TechSpot

PC Performance and Stability analysis report

Solved
By Arnie
May 23, 2011
  1. Hi im constantly getting pop up on my screen the above message from a program called windows 7 recovery .
    Having read various peoples problems i now know im not the only one who in encountering this. And have realised its some kind of malware.
    So can anyone help me remove this as im struggling getting the information i require thanks
    Ive run the Anti-malware program that you recommend on a previous ppersons post which has been semi sucsessful in the fact that it has stopped the pop ups telling me i had all the problems.I have also run the Unhide program that has restored my desktop icons but not my wallpaper or my start menu .So something still isnt correct .
    I have posted the results of the anti-malware scan below.
    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 6653

    Windows 6.1.7601 Service Pack 1
    Internet Explorer 9.0.8112.16421

    23/05/2011 15:30:03
    mbam-log-2011-05-23 (15-30-03).txt

    Scan type: Quick scan
    Objects scanned: 203182
    Time elapsed: 13 minute(s), 9 second(s)

    Memory Processes Infected: 3
    Memory Modules Infected: 0
    Registry Keys Infected: 1
    Registry Values Infected: 1
    Registry Data Items Infected: 0
    Folders Infected: 1
    Files Infected: 9

    Memory Processes Infected:
    c:\program files\search guard plus\searchguardplus.exe (PUP.Fbsearch) -> 4008 -> Not selected for removal.
    c:\programdata\ccsjkketwraagfu.exe (Trojan.FakeMS.Gen) -> 4592 -> Unloaded process successfully.
    c:\programdata\29613816.exe (Rogue.WindowsRecoveryConsole) -> 5624 -> Unloaded process successfully.

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CLASSES_ROOT\.fsharproj (Trojan.BHO) -> Quarantined and deleted successfully.

    Registry Values Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ccSjkketwraagFu (Trojan.FakeMS.Gen) -> Value: ccSjkketwraagFu -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    c:\Users\Arnie\AppData\Roaming\winbooterr (Backdoor.SpyNet.M) -> Quarantined and deleted successfully.

    Files Infected:
    c:\program files\search guard plus\searchguardplus.exe (PUP.Fbsearch) -> Not selected for removal.
    c:\programdata\ccsjkketwraagfu.exe (Trojan.FakeMS.Gen) -> Quarantined and deleted successfully.
    c:\programdata\29613816.exe (Rogue.WindowsRecoveryConsole) -> Quarantined and deleted successfully.
    c:\Users\Arnie\AppData\Local\Temp\tmp9A4C.tmp (Trojan.FakeMS.Gen) -> Quarantined and deleted successfully.
    c:\Users\Arnie\AppData\Roaming\020000006fc64815720c.manifest (Malware.Trace) -> Quarantined and deleted successfully.
    c:\Users\Arnie\AppData\Roaming\020000006fc64815720o.manifest (Malware.Trace) -> Quarantined and deleted successfully.
    c:\Users\Arnie\AppData\Roaming\020000006fc64815720p.manifest (Malware.Trace) -> Quarantined and deleted successfully.
    c:\Users\Arnie\AppData\Roaming\020000006fc64815720s.manifest (Malware.Trace) -> Quarantined and deleted successfully.
    c:\Users\Arnie\AppData\Roaming\logs.dat (Bifrose.Trace) -> Quarantined and deleted successfully.
     
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Welcome to TechSpot!

    A lot of members are getting hit by this malware. But regardless, it is not a good idea to follow specific instructions given to someone else. Although we may run the same programs, we only do s when it's appropriate. And once done, we review the log for the next step.


    Please follow all of the steps in the Preliminary Virus and Malware Removal thread HERE.

    NOTE: If you already have any of the scanning programs on the computer, please remove them and download the versions in these links.

    When you have finished, leave the logs for review in your next reply .
    NOTE: Logs must be pasted in the replies. Attached logs will not be reviewed.

    Please do not use any other cleaning programs or scans while I'm helping you, unless I direct you to. Do not use a Registry cleaner or make any changes in the Registry.

    Note: I see one of the infected file was from BitFrost. If you use that or any other file sharing program, you can expect malware. Please do not access these programs while I am helping you.
     
  3. Arnie

    Arnie TS Rookie Topic Starter

    The next Step

    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 6661

    Windows 6.1.7601 Service Pack 1
    Internet Explorer 9.0.8112.16421

    24/05/2011 11:40:15
    mbam-log-2011-05-24 (11-40-15).txt

    Scan type: Quick scan
    Objects scanned: 203006
    Time elapsed: 13 minute(s), 18 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

    __________________________________
    GMER 1.0.15.15627 - http://www.gmer.net
    Rootkit quick scan 2011-05-24 12:33:00
    Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HTS722016K9SA00 rev.DCDOC54P
    Running: 2gmxfhyh.exe; Driver: C:\Users\Arnie\AppData\Local\Temp\kwlorpob.sys


    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
    AttachedDevice \Driver\tdx \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

    ---- EOF - GMER 1.0.15 ----
    .
    DDS (Ver_11-05-19.01) - NTFSx86
    Internet Explorer: 9.0.8112.16421
    Run by Arnie at 12:38:20 on 2011-05-24
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3070.1570 [GMT 1:00]
    .
    AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\AVG\AVG10\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
    C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\StkCSrv.exe
    C:\Windows\system32\java.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
    C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
    C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
    C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
    C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
    C:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe
    C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
    C:\Program Files\AVG\AVG10\avgtray.exe
    C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
    C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
    C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
    C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\BitTorrent\BitTorrent.exe
    C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
    C:\Windows\system32\Macromed\Flash\FlashUtil10p_ActiveX.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\AVG\AVG10\avgui.exe
    C:\Program Files\AVG\AVG10\avgcfgex.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Users\Arnie\Desktop\dds.scr
    C:\Windows\system32\WSCRIPT.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uSearch Page =
    uWindow Title = Internet Explorer, optimized for Bing and MSN
    uInternet Settings,ProxyOverride = *.local
    uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
    uURLSearchHooks: thechatterbox.cc Toolbar: {00b8e20c-5c71-4c2f-85a5-6ad541500df0} - c:\program files\thechatterbox.cc\tbthec.dll
    uURLSearchHooks: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - c:\program files\bittorrentbar\tbBitT.dll
    uURLSearchHooks: H - No File
    mURLSearchHooks: thechatterbox.cc Toolbar: {00b8e20c-5c71-4c2f-85a5-6ad541500df0} - c:\program files\thechatterbox.cc\tbthec.dll
    mURLSearchHooks: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - c:\program files\bittorrentbar\tbBitT.dll
    mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
    BHO: thechatterbox.cc Toolbar: {00b8e20c-5c71-4c2f-85a5-6ad541500df0} - c:\program files\thechatterbox.cc\tbthec.dll
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO: {18a35660-34bb-44af-a3f3-16efcb651e61} - c:\windows\system32\AuthFWSnapin32.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
    BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - c:\program files\canon\easy-webprint ex\ewpexbho.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
    BHO: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - c:\program files\bittorrentbar\tbBitT.dll
    BHO: BrowserHelper Class: {8a9d74f9-560b-4fe7-abeb-3b2e638e5cd6} - c:\program files\sgpsa\SearchAssistant.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
    BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
    BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
    TB: thechatterbox.cc Toolbar: {00b8e20c-5c71-4c2f-85a5-6ad541500df0} - c:\program files\thechatterbox.cc\tbthec.dll
    TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
    TB: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - c:\program files\bittorrentbar\tbBitT.dll
    TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
    TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
    EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
    uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
    uRun: [BitTorrent] "c:\program files\bittorrent\BitTorrent.exe"
    uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\TomTomHOMERunner.exe"
    uRun: [AdobeBridge]
    uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
    mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
    mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
    mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
    mRun: [USBToolTip] c:\progra~1\pinnacle\shared~1\programs\usbtip\USBTip.exe
    mRun: [LaunchList] c:\program files\pinnacle\studio 11\LaunchList.exe
    mRun: [FBSSA] c:\program files\sgpsa\ie3sh.exe
    mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
    mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
    mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
    mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
    mRun: [LELA] "c:\program files\linksys\linksys easylink advisor\Linksys EasyLink Advisor.exe" /minimized
    mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
    mRun: [CanonSolutionMenuEx] c:\program files\canon\solution menu ex\CNSEMAIN.EXE /logon
    mRun: [IJNetworkScanUtility] c:\program files\canon\canon ij network scan utility\CNMNSUT.exe
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
    mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
    StartupFolder: c:\users\arnie\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
    IE: Locate Spot on Map by GPS - c:\program files\opanda\iexif 2.3\IExifMap.htm
    IE: View Exif/GPS/IPTC with IExif - c:\program files\opanda\iexif 2.3\IExifCom.htm
    IE: {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "c:\program files\fiddler2\Fiddler.exe"
    IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
    DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
    DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
    DPF: {A9CF3378-D60E-40A8-927D-7EA0D5B0AA98} - hxxp://webalbum.bonusprint.com/ukipc01/downloads//ImageUploader6.cab
    DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/m3/photouploadcontrol/VistaMSNPUplden-gb.cab
    Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
    Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\arnie\appdata\roaming\mozilla\firefox\profiles\g2748iod.default\
    FF - prefs.js: network.proxy.http - 127.0.0.1
    FF - prefs.js: network.proxy.http_port - 8888
    FF - prefs.js: network.proxy.ssl - 127.0.0.1
    FF - prefs.js: network.proxy.ssl_port - 8888
    FF - prefs.js: network.proxy.type - 4
    FF - component: c:\program files\avg\avg10\firefox4\components\avgssff4.dll
    FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL
    FF - plugin: c:\program files\microsoft\office live\npOLW.dll
    FF - plugin: c:\program files\virtual earth 3d\npVE3D.dll
    FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: FiddlerHook: fiddlerhook@fiddler2.com - c:\program files\fiddler2\FiddlerHook
    FF - Ext: AVG Safe Search: {1E73965B-8B48-48be-9C8D-68B920ABC1C4} - c:\program files\avg\avg10\Firefox4
    FF - Ext: CyberShadow's Bejeweled Blitz 3 Cheat: bejeweledblitz3cheat@thecybershadow.net - %profile%\extensions\bejeweledblitz3cheat@thecybershadow.net
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-2-22 22992]
    R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-3-16 32592]
    R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-1-7 248656]
    R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-3-1 34896]
    R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-4-5 297168]
    R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    R2 LinksysUpdater;Linksys Updater;c:\program files\linksys\linksys updater\bin\LinksysUpdater.exe [2008-11-13 204800]
    R2 StkSSrv;Syntek AVStream USB2.0 WebCam Service;c:\windows\system32\StkCSrv.exe [2009-11-10 24576]
    R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2010-8-24 92008]
    R2 WDDMService;WDDMService;c:\program files\western digital\wd smartware\wd drive manager\WDDMService.exe [2010-11-8 237568]
    R2 WDFME;WD File Management Engine;c:\program files\western digital\wd smartware\front parlor\wdfme\WDFME.exe [2010-11-8 1060352]
    R2 WDSC;WD File Management Shadow Engine;c:\program files\western digital\wd smartware\front parlor\WDSC.exe [2010-11-8 484352]
    R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-4-14 134480]
    R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-2-10 24144]
    R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-2-10 21968]
    R3 itecir;ITECIR Infrared Receiver;c:\windows\system32\drivers\itecir.sys [2010-7-13 65640]
    R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
    R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-3-2 139776]
    R3 StkCMini;Syntek AVStream USB2.0 2M WebCam;c:\windows\system32\drivers\StkCMini.sys [2009-11-10 1260288]
    S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-4-18 7398752]
    S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2011-5-14 984392]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
    S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2010-11-17 39272]
    S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]
    S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\drivers\ivusb.sys [2010-7-29 25112]
    S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
    S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-3-28 52224]
    S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-11-22 1343400]
    S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2009-2-13 11520]
    S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
    .
    =============== Created Last 30 ================
    .
    2011-05-23 19:22:23 96768 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
    2011-05-23 19:22:23 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
    2011-05-23 19:22:23 223232 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
    2011-05-23 19:22:23 123904 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2011-05-23 16:03:18 -------- d-----w- c:\windows\pss
    2011-05-23 14:15:15 -------- d-----w- c:\users\arnie\appdata\roaming\Malwarebytes
    2011-05-23 14:15:03 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-05-23 14:15:02 -------- d-----w- c:\programdata\Malwarebytes
    2011-05-23 14:14:59 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-05-23 14:14:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-05-05 17:06:17 -------- d-----w- c:\program files\iPod
    2011-05-05 17:04:43 -------- d-----w- c:\program files\Bonjour
    .
    ==================== Find3M ====================
    .
    2011-04-14 20:28:30 134480 ----a-w- c:\windows\system32\drivers\AVGIDSDriver.sys
    2011-04-09 06:02:25 3967872 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2011-04-09 06:02:25 3912576 ----a-w- c:\windows\system32\ntoskrnl.exe
    2011-04-06 15:20:16 91424 ----a-w- c:\windows\system32\dnssd.dll
    2011-04-06 15:20:16 107808 ----a-w- c:\windows\system32\dns-sd.exe
    2011-04-04 23:59:56 297168 ----a-w- c:\windows\system32\drivers\avgtdix.sys
    2011-03-28 17:52:08 152576 ----a-w- c:\windows\system32\msclmd.dll
    2011-03-16 15:03:20 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
    2011-03-12 11:23:45 870912 ----a-w- c:\windows\system32\XpsPrint.dll
    2011-03-11 05:33:59 1164288 ----a-w- c:\windows\system32\mfc42u.dll
    2011-03-11 05:33:59 1137664 ----a-w- c:\windows\system32\mfc42.dll
    2011-03-08 05:28:29 741376 ----a-w- c:\windows\system32\inetcomm.dll
    2011-03-03 05:38:01 132608 ----a-w- c:\windows\system32\dnsrslvr.dll
    2011-03-03 05:36:16 28672 ----a-w- c:\windows\system32\dnscacheugc.exe
    2011-03-03 03:42:34 2333184 ----a-w- c:\windows\system32\win32k.sys
    2011-02-25 05:30:54 2616320 ----a-w- c:\windows\explorer.exe
    2011-02-24 05:38:54 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
    .
    ============= FINISH: 12:38:53.07 ===============
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_11-05-19.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 08/11/2009 23:46:05
    System Uptime: 24/05/2011 11:15:18 (1 hours ago)
    .
    Motherboard: Clevo Co. | | SANTA ROSA CRB
    Processor: Intel(R) Core(TM)2 Duo CPU T9300 @ 2.50GHz | U2E1 | 2401/mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 136 GiB total, 2.623 GiB free.
    D: is FIXED (NTFS) - 13 GiB total, 1.843 GiB free.
    E: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID:
    Description: Bluetooth Peripheral Device
    Device ID: BTHENUM\{00000000-DECA-FADE-DECA-DEAFDECACAFE}_VID&000205AC_PID&1292\7&2C71DF34&0&00243673109D_C00000000
    Manufacturer:
    Name: Bluetooth Peripheral Device
    PNP Device ID: BTHENUM\{00000000-DECA-FADE-DECA-DEAFDECACAFE}_VID&000205AC_PID&1292\7&2C71DF34&0&00243673109D_C00000000
    Service:
    .
    Class GUID:
    Description: Bluetooth Peripheral Device
    Device ID: BTHENUM\{00000002-0000-1000-8000-0002EE000002}_VID&00000000_PID&C039\7&2C71DF34&0&0018139BB4C0_C00000000
    Manufacturer:
    Name: Bluetooth Peripheral Device
    PNP Device ID: BTHENUM\{00000002-0000-1000-8000-0002EE000002}_VID&00000000_PID&C039\7&2C71DF34&0&0018139BB4C0_C00000000
    Service:
    .
    ==== System Restore Points ===================
    .
    RP234: 20/05/2011 23:12:05 - Installed AVG 2011
    RP235: 23/05/2011 20:25:50 - Windows Update
    .
    ==== Installed Programs ======================
    .
    .
    Update for Microsoft Office 2007 (KB2508958)
    AC3Filter 1.63b
    Adobe AIR
    Adobe Anchor Service CS4
    Adobe CMaps CS4
    Adobe Color - Photoshop Specific CS4
    Adobe Color EU Extra Settings CS4
    Adobe Color JA Extra Settings CS4
    Adobe Color NA Recommended Settings CS4
    Adobe Color Video Profiles CS CS4
    Adobe Community Help
    Adobe CSI CS4
    Adobe Default Language CS4
    Adobe Device Central CS4
    Adobe Drive CS4
    Adobe ExtendScript Toolkit CS4
    Adobe Extension Manager CS4
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Fonts All
    Adobe Linguistics CS4
    Adobe Media Player
    Adobe Output Module
    Adobe PDF Library Files CS4
    Adobe Photoshop CS4
    Adobe Photoshop CS4 Support
    Adobe Photoshop CS5
    Adobe Photoshop Lightroom 3.2
    Adobe Reader 9.4.4
    Adobe Search for Help
    Adobe Service Manager Extension
    Adobe Setup
    Adobe Type Support CS4
    Adobe Update Manager CS4
    Adobe WinSoft Linguistics Plugin
    Adobe XMP Panels CS4
    AdobeColorCommonSetCMYK
    AdobeColorCommonSetRGB
    Any DVD Converter Professional 4.1.8
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Ask Toolbar
    AVG 2011
    AVG PC Tuneup 2011
    Avi2Dvd 0.6.1
    AviSynth 2.5
    AVS Update Manager 1.0
    AVS Video Converter 7
    AVS4YOU Software Navigator 1.4
    B/W Styler 1.03
    Bing Maps 3D
    BitTorrent
    BitTorrentBar Toolbar
    Bonjour
    Camera Control Pro 2
    Canon Easy-PhotoPrint EX
    Canon Easy-PhotoPrint Pro
    Canon Easy-PhotoPrint Pro - Pro9000 series Extention Data
    Canon Easy-PhotoPrint Pro - Pro9500 series Extention Data
    Canon Easy-WebPrint EX
    Canon IJ Network Scan Utility
    Canon IJ Network Tool
    Canon Inkjet Printer/Scanner/Fax Extended Survey Program
    Canon MG8100 series MP Drivers
    Canon MG8100 series User Registration
    Canon MP Navigator EX 4.0
    Canon My Printer
    Canon Solution Menu EX
    Capture NX 2
    CD-LabelPrint
    Conduit Engine
    Connect
    ContrastMaster 1.03
    ConvertXtoDVD 3.5.3.139
    CopyTrans Suite Remove Only
    CoreAAC Audio Decoder (remove only)
    CoverPro
    D3DX10
    DVD Shrink 3.2
    EPSON Scan
    ffdshow [rev 3299] [2010-03-03]
    Fiddler2
    FocalBlade 1.06
    Free MKV to AVI Converter
    Free MKV Video2Dvd 3.11
    GetDataBack for NTFS
    GIMP 2.6.11
    Haali Media Splitter
    HyperCam 2
    ImgBurn
    ImTOO AVCHD Converter
    iPhone/iTouch/iPod to Computer Transfer 5.10.0
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 19
    Java(TM) 6 Update 3
    Junk Mail filter update
    Knoll Light Factory EZ Studio
    kuler
    LightMachine 1.03
    LimeWire PRO 5.3.6
    Linksys EasyLink Advisor
    Magic Bullet Looks Studio
    Malwarebytes' Anti-Malware
    Mesh Runtime
    Messenger Companion
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office Live Add-in 1.5
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook Connector
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Visio 2007 Service Pack 2 (SP2)
    Microsoft Office Visio MUI (English) 2007
    Microsoft Office Visio Professional 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Search Enhancement Pack
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft_VC80_ATL_x86
    Microsoft_VC80_CRT_x86
    Microsoft_VC80_MFC_x86
    Microsoft_VC80_MFCLOC_x86
    Microsoft_VC90_ATL_x86
    Microsoft_VC90_CRT_x86
    Microsoft_VC90_MFC_x86
    MobileMe Control Panel
    Motorola SM56 Speakerphone Modem
    Mozilla Firefox (3.6.13)
    MSVC80_x86_v2
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    NEF Codec
    Nikon File Uploader 2
    Nikon Message Center
    Nikon Message Center 2
    NVIDIA Drivers
    Opanda IExif 2.3
    PC Connectivity Solution
    PDF Settings CS4
    PDF Settings CS5
    Photoshop Camera Raw
    Picture Control Utility
    Pinnacle Studio 14
    Pinnacle Studio Ultimate Collection Plugins
    Pinnacle Studio Ultimate Plugins
    Pinnacle Video Driver
    Pinnacle Winter Pack
    Power Retouche Retouching Suite
    proDAD Heroglyph 2.5
    proDAD Vitascene 1.0
    Pure Networks Platform
    QuickTime
    Readon TV Movie Radio Player 7.2.0.0
    Realtek High Definition Audio Driver
    Recover My Files
    Red Giant ToonIt Studio
    Safari
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2288931)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB2466156)
    Security Update for 2007 Microsoft Office System (KB2509488)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft Office Access 2007 (KB979440)
    Security Update for Microsoft Office Excel 2007 (KB2464583)
    Security Update for Microsoft Office Groove 2007 (KB2494047)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
    Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
    Security Update for Microsoft Office Publisher 2007 (KB2284697)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio 2007 (KB2434737)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2344993)
    SopCast 3.2.4
    STK1135 PC Camera
    Studio 11 Bonus DVD
    Suite Shared Configuration CS4
    SyncBack
    System Requirements Lab
    Tansee iPhone Transfer Photo
    thechatterbox.cc Toolbar
    TomTom HOME 2.7.6.2056
    TomTom HOME Visual Studio Merge Modules
    Trapcode Particular Studio
    Uniblue DriverScanner 2009
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Infopath 2007 Help (KB963662)
    Update for Microsoft Office OneNote 2007 (KB980729)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Outlook 2007 (KB2509470)
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Visio 2007 Help (KB963666)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Update for Outlook 2007 Junk Email Filter (KB2536413)
    V Stuff Backup v1.6.2.18253
    ViewNX 2
    WD SmartWare
    WebEx Support Manager for Internet Explorer
    Windows 7 Upgrade Advisor
    Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Family Safety
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Mail
    Windows Live Mesh
    Windows Live Mesh ActiveX Control for Remote Connections
    Windows Live Messenger
    Windows Live Messenger Companion Core
    Windows Live MIME IFilter
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live Remote Client
    Windows Live Remote Client Resources
    Windows Live Remote Service
    Windows Live Remote Service Resources
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live Sync
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    WinRAR archiver
    Xvid 1.2.2 final uninstall
    YouTube Downloader 2.6.5
    .
    ==== Event Viewer Messages From Past Week ========
    .
    23/05/2011 14:44:41, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
    23/05/2011 14:16:22, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
    23/05/2011 14:16:22, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    23/05/2011 14:16:22, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    23/05/2011 14:15:07, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000d1 (0x00000000, 0x000000ff, 0x00000008, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 052311-64865-01.
    19/05/2011 15:47:31, Error: volsnap [35] - The shadow copies of volume C: were aborted because the shadow copy storage failed to grow.
    17/05/2011 19:42:43, Error: Microsoft-Windows-HAL [12] - The platform firmware has corrupted memory across the previous system power transition. Please check for updated firmware for your system.
    .
    ==== End Of File ===========================
    Everything went to plan and as instructed .The original Anti-malware scan and log was used and downloaded from your site thanks
     
  4. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    I see multiple different malware infections in these logs. We will need to look for their additional entries an remove them.
    =========================================
    You will need to uninstall AVG before running Combofix:
    Download AppRemover and save to the desktop
    1. Double click the setup on the desktop> click Next
    2. Select “Remove Security Application”
    3. Let scan finish to determine security apps
    4. A screen like below will appear:
      [​IMG]
    5. Click on Next after choice has been made
    6. Check the AVG program you want to uninstall
    7. After uninstall shows complete, follow online prompts to Exit the program.

    Temporary AV: Use one:
    Avira-AntiVir-Personal-Free-Antivirus
    Avast Free Version
    =============================
    Please note: If you have Combofix on the desktop already, please uninstall it. The download the current version and do the scan: Uninstall directions, [b[if needed:[/b]
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    ----------------------------------
    Download Combofix from HERE or HERE and save to the desktop
    • Double click combofix.exe & follow the prompts.
    • ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
      **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
      [​IMG]
    • .Click on Yes, to continue scanning for malware
    • .If Combofix asks you to update the program, allow
    • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • .Close any open browsers.
    • .Double click combofix.exe[​IMG] & follow the prompts to run.
    • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
    Re-enable your Antivirus software.
    Notes:
    1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
    3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
    4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
    =====================================
    Note: Please uninstall or disable BitTorrent and the BitTorrent Toolbar while I am helping you. Do not use it while we are cleaning as file sharing is a source of malware.
     
  5. Arnie

    Arnie TS Rookie Topic Starter

    combofix completed

    all went ok
    ComboFix 11-05-23.02 - Arnie 24/05/2011 20:30:28.1.2 - x86
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3070.1804 [GMT 1:00]
    Running from: c:\combofix\ComboFix.exe
    AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    C:\t.txt
    c:\users\Anja\Desktop\Internet Explorer.lnk
    c:\users\Anja\WINDOWS
    c:\users\Arnie\AppData\Roaming\inst.exe
    c:\users\Arnie\AppData\Roaming\SQLite3.dll
    c:\users\Public\RemoveSGP.exe
    c:\users\Public\RemoveSGP0.exe
    c:\users\Sam\Desktop\Internet Explorer.lnk
    c:\windows\system32\Q2uE6SE.vbs
    c:\windows\system32\sm56co85.txt
    c:\windows\system32\uD7mizs.vbs
    D:\Autorun.inf
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-04-24 to 2011-05-24 )))))))))))))))))))))))))))))))
    .
    .
    2011-05-24 19:41 . 2011-05-24 19:41 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-05-24 19:41 . 2011-05-24 19:41 -------- d-----w- c:\users\Anja\AppData\Local\temp
    2011-05-24 19:41 . 2011-05-24 19:42 -------- d-----w- c:\users\Arnie\AppData\Local\temp
    2011-05-24 19:11 . 2011-05-10 12:03 307928 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2011-05-24 19:11 . 2011-05-10 11:59 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2011-05-24 19:11 . 2011-05-10 11:59 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2011-05-24 19:11 . 2011-05-10 12:02 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2011-05-24 19:11 . 2011-05-10 12:03 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2011-05-24 19:10 . 2011-05-10 11:59 53592 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2011-05-24 19:09 . 2011-05-10 12:10 40112 ----a-w- c:\windows\avastSS.scr
    2011-05-24 19:09 . 2011-05-10 12:10 199304 ----a-w- c:\windows\system32\aswBoot.exe
    2011-05-24 19:09 . 2011-05-24 19:09 -------- d-----w- c:\programdata\AVAST Software
    2011-05-24 19:09 . 2011-05-24 19:09 -------- d-----w- c:\program files\AVAST Software
    2011-05-23 19:22 . 2011-02-23 04:47 223232 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
    2011-05-23 19:22 . 2011-02-23 04:47 96768 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
    2011-05-23 19:22 . 2011-02-23 04:47 123904 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2011-05-23 19:22 . 2011-02-23 04:47 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
    2011-05-23 17:33 . 2011-05-23 17:33 -------- d-----w- c:\users\Sam\AppData\Roaming\Malwarebytes
    2011-05-23 14:15 . 2011-05-23 14:15 -------- d-----w- c:\users\Arnie\AppData\Roaming\Malwarebytes
    2011-05-23 14:15 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-05-23 14:15 . 2011-05-23 14:15 -------- d-----w- c:\programdata\Malwarebytes
    2011-05-23 14:14 . 2011-05-24 10:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-05-23 14:14 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-05-05 17:06 . 2011-05-05 17:06 -------- d-----w- c:\program files\iPod
    2011-05-05 17:04 . 2011-05-05 17:04 -------- d-----w- c:\program files\Bonjour
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-04-06 15:20 . 2011-04-06 15:20 91424 ----a-w- c:\windows\system32\dnssd.dll
    2011-04-06 15:20 . 2011-04-06 15:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
    2011-03-28 18:24 . 2011-03-28 18:24 86528 ----a-w- c:\windows\system32\iesysprep.dll
    2011-03-28 18:24 . 2011-03-28 18:24 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
    2011-03-28 18:24 . 2011-03-28 18:24 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
    2011-03-28 18:24 . 2011-03-28 18:24 63488 ----a-w- c:\windows\system32\tdc.ocx
    2011-03-28 18:24 . 2011-03-28 18:24 48640 ----a-w- c:\windows\system32\mshtmler.dll
    2011-03-28 18:24 . 2011-03-28 18:24 367104 ----a-w- c:\windows\system32\html.iec
    2011-03-28 18:24 . 2011-03-28 18:24 161792 ----a-w- c:\windows\system32\msls31.dll
    2011-03-28 18:24 . 2011-03-28 18:24 1126912 ----a-w- c:\windows\system32\wininet.dll
    2011-03-28 18:24 . 2011-03-28 18:24 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
    2011-03-28 18:24 . 2011-03-28 18:24 74752 ----a-w- c:\windows\system32\iesetup.dll
    2011-03-28 18:24 . 2011-03-28 18:24 23552 ----a-w- c:\windows\system32\licmgr10.dll
    2011-03-28 18:24 . 2011-03-28 18:24 152064 ----a-w- c:\windows\system32\wextract.exe
    2011-03-28 18:24 . 2011-03-28 18:24 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
    2011-03-28 18:24 . 2011-03-28 18:24 420864 ----a-w- c:\windows\system32\vbscript.dll
    2011-03-28 18:24 . 2011-03-28 18:24 35840 ----a-w- c:\windows\system32\imgutil.dll
    2011-03-28 18:24 . 2011-03-28 18:24 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2011-03-28 18:24 . 2011-03-28 18:24 1797632 ----a-w- c:\windows\system32\jscript9.dll
    2011-03-28 18:24 . 2011-03-28 18:24 150528 ----a-w- c:\windows\system32\iexpress.exe
    2011-03-28 18:24 . 2011-03-28 18:24 142848 ----a-w- c:\windows\system32\ieUnatt.exe
    2011-03-28 18:24 . 2011-03-28 18:24 11776 ----a-w- c:\windows\system32\mshta.exe
    2011-03-28 18:24 . 2011-03-28 18:24 101888 ----a-w- c:\windows\system32\admparse.dll
    2011-03-28 17:52 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
    2011-03-21 18:49 . 2010-06-24 11:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{00b8e20c-5c71-4c2f-85a5-6ad541500df0}"= "c:\program files\thechatterbox.cc\tbthec.dll" [2010-03-17 2355224]
    .
    [HKEY_CLASSES_ROOT\clsid\{00b8e20c-5c71-4c2f-85a5-6ad541500df0}]
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00b8e20c-5c71-4c2f-85a5-6ad541500df0}]
    2010-03-17 14:45 2355224 ----a-w- c:\program files\thechatterbox.cc\tbthec.dll
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
    2010-10-18 12:26 3908192 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
    2009-09-02 14:56 1175944 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-09-02 1175944]
    "{00b8e20c-5c71-4c2f-85a5-6ad541500df0}"= "c:\program files\thechatterbox.cc\tbthec.dll" [2010-03-17 2355224]
    "{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-10-18 3908192]
    .
    [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
    [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
    .
    [HKEY_CLASSES_ROOT\clsid\{00b8e20c-5c71-4c2f-85a5-6ad541500df0}]
    .
    [HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-09-02 1175944]
    "{00B8E20C-5C71-4C2F-85A5-6AD541500DF0}"= "c:\program files\thechatterbox.cc\tbthec.dll" [2010-03-17 2355224]
    "{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-10-18 3908192]
    .
    [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
    [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
    .
    [HKEY_CLASSES_ROOT\clsid\{00b8e20c-5c71-4c2f-85a5-6ad541500df0}]
    .
    [HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2011-05-10 12:10 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-09-23 4240760]
    "TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2010-08-24 247144]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
    "AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-10-28 7862816]
    "USBToolTip"="c:\progra~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe" [2007-02-20 199752]
    "LaunchList"="c:\program files\Pinnacle\Studio 11\LaunchList.exe" [2007-01-04 50712]
    "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
    "AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
    "SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
    "AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 402432]
    "LELA"="c:\program files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe" [2009-05-20 221184]
    "nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-12-12 642856]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
    "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-24 2516296]
    "CanonSolutionMenuEx"="c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112]
    "IJNetworkScanUtility"="c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2010-03-02 140640]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-27 421160]
    "Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-05-10 3459712]
    .
    c:\users\Arnie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2010-11-8 3986944]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux1"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKLM\~\startupfolder\C:^Users^Arnie^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
    path=c:\users\Arnie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk
    backup=c:\windows\pss\LimeWire On Startup.lnk.Startup
    backupExtension=.Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nikon Message Center 2]
    2010-05-25 19:16 619008 ----a-w- c:\program files\Nikon\Nikon Message Center 2\NkMC2.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
    2009-10-26 14:46 1458176 ----a-w- c:\program files\Motorola\SMSERIAL\sm56hlpr.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\V Stuff Backup]
    2010-04-14 11:27 8263584 ----a-w- c:\program files\VirginMedia\V Stuff Backup\v_stuff_backup.exe
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 LinksysUpdater;Linksys Updater;c:\program files\Linksys\Linksys Updater\bin\LinksysUpdater.exe [2008-11-13 204800]
    R3 dc3d;MS Hardware Device Detection Driver (HID);c:\windows\system32\DRIVERS\dc3d.sys [2009-11-04 17408]
    R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [2010-07-29 25112]
    R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-11-22 1343400]
    R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2009-02-13 11520]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
    S1 aswSnx;aswSnx; [x]
    S1 aswSP;aswSP; [x]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-05-10 53592]
    S2 StkSSrv;Syntek AVStream USB2.0 WebCam Service;c:\windows\System32\StkCSrv.exe [2007-04-19 24576]
    S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2010-08-24 92008]
    S2 WDDMService;WDDMService;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2010-11-08 237568]
    S2 WDFME;WD File Management Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [2010-11-08 1060352]
    S2 WDSC;WD File Management Shadow Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [2010-11-08 484352]
    S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [2010-07-13 65640]
    S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-03-01 139776]
    S3 StkCMini;Syntek AVStream USB2.0 2M WebCam;c:\windows\system32\Drivers\StkCMini.sys [2007-04-19 1260288]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - ASWFSBLK
    *NewlyCreated* - ASWMONFLT
    *NewlyCreated* - ASWRDR
    *NewlyCreated* - ASWSNX
    *NewlyCreated* - ASWSP
    *NewlyCreated* - ASWTDI
    .
    .
    ------- Supplementary Scan -------
    .
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
    IE: Locate Spot on Map by GPS - c:\program files\Opanda\IExif 2.3\IExifMap.htm
    IE: View Exif/GPS/IPTC with IExif - c:\program files\Opanda\IExif 2.3\IExifCom.htm
    DPF: {A9CF3378-D60E-40A8-927D-7EA0D5B0AA98} - hxxp://webalbum.bonusprint.com/ukipc01/downloads//ImageUploader6.cab
    FF - ProfilePath - c:\users\Arnie\AppData\Roaming\Mozilla\Firefox\Profiles\g2748iod.default\
    FF - prefs.js: network.proxy.http - 127.0.0.1
    FF - prefs.js: network.proxy.http_port - 8888
    FF - prefs.js: network.proxy.ssl - 127.0.0.1
    FF - prefs.js: network.proxy.ssl_port - 8888
    FF - prefs.js: network.proxy.type - 4
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: FiddlerHook: fiddlerhook@fiddler2.com - c:\program files\Fiddler2\FiddlerHook
    FF - Ext: CyberShadow's Bejeweled Blitz 3 Cheat: bejeweledblitz3cheat@thecybershadow.net - %profile%\extensions\bejeweledblitz3cheat@thecybershadow.net
    .
    - - - - ORPHANS REMOVED - - - -
    .
    URLSearchHooks-{88c7f2aa-f93f-432c-8f0e-b7d85967a527} - (no file)
    URLSearchHooks-{E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - (no file)
    BHO-{18A35660-34BB-44AF-A3F3-16EFCB651E61} - c:\windows\System32\AuthFWSnapin32.dll
    WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    WebBrowser-{88C7F2AA-F93F-432C-8F0E-B7D85967A527} - (no file)
    HKCU-Run-AdobeBridge - (no file)
    HKLM-Run-FBSSA - c:\program files\SGPSA\ie3sh.exe
    AddRemove-{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1 - c:\program files\AVG\AVG PC Tuneup 2011\unins000.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    "MSCurrentCountry"=dword:000000b5
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2011-05-24 20:44:45
    ComboFix-quarantined-files.txt 2011-05-24 19:44
    .
    Pre-Run: 4,437,737,472 bytes free
    Post-Run: 4,431,757,312 bytes free
    .
    - - End Of File - - 3A421063D0ECAB715CC8DEA45F85A0E2
     
  6. Arnie

    Arnie TS Rookie Topic Starter

    anything else required?

    Thanks for all your help so far ,its made such a difference to my PC is there anything else i need to do?
     
  7. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    You're welcome- but we're not through yet. You system is full of malware entries. Additionally, the AskBar is multi-loading. I don't know of anyone who intentionally downloads this. But a note for you:
    When looking at ant download screen, look for pre-checked items like toolbars and browser helpwer ojects. Uncheck them before you download!

    Also, a deletion in Combofix suggest the use of an infected flash drive. If you have been using a flash drive-stop-until I have you disinfect it:

    Now for some housekeeping:
    Please run this Custom CFScript:

    • [1]. Close any open browsers.
      [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3]. Open notepad> click on Format> Uncheck 'Word Wrap'> and copy/paste the text in the code below into it:Be sure to scroll down to include ALL lines.
    Code:
    File::
    DDS::
    uSearch Page =
    uInternet Settings,ProxyOverride = *.local
    uURLSearchHooks: thechatterbox.cc Toolbar: {00b8e20c-5c71-4c2f-85a5-6ad541500df0} - c:\program files\thechatterbox.cc\tbthec.dll
    uURLSearchHooks: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - c:\program files\bittorrentbar\tbBitT.dll
    uURLSearchHooks: H - No File
    mURLSearchHooks: thechatterbox.cc Toolbar: {00b8e20c-5c71-4c2f-85a5-6ad541500df0} - c:\program files\thechatterbox.cc\tbthec.dll
    mURLSearchHooks: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - c:\program files\bittorrentbar\tbBitT.dll
    BHO: thechatterbox.cc Toolbar: {00b8e20c-5c71-4c2f-85a5-6ad541500df0} - c:\program files\thechatterbox.cc\tbthec.dll
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO: {18a35660-34bb-44af-a3f3-16efcb651e61} - c:\windows\system32\AuthFWSnapin32.dll
    BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
    BHO: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - c:\program files\bittorrentbar\tbBitT.dll
    BHO: BrowserHelper Class: {8a9d74f9-560b-4fe7-abeb-3b2e638e5cd6} - c:\program files\sgpsa\SearchAssistant.dll
    BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
    TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
    TB: thechatterbox.cc Toolbar: {00b8e20c-5c71-4c2f-85a5-6ad541500df0} - c:\program files\thechatterbox.cc\tbthec.dll
    TB: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - c:\program files\bittorrentbar\tbBitT.dll
    TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
    uRun: [BitTorrent] "c:\program files\bittorrent\BitTorrent.exe"
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
    DPF: {A9CF3378-D60E-40A8-927D-7EA0D5B0AA98} - hxxp://webalbum.bonusprint.com/ukipc01/downloads//ImageUploader6.cab
    DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
    
    
    Registry::
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{00b8e20c-5c71-4c2f-85a5-6ad541500df0}"=-.
    [HKEY_CLASSES_ROOT\clsid\{00b8e20c-5c71-4c2f-85a5-6ad541500df0}]
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00b8e20c-5c71-4c2f-85a5-6ad541500df0}].
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
    2010-10-18 12:26 3908192 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
    "{00b8e20c-5c71-4c2f-85a5-6ad541500df0}"=-
    "{30F9B915-B755-4826-820B-08FBA6BD249D}"=-.
    [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
    [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
    [HKEY_CLASSES_ROOT\clsid\{00b8e20c-5c71-4c2f-85a5-6ad541500df0}]
    [HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
    "{00B8E20C-5C71-4C2F-85A5-6AD541500DF0}"=-
    "{30F9B915-B755-4826-820B-08FBA6BD249D}"=-.
    [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
    [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
    [HKEY_CLASSES_ROOT\clsid\{00b8e20c-5c71-4c2f-85a5-6ad541500df0}]
    [HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
    [HKLM\~\startupfolder\C:^Users^Arnie^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
    path=-
    backup=-
    backupExtension=-
    
    
    Save this as CFScript.txt, in the same location as ComboFix.exe
    [​IMG]

    Referring to the picture above, drag CFScript into ComboFix.exe

    When finished, it will produce a log for you at C:\ComboFix.txt . Please paste in your next reply.
    ====================
    When you finish with this, go on to my next reply.
     
  8. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Update and rescan with Malwarebytes: Note: On the Scanner tab, make sure the the Perform Full Scan]option is selected and then click on the Scan button.

    When scan has finished, you will see this image:
    [​IMG]
    • Click on OK to close box and continue.
    • Click on the Show Results button.
    • Click on the Remove Selected button to remove all the listed malware.
    • At end of malware removal, the scan log opens and displays in Notepad. Be sure to click on Format> Uncheck Word Pad before copying the log to paste in your next reply.
    ==============================================
    Download Unhide.exe and save to the desktop.
    • Double-click on Unhide.exe icon to run the program.
    • This program will remove the +H, or hidden, attribute from all the files on your hard drives.
    ==============================================
    • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
      ESETOnlineScan
    • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
      [o] Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
      [o] Double click on the [​IMG]on your desktop.
    • Check 'Yes I accept terms of use.'
    • Click Start button
    • Accept any security warnings from your browser.
      [​IMG]
    • Uncheck 'Remove found threats'
    • Check 'Scan archives/
    • Leave remaining settings as is.
    • Press the Start button.
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
    • When the scan completes, press List of found threats
    • Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
    • Push the Back button
    • Push Finish

    NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
    =====================================
    In next reply, include the following:
    New log from Combofix after running the script
    New Malwarebytes log
    Eset Online Virus scan log.
     
  9. Arnie

    Arnie TS Rookie Topic Starter

    Combofix log latest

    ComboFix 11-05-22.01 - Arnie 26/05/2011 11:21:56.2.2 - x86
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3070.1960 [GMT 1:00]
    Running from: c:\users\Arnie\Desktop\ComboFix.exe
    Command switches used :: c:\users\Arnie\Desktop\CFScript.txt
    AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\program files\ask.com\GenericAskToolbar.dll
    c:\program files\conduitengine\ConduitEngine.dll
    c:\program files\thechatterbox.cc\tbthec.dll
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-04-26 to 2011-05-26 )))))))))))))))))))))))))))))))
    .
    .
    2011-05-26 10:29 . 2011-05-26 10:29 -------- d-----w- c:\users\Sam\AppData\Local\temp
    2011-05-26 10:29 . 2011-05-26 10:29 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-05-26 10:29 . 2011-05-26 10:29 -------- d-----w- c:\users\Anja\AppData\Local\temp
    2011-05-24 20:37 . 2011-04-14 04:08 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
    2011-05-24 20:37 . 2011-04-14 04:07 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-05-24 19:44 . 2011-05-26 10:30 -------- d-----w- c:\users\Arnie\AppData\Local\temp
    2011-05-24 19:11 . 2011-05-10 12:03 307928 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2011-05-24 19:11 . 2011-05-10 11:59 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2011-05-24 19:11 . 2011-05-10 11:59 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2011-05-24 19:11 . 2011-05-10 12:02 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2011-05-24 19:11 . 2011-05-10 12:03 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2011-05-24 19:10 . 2011-05-10 11:59 53592 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2011-05-24 19:09 . 2011-05-10 12:10 40112 ----a-w- c:\windows\avastSS.scr
    2011-05-24 19:09 . 2011-05-10 12:10 199304 ----a-w- c:\windows\system32\aswBoot.exe
    2011-05-24 19:09 . 2011-05-24 19:09 -------- d-----w- c:\programdata\AVAST Software
    2011-05-24 19:09 . 2011-05-24 19:09 -------- d-----w- c:\program files\AVAST Software
    2011-05-23 19:22 . 2011-02-23 04:47 223232 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
    2011-05-23 19:22 . 2011-02-23 04:47 96768 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
    2011-05-23 19:22 . 2011-02-23 04:47 123904 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2011-05-23 19:22 . 2011-02-23 04:47 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
    2011-05-23 17:33 . 2011-05-23 17:33 -------- d-----w- c:\users\Sam\AppData\Roaming\Malwarebytes
    2011-05-23 14:15 . 2011-05-23 14:15 -------- d-----w- c:\users\Arnie\AppData\Roaming\Malwarebytes
    2011-05-23 14:15 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-05-23 14:15 . 2011-05-23 14:15 -------- d-----w- c:\programdata\Malwarebytes
    2011-05-23 14:14 . 2011-05-24 10:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-05-23 14:14 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-05-05 17:06 . 2011-05-05 17:06 -------- d-----w- c:\program files\iPod
    2011-05-05 17:04 . 2011-05-05 17:04 -------- d-----w- c:\program files\Bonjour
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-05-25 10:58 . 2009-11-19 15:49 710976 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
    2011-04-06 15:20 . 2011-04-06 15:20 91424 ----a-w- c:\windows\system32\dnssd.dll
    2011-04-06 15:20 . 2011-04-06 15:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
    2011-03-28 18:24 . 2011-03-28 18:24 86528 ----a-w- c:\windows\system32\iesysprep.dll
    2011-03-28 18:24 . 2011-03-28 18:24 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
    2011-03-28 18:24 . 2011-03-28 18:24 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
    2011-03-28 18:24 . 2011-03-28 18:24 63488 ----a-w- c:\windows\system32\tdc.ocx
    2011-03-28 18:24 . 2011-03-28 18:24 48640 ----a-w- c:\windows\system32\mshtmler.dll
    2011-03-28 18:24 . 2011-03-28 18:24 367104 ----a-w- c:\windows\system32\html.iec
    2011-03-28 18:24 . 2011-03-28 18:24 161792 ----a-w- c:\windows\system32\msls31.dll
    2011-03-28 18:24 . 2011-03-28 18:24 1126912 ----a-w- c:\windows\system32\wininet.dll
    2011-03-28 18:24 . 2011-03-28 18:24 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
    2011-03-28 18:24 . 2011-03-28 18:24 74752 ----a-w- c:\windows\system32\iesetup.dll
    2011-03-28 18:24 . 2011-03-28 18:24 23552 ----a-w- c:\windows\system32\licmgr10.dll
    2011-03-28 18:24 . 2011-03-28 18:24 152064 ----a-w- c:\windows\system32\wextract.exe
    2011-03-28 18:24 . 2011-03-28 18:24 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
    2011-03-28 18:24 . 2011-03-28 18:24 420864 ----a-w- c:\windows\system32\vbscript.dll
    2011-03-28 18:24 . 2011-03-28 18:24 35840 ----a-w- c:\windows\system32\imgutil.dll
    2011-03-28 18:24 . 2011-03-28 18:24 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2011-03-28 18:24 . 2011-03-28 18:24 1797632 ----a-w- c:\windows\system32\jscript9.dll
    2011-03-28 18:24 . 2011-03-28 18:24 150528 ----a-w- c:\windows\system32\iexpress.exe
    2011-03-28 18:24 . 2011-03-28 18:24 142848 ----a-w- c:\windows\system32\ieUnatt.exe
    2011-03-28 18:24 . 2011-03-28 18:24 11776 ----a-w- c:\windows\system32\mshta.exe
    2011-03-28 18:24 . 2011-03-28 18:24 101888 ----a-w- c:\windows\system32\admparse.dll
    2011-03-28 17:52 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
    2011-03-21 18:49 . 2010-06-24 11:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2011-05-10 12:10 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-09-23 4240760]
    "TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2010-08-24 247144]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
    "AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-10-28 7862816]
    "USBToolTip"="c:\progra~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe" [2007-02-20 199752]
    "LaunchList"="c:\program files\Pinnacle\Studio 11\LaunchList.exe" [2007-01-04 50712]
    "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
    "AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
    "SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
    "AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 402432]
    "LELA"="c:\program files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe" [2009-05-20 221184]
    "nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-12-12 642856]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
    "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-24 2516296]
    "CanonSolutionMenuEx"="c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112]
    "IJNetworkScanUtility"="c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2010-03-02 140640]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-27 421160]
    "Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-05-10 3459712]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672]
    .
    c:\users\Arnie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2010-11-8 3986944]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux1"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKLM\~\startupfolder\C:^Users^Arnie^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
    path=c:\users\Arnie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk
    backup=c:\windows\pss\LimeWire On Startup.lnk.Startup
    backupExtension=.Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nikon Message Center 2]
    2010-05-25 19:16 619008 ----a-w- c:\program files\Nikon\Nikon Message Center 2\NkMC2.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
    2009-10-26 14:46 1458176 ----a-w- c:\program files\Motorola\SMSERIAL\sm56hlpr.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\V Stuff Backup]
    2010-04-14 11:27 8263584 ----a-w- c:\program files\VirginMedia\V Stuff Backup\v_stuff_backup.exe
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 LinksysUpdater;Linksys Updater;c:\program files\Linksys\Linksys Updater\bin\LinksysUpdater.exe [2008-11-13 204800]
    R3 dc3d;MS Hardware Device Detection Driver (HID);c:\windows\system32\DRIVERS\dc3d.sys [2009-11-04 17408]
    R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [2010-07-29 25112]
    R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-11-22 1343400]
    R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2009-02-13 11520]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
    S1 aswSnx;aswSnx; [x]
    S1 aswSP;aswSP; [x]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-05-10 53592]
    S2 StkSSrv;Syntek AVStream USB2.0 WebCam Service;c:\windows\System32\StkCSrv.exe [2007-04-19 24576]
    S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2010-08-24 92008]
    S2 WDDMService;WDDMService;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2010-11-08 237568]
    S2 WDFME;WD File Management Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [2010-11-08 1060352]
    S2 WDSC;WD File Management Shadow Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [2010-11-08 484352]
    S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [2010-07-13 65640]
    S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-03-01 139776]
    S3 StkCMini;Syntek AVStream USB2.0 2M WebCam;c:\windows\system32\Drivers\StkCMini.sys [2007-04-19 1260288]
    .
    .
    .
    ------- Supplementary Scan -------
    .
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
    IE: Locate Spot on Map by GPS - c:\program files\Opanda\IExif 2.3\IExifMap.htm
    IE: View Exif/GPS/IPTC with IExif - c:\program files\Opanda\IExif 2.3\IExifCom.htm
    FF - ProfilePath - c:\users\Arnie\AppData\Roaming\Mozilla\Firefox\Profiles\g2748iod.default\
    FF - prefs.js: network.proxy.http - 127.0.0.1
    FF - prefs.js: network.proxy.http_port - 8888
    FF - prefs.js: network.proxy.ssl - 127.0.0.1
    FF - prefs.js: network.proxy.ssl_port - 8888
    FF - prefs.js: network.proxy.type - 4
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: FiddlerHook: fiddlerhook@fiddler2.com - c:\program files\Fiddler2\FiddlerHook
    FF - Ext: CyberShadow's Bejeweled Blitz 3 Cheat: bejeweledblitz3cheat@thecybershadow.net - %profile%\extensions\bejeweledblitz3cheat@thecybershadow.net
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    "MSCurrentCountry"=dword:000000b5
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2011-05-26 11:31:32
    ComboFix-quarantined-files.txt 2011-05-26 10:31
    ComboFix2.txt 2011-05-24 19:44
    .
    Pre-Run: 17,496,764,416 bytes free
    Post-Run: 17,384,300,544 bytes free
    .
    - - End Of File - - 61D0C2C15AAC1A210E259D9DBCA93562
     
  10. Arnie

    Arnie TS Rookie Topic Starter

    Malwarebytes' Anti-Malware latest results

    Find below as requested

    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 6683

    Windows 6.1.7601 Service Pack 1
    Internet Explorer 9.0.8112.16421

    26/05/2011 13:46:18
    mbam-log-2011-05-26 (13-46-18).txt

    Scan type: Full scan (C:\|D:\|)
    Objects scanned: 506451
    Time elapsed: 2 hour(s), 5 minute(s), 13 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 2

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    c:\Users\Arnie\AppData\LocalLow\Sun\Java\deployment\cache\6.0\27\667700db-374a323b (Trojan.FakeMS.Gen) -> Quarantined and deleted successfully.
    c:\program files\Nikon\capture nx 2\patch-mpt[h33t][espns].exe (PUP.Hacktool.Patcher) -> Quarantined and deleted successfully.
     
  11. Arnie

    Arnie TS Rookie Topic Starter

    eset online scanner

    hi i am currently scanning with the eset online scanner in which it has found some threats but still has a way to go (its been running 2 hours and is at 44%) i have followed you instructions but you dont mention if i should delete these files at the end of the scan . Could you please let me know?
     
     
  12. Arnie

    Arnie TS Rookie Topic Starter

    ESET scan results

    Ok latest bit done please ignore my previous post
    C:\Users\Arnie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\77aee51b-41795947 a variant of Java/TrojanDownloader.OpenStream.NBV trojan
    C:\Users\Arnie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\77aee51b-5f3c3da5 a variant of Java/TrojanDownloader.OpenStream.NBV trojan
    C:\Users\Arnie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\39ef6df2-4600c75f multiple threats
    C:\Users\Arnie\AppData\Roaming\AVG\Rescue\PC Tuneup 2011\101124164716467.rsc multiple threats
    C:\Users\Arnie\Downloads\nikon\Nikon.Camera.Control.Pro.v2.8.0.Incl.KeyMaker·DVT\Welcome.exe NSIS/TrojanDownloader.FakeAlert.DK.Gen trojan
    C:\Users\Arnie\Downloads\Runtime GetDataBack for FAT - NTFS 4.22\data recover\Runtime.GetDataBack.v3.5\FAT\Keygen-BRD\Keygen.exe a variant of Win32/Keygen.AS application
     
  13. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    You are correct. You do not check for removal. I'll handle some of it and you'll do the rest:

    Most of the entries are in the Java cache, so it has to be emptied:
    1. . Click Start > Control Panel.
    2. . Double-click the Java icon [​IMG] in the Control Panel.
    3. . Click Settings under Temporary Internet Files.
      http://www.java.com/en/img/download/5000020303.jpg[/b]
      There are three options on this window to clear the cache.(Version dependent)
      [o]. Delete Files
      [o]. View Applications
      [o]. View Applets
      [*]. Click OK on Delete Temporary Files window.
      Note: This deletes all the Downloaded Applications and Applets from the cache.
      [*]. Click OK on Temporary Files Settings window. [/list]
      =======================================
      Please download [url=http://oldtimer.geekstogo.com/OTM.exe][b][color=blue]OTMovit by Old Timer[/b][/color][/url] and save to your desktop.
      [list]
      [*] Double-click [b]OTMoveIt3.exe[/b] to run it. (Vista users, please right click on [b]OTMoveit3.exe[/b] and select "Run as an [b]Administrator[/b]")
      [*][b]Copy the file paths below to the clipboard[/b] by highlighting [b]ALL[/b] of them and [b]pressing CTRL + C[/b] (or, after highlighting, right-click and choose [b]Copy[/b]):
      [CODE]
      :Files
      C:\Users\Arnie\Downloads\nikon\Nikon.Camera.Control.Pro.v2.8.0.Incl.KeyMake r·DVT\Welcome.exe
      C:\Users\Arnie\Downloads\Runtime GetDataBack for FAT - NTFS 4.22\data recover\Runtime.GetDataBack.v3.5\FAT\Keygen-BRD\Keygen.exe
      :Commands
      [purity]
      [emptytemp]
      [start explorer]
      [Reboot][/CODE]
      [*] Return to OTMoveIt3, right click in the [b]"Paste Instructions for Items to be Moved"[/b] window and choose [b]Paste[/b].
      [*]Click the red [b]Moveit![/b] button.
      [*]A log of files and folders moved will be created in the [b]c:\_OTMoveIt\MovedFiles[/b] folder in the form of Date and Time ([b]mmddyyyy_hhmmss.log[/b]). Please open this log in Notepad and post its contents in your next reply.
      [*]Close [b]OTMoveIt3[/b]
      [/list]If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose [b]Yes.[/b]
      ==========================================
      These programs were pirated:
      [b]Runtime.GetDataBack.v3.5\FAT[/b]
      Nikon.Camera.Control.Pro.v2.8.0.Incl.KeyMake r·DVT\[/b]
      Please remove to continue support.
      The thing about piracy is that you don't get something for nothing
      ===================================
      Please Download [url=http://downloads.malwareremoval.com/CKScanner.exe][b][color=blue]CKScanner[/b][/color][/url] and save to your desktop
      [list]
      [*] Double click [b]CKScanner.exe[/b] and click [b]Search For Files[/b].
      [*] When the cursor hourglass disappears, click [b]Save List To File.[/b]
      [*] A message box will verify that the file is saved.
      [*] Double-click the [b]CKFiles.txt icon[/b] on your desktop and copy/paste the contents
      in your next reply. [/list]
     
  14. Arnie

    Arnie TS Rookie Topic Starter

    All done and results below thanks

    All processes killed
    ========== FILES ==========
    File/Folder C:\Users\Arnie\Downloads\nikon\Nikon.Camera.Control.Pro.v2.8.0.Incl.KeyMake r·DVT\Welcome.exe not found.
    C:\Users\Arnie\Downloads\Runtime GetDataBack for FAT - NTFS 4.22\data recover\Runtime.GetDataBack.v3.5\FAT\Keygen-BRD\Keygen.exe moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Anja
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 429753376 bytes
    ->Java cache emptied: 37967878 bytes
    ->Flash cache emptied: 24149 bytes

    User: Arnie
    ->Temp folder emptied: 840794 bytes
    ->Temporary Internet Files folder emptied: 195924056 bytes
    ->Java cache emptied: 11717 bytes
    ->FireFox cache emptied: 105802892 bytes
    ->Apple Safari cache emptied: 8549376 bytes
    ->Flash cache emptied: 2934760 bytes

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes
    ->Flash cache emptied: 41620 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    User: Sam
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 53563912 bytes
    ->Java cache emptied: 13690431 bytes
    ->Flash cache emptied: 4501 bytes

    User: UpdatusUser
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes
    ->Flash cache emptied: 41620 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 200704 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 277026 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 1752345 bytes

    Total Files Cleaned = 812.00 mb


    OTM by OldTimer - Version 3.1.18.0 log created on 05282011_214417

    Files moved on Reboot...
    File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

    Registry entries deleted on Reboot...

    CKScanner - Additional Security Risks - These are not necessarily bad
    c:\users\arnie\downloads\getdataback for fat ntfs v4.00 portable\crack\fat\gdb.exe
    c:\users\arnie\downloads\getdataback for fat ntfs v4.00 portable\crack\fat\license.reg
    c:\users\arnie\downloads\getdataback for fat ntfs v4.00 portable\crack\ntfs\gdbnt.exe
    c:\users\arnie\downloads\getdataback for fat ntfs v4.00 portable\crack\ntfs\license.reg
    c:\users\arnie\downloads\nikon\nikon pro\crack.rar
    c:\users\arnie\downloads\runtime getdataback for fat - ntfs 4.22\getdataback v2.31 cracked - for work.zip
    c:\users\arnie\downloads\runtime getdataback for fat - ntfs 4.22\data recover\runtime.getdataback.v3.5\fat\keygen-brd\brd.nfo
    c:\users\arnie\downloads\runtime getdataback for fat - ntfs 4.22\data recover\runtime.getdataback.v3.5\ntfs\keygen-brd\brd.nfo
    c:\users\arnie\favorites\bluesoelil 5.0 driver with crack keygen at rapidshare.url
    c:\users\arnie\favorites\underground.access - select server to download bluesoelil 5.0 driver with crack keygen.url
    c:\users\public\documents\pinnacle\content\hollywoodfx\effects\65 - patriotic\firecracker.hfx
    c:\users\public\documents\pinnacle\content\hollywoodfx\effects\70 - foods\crackers.hfx
    c:\users\public\documents\pinnacle\content\hollywoodfx\objects\food\cracker.hfo
    c:\users\public\documents\pinnacle\content\hollywoodfx\objects\patriotic\firecracker bam.hfo
    c:\users\public\documents\pinnacle\content\hollywoodfx\objects\patriotic\firecracker bottom.hfo
    c:\users\public\documents\pinnacle\content\hollywoodfx\objects\patriotic\firecracker top.hfo
    c:\_otm\movedfiles\05282011_214417\c_users\arnie\downloads\runtime getdataback for fat - ntfs 4.22\data recover\runtime.getdataback.v3.5\fat\keygen-brd\keygen.exe
    scanner sequence 3.ZZ.11
    ----- EOF -----
     
  15. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    As long as you continue to use keygens to pirate software, you will continue to get malware.

    Open Firefox:
    • Click on Tools> Options
    • Select the Advanced tab
    • Click the Network subtab> then click Settings button in the Connections area.
    • Check No proxy if it isn't checked. See image below:
      [​IMG]
      Image courtesy Kent State
    • Click OK to close "Connection Settings"
    • Click OKto close Options" window.
    • This should removing the proxy settings for Firefox

    What is the status of the system now?
     
  16. Arnie

    Arnie TS Rookie Topic Starter

    I have done what you said although i will be removing firefox as i rarely use it any more.
    As for the key generated software i guess ive learnt my lesson and i hear what you say.
    As it stands and with the help i have recieved from you my pc is running great again .
    What else do i need to do ? i recall earlier you mentioning an infected flash drive .
    how do i clean the drive?
    and what free anti virus do you recommend as i now have avast on here but before i had AVG? which is the better one?

    Thanks again
     
  17. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    You're welcome. Please consider removing the software you stole And consider paying for download in the future.

    There are 2 free, good antivirus program we recommend:
    Avira-AntiVir-Personal-Free-Antivirus
    Avast-Free Antivirus.
    ===============================================
    Removing all of the tools we used and the files and folders they created
    • Uninstall ComboFix and all Backups of the files it deleted
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    • Download OTCleanIt by OldTimer and save it to your Desktop.
    • Double click OTCleanIt.exe.
    • Click the CleanUp! button.
    • If you are prompted to Reboot during the cleanup, select Yes.
    • The tool will delete itself once it finishes.
      Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.
      Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.
    • You should now set a new Restore Point and remove the old restore points to prevent infection from any previous Restore Points.
    • Click on Start> right click on Computer> Properties
    • Select System Protection
    • Click on the Create button (near bottom)
    • Type a name for the Restore Point
    • Click on Create again to save the restore point.
    • Deleting all but the most recent System Protection point in Windows 7
    • Click Start> Computer> right click the C Drive and choose Properties> enter.
    • Click Disk Cleanup from there.
      [​IMG]
    • Click Clean up system files
      This restarts Disk Cleanup to run in elevated mode.
    • Click the More Options tab
      [​IMG]
    • Click the Clean up under System Restore and Shadow Copies.
    • Click OK.
    • You will get a confirmation screen> Just click Delete.
    • Click OK on the Disk Cleanup Screen.
    • Click Delete Files on the Confirmation screen.
    [​IMG]
    It will run the Disk Cleanup utility along with other selections if you have chosen any. (if you had a lot System Restore points, you will see a significant change in the free space in C drive)
    Images courtesy lytebyte.

    Empty the Recycle Bin
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.