Firefox\Profiles\ki2x551s.default\places.sqlite-wal
    was created.

    C:\Users\Steven\AppData\Roaming\Mozilla\Firefox\Profiles\ki2x551s.default
    was modified.

    C:\Users\Steven\AppData\Roaming\Mozilla\Firefox\Profiles\ki2x551s.default\places.sqlite-shm
    was modified.

    C:\Users\Steven\AppData\Roaming\Mozilla\Firefox\Profiles\ki2x551s.default\sessionstore.bak
    was removed.

    C:\Users\Steven\AppData\Roaming\Mozilla\Firefox\Profiles\ki2x551s.default\sessionstore.bak
    was modified.

    C:\Users\Steven\AppData\Roaming\Mozilla\Firefox\Profiles\ki2x551s.default\urlclassifierkey3.txt
    was modified.

    C:\Users\Steven\AppData\Local\Mozilla\Firefox\Profiles\ki2x551s.default\urlclassifier3.sqlite-journal
    was removed.

    C:\Users\Steven\AppData\Roaming\Mozilla\Firefox\Profiles\ki2x551s.default\sessionstore-1.js
    was created.

    C:\Users\Steven\AppData\Roaming\Mozilla\Firefox\Profiles\ki2x551s.default\sessionstore-1.js
    was modified.

    C:\Users\Steven\AppData\Roaming\Mozilla\Firefox\Profiles\ki2x551s.default\sessionstore-1.js
    was modified.

    C:\Users\Steven\AppData\Roaming\Mozilla\Firefox\Profiles\ki2x551s.default\sessionstore-1.js
    was removed.

    C:\Users\Steven\AppData\Roaming\Mozilla\Firefox\Profiles\ki2x551s.default
    was modified.

    C:\Windows\System32\wfp\wfpdiag.etl
    was modified.

    C:\Users\Steven\AppData\Roaming\Mozilla\Firefox\Profiles\ki2x551s.default\cookies.sqlite-wal
    was created.

    C:\Users\Steven\AppData\Roaming\Mozilla\Firefox\Profiles\ki2x551s.default
    was modified.

    C:\Users\Steven\AppData\Roaming\Mozilla\Firefox\Profiles\ki2x551s.default\cookies.sqlite-shm
    was modified.

    C:\Users\Steven\AppData\Roaming\Mozilla\Firefox\Profiles\ki2x551s.default\formhistory.sqlite-journal
    was created.

    C:\Users\Steven\AppData\Roaming\Mozilla\Firefox\Profiles\ki2x551s.default
    was modified.

    C:\Users\Steven\AppData\Roaming\Mozilla\Firefox\Profiles\ki2x551s.default\formhistory.sqlite-journal
    was modified.

    C:\Users\Steven\AppData\Roaming\Mozilla\Firefox\Profiles\ki2x551s.default\formhistory.sqlite
    was modified.

    C:\Users\Steven\AppData\Roaming\Mozilla\Firefox\Profiles\ki2x551s.default\formhistory.sqlite-journal
    was modified.

    C:\Users\Steven\AppData\Roaming\Mozilla\Firefox\Profiles\ki2x551s.default
    was modified.

    C:\Users\Steven\AppData\Local\Mozilla\Firefox\Profiles\ki2x551s.default
    was modified.

    C:\Users\Steven\AppData\Local\Mozilla\Firefox\Profiles\ki2x551s.default\Cache\8\6E\117A2d01
    was created.

    C:\Users\Steven\AppData\Local\Mozilla\Firefox\Profiles\ki2x551s.default\Cache\8\6E\117A2d01
    was modified.

    C:\Users\Steven\AppData\Roaming\Mozilla\Firefox\Profiles\ki2x551s.default\permissions.sqlite-journal
    was created.

    C:\Users\Steven\AppData\Roaming\Mozilla\Firefox\Profiles\ki2x551s.default
    was modified.

    C:\Users\Steven\AppData\Local\Mozilla\Firefox\Profiles\ki2x551s.default\Cache\F
    was modified.

    C:\Users\Steven\AppData\Local\Mozilla\Firefox\Profiles\ki2x551s.default\Cache\F\3B
    was modified.

    C:\Users\Steven\AppData\Local\Mozilla\Firefox\Profiles\ki2x551s.default\Cache\F\3B\3B73Cd01
    was modified.

    C:\Users\Steven\AppData\Roaming\Mozilla\Firefox\Profiles\ki2x551s.default\prefs-1.js
    was created.

    C:\Users\Steven\AppData\Roaming\Mozilla\Firefox\Profiles\ki2x551s.default
    was modified.

    C:\Users\Steven\AppData\Roaming\Mozilla\Firefox\Profiles\ki2x551s.default\prefs-1.js
    was modified.

    C:\Users\Steven\AppData\Roaming\Mozilla\Firefox\Profiles\ki2x551s.default\prefs-1.js
    was modified.

    C:\Users\Steven\AppData\Roaming\Mozilla\Firefox\Profiles\ki2x551s.default\prefs-1.js
    was removed.

    C:\Users\Steven\AppData\Roaming\Mozilla\Firefox\Profiles\ki2x551s.default
    was modified.

    C:\Users\Steven\AppData\Local\Mozilla\Firefox\Profiles\ki2x551s.default\Cache\3
    was modified.

    C:\Users\Steven\AppData\Local\Mozilla\Firefox\Profiles\ki2x551s.default\Cache\3\56
    was modified.

    C:\Users\Steven\AppData\Local\Mozilla\Firefox\Profiles\ki2x551s.default\Cache\3\56\9DC36d01
    was modified.

    C:\Users\Steven\AppData\Local\Mozilla\Firefox\Profiles\ki2x551s.default\Cache\2
    was modified.

    C:\Users\Steven\AppData\Local\Mozilla\Firefox\Profiles\ki2x551s.default\Cache\2\9A
    was modified.

    C:\Users\Steven\AppData\Local\Mozilla\Firefox\Profiles\ki2x551s.default\Cache\2\9A\AE20Cd01
    was modified.

    C:\Users\Steven\AppData\Roaming\Mozilla\Firefox\Profiles\ki2x551s.default\chromeappsstore.sqlite-journal
    was created.

    C:\Users\Steven\AppData\Roaming\Mozilla\Firefox\Profiles\ki2x551s.default
    was modified.

    C:\Users\Steven\AppData\Roaming\Mozilla\Firefox\Profiles\ki2x551s.default\chromeappsstore.sqlite-journal
    was modified.

    C:\Users\Steven\AppData\Roaming\Mozilla\Firefox\Profiles\ki2x551s.default\chromeappsstore.sqlite
    was modified.

    C:\Users\Steven\AppData\Roaming\Mozilla\Firefox\Profiles\ki2x551s.default\chromeappsstore.sqlite-journal
    was modified.

    C:\Users\Steven\AppData\Roaming\Mozilla\Firefox\Profiles\ki2x551s.default
    was modified.

    C:\Windows\temp\TMP000000019209460557ED9633
    was created.

    C:\Windows\temp\TMP000000019209460557ED9633
    was modified.

    C:\Users\Steven\AppData\Local\Mozilla\Firefox\Profiles\ki2x551s.default\Cache\B
    was modified.

    C:\Users\Steven\AppData\Local\Mozilla\Firefox\Profiles\ki2x551s.default\Cache\B\1B
    was modified.

    C:\Users\Steven\AppData\Local\Mozilla\Firefox\Profiles\ki2x551s.default\Cache\B\1B\6B260d01
    was modified.

    C:\Users\Steven\AppData\Roaming\Mozilla\Firefox\Profiles\ki2x551s.default\NoScriptSTS.db.tmp
    was created.

    C:\Users\Steven\AppData\Roaming\Mozilla\Firefox\Profiles\ki2x551s.default
    was modified.

    C:\Users\Steven\AppData\Roaming\Mozilla\Firefox\Profiles\ki2x551s.default\sessionstore-1.js
    was created.

    C:\Users\Steven\AppData\Roaming\Mozilla\Firefox\Profiles\ki2x551s.default\sessionstore-1.js
    was modified.

    C:\Users\Steven\AppData\Roaming\Mozilla\Firefox\Profiles\ki2x551s.default\sessionstore-1.js
    was modified.

    C:\Users\Steven\AppData\Roaming\Mozilla\Firefox\Profiles\ki2x551s.default\sessionstore-1.js
    was removed.

    C:\Users\Steven\AppData\Roaming\Mozilla\Firefox\Profiles\ki2x551s.default
    was modified.

    C:\Windows\temp\TMP000000019209460557ED9633
    was removed.

    C:\ProgramData\Spybot - Search & Destroy\ProcCache.sbc
    was modified.

    C:\ProgramData\Spybot - Search & Destroy\ProcCache.sbc
    was modified.

    C:\Windows\Prefetch\NOTEPAD.EXE-D8414F97.pf
    was modified.

    C:\Windows\Prefetch\NOTEPAD.EXE-D8414F97.pf
    was modified.

    C:\Users\Steven\AppData\Local\Mozilla\Firefox\Profiles\ki2x551s.default\Cache\8
    was modified.

    C:\Users\Steven\AppData\Local\Mozilla\Firefox\Profiles\ki2x551s.default\Cache\8\D5
    was modified.

    C:\Users\Steven\AppData\Local\Mozilla\Firefox\Profiles\ki2x551s.default\Cache\8\D5\67B03d01
    was modified.

    C:\Users\Steven\AppData\Roaming\Mozilla\Firefox\Profiles\ki2x551s.default\sessionstore-1.js
    was created.

    C:\Users\Steven\AppData\Roaming\Mozilla\Firefox\Profiles\ki2x551s.default\sessionstore-1.js
    was modified.

    C:\Users\Steven\AppData\Roaming\Mozilla\Firefox\Profiles\ki2x551s.default\sessionstore-1.js
    was removed.

    C:\Users\Steven\AppData\Roaming\Mozilla\Firefox\Profiles\ki2x551s.default
    was modified.

    C:\Windows\System32\wdi\LogFiles\BootCKCL.etl
    was modified.

    C:\Windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}
    was modified.

    C:\Windows\System32\wdi\LogFiles\WdiContextLog.etl.001
    was modified.

    C:\Windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{bb5462db-61b4-4700-861a-a4fb6c8faf16}\snapshot.etl
    was created.

    C:\Windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{bb5462db-61b4-4700-861a-a4fb6c8faf16}\snapshot.etl
    was modified.

    C:\Windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{bb5462db-61b4-4700-861a-a4fb6c8faf16}\snapshot.etl
    was modified.

    C:\Windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{bb5462db-61b4-4700-861a-a4fb6c8faf16}\snapshot.etl
    was modified.

    C:\Windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin
    was modified.

    C:\Windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin
    was modified.

    C:\Windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2236794595-2926511892-2532432918-1001_UserData.bin
    was modified.

    C:\Windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2236794595-2926511892-2532432918-1001_UserData.bin
    was modified.

    C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx
    was modified.




    Thanks again,

    Gubar
     
  4. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Open Windows Explorer. Go Tools>Folder Options>View tab, put a checkmark next to Show hidden files, and folders.
    Upload following files to http://www.virustotal.com/ for security check:
    - C:\Users\Steven\AppData\Roaming\Mozilla\Firefox\Profiles\ki2x551s.default\sessionstore-1.js
    IMPORTANT! If the file is listed as already analyzed, click on Reanalyse file now button.
    Post scan results.
     
  5. gubar

    gubar TS Enthusiast Topic Starter Posts: 105

    I checked the folder and the file "sessionstore-1.js" was not there, though it was yesterday - is this possibly a temp file? The file "sessionstore.js" was there, scanned it and the result was good:

    0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware.
    File name:
    sessionstore.js
    Submission date:
    2011-04-24 15:55:15 (UTC)
    Current status:
    finished
    Result:
    0/ 42 (0.0%)

    AhnLab-V3 2011.04.25.00 2011.04.24 -
    AntiVir 7.11.6.253 2011.04.24 -
    Antiy-AVL 2.0.3.7 2011.04.24 -
    Avast 4.8.1351.0 2011.04.24 -
    Avast5 5.0.677.0 2011.04.24 -
    AVG 10.0.0.1190 2011.04.24 -
    BitDefender 7.2 2011.04.24 -
    CAT-QuickHeal 11.00 2011.04.24 -
    ClamAV 0.97.0.0 2011.04.24 -
    Commtouch 5.3.2.6 2011.04.23 -
    Comodo 8459 2011.04.24 -
    DrWeb 5.0.2.03300 2011.04.24 -
    Emsisoft 5.1.0.5 2011.04.24 -
    eSafe 7.0.17.0 2011.04.24 -
    eTrust-Vet 36.1.8286 2011.04.22 -
    F-Prot 4.6.2.117 2011.04.23 -
    F-Secure 9.0.16440.0 2011.04.24 -
    Fortinet 4.2.257.0 2011.04.24 -
    GData 22 2011.04.24 -
    Ikarus T3.1.1.103.0 2011.04.24 -
    Jiangmin 13.0.900 2011.04.24 -
    K7AntiVirus 9.98.4458 2011.04.23 -
    Kaspersky 7.0.0.125 2011.04.24 -
    McAfee 5.400.0.1158 2011.04.24 -
    McAfee-GW-Edition 2010.1D 2011.04.23 -
    Microsoft 1.6802 2011.04.24 -
    NOD32 6067 2011.04.24 -
    Norman 6.07.07 2011.04.24 -
    Panda 10.0.3.5 2011.04.24 -
    PCTools 7.0.3.5 2011.04.21 -
    Prevx 3.0 2011.04.24 -
    Rising 23.54.06.06 2011.04.24 -
    Sophos 4.64.0 2011.04.24 -
    SUPERAntiSpyware 4.40.0.1006 2011.04.24 -
    Symantec 20101.3.2.89 2011.04.24 -
    TheHacker 6.7.0.1.180 2011.04.23 -
    TrendMicro 9.200.0.1012 2011.04.24 -
    TrendMicro-HouseCall 9.200.0.1012 2011.04.24 -
    VBA32 3.12.16.0 2011.04.22 -
    VIPRE 9106 2011.04.24 -
    ViRobot 2011.4.23.4426 2011.04.24 -
    VirusBuster 13.6.318.3 2011.04.23 -
    Additional information
    MD5 : 0285eae5fd69d47647236b448059332e
    SHA1 : 65a5bf4c93026ec2d5ee2470a72440cb672a7346
    SHA256: a260be6248f790f785a6dbcafad7ce3edfc7a412a9fbbd2cd316730bb8fb2a30

    I also ran a "full" scan with malwarebytes, which came back clean, and trend's housecall online scan which was also clean.

    Still a little wary though after seeing that file with my loggon details in it though,.

    Thanks again,

    g
     
  6. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    I'm not sure, what else we can do here.
    All logs look totally clean.
     
  7. gubar

    gubar TS Enthusiast Topic Starter Posts: 105

    So you reckon that my computer is safe again? Seems to be from the logs, as far as I can tell it's back to normal.

    KL-Detector still points towards gives warnings about temporary files in the address above, but I think they must be false positives, cookie files/sqlite files that update as you surf being detected as malicious.

    If you reckon it looks clean I guess that's good enough for me - thanks for your help, this site is really cool :)

    EDIT - sorry, meant to add that prehaps the keylogger viruse was removed when it was first discovered (before I came here), still usefull following these steps for peace on mind though.

    cheers,

    gubar
     
  8. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Looks clean to me.
    You may want to...

    Clear your Java Cache

    • Go Start>Control Panel (Classic View)>Java
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cache - leave BOTH checked
      • Applications and Applets
      • Trace and Log Files
    • Click OK on Delete Temporary Files Window.
      • Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
    • Click OK to leave the Temporary Files Window
    • Click OK to leave the Java Control Panel.
     
  9. gubar

    gubar TS Enthusiast Topic Starter Posts: 105

    Done. Fingers crossed I'll see no more problems - thanks for your time, much appreaciated,

    Cheersm

    gubar
     
  10. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    You're very welcome [​IMG]
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...