Solved PC Performance and Stability analysis report

[Arnie]

Hi im constantly getting pop up on my screen the above message from a program called windows 7 recovery .
Having read various peoples problems i now know im not the only one who in encountering this. And have realised its some kind of malware.
So can anyone help me remove this as im struggling getting the information i require thanks
Ive run the Anti-malware program that you recommend on a previous ppersons post which has been semi sucsessful in the fact that it has stopped the pop ups telling me i had all the problems.I have also run the Unhide program that has restored my desktop icons but not my wallpaper or my start menu .So something still isnt correct .
I have posted the results of the anti-malware scan below.
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6653

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

23/05/2011 15:30:03
mbam-log-2011-05-23 (15-30-03).txt

Scan type: Quick scan
Objects scanned: 203182
Time elapsed: 13 minute(s), 9 second(s)

Memory Processes Infected: 3
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 9

Memory Processes Infected:
c:\program files\search guard plus\searchguardplus.exe (PUP.Fbsearch) -> 4008 -> Not selected for removal.
c:\programdata\ccsjkketwraagfu.exe (Trojan.FakeMS.Gen) -> 4592 -> Unloaded process successfully.
c:\programdata\29613816.exe (Rogue.WindowsRecoveryConsole) -> 5624 -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\.fsharproj (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ccSjkketwraagFu (Trojan.FakeMS.Gen) -> Value: ccSjkketwraagFu -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
c:\Users\Arnie\AppData\Roaming\winbooterr (Backdoor.SpyNet.M) -> Quarantined and deleted successfully.

Files Infected:
c:\program files\search guard plus\searchguardplus.exe (PUP.Fbsearch) -> Not selected for removal.
c:\programdata\ccsjkketwraagfu.exe (Trojan.FakeMS.Gen) -> Quarantined and deleted successfully.
c:\programdata\29613816.exe (Rogue.WindowsRecoveryConsole) -> Quarantined and deleted successfully.
c:\Users\Arnie\AppData\Local\Temp\tmp9A4C.tmp (Trojan.FakeMS.Gen) -> Quarantined and deleted successfully.
c:\Users\Arnie\AppData\Roaming\020000006fc64815720c.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\Users\Arnie\AppData\Roaming\020000006fc64815720o.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\Users\Arnie\AppData\Roaming\020000006fc64815720p.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\Users\Arnie\AppData\Roaming\020000006fc64815720s.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\Users\Arnie\AppData\Roaming\logs.dat (Bifrose.Trace) -> Quarantined and deleted successfully.

 

[Bobbye]

Welcome to TechSpot!

A lot of members are getting hit by this malware. But regardless, it is not a good idea to follow specific instructions given to someone else. Although we may run the same programs, we only do s when it's appropriate. And once done, we review the log for the next step.


Please follow all of the steps in the Preliminary Virus and Malware Removal thread HERE.

NOTE: If you already have any of the scanning programs on the computer, please remove them and download the versions in these links.

When you have finished, leave the logs for review in your next reply .
NOTE: Logs must be pasted in the replies. Attached logs will not be reviewed.

Please do not use any other cleaning programs or scans while I'm helping you, unless I direct you to. Do not use a Registry cleaner or make any changes in the Registry.

Note: I see one of the infected file was from BitFrost. If you use that or any other file sharing program, you can expect malware. Please do not access these programs while I am helping you.

 

[Arnie]

The next Step

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6661

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

24/05/2011 11:40:15
mbam-log-2011-05-24 (11-40-15).txt

Scan type: Quick scan
Objects scanned: 203006
Time elapsed: 13 minute(s), 18 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

__________________________________
GMER 1.0.15.15627 - http://www.gmer.net
Rootkit quick scan 2011-05-24 12:33:00
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HTS722016K9SA00 rev.DCDOC54P
Running: 2gmxfhyh.exe; Driver: C:\Users\Arnie\AppData\Local\Temp\kwlorpob.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice \Driver\tdx \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

---- EOF - GMER 1.0.15 ----
.
DDS (Ver_11-05-19.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by Arnie at 12:38:20 on 2011-05-24
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3070.1570 [GMT 1:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\StkCSrv.exe
C:\Windows\system32\java.exe
C:\Windows\system32\conhost.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
C:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\BitTorrent\BitTorrent.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10p_ActiveX.exe
C:\Windows\system32\DllHost.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\AVG\AVG10\avgui.exe
C:\Program Files\AVG\AVG10\avgcfgex.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Arnie\Desktop\dds.scr
C:\Windows\system32\WSCRIPT.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page =
uWindow Title = Internet Explorer, optimized for Bing and MSN
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
uURLSearchHooks: thechatterbox.cc Toolbar: {00b8e20c-5c71-4c2f-85a5-6ad541500df0} - c:\program files\thechatterbox.cc\tbthec.dll
uURLSearchHooks: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - c:\program files\bittorrentbar\tbBitT.dll
uURLSearchHooks: H - No File
mURLSearchHooks: thechatterbox.cc Toolbar: {00b8e20c-5c71-4c2f-85a5-6ad541500df0} - c:\program files\thechatterbox.cc\tbthec.dll
mURLSearchHooks: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - c:\program files\bittorrentbar\tbBitT.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
BHO: thechatterbox.cc Toolbar: {00b8e20c-5c71-4c2f-85a5-6ad541500df0} - c:\program files\thechatterbox.cc\tbthec.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: {18a35660-34bb-44af-a3f3-16efcb651e61} - c:\windows\system32\AuthFWSnapin32.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - c:\program files\canon\easy-webprint ex\ewpexbho.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - c:\program files\bittorrentbar\tbBitT.dll
BHO: BrowserHelper Class: {8a9d74f9-560b-4fe7-abeb-3b2e638e5cd6} - c:\program files\sgpsa\SearchAssistant.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: thechatterbox.cc Toolbar: {00b8e20c-5c71-4c2f-85a5-6ad541500df0} - c:\program files\thechatterbox.cc\tbthec.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
TB: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - c:\program files\bittorrentbar\tbBitT.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [BitTorrent] "c:\program files\bittorrent\BitTorrent.exe"
uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\TomTomHOMERunner.exe"
uRun: [AdobeBridge]
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [USBToolTip] c:\progra~1\pinnacle\shared~1\programs\usbtip\USBTip.exe
mRun: [LaunchList] c:\program files\pinnacle\studio 11\LaunchList.exe
mRun: [FBSSA] c:\program files\sgpsa\ie3sh.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
mRun: [LELA] "c:\program files\linksys\linksys easylink advisor\Linksys EasyLink Advisor.exe" /minimized
mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [CanonSolutionMenuEx] c:\program files\canon\solution menu ex\CNSEMAIN.EXE /logon
mRun: [IJNetworkScanUtility] c:\program files\canon\canon ij network scan utility\CNMNSUT.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
StartupFolder: c:\users\arnie\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Locate Spot on Map by GPS - c:\program files\opanda\iexif 2.3\IExifMap.htm
IE: View Exif/GPS/IPTC with IExif - c:\program files\opanda\iexif 2.3\IExifCom.htm
IE: {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "c:\program files\fiddler2\Fiddler.exe"
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {A9CF3378-D60E-40A8-927D-7EA0D5B0AA98} - hxxp://webalbum.bonusprint.com/ukipc01/downloads//ImageUploader6.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/m3/photouploadcontrol/VistaMSNPUplden-gb.cab
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\arnie\appdata\roaming\mozilla\firefox\profiles\g2748iod.default\
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 8888
FF - prefs.js: network.proxy.ssl - 127.0.0.1
FF - prefs.js: network.proxy.ssl_port - 8888
FF - prefs.js: network.proxy.type - 4
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff4.dll
FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\virtual earth 3d\npVE3D.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: FiddlerHook: fiddlerhook@fiddler2.com - c:\program files\fiddler2\FiddlerHook
FF - Ext: AVG Safe Search: {1E73965B-8B48-48be-9C8D-68B920ABC1C4} - c:\program files\avg\avg10\Firefox4
FF - Ext: CyberShadow's Bejeweled Blitz 3 Cheat: bejeweledblitz3cheat@thecybershadow.net - %profile%\extensions\bejeweledblitz3cheat@thecybershadow.net
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-2-22 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-3-16 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-1-7 248656]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-3-1 34896]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-4-5 297168]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 LinksysUpdater;Linksys Updater;c:\program files\linksys\linksys updater\bin\LinksysUpdater.exe [2008-11-13 204800]
R2 StkSSrv;Syntek AVStream USB2.0 WebCam Service;c:\windows\system32\StkCSrv.exe [2009-11-10 24576]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2010-8-24 92008]
R2 WDDMService;WDDMService;c:\program files\western digital\wd smartware\wd drive manager\WDDMService.exe [2010-11-8 237568]
R2 WDFME;WD File Management Engine;c:\program files\western digital\wd smartware\front parlor\wdfme\WDFME.exe [2010-11-8 1060352]
R2 WDSC;WD File Management Shadow Engine;c:\program files\western digital\wd smartware\front parlor\WDSC.exe [2010-11-8 484352]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-4-14 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-2-10 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-2-10 21968]
R3 itecir;ITECIR Infrared Receiver;c:\windows\system32\drivers\itecir.sys [2010-7-13 65640]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-3-2 139776]
R3 StkCMini;Syntek AVStream USB2.0 2M WebCam;c:\windows\system32\drivers\StkCMini.sys [2009-11-10 1260288]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-4-18 7398752]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2011-5-14 984392]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2010-11-17 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]
S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\drivers\ivusb.sys [2010-7-29 25112]
S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-3-28 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-11-22 1343400]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2009-2-13 11520]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2011-05-23 19:22:23 96768 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-05-23 19:22:23 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
2011-05-23 19:22:23 223232 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-05-23 19:22:23 123904 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-05-23 16:03:18 -------- d-----w- c:\windows\pss
2011-05-23 14:15:15 -------- d-----w- c:\users\arnie\appdata\roaming\Malwarebytes
2011-05-23 14:15:03 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-23 14:15:02 -------- d-----w- c:\programdata\Malwarebytes
2011-05-23 14:14:59 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-23 14:14:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-05 17:06:17 -------- d-----w- c:\program files\iPod
2011-05-05 17:04:43 -------- d-----w- c:\program files\Bonjour
.
==================== Find3M ====================
.
2011-04-14 20:28:30 134480 ----a-w- c:\windows\system32\drivers\AVGIDSDriver.sys
2011-04-09 06:02:25 3967872 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-04-09 06:02:25 3912576 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-04-06 15:20:16 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 15:20:16 107808 ----a-w- c:\windows\system32\dns-sd.exe
2011-04-04 23:59:56 297168 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2011-03-28 17:52:08 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-03-16 15:03:20 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2011-03-12 11:23:45 870912 ----a-w- c:\windows\system32\XpsPrint.dll
2011-03-11 05:33:59 1164288 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-11 05:33:59 1137664 ----a-w- c:\windows\system32\mfc42.dll
2011-03-08 05:28:29 741376 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-03 05:38:01 132608 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-03-03 05:36:16 28672 ----a-w- c:\windows\system32\dnscacheugc.exe
2011-03-03 03:42:34 2333184 ----a-w- c:\windows\system32\win32k.sys
2011-02-25 05:30:54 2616320 ----a-w- c:\windows\explorer.exe
2011-02-24 05:38:54 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
.
============= FINISH: 12:38:53.07 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-05-19.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 08/11/2009 23:46:05
System Uptime: 24/05/2011 11:15:18 (1 hours ago)
.
Motherboard: Clevo Co. | | SANTA ROSA CRB
Processor: Intel(R) Core(TM)2 Duo CPU T9300 @ 2.50GHz | U2E1 | 2401/mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 136 GiB total, 2.623 GiB free.
D: is FIXED (NTFS) - 13 GiB total, 1.843 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: Bluetooth Peripheral Device
Device ID: BTHENUM\{00000000-DECA-FADE-DECA-DEAFDECACAFE}_VID&000205AC_PID&1292\7&2C71DF34&0&00243673109D_C00000000
Manufacturer:
Name: Bluetooth Peripheral Device
PNP Device ID: BTHENUM\{00000000-DECA-FADE-DECA-DEAFDECACAFE}_VID&000205AC_PID&1292\7&2C71DF34&0&00243673109D_C00000000
Service:
.
Class GUID:
Description: Bluetooth Peripheral Device
Device ID: BTHENUM\{00000002-0000-1000-8000-0002EE000002}_VID&00000000_PID&C039\7&2C71DF34&0&0018139BB4C0_C00000000
Manufacturer:
Name: Bluetooth Peripheral Device
PNP Device ID: BTHENUM\{00000002-0000-1000-8000-0002EE000002}_VID&00000000_PID&C039\7&2C71DF34&0&0018139BB4C0_C00000000
Service:
.
==== System Restore Points ===================
.
RP234: 20/05/2011 23:12:05 - Installed AVG 2011
RP235: 23/05/2011 20:25:50 - Windows Update
.
==== Installed Programs ======================
.
.
Update for Microsoft Office 2007 (KB2508958)
AC3Filter 1.63b
Adobe AIR
Adobe Anchor Service CS4
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles CS CS4
Adobe Community Help
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Drive CS4
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Linguistics CS4
Adobe Media Player
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Photoshop CS5
Adobe Photoshop Lightroom 3.2
Adobe Reader 9.4.4
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
Any DVD Converter Professional 4.1.8
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
AVG 2011
AVG PC Tuneup 2011
Avi2Dvd 0.6.1
AviSynth 2.5
AVS Update Manager 1.0
AVS Video Converter 7
AVS4YOU Software Navigator 1.4
B/W Styler 1.03
Bing Maps 3D
BitTorrent
BitTorrentBar Toolbar
Bonjour
Camera Control Pro 2
Canon Easy-PhotoPrint EX
Canon Easy-PhotoPrint Pro
Canon Easy-PhotoPrint Pro - Pro9000 series Extention Data
Canon Easy-PhotoPrint Pro - Pro9500 series Extention Data
Canon Easy-WebPrint EX
Canon IJ Network Scan Utility
Canon IJ Network Tool
Canon Inkjet Printer/Scanner/Fax Extended Survey Program
Canon MG8100 series MP Drivers
Canon MG8100 series User Registration
Canon MP Navigator EX 4.0
Canon My Printer
Canon Solution Menu EX
Capture NX 2
CD-LabelPrint
Conduit Engine
Connect
ContrastMaster 1.03
ConvertXtoDVD 3.5.3.139
CopyTrans Suite Remove Only
CoreAAC Audio Decoder (remove only)
CoverPro
D3DX10
DVD Shrink 3.2
EPSON Scan
ffdshow [rev 3299] [2010-03-03]
Fiddler2
FocalBlade 1.06
Free MKV to AVI Converter
Free MKV Video2Dvd 3.11
GetDataBack for NTFS
GIMP 2.6.11
Haali Media Splitter
HyperCam 2
ImgBurn
ImTOO AVCHD Converter
iPhone/iTouch/iPod to Computer Transfer 5.10.0
iTunes
Java Auto Updater
Java(TM) 6 Update 19
Java(TM) 6 Update 3
Junk Mail filter update
Knoll Light Factory EZ Studio
kuler
LightMachine 1.03
LimeWire PRO 5.3.6
Linksys EasyLink Advisor
Magic Bullet Looks Studio
Malwarebytes' Anti-Malware
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Live Add-in 1.5
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Visio 2007 Service Pack 2 (SP2)
Microsoft Office Visio MUI (English) 2007
Microsoft Office Visio Professional 2007
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
MobileMe Control Panel
Motorola SM56 Speakerphone Modem
Mozilla Firefox (3.6.13)
MSVC80_x86_v2
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NEF Codec
Nikon File Uploader 2
Nikon Message Center
Nikon Message Center 2
NVIDIA Drivers
Opanda IExif 2.3
PC Connectivity Solution
PDF Settings CS4
PDF Settings CS5
Photoshop Camera Raw
Picture Control Utility
Pinnacle Studio 14
Pinnacle Studio Ultimate Collection Plugins
Pinnacle Studio Ultimate Plugins
Pinnacle Video Driver
Pinnacle Winter Pack
Power Retouche Retouching Suite
proDAD Heroglyph 2.5
proDAD Vitascene 1.0
Pure Networks Platform
QuickTime
Readon TV Movie Radio Player 7.2.0.0
Realtek High Definition Audio Driver
Recover My Files
Red Giant ToonIt Studio
Safari
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2466156)
Security Update for 2007 Microsoft Office System (KB2509488)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2464583)
Security Update for Microsoft Office Groove 2007 (KB2494047)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio 2007 (KB2434737)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
SopCast 3.2.4
STK1135 PC Camera
Studio 11 Bonus DVD
Suite Shared Configuration CS4
SyncBack
System Requirements Lab
Tansee iPhone Transfer Photo
thechatterbox.cc Toolbar
TomTom HOME 2.7.6.2056
TomTom HOME Visual Studio Merge Modules
Trapcode Particular Studio
Uniblue DriverScanner 2009
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2509470)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Visio 2007 Help (KB963666)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (KB2536413)
V Stuff Backup v1.6.2.18253
ViewNX 2
WD SmartWare
WebEx Support Manager for Internet Explorer
Windows 7 Upgrade Advisor
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR archiver
Xvid 1.2.2 final uninstall
YouTube Downloader 2.6.5
.
==== Event Viewer Messages From Past Week ========
.
23/05/2011 14:44:41, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
23/05/2011 14:16:22, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
23/05/2011 14:16:22, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
23/05/2011 14:16:22, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
23/05/2011 14:15:07, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000d1 (0x00000000, 0x000000ff, 0x00000008, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 052311-64865-01.
19/05/2011 15:47:31, Error: volsnap [35] - The shadow copies of volume C: were aborted because the shadow copy storage failed to grow.
17/05/2011 19:42:43, Error: Microsoft-Windows-HAL [12] - The platform firmware has corrupted memory across the previous system power transition. Please check for updated firmware for your system.
.
==== End Of File ===========================
Everything went to plan and as instructed .The original Anti-malware scan and log was used and downloaded from your site thanks

 

[Bobbye]

I see multiple different malware infections in these logs. We will need to look for their additional entries an remove them.
=========================================
You will need to uninstall AVG before running Combofix:
Download AppRemover and save to the desktop

1. Double click the setup on the desktop> click Next
2. Select “Remove Security Application”
3. Let scan finish to determine security apps
4. A screen like below will appear:
   
   
5. Click on Next after choice has been made
6. Check the AVG program you want to uninstall
7. After uninstall shows complete, follow online prompts to Exit the program.

Temporary AV: Use one:
Avira-AntiVir-Personal-Free-Antivirus
Avast Free Version
=============================
Please note: If you have Combofix on the desktop already, please uninstall it. The download the current version and do the scan: Uninstall directions, [b[if needed:[/b]

• Click START> then RUN
• Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.

----------------------------------
Download Combofix from HERE or HEREhttp://www.forospyware.com/sUBs/ComboFix.exe and save to the desktop

• Double click combofix.exe & follow the prompts.
• ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
  **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
• Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
  
  
• .Click on Yes, to continue scanning for malware
• .If Combofix asks you to update the program, allow
• .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
• .Close any open browsers.
• .Double click combofix.exe
  
  & follow the prompts to run.
• When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..

Re-enable your Antivirus software.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
=====================================
Note: Please uninstall or disable BitTorrent and the BitTorrent Toolbar while I am helping you. Do not use it while we are cleaning as file sharing is a source of malware.

 

[Arnie]

combofix completed

all went ok
ComboFix 11-05-23.02 - Arnie 24/05/2011 20:30:28.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3070.1804 [GMT 1:00]
Running from: c:\combofix\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\t.txt
c:\users\Anja\Desktop\Internet Explorer.lnk
c:\users\Anja\WINDOWS
c:\users\Arnie\AppData\Roaming\inst.exe
c:\users\Arnie\AppData\Roaming\SQLite3.dll
c:\users\Public\RemoveSGP.exe
c:\users\Public\RemoveSGP0.exe
c:\users\Sam\Desktop\Internet Explorer.lnk
c:\windows\system32\Q2uE6SE.vbs
c:\windows\system32\sm56co85.txt
c:\windows\system32\uD7mizs.vbs
D:\Autorun.inf
.
.
((((((((((((((((((((((((( Files Created from 2011-04-24 to 2011-05-24 )))))))))))))))))))))))))))))))
.
.
2011-05-24 19:41 . 2011-05-24 19:41 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-24 19:41 . 2011-05-24 19:41 -------- d-----w- c:\users\Anja\AppData\Local\temp
2011-05-24 19:41 . 2011-05-24 19:42 -------- d-----w- c:\users\Arnie\AppData\Local\temp
2011-05-24 19:11 . 2011-05-10 12:03 307928 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-05-24 19:11 . 2011-05-10 11:59 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-05-24 19:11 . 2011-05-10 11:59 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-05-24 19:11 . 2011-05-10 12:02 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-05-24 19:11 . 2011-05-10 12:03 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-05-24 19:10 . 2011-05-10 11:59 53592 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-05-24 19:09 . 2011-05-10 12:10 40112 ----a-w- c:\windows\avastSS.scr
2011-05-24 19:09 . 2011-05-10 12:10 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-05-24 19:09 . 2011-05-24 19:09 -------- d-----w- c:\programdata\AVAST Software
2011-05-24 19:09 . 2011-05-24 19:09 -------- d-----w- c:\program files\AVAST Software
2011-05-23 19:22 . 2011-02-23 04:47 223232 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-05-23 19:22 . 2011-02-23 04:47 96768 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-05-23 19:22 . 2011-02-23 04:47 123904 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-05-23 19:22 . 2011-02-23 04:47 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
2011-05-23 17:33 . 2011-05-23 17:33 -------- d-----w- c:\users\Sam\AppData\Roaming\Malwarebytes
2011-05-23 14:15 . 2011-05-23 14:15 -------- d-----w- c:\users\Arnie\AppData\Roaming\Malwarebytes
2011-05-23 14:15 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-23 14:15 . 2011-05-23 14:15 -------- d-----w- c:\programdata\Malwarebytes
2011-05-23 14:14 . 2011-05-24 10:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-23 14:14 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-05 17:06 . 2011-05-05 17:06 -------- d-----w- c:\program files\iPod
2011-05-05 17:04 . 2011-05-05 17:04 -------- d-----w- c:\program files\Bonjour
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-06 15:20 . 2011-04-06 15:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 15:20 . 2011-04-06 15:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2011-03-28 18:24 . 2011-03-28 18:24 86528 ----a-w- c:\windows\system32\iesysprep.dll
2011-03-28 18:24 . 2011-03-28 18:24 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-03-28 18:24 . 2011-03-28 18:24 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-03-28 18:24 . 2011-03-28 18:24 63488 ----a-w- c:\windows\system32\tdc.ocx
2011-03-28 18:24 . 2011-03-28 18:24 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-03-28 18:24 . 2011-03-28 18:24 367104 ----a-w- c:\windows\system32\html.iec
2011-03-28 18:24 . 2011-03-28 18:24 161792 ----a-w- c:\windows\system32\msls31.dll
2011-03-28 18:24 . 2011-03-28 18:24 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-03-28 18:24 . 2011-03-28 18:24 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-03-28 18:24 . 2011-03-28 18:24 74752 ----a-w- c:\windows\system32\iesetup.dll
2011-03-28 18:24 . 2011-03-28 18:24 23552 ----a-w- c:\windows\system32\licmgr10.dll
2011-03-28 18:24 . 2011-03-28 18:24 152064 ----a-w- c:\windows\system32\wextract.exe
2011-03-28 18:24 . 2011-03-28 18:24 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-03-28 18:24 . 2011-03-28 18:24 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-28 18:24 . 2011-03-28 18:24 35840 ----a-w- c:\windows\system32\imgutil.dll
2011-03-28 18:24 . 2011-03-28 18:24 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-03-28 18:24 . 2011-03-28 18:24 1797632 ----a-w- c:\windows\system32\jscript9.dll
2011-03-28 18:24 . 2011-03-28 18:24 150528 ----a-w- c:\windows\system32\iexpress.exe
2011-03-28 18:24 . 2011-03-28 18:24 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2011-03-28 18:24 . 2011-03-28 18:24 11776 ----a-w- c:\windows\system32\mshta.exe
2011-03-28 18:24 . 2011-03-28 18:24 101888 ----a-w- c:\windows\system32\admparse.dll
2011-03-28 17:52 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-03-21 18:49 . 2010-06-24 11:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00b8e20c-5c71-4c2f-85a5-6ad541500df0}"= "c:\program files\thechatterbox.cc\tbthec.dll" [2010-03-17 2355224]
.
[HKEY_CLASSES_ROOT\clsid\{00b8e20c-5c71-4c2f-85a5-6ad541500df0}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00b8e20c-5c71-4c2f-85a5-6ad541500df0}]
2010-03-17 14:45 2355224 ----a-w- c:\program files\thechatterbox.cc\tbthec.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-10-18 12:26 3908192 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-09-02 14:56 1175944 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-09-02 1175944]
"{00b8e20c-5c71-4c2f-85a5-6ad541500df0}"= "c:\program files\thechatterbox.cc\tbthec.dll" [2010-03-17 2355224]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-10-18 3908192]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{00b8e20c-5c71-4c2f-85a5-6ad541500df0}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-09-02 1175944]
"{00B8E20C-5C71-4C2F-85A5-6AD541500DF0}"= "c:\program files\thechatterbox.cc\tbthec.dll" [2010-03-17 2355224]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-10-18 3908192]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{00b8e20c-5c71-4c2f-85a5-6ad541500df0}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-05-10 12:10 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-09-23 4240760]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2010-08-24 247144]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-10-28 7862816]
"USBToolTip"="c:\progra~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe" [2007-02-20 199752]
"LaunchList"="c:\program files\Pinnacle\Studio 11\LaunchList.exe" [2007-01-04 50712]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 402432]
"LELA"="c:\program files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe" [2009-05-20 221184]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-12-12 642856]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-24 2516296]
"CanonSolutionMenuEx"="c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112]
"IJNetworkScanUtility"="c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2010-03-02 140640]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-27 421160]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-05-10 3459712]
.
c:\users\Arnie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2010-11-8 3986944]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKLM\~\startupfolder\C:^Users^Arnie^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\users\Arnie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nikon Message Center 2]
2010-05-25 19:16 619008 ----a-w- c:\program files\Nikon\Nikon Message Center 2\NkMC2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
2009-10-26 14:46 1458176 ----a-w- c:\program files\Motorola\SMSERIAL\sm56hlpr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\V Stuff Backup]
2010-04-14 11:27 8263584 ----a-w- c:\program files\VirginMedia\V Stuff Backup\v_stuff_backup.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 LinksysUpdater;Linksys Updater;c:\program files\Linksys\Linksys Updater\bin\LinksysUpdater.exe [2008-11-13 204800]
R3 dc3d;MS Hardware Device Detection Driver (HID);c:\windows\system32\DRIVERS\dc3d.sys [2009-11-04 17408]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [2010-07-29 25112]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-11-22 1343400]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2009-02-13 11520]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-05-10 53592]
S2 StkSSrv;Syntek AVStream USB2.0 WebCam Service;c:\windows\System32\StkCSrv.exe [2007-04-19 24576]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2010-08-24 92008]
S2 WDDMService;WDDMService;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2010-11-08 237568]
S2 WDFME;WD File Management Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [2010-11-08 1060352]
S2 WDSC;WD File Management Shadow Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [2010-11-08 484352]
S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [2010-07-13 65640]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-03-01 139776]
S3 StkCMini;Syntek AVStream USB2.0 2M WebCam;c:\windows\system32\Drivers\StkCMini.sys [2007-04-19 1260288]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ASWFSBLK
*NewlyCreated* - ASWMONFLT
*NewlyCreated* - ASWRDR
*NewlyCreated* - ASWSNX
*NewlyCreated* - ASWSP
*NewlyCreated* - ASWTDI
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Locate Spot on Map by GPS - c:\program files\Opanda\IExif 2.3\IExifMap.htm
IE: View Exif/GPS/IPTC with IExif - c:\program files\Opanda\IExif 2.3\IExifCom.htm
DPF: {A9CF3378-D60E-40A8-927D-7EA0D5B0AA98} - hxxp://webalbum.bonusprint.com/ukipc01/downloads//ImageUploader6.cab
FF - ProfilePath - c:\users\Arnie\AppData\Roaming\Mozilla\Firefox\Profiles\g2748iod.default\
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 8888
FF - prefs.js: network.proxy.ssl - 127.0.0.1
FF - prefs.js: network.proxy.ssl_port - 8888
FF - prefs.js: network.proxy.type - 4
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: FiddlerHook: fiddlerhook@fiddler2.com - c:\program files\Fiddler2\FiddlerHook
FF - Ext: CyberShadow's Bejeweled Blitz 3 Cheat: bejeweledblitz3cheat@thecybershadow.net - %profile%\extensions\bejeweledblitz3cheat@thecybershadow.net
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{88c7f2aa-f93f-432c-8f0e-b7d85967a527} - (no file)
URLSearchHooks-{E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - (no file)
BHO-{18A35660-34BB-44AF-A3F3-16EFCB651E61} - c:\windows\System32\AuthFWSnapin32.dll
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{88C7F2AA-F93F-432C-8F0E-B7D85967A527} - (no file)
HKCU-Run-AdobeBridge - (no file)
HKLM-Run-FBSSA - c:\program files\SGPSA\ie3sh.exe
AddRemove-{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1 - c:\program files\AVG\AVG PC Tuneup 2011\unins000.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-05-24 20:44:45
ComboFix-quarantined-files.txt 2011-05-24 19:44
.
Pre-Run: 4,437,737,472 bytes free
Post-Run: 4,431,757,312 bytes free
.
- - End Of File - - 3A421063D0ECAB715CC8DEA45F85A0E2

 

[Arnie]

anything else required?

Thanks for all your help so far ,its made such a difference to my PC is there anything else i need to do?

 

[Bobbye]

You're welcome- but we're not through yet. You system is full of malware entries. Additionally, the AskBar is multi-loading. I don't know of anyone who intentionally downloads this. But a note for you:
When looking at ant download screen, look for pre-checked items like toolbars and browser helpwer ojects. Uncheck them before you download!

Also, a deletion in Combofix suggest the use of an infected flash drive. If you have been using a flash drive-stop-until I have you disinfect it:

Now for some housekeeping:
Please run this Custom CFScript:

• 
  [1]. Close any open browsers.
  [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  [3]. Open notepad> click on Format> Uncheck 'Word Wrap'> and copy/paste the text in the code below into it:Be sure to scroll down to include ALL lines.

File::
DDS::
uSearch Page =
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: thechatterbox.cc Toolbar: {00b8e20c-5c71-4c2f-85a5-6ad541500df0} - c:\program files\thechatterbox.cc\tbthec.dll
uURLSearchHooks: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - c:\program files\bittorrentbar\tbBitT.dll
uURLSearchHooks: H - No File
mURLSearchHooks: thechatterbox.cc Toolbar: {00b8e20c-5c71-4c2f-85a5-6ad541500df0} - c:\program files\thechatterbox.cc\tbthec.dll
mURLSearchHooks: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - c:\program files\bittorrentbar\tbBitT.dll
BHO: thechatterbox.cc Toolbar: {00b8e20c-5c71-4c2f-85a5-6ad541500df0} - c:\program files\thechatterbox.cc\tbthec.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: {18a35660-34bb-44af-a3f3-16efcb651e61} - c:\windows\system32\AuthFWSnapin32.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
BHO: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - c:\program files\bittorrentbar\tbBitT.dll
BHO: BrowserHelper Class: {8a9d74f9-560b-4fe7-abeb-3b2e638e5cd6} - c:\program files\sgpsa\SearchAssistant.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: thechatterbox.cc Toolbar: {00b8e20c-5c71-4c2f-85a5-6ad541500df0} - c:\program files\thechatterbox.cc\tbthec.dll
TB: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - c:\program files\bittorrentbar\tbBitT.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
uRun: [BitTorrent] "c:\program files\bittorrent\BitTorrent.exe"
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {A9CF3378-D60E-40A8-927D-7EA0D5B0AA98} - hxxp://webalbum.bonusprint.com/ukipc01/downloads//ImageUploader6.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab


Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00b8e20c-5c71-4c2f-85a5-6ad541500df0}"=-.
[HKEY_CLASSES_ROOT\clsid\{00b8e20c-5c71-4c2f-85a5-6ad541500df0}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00b8e20c-5c71-4c2f-85a5-6ad541500df0}].
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-10-18 12:26 3908192 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
"{00b8e20c-5c71-4c2f-85a5-6ad541500df0}"=-
"{30F9B915-B755-4826-820B-08FBA6BD249D}"=-.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CLASSES_ROOT\clsid\{00b8e20c-5c71-4c2f-85a5-6ad541500df0}]
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
"{00B8E20C-5C71-4C2F-85A5-6AD541500DF0}"=-
"{30F9B915-B755-4826-820B-08FBA6BD249D}"=-.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CLASSES_ROOT\clsid\{00b8e20c-5c71-4c2f-85a5-6ad541500df0}]
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
[HKLM\~\startupfolder\C:^Users^Arnie^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=-
backup=-
backupExtension=-

Save this as CFScript.txt, in the same location as ComboFix.exe

Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt . Please paste in your next reply.
====================
When you finish with this, go on to my next reply.

 

[Bobbye]

Update and rescan with Malwarebytes: Note: On the Scanner tab, make sure the the Perform Full Scan]option is selected and then click on the Scan button.

When scan has finished, you will see this image:

• Click on OK to close box and continue.
• Click on the Show Results button.
• Click on the Remove Selected button to remove all the listed malware.
• At end of malware removal, the scan log opens and displays in Notepad. Be sure to click on Format> Uncheck Word Pad before copying the log to paste in your next reply.

==============================================
Download Unhide.exe and save to the desktop.

• Double-click on Unhide.exe icon to run the program.
• This program will remove the +H, or hidden, attribute from all the files on your hard drives.

==============================================

• Hold down Control and click on the following link to open ESET OnlineScan in a new window.
  ESETOnlineScan
• For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  [o] Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
  [o] Double click on the
  
  on your desktop.
• Check 'Yes I accept terms of use.'
• Click Start button
• Accept any security warnings from your browser.
  
  
• Uncheck 'Remove found threats'
• Check 'Scan archives/
• Leave remaining settings as is.
• Press the Start button.
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
• When the scan completes, press List of found threats
• Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
• Push the Back button
• Push Finish

NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
=====================================
In next reply, include the following:
New log from Combofix after running the script
New Malwarebytes log
Eset Online Virus scan log.

 

[Arnie]

Combofix log latest

ComboFix 11-05-22.01 - Arnie 26/05/2011 11:21:56.2.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3070.1960 [GMT 1:00]
Running from: c:\users\Arnie\Desktop\ComboFix.exe
Command switches used :: c:\users\Arnie\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\ask.com\GenericAskToolbar.dll
c:\program files\conduitengine\ConduitEngine.dll
c:\program files\thechatterbox.cc\tbthec.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-04-26 to 2011-05-26 )))))))))))))))))))))))))))))))
.
.
2011-05-26 10:29 . 2011-05-26 10:29 -------- d-----w- c:\users\Sam\AppData\Local\temp
2011-05-26 10:29 . 2011-05-26 10:29 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-26 10:29 . 2011-05-26 10:29 -------- d-----w- c:\users\Anja\AppData\Local\temp
2011-05-24 20:37 . 2011-04-14 04:08 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2011-05-24 20:37 . 2011-04-14 04:07 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-24 19:44 . 2011-05-26 10:30 -------- d-----w- c:\users\Arnie\AppData\Local\temp
2011-05-24 19:11 . 2011-05-10 12:03 307928 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-05-24 19:11 . 2011-05-10 11:59 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-05-24 19:11 . 2011-05-10 11:59 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-05-24 19:11 . 2011-05-10 12:02 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-05-24 19:11 . 2011-05-10 12:03 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-05-24 19:10 . 2011-05-10 11:59 53592 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-05-24 19:09 . 2011-05-10 12:10 40112 ----a-w- c:\windows\avastSS.scr
2011-05-24 19:09 . 2011-05-10 12:10 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-05-24 19:09 . 2011-05-24 19:09 -------- d-----w- c:\programdata\AVAST Software
2011-05-24 19:09 . 2011-05-24 19:09 -------- d-----w- c:\program files\AVAST Software
2011-05-23 19:22 . 2011-02-23 04:47 223232 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-05-23 19:22 . 2011-02-23 04:47 96768 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-05-23 19:22 . 2011-02-23 04:47 123904 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-05-23 19:22 . 2011-02-23 04:47 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
2011-05-23 17:33 . 2011-05-23 17:33 -------- d-----w- c:\users\Sam\AppData\Roaming\Malwarebytes
2011-05-23 14:15 . 2011-05-23 14:15 -------- d-----w- c:\users\Arnie\AppData\Roaming\Malwarebytes
2011-05-23 14:15 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-23 14:15 . 2011-05-23 14:15 -------- d-----w- c:\programdata\Malwarebytes
2011-05-23 14:14 . 2011-05-24 10:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-23 14:14 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-05 17:06 . 2011-05-05 17:06 -------- d-----w- c:\program files\iPod
2011-05-05 17:04 . 2011-05-05 17:04 -------- d-----w- c:\program files\Bonjour
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-25 10:58 . 2009-11-19 15:49 710976 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2011-04-06 15:20 . 2011-04-06 15:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 15:20 . 2011-04-06 15:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2011-03-28 18:24 . 2011-03-28 18:24 86528 ----a-w- c:\windows\system32\iesysprep.dll
2011-03-28 18:24 . 2011-03-28 18:24 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-03-28 18:24 . 2011-03-28 18:24 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-03-28 18:24 . 2011-03-28 18:24 63488 ----a-w- c:\windows\system32\tdc.ocx
2011-03-28 18:24 . 2011-03-28 18:24 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-03-28 18:24 . 2011-03-28 18:24 367104 ----a-w- c:\windows\system32\html.iec
2011-03-28 18:24 . 2011-03-28 18:24 161792 ----a-w- c:\windows\system32\msls31.dll
2011-03-28 18:24 . 2011-03-28 18:24 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-03-28 18:24 . 2011-03-28 18:24 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-03-28 18:24 . 2011-03-28 18:24 74752 ----a-w- c:\windows\system32\iesetup.dll
2011-03-28 18:24 . 2011-03-28 18:24 23552 ----a-w- c:\windows\system32\licmgr10.dll
2011-03-28 18:24 . 2011-03-28 18:24 152064 ----a-w- c:\windows\system32\wextract.exe
2011-03-28 18:24 . 2011-03-28 18:24 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-03-28 18:24 . 2011-03-28 18:24 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-28 18:24 . 2011-03-28 18:24 35840 ----a-w- c:\windows\system32\imgutil.dll
2011-03-28 18:24 . 2011-03-28 18:24 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-03-28 18:24 . 2011-03-28 18:24 1797632 ----a-w- c:\windows\system32\jscript9.dll
2011-03-28 18:24 . 2011-03-28 18:24 150528 ----a-w- c:\windows\system32\iexpress.exe
2011-03-28 18:24 . 2011-03-28 18:24 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2011-03-28 18:24 . 2011-03-28 18:24 11776 ----a-w- c:\windows\system32\mshta.exe
2011-03-28 18:24 . 2011-03-28 18:24 101888 ----a-w- c:\windows\system32\admparse.dll
2011-03-28 17:52 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-03-21 18:49 . 2010-06-24 11:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-05-10 12:10 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-09-23 4240760]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2010-08-24 247144]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-10-28 7862816]
"USBToolTip"="c:\progra~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe" [2007-02-20 199752]
"LaunchList"="c:\program files\Pinnacle\Studio 11\LaunchList.exe" [2007-01-04 50712]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 402432]
"LELA"="c:\program files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe" [2009-05-20 221184]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-12-12 642856]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-24 2516296]
"CanonSolutionMenuEx"="c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112]
"IJNetworkScanUtility"="c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2010-03-02 140640]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-27 421160]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-05-10 3459712]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672]
.
c:\users\Arnie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2010-11-8 3986944]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKLM\~\startupfolder\C:^Users^Arnie^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\users\Arnie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nikon Message Center 2]
2010-05-25 19:16 619008 ----a-w- c:\program files\Nikon\Nikon Message Center 2\NkMC2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
2009-10-26 14:46 1458176 ----a-w- c:\program files\Motorola\SMSERIAL\sm56hlpr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\V Stuff Backup]
2010-04-14 11:27 8263584 ----a-w- c:\program files\VirginMedia\V Stuff Backup\v_stuff_backup.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 LinksysUpdater;Linksys Updater;c:\program files\Linksys\Linksys Updater\bin\LinksysUpdater.exe [2008-11-13 204800]
R3 dc3d;MS Hardware Device Detection Driver (HID);c:\windows\system32\DRIVERS\dc3d.sys [2009-11-04 17408]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [2010-07-29 25112]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-11-22 1343400]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2009-02-13 11520]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-05-10 53592]
S2 StkSSrv;Syntek AVStream USB2.0 WebCam Service;c:\windows\System32\StkCSrv.exe [2007-04-19 24576]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2010-08-24 92008]
S2 WDDMService;WDDMService;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2010-11-08 237568]
S2 WDFME;WD File Management Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [2010-11-08 1060352]
S2 WDSC;WD File Management Shadow Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [2010-11-08 484352]
S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [2010-07-13 65640]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-03-01 139776]
S3 StkCMini;Syntek AVStream USB2.0 2M WebCam;c:\windows\system32\Drivers\StkCMini.sys [2007-04-19 1260288]
.
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Locate Spot on Map by GPS - c:\program files\Opanda\IExif 2.3\IExifMap.htm
IE: View Exif/GPS/IPTC with IExif - c:\program files\Opanda\IExif 2.3\IExifCom.htm
FF - ProfilePath - c:\users\Arnie\AppData\Roaming\Mozilla\Firefox\Profiles\g2748iod.default\
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 8888
FF - prefs.js: network.proxy.ssl - 127.0.0.1
FF - prefs.js: network.proxy.ssl_port - 8888
FF - prefs.js: network.proxy.type - 4
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: FiddlerHook: fiddlerhook@fiddler2.com - c:\program files\Fiddler2\FiddlerHook
FF - Ext: CyberShadow's Bejeweled Blitz 3 Cheat: bejeweledblitz3cheat@thecybershadow.net - %profile%\extensions\bejeweledblitz3cheat@thecybershadow.net
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-05-26 11:31:32
ComboFix-quarantined-files.txt 2011-05-26 10:31
ComboFix2.txt 2011-05-24 19:44
.
Pre-Run: 17,496,764,416 bytes free
Post-Run: 17,384,300,544 bytes free
.
- - End Of File - - 61D0C2C15AAC1A210E259D9DBCA93562

 

[Arnie]

Malwarebytes' Anti-Malware latest results

Find below as requested

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6683

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

26/05/2011 13:46:18
mbam-log-2011-05-26 (13-46-18).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 506451
Time elapsed: 2 hour(s), 5 minute(s), 13 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\Arnie\AppData\LocalLow\Sun\Java\deployment\cache\6.0\27\667700db-374a323b (Trojan.FakeMS.Gen) -> Quarantined and deleted successfully.
c:\program files\Nikon\capture nx 2\patch-mpt[h33t][espns].exe (PUP.Hacktool.Patcher) -> Quarantined and deleted successfully.

 

[Arnie]

eset online scanner

hi i am currently scanning with the eset online scanner in which it has found some threats but still has a way to go (its been running 2 hours and is at 44%) i have followed you instructions but you dont mention if i should delete these files at the end of the scan . Could you please let me know?

 

[Arnie]

ESET scan results

Ok latest bit done please ignore my previous post
C:\Users\Arnie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\77aee51b-41795947 a variant of Java/TrojanDownloader.OpenStream.NBV trojan
C:\Users\Arnie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\77aee51b-5f3c3da5 a variant of Java/TrojanDownloader.OpenStream.NBV trojan
C:\Users\Arnie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\39ef6df2-4600c75f multiple threats
C:\Users\Arnie\AppData\Roaming\AVG\Rescue\PC Tuneup 2011\101124164716467.rsc multiple threats
C:\Users\Arnie\Downloads\nikon\Nikon.Camera.Control.Pro.v2.8.0.Incl.KeyMaker·DVT\Welcome.exe NSIS/TrojanDownloader.FakeAlert.DK.Gen trojan
C:\Users\Arnie\Downloads\Runtime GetDataBack for FAT - NTFS 4.22\data recover\Runtime.GetDataBack.v3.5\FAT\Keygen-BRD\Keygen.exe a variant of Win32/Keygen.AS application

 

[Bobbye]

You are correct. You do not check for removal. I'll handle some of it and you'll do the rest:

Most of the entries are in the Java cache, so it has to be emptied:

1. . Click Start > Control Panel.
2. . Double-click the Java icon
   
   in the Control Panel.
3. . Click Settings under Temporary Internet Files.
   http://www.java.com/en/img/download/5000020303.jpg[/b]
   There are three options on this window to clear the cache.(Version dependent)
   [o]. Delete Files
   [o]. View Applications
   [o]. View Applets
   [*]. Click OK on Delete Temporary Files window.
   Note: This deletes all the Downloaded Applications and Applets from the cache.
   [*]. Click OK on Temporary Files Settings window. [/list]
   =======================================
   Please download [url=http://oldtimer.geekstogo.com/OTM.exe][b][color=blue]OTMovit by Old Timer[/b][/color][/url] and save to your desktop.
   [list]
   [*] Double-click [b]OTMoveIt3.exe[/b] to run it. (Vista users, please right click on [b]OTMoveit3.exe[/b] and select "Run as an [b]Administrator[/b]")
   [*][b]Copy the file paths below to the clipboard[/b] by highlighting [b]ALL[/b] of them and [b]pressing CTRL + C[/b] (or, after highlighting, right-click and choose [b]Copy[/b]):
   [CODE]
   :Files
   C:\Users\Arnie\Downloads\nikon\Nikon.Camera.Control.Pro.v2.8.0.Incl.KeyMake r·DVT\Welcome.exe
   C:\Users\Arnie\Downloads\Runtime GetDataBack for FAT - NTFS 4.22\data recover\Runtime.GetDataBack.v3.5\FAT\Keygen-BRD\Keygen.exe
   :Commands
   [purity]
   [emptytemp]
   [start explorer]
   [Reboot][/CODE]
   [*] Return to OTMoveIt3, right click in the [b]"Paste Instructions for Items to be Moved"[/b] window and choose [b]Paste[/b].
   [*]Click the red [b]Moveit![/b] button.
   [*]A log of files and folders moved will be created in the [b]c:\_OTMoveIt\MovedFiles[/b] folder in the form of Date and Time ([b]mmddyyyy_hhmmss.log[/b]). Please open this log in Notepad and post its contents in your next reply.
   [*]Close [b]OTMoveIt3[/b]
   [/list]If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose [b]Yes.[/b]
   ==========================================
   These programs were pirated:
   [b]Runtime.GetDataBack.v3.5\FAT[/b]
   Nikon.Camera.Control.Pro.v2.8.0.Incl.KeyMake r·DVT\[/b]
   Please remove to continue support.
   The thing about piracy is that you don't get something for nothing
   ===================================
   Please Download [url=http://downloads.malwareremoval.com/CKScanner.exe][b][color=blue]CKScanner[/b][/color][/url] and save to your desktop
   [list]
   [*] Double click [b]CKScanner.exe[/b] and click [b]Search For Files[/b].
   [*] When the cursor hourglass disappears, click [b]Save List To File.[/b]
   [*] A message box will verify that the file is saved.
   [*] Double-click the [b]CKFiles.txt icon[/b] on your desktop and copy/paste the contents
   in your next reply. [/list]

 

[Arnie]

All done and results below thanks

All processes killed
========== FILES ==========
File/Folder C:\Users\Arnie\Downloads\nikon\Nikon.Camera.Control.Pro.v2.8.0.Incl.KeyMake r·DVT\Welcome.exe not found.
C:\Users\Arnie\Downloads\Runtime GetDataBack for FAT - NTFS 4.22\data recover\Runtime.GetDataBack.v3.5\FAT\Keygen-BRD\Keygen.exe moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Anja
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 429753376 bytes
->Java cache emptied: 37967878 bytes
->Flash cache emptied: 24149 bytes

User: Arnie
->Temp folder emptied: 840794 bytes
->Temporary Internet Files folder emptied: 195924056 bytes
->Java cache emptied: 11717 bytes
->FireFox cache emptied: 105802892 bytes
->Apple Safari cache emptied: 8549376 bytes
->Flash cache emptied: 2934760 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 41620 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Sam
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 53563912 bytes
->Java cache emptied: 13690431 bytes
->Flash cache emptied: 4501 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 41620 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 200704 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 277026 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 1752345 bytes

Total Files Cleaned = 812.00 mb


OTM by OldTimer - Version 3.1.18.0 log created on 05282011_214417

Files moved on Reboot...
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...

CKScanner - Additional Security Risks - These are not necessarily bad
c:\users\arnie\downloads\getdataback for fat ntfs v4.00 portable\crack\fat\gdb.exe
c:\users\arnie\downloads\getdataback for fat ntfs v4.00 portable\crack\fat\license.reg
c:\users\arnie\downloads\getdataback for fat ntfs v4.00 portable\crack\ntfs\gdbnt.exe
c:\users\arnie\downloads\getdataback for fat ntfs v4.00 portable\crack\ntfs\license.reg
c:\users\arnie\downloads\nikon\nikon pro\crack.rar
c:\users\arnie\downloads\runtime getdataback for fat - ntfs 4.22\getdataback v2.31 cracked - for work.zip
c:\users\arnie\downloads\runtime getdataback for fat - ntfs 4.22\data recover\runtime.getdataback.v3.5\fat\keygen-brd\brd.nfo
c:\users\arnie\downloads\runtime getdataback for fat - ntfs 4.22\data recover\runtime.getdataback.v3.5\ntfs\keygen-brd\brd.nfo
c:\users\arnie\favorites\bluesoelil 5.0 driver with crack keygen at rapidshare.url
c:\users\arnie\favorites\underground.access - select server to download bluesoelil 5.0 driver with crack keygen.url
c:\users\public\documents\pinnacle\content\hollywoodfx\effects\65 - patriotic\firecracker.hfx
c:\users\public\documents\pinnacle\content\hollywoodfx\effects\70 - foods\crackers.hfx
c:\users\public\documents\pinnacle\content\hollywoodfx\objects\food\cracker.hfo
c:\users\public\documents\pinnacle\content\hollywoodfx\objects\patriotic\firecracker bam.hfo
c:\users\public\documents\pinnacle\content\hollywoodfx\objects\patriotic\firecracker bottom.hfo
c:\users\public\documents\pinnacle\content\hollywoodfx\objects\patriotic\firecracker top.hfo
c:\_otm\movedfiles\05282011_214417\c_users\arnie\downloads\runtime getdataback for fat - ntfs 4.22\data recover\runtime.getdataback.v3.5\fat\keygen-brd\keygen.exe
scanner sequence 3.ZZ.11
----- EOF -----

 

[Bobbye]

As long as you continue to use keygens to pirate software, you will continue to get malware.

Open Firefox:

• Click on Tools> Options
• Select the Advanced tab
• Click the Network subtab> then click Settings button in the Connections area.
• Check No proxy if it isn't checked. See image below:
  
  
  
  Image courtesy Kent State
• Click OK to close "Connection Settings"
• Click OKto close Options" window.
• This should removing the proxy settings for Firefox

What is the status of the system now?

 

[Arnie]

I have done what you said although i will be removing firefox as i rarely use it any more.
As for the key generated software i guess ive learnt my lesson and i hear what you say.
As it stands and with the help i have recieved from you my pc is running great again .
What else do i need to do ? i recall earlier you mentioning an infected flash drive .
how do i clean the drive?
and what free anti virus do you recommend as i now have avast on here but before i had AVG? which is the better one?

Thanks again

 

[Bobbye]

You're welcome. Please consider removing the software you stole And consider paying for download in the future.

There are 2 free, good antivirus program we recommend:
Avira-AntiVir-Personal-Free-Antivirus
Avast-Free Antivirus.
===============================================
Removing all of the tools we used and the files and folders they created

• Uninstall ComboFix and all Backups of the files it deleted
• Click START> then RUN
• Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
• Download OTCleanIt by OldTimer and save it to your Desktop.
• Double click OTCleanIt.exe.
• Click the CleanUp! button.
• If you are prompted to Reboot during the cleanup, select Yes.
• The tool will delete itself once it finishes.
  Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.
  Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.
  
• You should now set a new Restore Point and remove the old restore points to prevent infection from any previous Restore Points.
• Click on Start> right click on Computer> Properties
• Select System Protection
• Click on the Create button (near bottom)
• Type a name for the Restore Point
• Click on Create again to save the restore point.
  
• Deleting all but the most recent System Protection point in Windows 7
• Click Start> Computer> right click the C Drive and choose Properties> enter.
• Click Disk Cleanup from there.
  
  
• Click Clean up system files
  This restarts Disk Cleanup to run in elevated mode.
• Click the More Options tab
  
  
• Click the Clean up under System Restore and Shadow Copies.
• Click OK.
• You will get a confirmation screen> Just click Delete.
• Click OK on the Disk Cleanup Screen.
• Click Delete Files on the Confirmation screen.

It will run the Disk Cleanup utility along with other selections if you have chosen any. (if you had a lot System Restore points, you will see a significant change in the free space in C drive)
Images courtesy lytebyte.

Empty the Recycle Bin