TechSpot

Trojan horse downloader.generic11.IQQ

By banana1
Mar 29, 2011
  1. Hi again everyone, I was here not two weeks ago having a crisis with the AVGheur scare that their update seemed to do to alot of people. Well unfortunately it looks like this time I have managed to get a trojan somehow, I am alittle freaked but I did the step by step again and here are the results. I really am sorry to be a pain. I try to keep my PC clean as a whistle and for 2 years now it has been sigh. Anyway I would greatly appreciate some assistance as I dont know what to do.

    I am not having any system slow down, hijacking of the browser or abnormal cpu usage or any other symptoms by the way.

    It detected the above in my steam\vaurek\bloody good time\bin\unitlib.dll

    I assume this got in sunday night and when i came along monday morning I ran a scan as always with AVG updated and it popped up. So I sent it to quarantine then sent it for analysis to AVG who confirmed it was a legitimate threat. I assumed it was another false but well.. its not. I deleted the file not long ago with AVG, ran multiple scans since with that and Malwarebytes all come up clean so far.

    I'm rambling sorry,

    Malwarebytes log

    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 6199

    Windows 6.0.6001 Service Pack 1
    Internet Explorer 7.0.6001.18000

    29/03/2011 16:42:58
    mbam-log-2011-03-29 (16-42-58).txt

    Scan type: Quick scan
    Objects scanned: 169800
    Time elapsed: 2 minute(s), 36 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)




    DDS attach log
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_11-03-05.01)
    .
    Microsoft® Windows Vista™ Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 28/03/2009 12:39:21
    System Uptime: 29/03/2011 16:35:15 (1 hours ago)
    .
    Motherboard: Packard Bell | | FMCP7AM
    Processor: Intel(R) Core(TM)2 Quad CPU Q8200 @ 2.33GHz | CPU 1 | 2336/333mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 582 GiB total, 95.463 GiB free.
    D: is CDROM (UDF)
    E: is Removable
    F: is Removable
    G: is Removable
    H: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP661: 25/03/2011 16:19:28 - Installed DirectX
    .
    ==== Installed Programs ======================
    .
    Adobe Reader 9.4.3
    Alien Swarm
    Amazon Kindle For PC
    Apple Application Support
    Crysis 2
    Crysis(R)
    Dead Rising 2
    Dream Experimental v0.5
    Elite Force RPG-X v2.0
    Email Scrabble .Net
    Far Cry Demo
    Google Chrome
    Hitman: Blood Money
    Ivellon 1.5 English
    Java Auto Updater
    Java(TM) 6 Update 24
    Just Cause 2
    Lara Croft and the Guardian of Light
    Magicka - Demo
    Malwarebytes' Anti-Malware
    Mass Effect 2
    Medieval II: Total War
    Medieval II: Total War Kingdoms
    Metro 2033
    Microsoft Chart Controls for Microsoft .NET Framework 3.5
    Microsoft Office Home and Student 2007
    Microsoft Silverlight
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Works
    Microsoft XNA Framework Redistributable 3.1
    Need for Speed(TM) Hot Pursuit
    NVIDIA PhysX
    Oblivion mod manager 1.1.12
    OpenAL
    Pando Media Booster
    QuickTime
    RIFT
    Safari
    Skype™ 5.1
    Star Trek Voyager Elite Force
    Titan Quest
    Titan Quest: Immortal Throne
    Tom Clancy's Splinter Cell Conviction
    Ubisoft Game Launcher
    Unity Web Player
    Warhammer 40,000: Dawn of War Gold Edition
    Warhammer 40,000: Dawn of War – Dark Crusade
    Warhammer 40,000: Dawn of War – Winter Assault
    Warhammer® 40,000®: Dawn of War® II – Retribution™
    Warhammer® 40,000™: Dawn of War® II
    Warhammer® 40,000™: Dawn of War® II – Chaos Rising™
    .
    ==== Event Viewer Messages From Past Week ========
    .
    25/03/2011 16:20:04, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 82.37.235.68 for the Network Card with network address 0022683BDD18 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
    25/03/2011 16:20:01, Error: volsnap [20] - The shadow copies of volume C: were aborted because of a failed free space computation.
    25/03/2011 15:07:28, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
    25/03/2011 15:07:28, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    25/03/2011 15:07:28, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    22/03/2011 18:41:49, Error: EventLog [6008] - The previous system shutdown at 18:40:12 on 22/03/2011 was unexpected.
    22/03/2011 17:26:47, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Beep
    .
    ==== End Of File ===========================



    Other DDS log
    .
    DDS (Ver_11-03-05.01) - NTFS_AMD64
    Run by Christopher at 17:23:14.07 on 29/03/2011
    Internet Explorer: 7.0.6001.18000
    Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.4094.2352 [GMT 1:00]
    .
    AV: AVG Internet Security 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Internet Security 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: AVG Firewall *Enabled* {621CC794-9486-F902-D092-0484E8EA828B}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\svchost.exe -k apphost
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files (x86)\AVG\AVG10\avgfws.exe
    C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
    C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    C:\Program Files\Packard Bell\Packard Bell Recovery Management\Service\ETService.exe
    C:\Windows\system32\HidService.exe
    C:\Program Files\Microsoft LifeCam\MSCamS64.exe
    C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
    C:\Windows\SysWOW64\PnkBstrA.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files (x86)\Packard Bell\SrvCDEject.exe
    C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\system32\svchost.exe -k iissvcs
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
    C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
    C:\Windows\System32\nvraidservice.exe
    C:\Windows\RAVCpl64.exe
    C:\ACER\Preload\Autorun\DRV\Fiji Keyboard\ABoard.exe
    C:\Program Files\PACKARD BELL\SetUpMyPC\SmpSys.exe
    C:\Windows\ehome\ehtray.exe
    C:\ACER\Preload\Autorun\DRV\Fiji Keyboard\AOSD.exe
    C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files (x86)\AVG\AVG10\avgtray.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\System32\mobsync.exe
    C:\Windows\splwow64.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
    C:\Program Files (x86)\AVG\AVG10\avgemca.exe
    C:\Program Files (x86)\AVG\AVG10\avgnsa.exe
    C:\Program Files (x86)\AVG\AVG10\avgchsva.exe
    C:\Program Files (x86)\AVG\AVG10\avgrsa.exe
    C:\Program Files (x86)\AVG\AVG10\avgcsrva.exe
    C:\Program Files (x86)\AVG\AVG10\avgam.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Users\Christopher\Desktop\dds.scr
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://bridgecommander.filefront.com/
    uInternet Settings,ProxyOverride = *.local
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
    uRun: [SmpcSys] C:\Program Files\PACKARD BELL\SetUpMyPC\SmpSys.exe
    uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    uRun: [Google Update] "C:\Users\Christopher\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    mRun: [SmpcSys] C:\Program Files\Packard Bell\SetupMyPC\SmpSys.exe
    mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
    mRun: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
    mRun: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
    IE: Free YouTube Download - C:\Users\Christopher\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm
    IE: Free YouTube to Mp3 Converter - C:\Users\Christopher\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
    DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll
    BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
    mRun-x64: [NVRaidService] C:\Windows\system32\nvraidservice.exe
    mRun-x64: [RtHDVCpl] RAVCpl64.exe
    mRun-x64: [Skytel] Skytel.exe
    mRun-x64: [FijiKeyboard] c:\Acer\Preload\Autorun\DRV\FIJI Keyboard\ABoard.exe
    Hosts: 127.0.0.1 www.spywareinfo.com
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSEH;AVGIDSEH;C:\Windows\System32\drivers\AVGIDSEH.sys [2010-9-13 27216]
    R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2010-9-7 30288]
    R0 nvamacpi;Nvidia Away Mode System;C:\Windows\System32\drivers\nvamacpi.sys [2009-1-11 28192]
    R1 Avgfwfd;AVG network filter service;C:\Windows\System32\drivers\avgfwd6a.sys [2010-7-12 57696]
    R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2010-12-8 308304]
    R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2010-9-7 41040]
    R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2010-11-12 382032]
    R2 avgfws;AVG Firewall;C:\Program Files (x86)\AVG\AVG10\avgfws.exe [2010-11-22 3226632]
    R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2011-1-6 6128720]
    R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [2010-10-22 265400]
    R2 ETService;Empowering Technology Service;C:\Program Files\PACKARD BELL\Packard Bell Recovery Management\Service\ETService.exe [2009-3-28 24576]
    R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-4-6 1153368]
    R2 SrvCDEject;SrvCDEject;C:\Program Files (x86)\Packard Bell\SrvCDEject.exe [2009-3-28 600576]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-7-9 248936]
    R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\AVGIDSDriver.sys [2010-8-3 133712]
    R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\System32\drivers\AVGIDSFilter.sys [2010-8-3 35920]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 gupdate1c9d4b82f48e567;Google Update Service (gupdate1c9d4b82f48e567);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-5-14 133104]
    S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe [2009-12-15 25832]
    S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2009-8-18 1038088]
    S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;C:\Windows\System32\drivers\nx6000.sys [2010-3-12 36720]
    S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-21 19968]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2011-2-18 51712]
    S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
    S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-3-28 93184]
    .
    =============== Created Last 30 ================
    .
    2073-04-13 17:17:26 203576 ------w- C:\Program Files (x86)\Microsoft Games\Age of Empires III\autopatcher2.exe
    2011-03-18 20:36:00 -------- d-----w- C:\Program Files\iPod
    2011-03-18 20:35:58 -------- d-----w- C:\Program Files\iTunes
    2011-03-18 20:35:58 -------- d-----w- C:\Program Files (x86)\iTunes
    2011-03-14 18:13:56 -------- d-----w- C:\Users\CHRIST~1\AppData\Roaming\.minecraft
    2011-03-14 18:06:32 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    2011-03-13 16:22:55 -------- d-----w- C:\Users\CHRIST~1\AppData\Roaming\Rift
    2011-03-12 21:21:32 -------- d-----w- C:\Users\CHRIST~1\AppData\Roaming\AVG10
    2011-03-12 21:20:30 -------- d-----w- C:\Windows\SysWow64\drivers\AVG
    2011-03-12 21:18:25 -------- d-----w- C:\Windows\System32\drivers\AVG
    2011-03-12 21:18:25 -------- d-----w- C:\PROGRA~3\AVG10
    2011-03-12 21:15:27 -------- d-----w- C:\Program Files (x86)\AVG
    2011-03-12 21:09:09 -------- d-sh--w- C:\$RECYCLE.BIN
    2011-03-12 18:40:26 -------- d-----w- C:\Users\CHRIST~1\AppData\Local\temp
    2011-03-12 18:28:54 98816 ----a-w- C:\Windows\sed.exe
    2011-03-12 18:28:54 89088 ----a-w- C:\Windows\MBR.exe
    2011-03-12 18:28:54 256512 ----a-w- C:\Windows\PEV.exe
    2011-03-12 18:28:54 161792 ----a-w- C:\Windows\SWREG.exe
    2011-03-12 12:28:40 103864 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
    2011-03-09 17:21:11 2424320 ----a-w- C:\Windows\System32\mstscax.dll
    2011-03-09 17:21:10 730624 ----a-w- C:\Windows\System32\mstsc.exe
    2011-03-09 17:21:10 677888 ----a-w- C:\Windows\SysWow64\mstsc.exe
    2011-03-09 17:21:10 2067456 ----a-w- C:\Windows\SysWow64\mstscax.dll
    2011-03-09 17:21:09 560128 ----a-w- C:\Windows\System32\EncDec.dll
    2011-03-09 17:21:09 429056 ----a-w- C:\Windows\SysWow64\EncDec.dll
    2011-03-09 17:21:09 416768 ----a-w- C:\Windows\System32\sbe.dll
    2011-03-09 17:21:09 323072 ----a-w- C:\Windows\SysWow64\sbe.dll
    2011-03-09 17:21:09 226816 ----a-w- C:\Windows\System32\mpg2splt.ax
    2011-03-09 17:21:09 210944 ----a-w- C:\Windows\System32\sbeio.dll
    2011-03-09 17:21:09 177664 ----a-w- C:\Windows\SysWow64\mpg2splt.ax
    2011-03-09 17:21:09 153088 ----a-w- C:\Windows\SysWow64\sbeio.dll
    2011-03-08 21:06:28 -------- d-----w- C:\Users\CHRIST~1\AppData\Roaming\Malwarebytes
    2011-03-08 21:06:20 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
    2011-03-08 21:06:19 -------- d-----w- C:\PROGRA~3\Malwarebytes
    2011-03-08 21:06:16 -------- d-----w- C:\Program Files (x86)\MALWAREBYTES ANTI-MALWARE
    2011-03-08 21:06:15 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2011-03-08 21:06:15 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2011-03-04 20:39:50 -------- d-----w- C:\Program Files\Bonjour
    2011-03-04 20:39:50 -------- d-----w- C:\Program Files (x86)\Bonjour
    .
    ==================== Find3M ====================
    .
    2011-02-26 01:19:32 41872 ----a-w- C:\Windows\SysWow64\xfcodec.dll
    2011-02-26 01:19:32 27536 ----a-w- C:\Windows\System32\xfcodec64.dll
    2011-02-18 16:36:58 51712 ----a-w- C:\Windows\System32\drivers\usbaapl64.sys
    2011-02-18 16:36:58 4184352 ----a-w- C:\Windows\System32\usbaaplrc.dll
    2011-02-16 19:07:10 270904 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
    2011-02-16 19:07:10 270904 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
    2011-02-16 19:05:54 215128 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
    2011-01-08 09:31:03 48128 ----a-w- C:\Windows\System32\atmlib.dll
    2011-01-08 07:50:00 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
    2011-01-08 06:17:24 367104 ----a-w- C:\Windows\System32\atmfd.dll
    2011-01-08 05:57:10 292352 ----a-w- C:\Windows\SysWow64\atmfd.dll
    2010-12-31 13:46:25 2755584 ----a-w- C:\Windows\System32\win32k.sys
    .
    ============= FINISH: 17:23:49.28 ===============


    I ran GMER too and that log didn't have anything in it at all. Sorry to be a bother everyone.
     
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Please go ahead and run the following> be patient! We're a bit stacked up!

    Run Eset NOD32 Online AntiVirus scan HERE
    1. Tick the box next to YES, I accept the Terms of Use.
    2. Click Start
    3. When asked, allow the Active X control to install
    4. Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
    5. Click Start
    6. Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
    7. Click Scan
    8. Wait for the scan to finish
    9. Click on "Copy to Clipboard"> (you won't see the 'clipboard')
    10. Click anywhere in the post where you want the logs to go, the do Ctrl V. The log will be sent from the clipboard and pasted in the post.
    11. Re-enable your Antivirus software.
      NOTE: If you forget to copy to the clipboard you can find the log here:
      C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.
    ======================================
    Download Combofix from HERE or HERE and save to the desktop
    • Double click combofix.exe & follow the prompts.
    • ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
      **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
    • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
      [​IMG]
    • .Click on Yes, to continue scanning for malware
    • .If Combofix asks you to update the program, allow
    • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • .Close any open browsers.
    • .Double click combofix.exe[​IMG] & follow the prompts to run.
    • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
    Re-enable your Antivirus software.
    Notes:
    1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
    3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
    4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
     
  3. banana1

    banana1 TS Rookie Topic Starter Posts: 36

    hi, sorry for the reply taking a while, just got on.

    I'm going to have to uninstall AVG to run combofix ok? I'll reinstall it after. Anyway here's some other logs before I do that.

    ESET Log

    ESETSmartInstaller@High as downloader log:
    all ok
    # version=7
    # OnlineScannerApp.exe=1.0.0.1
    # OnlineScanner.ocx=1.0.0.6425
    # api_version=3.0.2
    # EOSSerial=d052e692bbe65f44bed3600390d8a069
    # end=finished
    # remove_checked=false
    # archives_checked=false
    # unwanted_checked=true
    # unsafe_checked=false
    # antistealth_checked=true
    # utc_time=2011-03-30 02:08:12
    # local_time=2011-03-30 03:08:12 (+0000, GMT Daylight Time)
    # country="United Kingdom"
    # lang=1033
    # osver=6.0.6001 NT Service Pack 1
    # compatibility_mode=512 16777215 100 0 0 0 0 0
    # compatibility_mode=1032 16777213 100 89 0 44776849 0 0
    # compatibility_mode=5892 16776574 100 100 12171135 139010363 0 0
    # compatibility_mode=8192 67108863 100 0 120 120 0 0
    # scanned=491446
    # found=0
    # cleaned=0
    # scan_time=7635



    I also ran another malwarebytes and AVG scan both programs updated.

    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 6216

    Windows 6.0.6001 Service Pack 1
    Internet Explorer 7.0.6001.18000

    30/03/2011 15:21:05
    mbam-log-2011-03-30 (15-21-05).txt

    Scan type: Quick scan
    Objects scanned: 170166
    Time elapsed: 5 minute(s), 28 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)


    AVG Scan


    Scan "Whole computer scan" completed.
    No infection was found during this scan
    Folders selected for scanning:;"Whole computer scan"
    Scan started:;"30 March 2011, 15:20:30"
    Scan finished:;"30 March 2011, 15:48:40 (28 minute(s) 9 second(s))"
    Total object scanned:;"3546488"
    User who launched the scan:;"Christopher"



    I'll go uninstall AVG and then run combofix and post the log asap. Does it look good though so far you think?
     
  4. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Should have give you this to remove AVG:
    Download AppRemover and save to the desktop]
    How to Use AppRemover to Remove a Complete Security Application
    1. Double click the setup on the desktop> click Next
    2. Select “Remove Security Application”
    3. Let scan finish to determine security apps
    4. A screen like below will appear:
      http://www.appremover.com/about/chooseuninstall.gif/image_preview[/img[*] Click on [b]Next[/b] after choice has been made
      [*] Check the AVG program you want to uninstall
      [*] After uninstall shows complete, follow online prompts to Exit the program.[/list]

      Temporary AV:
      [url=http://download.cnet.com/Avira-AntiVir-Personal-Free-Antivirus/3000-2239_4-10322935.html?part=dl-10322935&subj=dl&tag=button&cdlPid=11012914][b][color=blue]Avira-AntiVir-Personal-Free-Antivirus[/b][/color][/url]
      [URL="http://download.cnet.com/Avast-Free-Antivirus/3000-2239_4-10019223.html?part=dl-85737&subj=dl&tag=button"][B][COLOR="RoyalBlue"]Avast Free Version[/COLOR][/B][/URL]
     
  5. banana1

    banana1 TS Rookie Topic Starter Posts: 36

    It's alright, I knew about the remover.

    Heres the combofix log for you good sir :) *crosses fingers*


    ComboFix 11-03-29.06 - Christopher 30/03/2011 16:40:09.2.4 - x64
    Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.4094.2951 [GMT 1:00]
    Running from: c:\users\Christopher\Desktop\ComboFix.exe
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    C:\Install.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-02-28 to 2011-03-30 )))))))))))))))))))))))))))))))
    .
    .
    2073-04-13 17:17 . 2006-11-21 20:48 203576 ------w- c:\program files (x86)\Microsoft Games\Age of Empires III\autopatcher2.exe
    2011-03-30 15:50 . 2011-03-30 15:50 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-03-30 15:50 . 2011-03-30 15:50 -------- d-----w- c:\users\Christopher\AppData\Local\temp
    2011-03-30 11:58 . 2011-03-30 11:58 -------- d-----w- c:\program files (x86)\ESET
    2011-03-18 20:36 . 2011-03-18 20:36 -------- d-----w- c:\program files\iPod
    2011-03-18 20:35 . 2011-03-18 20:36 -------- d-----w- c:\program files\iTunes
    2011-03-18 20:35 . 2011-03-18 20:36 -------- d-----w- c:\program files (x86)\iTunes
    2011-03-14 18:13 . 2011-03-14 19:39 -------- d-----w- c:\users\Christopher\AppData\Roaming\.minecraft
    2011-03-14 18:06 . 2011-03-14 18:06 -------- d-----w- c:\program files (x86)\Common Files\Java
    2011-03-14 18:06 . 2011-03-14 18:06 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2011-03-14 18:06 . 2011-03-14 18:06 -------- d-----w- c:\program files (x86)\Java
    2011-03-14 18:05 . 2011-03-14 18:05 -------- d-----w- c:\programdata\McAfee
    2011-03-13 16:22 . 2011-03-19 16:28 -------- d-----w- c:\users\Christopher\AppData\Roaming\Rift
    2011-03-12 21:21 . 2011-03-12 21:21 -------- d-----w- c:\users\Christopher\AppData\Roaming\AVG10
    2011-03-12 21:15 . 2011-03-12 21:15 -------- d-----w- c:\program files (x86)\AVG
    2011-03-12 12:28 . 2011-03-12 12:28 103864 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
    2011-03-09 17:21 . 2010-12-17 17:12 2424320 ----a-w- c:\windows\system32\mstscax.dll
    2011-03-09 17:21 . 2010-12-17 16:43 2067456 ----a-w- c:\windows\SysWow64\mstscax.dll
    2011-03-09 17:21 . 2010-12-17 15:35 730624 ----a-w- c:\windows\system32\mstsc.exe
    2011-03-09 17:21 . 2010-12-17 15:06 677888 ----a-w- c:\windows\SysWow64\mstsc.exe
    2011-03-09 17:21 . 2010-12-29 17:53 416768 ----a-w- c:\windows\system32\sbe.dll
    2011-03-09 17:21 . 2010-12-29 17:53 210944 ----a-w- c:\windows\system32\sbeio.dll
    2011-03-09 17:21 . 2010-12-29 17:53 560128 ----a-w- c:\windows\system32\EncDec.dll
    2011-03-09 17:21 . 2010-12-29 17:51 226816 ----a-w- c:\windows\system32\mpg2splt.ax
    2011-03-09 17:21 . 2010-12-29 17:41 323072 ----a-w- c:\windows\SysWow64\sbe.dll
    2011-03-09 17:21 . 2010-12-29 17:41 153088 ----a-w- c:\windows\SysWow64\sbeio.dll
    2011-03-09 17:21 . 2010-12-29 17:41 429056 ----a-w- c:\windows\SysWow64\EncDec.dll
    2011-03-09 17:21 . 2010-12-29 17:39 177664 ----a-w- c:\windows\SysWow64\mpg2splt.ax
    2011-03-08 21:06 . 2011-03-08 21:06 -------- d-----w- c:\users\Christopher\AppData\Roaming\Malwarebytes
    2011-03-08 21:06 . 2010-12-20 18:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
    2011-03-08 21:06 . 2011-03-08 21:06 -------- d-----w- c:\programdata\Malwarebytes
    2011-03-08 21:06 . 2011-03-08 21:13 -------- d-----w- c:\program files (x86)\MALWAREBYTES ANTI-MALWARE
    2011-03-08 21:06 . 2011-03-08 21:06 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2011-03-08 21:06 . 2010-12-20 18:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-03-04 20:39 . 2011-03-04 20:39 -------- d-----w- c:\program files\Bonjour
    2011-03-04 20:39 . 2011-03-04 20:39 -------- d-----w- c:\program files (x86)\Bonjour
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-02-26 01:19 . 2011-02-26 01:19 41872 ----a-w- c:\windows\SysWow64\xfcodec.dll
    2011-02-26 01:19 . 2011-02-26 01:19 27536 ----a-w- c:\windows\system32\xfcodec64.dll
    2011-02-18 16:36 . 2011-02-18 16:36 51712 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
    2011-02-18 16:36 . 2011-02-18 16:36 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
    2011-02-16 19:07 . 2009-05-24 13:33 270904 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
    2011-02-16 19:07 . 2009-04-02 20:45 270904 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
    2011-02-16 19:05 . 2009-04-02 20:45 215128 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
    2011-01-08 09:31 . 2011-02-09 18:20 48128 ----a-w- c:\windows\system32\atmlib.dll
    2011-01-08 07:50 . 2011-02-09 18:20 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
    2011-01-08 06:17 . 2011-02-09 18:20 367104 ----a-w- c:\windows\system32\atmfd.dll
    2011-01-08 05:57 . 2011-02-09 18:20 292352 ----a-w- c:\windows\SysWow64\atmfd.dll
    2010-12-31 13:46 . 2011-02-09 18:20 2755584 ----a-w- c:\windows\system32\win32k.sys
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2011-03-12_18.38.23 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-01-21 03:20 . 2011-03-11 17:19 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2008-01-21 03:20 . 2011-03-30 14:15 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2011-03-09 17:16 . 2011-03-11 17:19 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2011-03-15 17:02 . 2011-03-30 14:15 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2008-01-21 03:20 . 2011-03-30 14:15 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2008-01-21 03:20 . 2011-03-11 17:19 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2008-01-21 02:23 . 2011-03-30 15:37 76164 c:\windows\system32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2006-11-02 15:45 . 2011-03-30 15:37 86558 c:\windows\system32\WDI\BootPerformanceDiagnostics_SystemData.bin
    + 2009-03-28 12:51 . 2011-03-30 15:37 22810 c:\windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1744426918-3034555884-2614701510-1000_UserData.bin
    - 2009-03-28 12:48 . 2011-03-12 16:53 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2009-03-28 12:48 . 2011-03-30 11:57 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2009-03-28 12:48 . 2011-03-30 11:57 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2009-03-28 12:48 . 2011-03-12 16:53 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2009-03-28 12:48 . 2011-03-30 11:57 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2009-03-28 12:48 . 2011-03-12 16:53 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2009-11-28 18:18 . 2011-03-11 17:18 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2009-11-28 18:18 . 2011-03-30 15:35 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2009-11-28 18:18 . 2011-03-11 17:18 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-11-28 18:18 . 2011-03-30 15:35 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2006-11-02 12:40 . 2011-03-30 15:34 86016 c:\windows\inf\infstor.dat
    - 2006-11-02 12:40 . 2011-03-04 20:41 86016 c:\windows\inf\infstor.dat
    - 2006-11-02 12:40 . 2011-03-04 20:41 51200 c:\windows\inf\infpub.dat
    + 2006-11-02 12:40 . 2011-03-30 15:34 51200 c:\windows\inf\infpub.dat
    + 2011-03-13 16:26 . 2011-03-13 16:26 12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
    - 2011-03-04 15:55 . 2011-03-04 15:55 12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
    - 2011-03-04 15:55 . 2011-03-04 15:55 53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
    + 2011-03-13 16:26 . 2011-03-13 16:26 53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
    - 2011-03-12 18:19 . 2011-03-12 18:19 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2011-03-30 15:35 . 2011-03-30 15:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2011-03-30 15:35 . 2011-03-30 15:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    - 2011-03-12 18:19 . 2011-03-12 18:19 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2011-03-14 18:06 . 2011-03-14 18:06 157472 c:\windows\SysWOW64\javaws.exe
    + 2011-03-14 18:06 . 2011-03-14 18:06 145184 c:\windows\SysWOW64\javaw.exe
    + 2011-03-14 18:06 . 2011-03-14 18:06 145184 c:\windows\SysWOW64\java.exe
    - 2006-11-02 12:46 . 2011-02-27 14:45 709002 c:\windows\system32\perfh009.dat
    + 2006-11-02 12:46 . 2011-03-30 15:43 709002 c:\windows\system32\perfh009.dat
    - 2006-11-02 12:46 . 2011-02-27 14:45 145336 c:\windows\system32\perfc009.dat
    + 2006-11-02 12:46 . 2011-03-30 15:43 145336 c:\windows\system32\perfc009.dat
    + 2011-03-14 18:06 . 2011-03-14 18:06 180224 c:\windows\Installer\1d263e.msi
    + 2011-03-14 18:06 . 2011-03-14 18:06 675840 c:\windows\Installer\1d2639.msi
    + 2011-03-18 20:37 . 2011-03-18 20:37 380928 c:\windows\Installer\{9545E9DB-6F4C-4404-BF25-E221BE8B44C5}\iTunesIco.exe
    + 2006-11-02 12:40 . 2011-03-30 15:34 143360 c:\windows\inf\infstrng.dat
    - 2006-11-02 12:40 . 2011-03-04 20:41 143360 c:\windows\inf\infstrng.dat
    - 2011-03-04 15:55 . 2011-03-04 15:55 223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
    + 2011-03-13 16:26 . 2011-03-13 16:26 223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
    + 2011-03-13 16:26 . 2011-03-13 16:26 178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
    - 2011-03-04 15:55 . 2011-03-04 15:55 178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
    - 2011-03-04 15:55 . 2011-03-04 15:55 364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
    + 2011-03-13 16:26 . 2011-03-13 16:26 364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
    + 2011-03-13 16:26 . 2011-03-13 16:26 159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
    - 2011-03-04 15:55 . 2011-03-04 15:55 159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
    - 2011-03-04 15:55 . 2011-03-04 15:55 145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
    + 2011-03-13 16:26 . 2011-03-13 16:26 145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
    - 2011-03-04 15:55 . 2011-03-04 15:55 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    + 2011-03-13 16:26 . 2011-03-13 16:26 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    - 2011-03-04 15:55 . 2011-03-04 15:55 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    + 2011-03-13 16:26 . 2011-03-13 16:26 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    + 2011-03-13 16:26 . 2011-03-13 16:26 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    - 2011-03-04 15:55 . 2011-03-04 15:55 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    - 2011-03-04 15:55 . 2011-03-04 15:55 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    + 2011-03-13 16:26 . 2011-03-13 16:26 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    - 2011-03-04 15:55 . 2011-03-04 15:55 577024 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    + 2011-03-13 16:26 . 2011-03-13 16:26 577024 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    + 2011-03-13 16:26 . 2011-03-13 16:26 576000 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    - 2011-03-04 15:55 . 2011-03-04 15:55 576000 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    + 2011-03-13 16:26 . 2011-03-13 16:26 567296 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    - 2011-03-04 15:55 . 2011-03-04 15:55 567296 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    + 2011-03-13 16:26 . 2011-03-13 16:26 563712 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    - 2011-03-04 15:55 . 2011-03-04 15:55 563712 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    - 2011-03-04 15:55 . 2011-03-04 15:55 473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
    + 2011-03-13 16:26 . 2011-03-13 16:26 473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
    + 2011-03-18 20:37 . 2011-03-18 20:37 5455872 c:\windows\Installer\3b94e3.msi
    - 2011-03-04 15:55 . 2011-03-04 15:55 2846720 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    + 2011-03-13 16:26 . 2011-03-13 16:26 2846720 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    + 2011-03-13 16:26 . 2011-03-13 16:26 2676224 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    - 2011-03-04 15:55 . 2011-03-04 15:55 2676224 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    + 2006-11-02 12:33 . 2011-03-23 23:10 11010048 c:\windows\system32\SMI\Store\Machine\schema.dat
    - 2006-11-02 12:33 . 2011-03-12 16:55 11010048 c:\windows\system32\SMI\Store\Machine\schema.dat
    + 2011-03-13 01:02 . 2011-03-13 01:02 15139328 c:\windows\Installer\1d49f.msp
    .
    -- Snapshot reset to current date --
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SmpcSys"="c:\program files\PACKARD BELL\SetUpMyPC\SmpSys.exe" [2008-07-07 1038136]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
    "Google Update"="c:\users\Christopher\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-10-21 136176]
    "SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "SmpcSys"="c:\program files\Packard Bell\SetupMyPC\SmpSys.exe" [2008-07-07 1038136]
    "AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-09-21 47904]
    "AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
    "LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2010-03-12 119152]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-03-07 421160]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
    @=""
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 gupdate1c9d4b82f48e567;Google Update Service (gupdate1c9d4b82f48e567);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-05-14 133104]
    R2 SrvCDEject;SrvCDEject;c:\program files (x86)\Packard Bell\SrvCDEject.exe [2008-02-26 600576]
    R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-12-15 25832]
    R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2009-08-18 1038088]
    R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [x]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
    R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]
    R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]
    S0 nvamacpi;Nvidia Away Mode System;c:\windows\system32\DRIVERS\NVAMACPI.sys [x]
    S2 ETService;Empowering Technology Service;c:\program files\Packard Bell\Packard Bell Recovery Management\Service\ETService.exe [2008-07-16 24576]
    S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-07-09 248936]
    .
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    iissvcs REG_MULTI_SZ w3svc was
    apphost REG_MULTI_SZ apphostsvc
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-03-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-05-14 17:19]
    .
    2011-03-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-05-14 17:19]
    .
    2011-03-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1744426918-3034555884-2614701510-1000Core.job
    - c:\users\Christopher\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-01 20:45]
    .
    2011-03-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1744426918-3034555884-2614701510-1000UA.job
    - c:\users\Christopher\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-01 20:45]
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseAdded]
    @="{C5994566-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
    2008-11-02 08:26 91648 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseConflict]
    @="{C5994562-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
    2008-11-02 08:26 91648 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseDeleted]
    @="{C5994565-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
    2008-11-02 08:26 91648 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseIgnored]
    @="{C5994567-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
    2008-11-02 08:26 91648 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseLocked]
    @="{C5994563-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
    2008-11-02 08:26 91648 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseModified]
    @="{C5994561-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
    2008-11-02 08:26 91648 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseNormal]
    @="{C5994560-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
    2008-11-02 08:26 91648 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseReadOnly]
    @="{C5994564-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
    2008-11-02 08:26 91648 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseUnversioned]
    @="{C5994568-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
    2008-11-02 08:26 91648 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NVRaidService"="c:\windows\system32\nvraidservice.exe" [2008-08-18 333344]
    "RtHDVCpl"="RAVCpl64.exe" [2008-09-18 6495264]
    "Skytel"="Skytel.exe" [2008-09-18 1833504]
    "FijiKeyboard"="c:\acer\Preload\Autorun\DRV\FIJI Keyboard\ABoard.exe" [2008-09-18 79416]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://bridgecommander.filefront.com/
    mLocal Page = %SystemRoot%\system32\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
    IE: Free YouTube Download - c:\users\Christopher\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm
    IE: Free YouTube to Mp3 Converter - c:\users\Christopher\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-1744426918-3034555884-2614701510-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
    "??"=hex:a8,cf,2f,42,e0,e6,08,a2,a7,d1,c2,99,ba,1f,77,5e,51,35,98,a5,54,bc,9b,
    cf,ce,d3,ee,c4,d9,5f,01,97,c8,02,3e,96,73,fc,43,cc,38,15,f4,0f,f5,52,56,3a,\
    "??"=hex:65,34,23,f1,ac,3e,ae,99,14,20,f8,2a,53,ca,02,2f
    .
    [HKEY_USERS\S-1-5-21-1744426918-3034555884-2614701510-1000\Software\SecuROM\License information*]
    "datasecu"=hex:1e,09,a2,8b,79,5e,20,c3,aa,18,a6,97,99,94,cd,95,45,26,e1,de,f5,
    8a,9f,3f,bd,59,ae,2d,e7,c3,24,77,00,a2,0f,25,cf,bf,cb,0b,17,2b,3b,e7,c3,55,\
    "rkeysecu"=hex:fc,c0,7e,17,05,7d,fc,b5,1a,af,54,29,89,3b,60,32
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
    @="Shockwave Flash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
    @Denied: (A 2) (Everyone)
    @=""
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
    @="FlashBroker"
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
    "SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
    00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
    .
    Completion time: 2011-03-30 16:53:11
    ComboFix-quarantined-files.txt 2011-03-30 15:53
    ComboFix2.txt 2011-03-12 18:40
    .
    Pre-Run: 102,816,272,384 bytes free
    Post-Run: 102,782,234,624 bytes free
    .
    Current=1 Default=1 Failed=0 LastKnownGood=5 Sets=1,2,3,5
    - - End Of File - - FCF62475ED624BA85E05F946EE4D236F
     
  6. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    I'm working between a squall line and tornado watch- so If I stop mid-sentence, you'll know why!

    Question:- these are all legit, just want to be sure you know and/or use.
    1. Do you still use Apple Mobile USB Driver? Is it current?
    2.Also: Nvidia Away Mode System
    3.Acer preload: ABoard (2008)
    4.Do you have 2 home pages set to blank pages?
    uLocal Page = c:\windows\system32\blank.htm
    5.uStartPage = hxxp://bridgecommander.filefront.com/
    mLocal Page = SystemRoott%\system32\blankhtmm
    Did youalspp set a start page to http://bridgecommander.filefront.com/


    Later
     
  7. banana1

    banana1 TS Rookie Topic Starter Posts: 36

    Hi sorry I'm out today so not on much and I hope your ok with all your warnings geez.

    Anyway the apple mobile I'm assuming is for my iPhone and I have no idea if it's current. My home page I set to bridge commander files yes the two blank ones I'm not sure of. Could those be the default chrome ones before I set it to bridge commander? I only started using chrome a few months back.

    The acer preload thing I'm assuming is legit though I'm not sure what it is and the same with the nvidia thing. Sorry I'm not very technically minded.

    Do you think the avg got that Trojan early though? I'm still not getting symptoms.
     
  8. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Oh my what a days it's been! I've been here a long time and have never seen so many squall lines in a row, tornadoes, high winds, ets. All across Central FL and we're till getting them- but not like earlier.

    All the questions I had were about legitimate processes. But I don't think that's any reason to allow a program, apps or process to run and use the system resources.

    I haven't used Chrome yet, but if you set the homepage and didn't set up tabs with a blnk page, then it shouldn't show 'blank': Please look this over when you get a chance:
    How To Open a New Tab in Chrome as a Blank Page
    ========================================
    Please run this Custom CFScript:

    • [1]. Close any open browsers.
      [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3]. Open notepad> click on Format> Uncheck 'Word Wrap'> and copy/paste the text in the code below into it:Be sure to scroll down to include ALL lines.
    Code:
    File::
    c:\windows\system32\DRIVERS\NVAMACPI.sys 
    Folder::
    c:\programdata\McAfee
    c:\program files (x86)\MALWAREBYTES ANTI-MALWARE
    Registry::
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SmpcSys"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ru n]
    "SmpcSys"=-
    
    RegNull::
    [HKEY_USERS\S-1-5-21-1744426918-3034555884-2614701510-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
    RegLock::
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
    DDS::
    TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
    mRun: [SmpcSys] C:\Program Files\Packard Bell\SetupMyPC\SmpSys.exe
    
    Driver::
    nvamacpi
    
    Save this as CFScript.txt, in the same location as ComboFix.exe
    [​IMG]

    Referring to the picture above, drag CFScript into ComboFix.exe

    When finished, it will produce a log for you at C:\ComboFix.txt . Please paste in your next reply.
    ====================
    Let's make sure you're well covered: Security Check

    Download Security Check by screen317 from HERE or HERE .
    • Save it to your Desktop.
    • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    I'll give these 2 logs a quick check and you should be through after that and I'll have you remove the cleaning tools.
     
  9. banana1

    banana1 TS Rookie Topic Starter Posts: 36

    Hi, sorry I was asleep heh. Are you ok? I couldn't imagine such weather over here in England. Though I will admit to being curious as natures always fascinated me. I hope there was no damage for you or anyone.

    I'll run the script and scan when I get in later so about 4 hours time. I wouldn't have thought avg would get rid of the Trojan so easily, and do you think it's safe to connect my iPhone or iPad to it again? I don't know if they can get such things on them but I really wouldn't want to screw those up. I wish I knew how I got it I havent been on any different sites lately a d my browsing is limited to google and a few trusted gaming sites and YouTube. Strange.
     
  10. banana1

    banana1 TS Rookie Topic Starter Posts: 36

    Hi, I ran the combo fix script you sent and heres the results, going to reinstall AVG now and then do the security check too.


    ComboFix 11-03-31.04 - Christopher 01/04/2011 12:07:23.3.4 - x64
    Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.4094.2425 [GMT 1:00]
    Running from: c:\users\Christopher\Desktop\ComboFix.exe
    Command switches used :: c:\users\Christopher\Desktop\CFScript.txt
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    FILE ::
    "c:\windows\system32\DRIVERS\NVAMACPI.sys"
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\program files (x86)\MALWAREBYTES ANTI-MALWARE
    c:\program files (x86)\MALWAREBYTES ANTI-MALWARE\MBAMEXT.DLL
    c:\program files\Packard Bell\SetupMyPC\SmpSys.exe
    c:\programdata\McAfee
    c:\programdata\McAfee\MCLOGS\Common\MsiExec\MsiExec000.log
    c:\windows\system32\DRIVERS\NVAMACPI.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Service_nvamacpi
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-03-01 to 2011-04-01 )))))))))))))))))))))))))))))))
    .
    .
    2073-04-13 17:17 . 2006-11-21 20:48 203576 ------w- c:\program files (x86)\Microsoft Games\Age of Empires III\autopatcher2.exe
    2011-04-01 11:15 . 2011-04-01 11:15 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-03-30 11:58 . 2011-03-30 11:58 -------- d-----w- c:\program files (x86)\ESET
    2011-03-18 20:36 . 2011-03-18 20:36 -------- d-----w- c:\program files\iPod
    2011-03-18 20:35 . 2011-03-18 20:36 -------- d-----w- c:\program files\iTunes
    2011-03-18 20:35 . 2011-03-18 20:36 -------- d-----w- c:\program files (x86)\iTunes
    2011-03-14 18:13 . 2011-03-14 19:39 -------- d-----w- c:\users\Christopher\AppData\Roaming\.minecraft
    2011-03-14 18:06 . 2011-03-14 18:06 -------- d-----w- c:\program files (x86)\Common Files\Java
    2011-03-14 18:06 . 2011-03-14 18:06 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2011-03-14 18:06 . 2011-03-14 18:06 -------- d-----w- c:\program files (x86)\Java
    2011-03-13 16:22 . 2011-03-19 16:28 -------- d-----w- c:\users\Christopher\AppData\Roaming\Rift
    2011-03-12 21:21 . 2011-03-12 21:21 -------- d-----w- c:\users\Christopher\AppData\Roaming\AVG10
    2011-03-12 21:15 . 2011-03-12 21:15 -------- d-----w- c:\program files (x86)\AVG
    2011-03-12 12:28 . 2011-03-12 12:28 103864 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
    2011-03-09 17:21 . 2010-12-17 17:12 2424320 ----a-w- c:\windows\system32\mstscax.dll
    2011-03-09 17:21 . 2010-12-17 16:43 2067456 ----a-w- c:\windows\SysWow64\mstscax.dll
    2011-03-09 17:21 . 2010-12-17 15:35 730624 ----a-w- c:\windows\system32\mstsc.exe
    2011-03-09 17:21 . 2010-12-17 15:06 677888 ----a-w- c:\windows\SysWow64\mstsc.exe
    2011-03-09 17:21 . 2010-12-29 17:53 416768 ----a-w- c:\windows\system32\sbe.dll
    2011-03-09 17:21 . 2010-12-29 17:53 210944 ----a-w- c:\windows\system32\sbeio.dll
    2011-03-09 17:21 . 2010-12-29 17:53 560128 ----a-w- c:\windows\system32\EncDec.dll
    2011-03-09 17:21 . 2010-12-29 17:51 226816 ----a-w- c:\windows\system32\mpg2splt.ax
    2011-03-09 17:21 . 2010-12-29 17:41 323072 ----a-w- c:\windows\SysWow64\sbe.dll
    2011-03-09 17:21 . 2010-12-29 17:41 153088 ----a-w- c:\windows\SysWow64\sbeio.dll
    2011-03-09 17:21 . 2010-12-29 17:41 429056 ----a-w- c:\windows\SysWow64\EncDec.dll
    2011-03-09 17:21 . 2010-12-29 17:39 177664 ----a-w- c:\windows\SysWow64\mpg2splt.ax
    2011-03-08 21:06 . 2011-03-08 21:06 -------- d-----w- c:\users\Christopher\AppData\Roaming\Malwarebytes
    2011-03-08 21:06 . 2010-12-20 18:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
    2011-03-08 21:06 . 2011-03-08 21:06 -------- d-----w- c:\programdata\Malwarebytes
    2011-03-08 21:06 . 2011-03-08 21:06 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2011-03-08 21:06 . 2010-12-20 18:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-03-04 20:39 . 2011-03-04 20:39 -------- d-----w- c:\program files\Bonjour
    2011-03-04 20:39 . 2011-03-04 20:39 -------- d-----w- c:\program files (x86)\Bonjour
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-02-26 01:19 . 2011-02-26 01:19 41872 ----a-w- c:\windows\SysWow64\xfcodec.dll
    2011-02-26 01:19 . 2011-02-26 01:19 27536 ----a-w- c:\windows\system32\xfcodec64.dll
    2011-02-18 16:36 . 2011-02-18 16:36 51712 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
    2011-02-18 16:36 . 2011-02-18 16:36 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
    2011-02-16 19:07 . 2009-05-24 13:33 270904 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
    2011-02-16 19:07 . 2009-04-02 20:45 270904 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
    2011-02-16 19:05 . 2009-04-02 20:45 215128 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
    2011-01-08 09:31 . 2011-02-09 18:20 48128 ----a-w- c:\windows\system32\atmlib.dll
    2011-01-08 07:50 . 2011-02-09 18:20 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
    2011-01-08 06:17 . 2011-02-09 18:20 367104 ----a-w- c:\windows\system32\atmfd.dll
    2011-01-08 05:57 . 2011-02-09 18:20 292352 ----a-w- c:\windows\SysWow64\atmfd.dll
    .
    .
    ((((((((((((((((((((((((((((( SnapShot_2011-03-30_15.50.43 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-01-21 02:23 . 2011-03-30 15:37 76164 c:\windows\system32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2008-01-21 02:23 . 2011-04-01 10:51 76164 c:\windows\system32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
    - 2006-11-02 15:45 . 2011-03-30 15:37 86558 c:\windows\system32\WDI\BootPerformanceDiagnostics_SystemData.bin
    + 2006-11-02 15:45 . 2011-04-01 10:51 86558 c:\windows\system32\WDI\BootPerformanceDiagnostics_SystemData.bin
    + 2009-03-28 12:51 . 2011-04-01 10:51 22810 c:\windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1744426918-3034555884-2614701510-1000_UserData.bin
    - 2009-03-28 12:51 . 2011-03-30 15:37 22810 c:\windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1744426918-3034555884-2614701510-1000_UserData.bin
    - 2009-03-28 12:48 . 2011-03-30 11:57 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2009-03-28 12:48 . 2011-04-01 10:53 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2009-03-28 12:48 . 2011-04-01 10:53 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2009-03-28 12:48 . 2011-03-30 11:57 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2009-03-28 12:48 . 2011-03-30 11:57 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-03-28 12:48 . 2011-04-01 10:53 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-11-28 18:18 . 2011-04-01 10:50 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2009-11-28 18:18 . 2011-03-30 15:35 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2009-11-28 18:18 . 2011-04-01 10:50 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2009-11-28 18:18 . 2011-03-30 15:35 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2011-04-01 11:17 . 2011-04-01 11:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    - 2011-03-30 15:35 . 2011-03-30 15:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2011-04-01 11:17 . 2011-04-01 11:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    - 2011-03-30 15:35 . 2011-03-30 15:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    - 2006-11-02 12:46 . 2011-03-30 15:43 709002 c:\windows\system32\perfh009.dat
    + 2006-11-02 12:46 . 2011-04-01 10:56 709002 c:\windows\system32\perfh009.dat
    + 2006-11-02 12:46 . 2011-04-01 10:56 145336 c:\windows\system32\perfc009.dat
    - 2006-11-02 12:46 . 2011-03-30 15:43 145336 c:\windows\system32\perfc009.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
    "Google Update"="c:\users\Christopher\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-10-21 136176]
    "SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-09-21 47904]
    "AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
    "LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2010-03-12 119152]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-03-07 421160]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
    @=""
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 gupdate1c9d4b82f48e567;Google Update Service (gupdate1c9d4b82f48e567);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-05-14 133104]
    R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-12-15 25832]
    R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2009-08-18 1038088]
    R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [x]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
    R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]
    R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]
    S2 ETService;Empowering Technology Service;c:\program files\Packard Bell\Packard Bell Recovery Management\Service\ETService.exe [2008-07-16 24576]
    S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
    S2 SrvCDEject;SrvCDEject;c:\program files (x86)\Packard Bell\SrvCDEject.exe [2008-02-26 600576]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-07-09 248936]
    .
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    iissvcs REG_MULTI_SZ w3svc was
    apphost REG_MULTI_SZ apphostsvc
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-04-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-05-14 17:19]
    .
    2011-03-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-05-14 17:19]
    .
    2011-03-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1744426918-3034555884-2614701510-1000Core.job
    - c:\users\Christopher\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-01 20:45]
    .
    2011-04-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1744426918-3034555884-2614701510-1000UA.job
    - c:\users\Christopher\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-01 20:45]
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseAdded]
    @="{C5994566-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
    2008-11-02 08:26 91648 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseConflict]
    @="{C5994562-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
    2008-11-02 08:26 91648 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseDeleted]
    @="{C5994565-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
    2008-11-02 08:26 91648 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseIgnored]
    @="{C5994567-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
    2008-11-02 08:26 91648 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseLocked]
    @="{C5994563-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
    2008-11-02 08:26 91648 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseModified]
    @="{C5994561-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
    2008-11-02 08:26 91648 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseNormal]
    @="{C5994560-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
    2008-11-02 08:26 91648 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseReadOnly]
    @="{C5994564-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
    2008-11-02 08:26 91648 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseUnversioned]
    @="{C5994568-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
    2008-11-02 08:26 91648 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "combofix"="c:\combofix\CF26801.cfxxe" [X]
    "NVRaidService"="c:\windows\system32\nvraidservice.exe" [2008-08-18 333344]
    "RtHDVCpl"="RAVCpl64.exe" [2008-09-18 6495264]
    "Skytel"="Skytel.exe" [2008-09-18 1833504]
    "FijiKeyboard"="c:\acer\Preload\Autorun\DRV\FIJI Keyboard\ABoard.exe" [2008-09-18 79416]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://bridgecommander.filefront.com/
    mLocal Page = %SystemRoot%\system32\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
    IE: Free YouTube Download - c:\users\Christopher\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm
    IE: Free YouTube to Mp3 Converter - c:\users\Christopher\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\JSXFile\shell\Edit]
    @DACL=(02 0000)
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\JSXFile\shell\Open]
    @DACL=(02 0000)
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Photoshop.Image.11\protocol\StdFileEditing\server]
    @DACL=(02 0000)
    @="c:\\Program Files (x86)\\Adobe\\Adobe Photoshop CS4\\Photoshop.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
    "SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
    00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files (x86)\Bonjour\mDNSResponder.exe
    c:\windows\system32\HidService.exe
    c:\windows\SysWOW64\PnkBstrA.exe
    .
    **************************************************************************
    .
    Completion time: 2011-04-01 12:24:43 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-04-01 11:24
    ComboFix2.txt 2011-03-30 15:53
    ComboFix3.txt 2011-03-12 18:40
    .
    Pre-Run: 102,006,693,888 bytes free
    Post-Run: 101,689,638,912 bytes free
    .
    Current=1 Default=1 Failed=0 LastKnownGood=5 Sets=1,2,3,5
    - - End Of File - - A22391DAD2B9D8F44263B952A399D12D




    I also did a full scan with Malwarebytes too.

    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 6234

    Windows 6.0.6001 Service Pack 1
    Internet Explorer 7.0.6001.18000

    01/04/2011 14:05:15
    mbam-log-2011-04-01 (14-05-15).txt

    Scan type: Full scan (C:\|D:\|E:\|F:\|G:\|H:\|)
    Objects scanned: 648267
    Time elapsed: 1 hour(s), 36 minute(s), 55 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
     
  11. banana1

    banana1 TS Rookie Topic Starter Posts: 36

    Heres the security check log.

    However I seem to have a slight problem now, I tried to reinstall AVG and so downloaded the free version from here: http://free.avg.com/us-en/download-avg-anti-virus-free but the program doesnt install, it tries to says gathering information and then just shuts off. Please tell me thats not a symptom of something since so fars everything is fine and says its clean.


    Results of screen317's Security Check version 0.99.10
    Windows Vista (UAC is disabled!)
    Out of date service pack!!
    Internet Explorer 7 Out of date!
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Disabled!
    ESET Online Scanner v3
    WMI entry may not exist for antivirus; attempting automatic update.
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Malwarebytes' Anti-Malware
    Java(TM) 6 Update 24
    Adobe Reader 9.4.3
    Out of date Adobe Reader installed!
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    ``````````End of Log````````````
     
  12. banana1

    banana1 TS Rookie Topic Starter Posts: 36

    hi, may I ask what the script did that I input into combofix earlier? As usually I have about 80 processes running at default and now im getting about 64 did it shut off something important because I still cant get this AVG to install. Everything else seems fine though.
     
  13. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Did you follow this in my Reply #4:
    The links are in that post. Is there any reason why you can't leave AVG off the system until we finish?
    I'm reviewing the Combofix log now.

    Edit: The script I had you run through Combofix was to remove bad processes or redundant entries like McAfee data. It is not meant to trim the system down or stop default programs from starting. Just for curiosity, where did you count 80 that is now 64? Where are these processes? If you are counting processes in the Task Manager, 35-40 is a better number than 64 or 80! But that will be your job to stop unnecessary processes from starting on boot and uninstall programs you no longer use.
     
  14. banana1

    banana1 TS Rookie Topic Starter Posts: 36

    hi, sorry i never noticed the temporary AV bit, should I try one of those now? Which is best in your opinion? Hope the weather wasn't too bad for you.
     
  15. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    I went back into my reply using an Edit at the same time you posted. Either one of the AV program is good- and free. My preference would be Avast.

    Storm had 9 tornadoes, high winds and pelting rain- almost all day. Lot of damage in the central part of the state.
     
  16. banana1

    banana1 TS Rookie Topic Starter Posts: 36

    geez I hope you didnt get any damage, I will go install avast now and wait for the next step. I hope i'm not infected
     
  17. banana1

    banana1 TS Rookie Topic Starter Posts: 36

    I've just installed and updated avast that's fine and I'm running a full scan with it. Er the task manager is what I looked at the processes yes. And I have no idea what's not running anymore since combo but everything seems fine.

    I'll post the results when it's done, could take a while heh
     
  18. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    You seem to think that Combofix-or what I put in the script-has somehow sabotages your system. That is not the case: you has two installs of Malwarebytes, so I removed one of them:
    c:\program files (x86)\MALWAREBYTES ANTI-MALWARE

    I stopped 2 entries for Packard Bell "Set up my PC" from 2008, the Nvidia Away process I asked you about. Please do not think all you see in Combofix are processes that were removed! That simply isn't right. In fact, the entire 'Snapshot' section is just what it says> a snapshot of everything on the system! That section varies in different logs and doesn't always spit the long section out!
     
  19. banana1

    banana1 TS Rookie Topic Starter Posts: 36

    You seem to have misunderstood me. When I said I hope you didn't get any damage I was referring to the storms in your area damaging your property. I know combo hasn't damaged anything.

    And informing you that I have a few less processes, nothing important by the looks of it either.
     
  20. banana1

    banana1 TS Rookie Topic Starter Posts: 36

    Do you think we can sort it by tomorrow night? As I really need my pc this week, im not trying to rush you, just wondering on your thoughts of whether I have a problem still.
     
  21. banana1

    banana1 TS Rookie Topic Starter Posts: 36

    hi. I am going back to work tomorrow, this week was my week off, great week heh. So I'm not going to have alot of time to fix it up really. So basically, I was going to reformat the computer tomorrow if you think theres cause for me to do so, as that would get rid of things and I can start from scratch with the computer.

    Though I'd ideally like to avoid that since I've had no problems for 2 years and so have 2 years worth of stuff on here.
     
  22. banana1

    banana1 TS Rookie Topic Starter Posts: 36

    Hi I know I'm beginning to come across as a pain but I tried to do a system restore/reformat to it's factory state by Pressing f11 at bootup but nothing happened it just booted as normal. I'm going to have to get my pc's supplier to send me a system reformat disk sigh. I really need it soon.

    Also earlier it crashed and came up with a weird windows activation error saying there was an unauthorised change to windows and I would receive no further notification of windows activation or licence. Its legitimate and I haven't done anything to it.

    This is so frustrating.
     
  23. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Yes, I took this to mean you thought Combofix caused problems. Misunderstood.

    Please tell me if you are having any of the original malware problems? Any new related problems? The Eset scan was clean.
     
  24. banana1

    banana1 TS Rookie Topic Starter Posts: 36

    It's not coming up with malware no bu the computer crashing and giving me a windows activation error I have never heard of before. I don't know what's going on with it since the system reformat isn't coming up either by pressing f11 at startup.
     
  25. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    I'm not seeing this as a malware related problem. And I can't deal with an error unless I know what you were trying to do when you got the error message. And then I need to know exactly what it said. Noting the time of the error on the computer clock and then checking the Event Viewer system & App logs for any Error event occurring at the same time will give you additional information.

    Help for using the Event viewer in Vista here: http://www.computerperformance.co.uk/vista/vista_event_viewer.htm
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...