Solved Trojan horse downloader.generic11.IQQ

Status
Not open for further replies.
B

banana1

Posts: 36   +0
Hi again everyone, I was here not two weeks ago having a crisis with the AVGheur scare that their update seemed to do to alot of people. Well unfortunately it looks like this time I have managed to get a trojan somehow, I am alittle freaked but I did the step by step again and here are the results. I really am sorry to be a pain. I try to keep my PC clean as a whistle and for 2 years now it has been sigh. Anyway I would greatly appreciate some assistance as I dont know what to do.

I am not having any system slow down, hijacking of the browser or abnormal cpu usage or any other symptoms by the way.

It detected the above in my steam\vaurek\bloody good time\bin\unitlib.dll

I assume this got in sunday night and when i came along monday morning I ran a scan as always with AVG updated and it popped up. So I sent it to quarantine then sent it for analysis to AVG who confirmed it was a legitimate threat. I assumed it was another false but well.. its not. I deleted the file not long ago with AVG, ran multiple scans since with that and Malwarebytes all come up clean so far.

I'm rambling sorry,

Malwarebytes log

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6199

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

29/03/2011 16:42:58
mbam-log-2011-03-29 (16-42-58).txt

Scan type: Quick scan
Objects scanned: 169800
Time elapsed: 2 minute(s), 36 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)




DDS attach log
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 28/03/2009 12:39:21
System Uptime: 29/03/2011 16:35:15 (1 hours ago)
.
Motherboard: Packard Bell | | FMCP7AM
Processor: Intel(R) Core(TM)2 Quad CPU Q8200 @ 2.33GHz | CPU 1 | 2336/333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 582 GiB total, 95.463 GiB free.
D: is CDROM (UDF)
E: is Removable
F: is Removable
G: is Removable
H: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP661: 25/03/2011 16:19:28 - Installed DirectX
.
==== Installed Programs ======================
.
Adobe Reader 9.4.3
Alien Swarm
Amazon Kindle For PC
Apple Application Support
Crysis 2
Crysis(R)
Dead Rising 2
Dream Experimental v0.5
Elite Force RPG-X v2.0
Email Scrabble .Net
Far Cry Demo
Google Chrome
Hitman: Blood Money
Ivellon 1.5 English
Java Auto Updater
Java(TM) 6 Update 24
Just Cause 2
Lara Croft and the Guardian of Light
Magicka - Demo
Malwarebytes' Anti-Malware
Mass Effect 2
Medieval II: Total War
Medieval II: Total War Kingdoms
Metro 2033
Microsoft Chart Controls for Microsoft .NET Framework 3.5
Microsoft Office Home and Student 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
Microsoft XNA Framework Redistributable 3.1
Need for Speed(TM) Hot Pursuit
NVIDIA PhysX
Oblivion mod manager 1.1.12
OpenAL
Pando Media Booster
QuickTime
RIFT
Safari
Skype™ 5.1
Star Trek Voyager Elite Force
Titan Quest
Titan Quest: Immortal Throne
Tom Clancy's Splinter Cell Conviction
Ubisoft Game Launcher
Unity Web Player
Warhammer 40,000: Dawn of War Gold Edition
Warhammer 40,000: Dawn of War – Dark Crusade
Warhammer 40,000: Dawn of War – Winter Assault
Warhammer® 40,000®: Dawn of War® II – Retribution™
Warhammer® 40,000™: Dawn of War® II
Warhammer® 40,000™: Dawn of War® II – Chaos Rising™
.
==== Event Viewer Messages From Past Week ========
.
25/03/2011 16:20:04, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 82.37.235.68 for the Network Card with network address 0022683BDD18 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
25/03/2011 16:20:01, Error: volsnap [20] - The shadow copies of volume C: were aborted because of a failed free space computation.
25/03/2011 15:07:28, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
25/03/2011 15:07:28, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
25/03/2011 15:07:28, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
22/03/2011 18:41:49, Error: EventLog [6008] - The previous system shutdown at 18:40:12 on 22/03/2011 was unexpected.
22/03/2011 17:26:47, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Beep
.
==== End Of File ===========================



Other DDS log
.
DDS (Ver_11-03-05.01) - NTFS_AMD64
Run by Christopher at 17:23:14.07 on 29/03/2011
Internet Explorer: 7.0.6001.18000
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.4094.2352 [GMT 1:00]
.
AV: AVG Internet Security 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Internet Security 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: AVG Firewall *Enabled* {621CC794-9486-F902-D092-0484E8EA828B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG10\avgfws.exe
C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files\Packard Bell\Packard Bell Recovery Management\Service\ETService.exe
C:\Windows\system32\HidService.exe
C:\Program Files\Microsoft LifeCam\MSCamS64.exe
C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Packard Bell\SrvCDEject.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k iissvcs
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Windows\System32\nvraidservice.exe
C:\Windows\RAVCpl64.exe
C:\ACER\Preload\Autorun\DRV\Fiji Keyboard\ABoard.exe
C:\Program Files\PACKARD BELL\SetUpMyPC\SmpSys.exe
C:\Windows\ehome\ehtray.exe
C:\ACER\Preload\Autorun\DRV\Fiji Keyboard\AOSD.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files (x86)\AVG\AVG10\avgtray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\mobsync.exe
C:\Windows\splwow64.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files (x86)\AVG\AVG10\avgemca.exe
C:\Program Files (x86)\AVG\AVG10\avgnsa.exe
C:\Program Files (x86)\AVG\AVG10\avgchsva.exe
C:\Program Files (x86)\AVG\AVG10\avgrsa.exe
C:\Program Files (x86)\AVG\AVG10\avgcsrva.exe
C:\Program Files (x86)\AVG\AVG10\avgam.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Christopher\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://bridgecommander.filefront.com/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
uRun: [SmpcSys] C:\Program Files\PACKARD BELL\SetUpMyPC\SmpSys.exe
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [Google Update] "C:\Users\Christopher\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
mRun: [SmpcSys] C:\Program Files\Packard Bell\SetupMyPC\SmpSys.exe
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
mRun: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Free YouTube Download - C:\Users\Christopher\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm
IE: Free YouTube to Mp3 Converter - C:\Users\Christopher\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
mRun-x64: [NVRaidService] C:\Windows\system32\nvraidservice.exe
mRun-x64: [RtHDVCpl] RAVCpl64.exe
mRun-x64: [Skytel] Skytel.exe
mRun-x64: [FijiKeyboard] c:\Acer\Preload\Autorun\DRV\FIJI Keyboard\ABoard.exe
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;C:\Windows\System32\drivers\AVGIDSEH.sys [2010-9-13 27216]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2010-9-7 30288]
R0 nvamacpi;Nvidia Away Mode System;C:\Windows\System32\drivers\nvamacpi.sys [2009-1-11 28192]
R1 Avgfwfd;AVG network filter service;C:\Windows\System32\drivers\avgfwd6a.sys [2010-7-12 57696]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2010-12-8 308304]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2010-9-7 41040]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2010-11-12 382032]
R2 avgfws;AVG Firewall;C:\Program Files (x86)\AVG\AVG10\avgfws.exe [2010-11-22 3226632]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2011-1-6 6128720]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [2010-10-22 265400]
R2 ETService;Empowering Technology Service;C:\Program Files\PACKARD BELL\Packard Bell Recovery Management\Service\ETService.exe [2009-3-28 24576]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-4-6 1153368]
R2 SrvCDEject;SrvCDEject;C:\Program Files (x86)\Packard Bell\SrvCDEject.exe [2009-3-28 600576]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-7-9 248936]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\AVGIDSDriver.sys [2010-8-3 133712]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\System32\drivers\AVGIDSFilter.sys [2010-8-3 35920]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate1c9d4b82f48e567;Google Update Service (gupdate1c9d4b82f48e567);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-5-14 133104]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe [2009-12-15 25832]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2009-8-18 1038088]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;C:\Windows\System32\drivers\nx6000.sys [2010-3-12 36720]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-21 19968]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2011-2-18 51712]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-3-28 93184]
.
=============== Created Last 30 ================
.
2073-04-13 17:17:26 203576 ------w- C:\Program Files (x86)\Microsoft Games\Age of Empires III\autopatcher2.exe
2011-03-18 20:36:00 -------- d-----w- C:\Program Files\iPod
2011-03-18 20:35:58 -------- d-----w- C:\Program Files\iTunes
2011-03-18 20:35:58 -------- d-----w- C:\Program Files (x86)\iTunes
2011-03-14 18:13:56 -------- d-----w- C:\Users\CHRIST~1\AppData\Roaming\.minecraft
2011-03-14 18:06:32 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-03-13 16:22:55 -------- d-----w- C:\Users\CHRIST~1\AppData\Roaming\Rift
2011-03-12 21:21:32 -------- d-----w- C:\Users\CHRIST~1\AppData\Roaming\AVG10
2011-03-12 21:20:30 -------- d-----w- C:\Windows\SysWow64\drivers\AVG
2011-03-12 21:18:25 -------- d-----w- C:\Windows\System32\drivers\AVG
2011-03-12 21:18:25 -------- d-----w- C:\PROGRA~3\AVG10
2011-03-12 21:15:27 -------- d-----w- C:\Program Files (x86)\AVG
2011-03-12 21:09:09 -------- d-sh--w- C:\$RECYCLE.BIN
2011-03-12 18:40:26 -------- d-----w- C:\Users\CHRIST~1\AppData\Local\temp
2011-03-12 18:28:54 98816 ----a-w- C:\Windows\sed.exe
2011-03-12 18:28:54 89088 ----a-w- C:\Windows\MBR.exe
2011-03-12 18:28:54 256512 ----a-w- C:\Windows\PEV.exe
2011-03-12 18:28:54 161792 ----a-w- C:\Windows\SWREG.exe
2011-03-12 12:28:40 103864 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
2011-03-09 17:21:11 2424320 ----a-w- C:\Windows\System32\mstscax.dll
2011-03-09 17:21:10 730624 ----a-w- C:\Windows\System32\mstsc.exe
2011-03-09 17:21:10 677888 ----a-w- C:\Windows\SysWow64\mstsc.exe
2011-03-09 17:21:10 2067456 ----a-w- C:\Windows\SysWow64\mstscax.dll
2011-03-09 17:21:09 560128 ----a-w- C:\Windows\System32\EncDec.dll
2011-03-09 17:21:09 429056 ----a-w- C:\Windows\SysWow64\EncDec.dll
2011-03-09 17:21:09 416768 ----a-w- C:\Windows\System32\sbe.dll
2011-03-09 17:21:09 323072 ----a-w- C:\Windows\SysWow64\sbe.dll
2011-03-09 17:21:09 226816 ----a-w- C:\Windows\System32\mpg2splt.ax
2011-03-09 17:21:09 210944 ----a-w- C:\Windows\System32\sbeio.dll
2011-03-09 17:21:09 177664 ----a-w- C:\Windows\SysWow64\mpg2splt.ax
2011-03-09 17:21:09 153088 ----a-w- C:\Windows\SysWow64\sbeio.dll
2011-03-08 21:06:28 -------- d-----w- C:\Users\CHRIST~1\AppData\Roaming\Malwarebytes
2011-03-08 21:06:20 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-03-08 21:06:19 -------- d-----w- C:\PROGRA~3\Malwarebytes
2011-03-08 21:06:16 -------- d-----w- C:\Program Files (x86)\MALWAREBYTES ANTI-MALWARE
2011-03-08 21:06:15 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-03-08 21:06:15 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-03-04 20:39:50 -------- d-----w- C:\Program Files\Bonjour
2011-03-04 20:39:50 -------- d-----w- C:\Program Files (x86)\Bonjour
.
==================== Find3M ====================
.
2011-02-26 01:19:32 41872 ----a-w- C:\Windows\SysWow64\xfcodec.dll
2011-02-26 01:19:32 27536 ----a-w- C:\Windows\System32\xfcodec64.dll
2011-02-18 16:36:58 51712 ----a-w- C:\Windows\System32\drivers\usbaapl64.sys
2011-02-18 16:36:58 4184352 ----a-w- C:\Windows\System32\usbaaplrc.dll
2011-02-16 19:07:10 270904 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2011-02-16 19:07:10 270904 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2011-02-16 19:05:54 215128 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2011-01-08 09:31:03 48128 ----a-w- C:\Windows\System32\atmlib.dll
2011-01-08 07:50:00 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2011-01-08 06:17:24 367104 ----a-w- C:\Windows\System32\atmfd.dll
2011-01-08 05:57:10 292352 ----a-w- C:\Windows\SysWow64\atmfd.dll
2010-12-31 13:46:25 2755584 ----a-w- C:\Windows\System32\win32k.sys
.
============= FINISH: 17:23:49.28 ===============


I ran GMER too and that log didn't have anything in it at all. Sorry to be a bother everyone.
 
Please go ahead and run the following> be patient! We're a bit stacked up!

Run Eset NOD32 Online AntiVirus scan HEREhttp://www.eset.eu/online-scanner
  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the Active X control to install
  4. Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
  5. Click Start
  6. Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
  7. Click Scan
  8. Wait for the scan to finish
  9. Click on "Copy to Clipboard"> (you won't see the 'clipboard')
  10. Click anywhere in the post where you want the logs to go, the do Ctrl V. The log will be sent from the clipboard and pasted in the post.
  11. Re-enable your Antivirus software.
    NOTE: If you forget to copy to the clipboard you can find the log here:
    C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.
======================================
Download Combofix from HERE or HEREhttp://www.forospyware.com/sUBs/ComboFix.exe and save to the desktop
  • Double click combofix.exe & follow the prompts.
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
    whatnext.png
  • .Click on Yes, to continue scanning for malware
  • .If Combofix asks you to update the program, allow
  • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • .Close any open browsers.
  • .Double click combofix.exe
    cf-icon.jpg
    & follow the prompts to run.
  • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
Re-enable your Antivirus software.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
 
hi, sorry for the reply taking a while, just got on.

I'm going to have to uninstall AVG to run combofix ok? I'll reinstall it after. Anyway here's some other logs before I do that.

ESET Log

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6425
# api_version=3.0.2
# EOSSerial=d052e692bbe65f44bed3600390d8a069
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-03-30 02:08:12
# local_time=2011-03-30 03:08:12 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=6.0.6001 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1032 16777213 100 89 0 44776849 0 0
# compatibility_mode=5892 16776574 100 100 12171135 139010363 0 0
# compatibility_mode=8192 67108863 100 0 120 120 0 0
# scanned=491446
# found=0
# cleaned=0
# scan_time=7635



I also ran another malwarebytes and AVG scan both programs updated.

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6216

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

30/03/2011 15:21:05
mbam-log-2011-03-30 (15-21-05).txt

Scan type: Quick scan
Objects scanned: 170166
Time elapsed: 5 minute(s), 28 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


AVG Scan


Scan "Whole computer scan" completed.
No infection was found during this scan
Folders selected for scanning:;"Whole computer scan"
Scan started:;"30 March 2011, 15:20:30"
Scan finished:;"30 March 2011, 15:48:40 (28 minute(s) 9 second(s))"
Total object scanned:;"3546488"
User who launched the scan:;"Christopher"



I'll go uninstall AVG and then run combofix and post the log asap. Does it look good though so far you think?
 
Should have give you this to remove AVG:
Download AppRemover and save to the desktop]
How to Use AppRemover to Remove a Complete Security Application
  1. Double click the setup on the desktop> click Next
  2. Select “Remove Security Application”
  3. Let scan finish to determine security apps
  4. A screen like below will appear:
    https://www.techspot.com/downloads/5514-appremover.htmlabout/chooseuninstall.gif/image_preview[/img[*] Click on [b]Next[/b] after choice has been made
    [*] Check the AVG program you want to uninstall
    [*] After uninstall shows complete, follow online prompts to Exit the program.[/list]

    Temporary AV:
    [url=http://download.cnet.com/Avira-AntiVir-Personal-Free-Antivirus/3000-2239_4-10322935.html?part=dl-10322935&subj=dl&tag=button&cdlPid=11012914][b][color=blue]Avira-AntiVir-Personal-Free-Antivirus[/b][/color][/url]
    [URL="http://download.cnet.com/Avast-Free-Antivirus/3000-2239_4-10019223.html?part=dl-85737&subj=dl&tag=button"][B][COLOR="RoyalBlue"]Avast Free Version[/COLOR][/B][/URL]
 
It's alright, I knew about the remover.

Heres the combofix log for you good sir :) *crosses fingers*


ComboFix 11-03-29.06 - Christopher 30/03/2011 16:40:09.2.4 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.4094.2951 [GMT 1:00]
Running from: c:\users\Christopher\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-02-28 to 2011-03-30 )))))))))))))))))))))))))))))))
.
.
2073-04-13 17:17 . 2006-11-21 20:48 203576 ------w- c:\program files (x86)\Microsoft Games\Age of Empires III\autopatcher2.exe
2011-03-30 15:50 . 2011-03-30 15:50 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-03-30 15:50 . 2011-03-30 15:50 -------- d-----w- c:\users\Christopher\AppData\Local\temp
2011-03-30 11:58 . 2011-03-30 11:58 -------- d-----w- c:\program files (x86)\ESET
2011-03-18 20:36 . 2011-03-18 20:36 -------- d-----w- c:\program files\iPod
2011-03-18 20:35 . 2011-03-18 20:36 -------- d-----w- c:\program files\iTunes
2011-03-18 20:35 . 2011-03-18 20:36 -------- d-----w- c:\program files (x86)\iTunes
2011-03-14 18:13 . 2011-03-14 19:39 -------- d-----w- c:\users\Christopher\AppData\Roaming\.minecraft
2011-03-14 18:06 . 2011-03-14 18:06 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-03-14 18:06 . 2011-03-14 18:06 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-03-14 18:06 . 2011-03-14 18:06 -------- d-----w- c:\program files (x86)\Java
2011-03-14 18:05 . 2011-03-14 18:05 -------- d-----w- c:\programdata\McAfee
2011-03-13 16:22 . 2011-03-19 16:28 -------- d-----w- c:\users\Christopher\AppData\Roaming\Rift
2011-03-12 21:21 . 2011-03-12 21:21 -------- d-----w- c:\users\Christopher\AppData\Roaming\AVG10
2011-03-12 21:15 . 2011-03-12 21:15 -------- d-----w- c:\program files (x86)\AVG
2011-03-12 12:28 . 2011-03-12 12:28 103864 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
2011-03-09 17:21 . 2010-12-17 17:12 2424320 ----a-w- c:\windows\system32\mstscax.dll
2011-03-09 17:21 . 2010-12-17 16:43 2067456 ----a-w- c:\windows\SysWow64\mstscax.dll
2011-03-09 17:21 . 2010-12-17 15:35 730624 ----a-w- c:\windows\system32\mstsc.exe
2011-03-09 17:21 . 2010-12-17 15:06 677888 ----a-w- c:\windows\SysWow64\mstsc.exe
2011-03-09 17:21 . 2010-12-29 17:53 416768 ----a-w- c:\windows\system32\sbe.dll
2011-03-09 17:21 . 2010-12-29 17:53 210944 ----a-w- c:\windows\system32\sbeio.dll
2011-03-09 17:21 . 2010-12-29 17:53 560128 ----a-w- c:\windows\system32\EncDec.dll
2011-03-09 17:21 . 2010-12-29 17:51 226816 ----a-w- c:\windows\system32\mpg2splt.ax
2011-03-09 17:21 . 2010-12-29 17:41 323072 ----a-w- c:\windows\SysWow64\sbe.dll
2011-03-09 17:21 . 2010-12-29 17:41 153088 ----a-w- c:\windows\SysWow64\sbeio.dll
2011-03-09 17:21 . 2010-12-29 17:41 429056 ----a-w- c:\windows\SysWow64\EncDec.dll
2011-03-09 17:21 . 2010-12-29 17:39 177664 ----a-w- c:\windows\SysWow64\mpg2splt.ax
2011-03-08 21:06 . 2011-03-08 21:06 -------- d-----w- c:\users\Christopher\AppData\Roaming\Malwarebytes
2011-03-08 21:06 . 2010-12-20 18:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-03-08 21:06 . 2011-03-08 21:06 -------- d-----w- c:\programdata\Malwarebytes
2011-03-08 21:06 . 2011-03-08 21:13 -------- d-----w- c:\program files (x86)\MALWAREBYTES ANTI-MALWARE
2011-03-08 21:06 . 2011-03-08 21:06 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-03-08 21:06 . 2010-12-20 18:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-04 20:39 . 2011-03-04 20:39 -------- d-----w- c:\program files\Bonjour
2011-03-04 20:39 . 2011-03-04 20:39 -------- d-----w- c:\program files (x86)\Bonjour
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-26 01:19 . 2011-02-26 01:19 41872 ----a-w- c:\windows\SysWow64\xfcodec.dll
2011-02-26 01:19 . 2011-02-26 01:19 27536 ----a-w- c:\windows\system32\xfcodec64.dll
2011-02-18 16:36 . 2011-02-18 16:36 51712 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
2011-02-18 16:36 . 2011-02-18 16:36 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-02-16 19:07 . 2009-05-24 13:33 270904 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2011-02-16 19:07 . 2009-04-02 20:45 270904 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2011-02-16 19:05 . 2009-04-02 20:45 215128 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2011-01-08 09:31 . 2011-02-09 18:20 48128 ----a-w- c:\windows\system32\atmlib.dll
2011-01-08 07:50 . 2011-02-09 18:20 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2011-01-08 06:17 . 2011-02-09 18:20 367104 ----a-w- c:\windows\system32\atmfd.dll
2011-01-08 05:57 . 2011-02-09 18:20 292352 ----a-w- c:\windows\SysWow64\atmfd.dll
2010-12-31 13:46 . 2011-02-09 18:20 2755584 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2011-03-12_18.38.23 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-21 03:20 . 2011-03-11 17:19 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-01-21 03:20 . 2011-03-30 14:15 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-03-09 17:16 . 2011-03-11 17:19 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-03-15 17:02 . 2011-03-30 14:15 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-01-21 03:20 . 2011-03-30 14:15 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-01-21 03:20 . 2011-03-11 17:19 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-01-21 02:23 . 2011-03-30 15:37 76164 c:\windows\system32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 15:45 . 2011-03-30 15:37 86558 c:\windows\system32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-03-28 12:51 . 2011-03-30 15:37 22810 c:\windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1744426918-3034555884-2614701510-1000_UserData.bin
- 2009-03-28 12:48 . 2011-03-12 16:53 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-03-28 12:48 . 2011-03-30 11:57 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-03-28 12:48 . 2011-03-30 11:57 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-03-28 12:48 . 2011-03-12 16:53 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-03-28 12:48 . 2011-03-30 11:57 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-03-28 12:48 . 2011-03-12 16:53 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-11-28 18:18 . 2011-03-11 17:18 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-11-28 18:18 . 2011-03-30 15:35 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-11-28 18:18 . 2011-03-11 17:18 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-11-28 18:18 . 2011-03-30 15:35 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2006-11-02 12:40 . 2011-03-30 15:34 86016 c:\windows\inf\infstor.dat
- 2006-11-02 12:40 . 2011-03-04 20:41 86016 c:\windows\inf\infstor.dat
- 2006-11-02 12:40 . 2011-03-04 20:41 51200 c:\windows\inf\infpub.dat
+ 2006-11-02 12:40 . 2011-03-30 15:34 51200 c:\windows\inf\infpub.dat
+ 2011-03-13 16:26 . 2011-03-13 16:26 12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
- 2011-03-04 15:55 . 2011-03-04 15:55 12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
- 2011-03-04 15:55 . 2011-03-04 15:55 53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2011-03-13 16:26 . 2011-03-13 16:26 53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
- 2011-03-12 18:19 . 2011-03-12 18:19 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-03-30 15:35 . 2011-03-30 15:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-03-30 15:35 . 2011-03-30 15:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-03-12 18:19 . 2011-03-12 18:19 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-03-14 18:06 . 2011-03-14 18:06 157472 c:\windows\SysWOW64\javaws.exe
+ 2011-03-14 18:06 . 2011-03-14 18:06 145184 c:\windows\SysWOW64\javaw.exe
+ 2011-03-14 18:06 . 2011-03-14 18:06 145184 c:\windows\SysWOW64\java.exe
- 2006-11-02 12:46 . 2011-02-27 14:45 709002 c:\windows\system32\perfh009.dat
+ 2006-11-02 12:46 . 2011-03-30 15:43 709002 c:\windows\system32\perfh009.dat
- 2006-11-02 12:46 . 2011-02-27 14:45 145336 c:\windows\system32\perfc009.dat
+ 2006-11-02 12:46 . 2011-03-30 15:43 145336 c:\windows\system32\perfc009.dat
+ 2011-03-14 18:06 . 2011-03-14 18:06 180224 c:\windows\Installer\1d263e.msi
+ 2011-03-14 18:06 . 2011-03-14 18:06 675840 c:\windows\Installer\1d2639.msi
+ 2011-03-18 20:37 . 2011-03-18 20:37 380928 c:\windows\Installer\{9545E9DB-6F4C-4404-BF25-E221BE8B44C5}\iTunesIco.exe
+ 2006-11-02 12:40 . 2011-03-30 15:34 143360 c:\windows\inf\infstrng.dat
- 2006-11-02 12:40 . 2011-03-04 20:41 143360 c:\windows\inf\infstrng.dat
- 2011-03-04 15:55 . 2011-03-04 15:55 223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
+ 2011-03-13 16:26 . 2011-03-13 16:26 223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
+ 2011-03-13 16:26 . 2011-03-13 16:26 178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
- 2011-03-04 15:55 . 2011-03-04 15:55 178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
- 2011-03-04 15:55 . 2011-03-04 15:55 364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
+ 2011-03-13 16:26 . 2011-03-13 16:26 364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
+ 2011-03-13 16:26 . 2011-03-13 16:26 159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
- 2011-03-04 15:55 . 2011-03-04 15:55 159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
- 2011-03-04 15:55 . 2011-03-04 15:55 145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
+ 2011-03-13 16:26 . 2011-03-13 16:26 145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
- 2011-03-04 15:55 . 2011-03-04 15:55 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-03-13 16:26 . 2011-03-13 16:26 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2011-03-04 15:55 . 2011-03-04 15:55 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-03-13 16:26 . 2011-03-13 16:26 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-03-13 16:26 . 2011-03-13 16:26 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2011-03-04 15:55 . 2011-03-04 15:55 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2011-03-04 15:55 . 2011-03-04 15:55 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-03-13 16:26 . 2011-03-13 16:26 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2011-03-04 15:55 . 2011-03-04 15:55 577024 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-03-13 16:26 . 2011-03-13 16:26 577024 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-03-13 16:26 . 2011-03-13 16:26 576000 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2011-03-04 15:55 . 2011-03-04 15:55 576000 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-03-13 16:26 . 2011-03-13 16:26 567296 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2011-03-04 15:55 . 2011-03-04 15:55 567296 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-03-13 16:26 . 2011-03-13 16:26 563712 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2011-03-04 15:55 . 2011-03-04 15:55 563712 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2011-03-04 15:55 . 2011-03-04 15:55 473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
+ 2011-03-13 16:26 . 2011-03-13 16:26 473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
+ 2011-03-18 20:37 . 2011-03-18 20:37 5455872 c:\windows\Installer\3b94e3.msi
- 2011-03-04 15:55 . 2011-03-04 15:55 2846720 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-03-13 16:26 . 2011-03-13 16:26 2846720 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-03-13 16:26 . 2011-03-13 16:26 2676224 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2011-03-04 15:55 . 2011-03-04 15:55 2676224 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2006-11-02 12:33 . 2011-03-23 23:10 11010048 c:\windows\system32\SMI\Store\Machine\schema.dat
- 2006-11-02 12:33 . 2011-03-12 16:55 11010048 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2011-03-13 01:02 . 2011-03-13 01:02 15139328 c:\windows\Installer\1d49f.msp
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmpcSys"="c:\program files\PACKARD BELL\SetUpMyPC\SmpSys.exe" [2008-07-07 1038136]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"Google Update"="c:\users\Christopher\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-10-21 136176]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SmpcSys"="c:\program files\Packard Bell\SetupMyPC\SmpSys.exe" [2008-07-07 1038136]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-09-21 47904]
"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2010-03-12 119152]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-03-07 421160]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate1c9d4b82f48e567;Google Update Service (gupdate1c9d4b82f48e567);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-05-14 133104]
R2 SrvCDEject;SrvCDEject;c:\program files (x86)\Packard Bell\SrvCDEject.exe [2008-02-26 600576]
R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-12-15 25832]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2009-08-18 1038088]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]
S0 nvamacpi;Nvidia Away Mode System;c:\windows\system32\DRIVERS\NVAMACPI.sys [x]
S2 ETService;Empowering Technology Service;c:\program files\Packard Bell\Packard Bell Recovery Management\Service\ETService.exe [2008-07-16 24576]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-07-09 248936]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-05-14 17:19]
.
2011-03-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-05-14 17:19]
.
2011-03-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1744426918-3034555884-2614701510-1000Core.job
- c:\users\Christopher\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-01 20:45]
.
2011-03-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1744426918-3034555884-2614701510-1000UA.job
- c:\users\Christopher\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-01 20:45]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 08:26 91648 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 08:26 91648 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 08:26 91648 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 08:26 91648 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 08:26 91648 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 08:26 91648 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 08:26 91648 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 08:26 91648 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 08:26 91648 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVRaidService"="c:\windows\system32\nvraidservice.exe" [2008-08-18 333344]
"RtHDVCpl"="RAVCpl64.exe" [2008-09-18 6495264]
"Skytel"="Skytel.exe" [2008-09-18 1833504]
"FijiKeyboard"="c:\acer\Preload\Autorun\DRV\FIJI Keyboard\ABoard.exe" [2008-09-18 79416]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://bridgecommander.filefront.com/
mLocal Page = %SystemRoot%\system32\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\Christopher\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm
IE: Free YouTube to Mp3 Converter - c:\users\Christopher\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1744426918-3034555884-2614701510-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:a8,cf,2f,42,e0,e6,08,a2,a7,d1,c2,99,ba,1f,77,5e,51,35,98,a5,54,bc,9b,
cf,ce,d3,ee,c4,d9,5f,01,97,c8,02,3e,96,73,fc,43,cc,38,15,f4,0f,f5,52,56,3a,\
"??"=hex:65,34,23,f1,ac,3e,ae,99,14,20,f8,2a,53,ca,02,2f
.
[HKEY_USERS\S-1-5-21-1744426918-3034555884-2614701510-1000\Software\SecuROM\License information*]
"datasecu"=hex:1e,09,a2,8b,79,5e,20,c3,aa,18,a6,97,99,94,cd,95,45,26,e1,de,f5,
8a,9f,3f,bd,59,ae,2d,e7,c3,24,77,00,a2,0f,25,cf,bf,cb,0b,17,2b,3b,e7,c3,55,\
"rkeysecu"=hex:fc,c0,7e,17,05,7d,fc,b5,1a,af,54,29,89,3b,60,32
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
Completion time: 2011-03-30 16:53:11
ComboFix-quarantined-files.txt 2011-03-30 15:53
ComboFix2.txt 2011-03-12 18:40
.
Pre-Run: 102,816,272,384 bytes free
Post-Run: 102,782,234,624 bytes free
.
Current=1 Default=1 Failed=0 LastKnownGood=5 Sets=1,2,3,5
- - End Of File - - FCF62475ED624BA85E05F946EE4D236F
 
I'm working between a squall line and tornado watch- so If I stop mid-sentence, you'll know why!

Question:- these are all legit, just want to be sure you know and/or use.
1. Do you still use Apple Mobile USB Driver? Is it current?
2.Also: Nvidia Away Mode System
3.Acer preload: ABoard (2008)
4.Do you have 2 home pages set to blank pages?
uLocal Page = c:\windows\system32\blank.htm
5.uStartPage = hxxp://bridgecommander.filefront.com/
mLocal Page = SystemRoott%\system32\blankhtmm
Did youalspp set a start page to http://bridgecommander.filefront.com/


Later
 
Hi sorry I'm out today so not on much and I hope your ok with all your warnings geez.

Anyway the apple mobile I'm assuming is for my iPhone and I have no idea if it's current. My home page I set to bridge commander files yes the two blank ones I'm not sure of. Could those be the default chrome ones before I set it to bridge commander? I only started using chrome a few months back.

The acer preload thing I'm assuming is legit though I'm not sure what it is and the same with the nvidia thing. Sorry I'm not very technically minded.

Do you think the avg got that Trojan early though? I'm still not getting symptoms.
 
Oh my what a days it's been! I've been here a long time and have never seen so many squall lines in a row, tornadoes, high winds, ets. All across Central FL and we're till getting them- but not like earlier.

All the questions I had were about legitimate processes. But I don't think that's any reason to allow a program, apps or process to run and use the system resources.

I haven't used Chrome yet, but if you set the homepage and didn't set up tabs with a blnk page, then it shouldn't show 'blank': Please look this over when you get a chance:
How To Open a New Tab in Chrome as a Blank Page
========================================
Please run this Custom CFScript:

  • [1]. Close any open browsers.
    [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    [3]. Open notepad> click on Format> Uncheck 'Word Wrap'> and copy/paste the text in the code below into it:Be sure to scroll down to include ALL lines.
Code: 
File::
c:\windows\system32\DRIVERS\NVAMACPI.sys 
Folder::
c:\programdata\McAfee
c:\program files (x86)\MALWAREBYTES ANTI-MALWARE
Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmpcSys"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ru n]
"SmpcSys"=-

RegNull::
[HKEY_USERS\S-1-5-21-1744426918-3034555884-2614701510-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
RegLock::
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
DDS::
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
mRun: [SmpcSys] C:\Program Files\Packard Bell\SetupMyPC\SmpSys.exe

Driver::
nvamacpi
Save this as CFScript.txt, in the same location as ComboFix.exe
CFScriptB-4.gif


Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt . Please paste in your next reply.
====================
Let's make sure you're well covered: Security Check

Download Security Check by screen317 from HERE or HERE .
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

I'll give these 2 logs a quick check and you should be through after that and I'll have you remove the cleaning tools.
 
Hi, sorry I was asleep heh. Are you ok? I couldn't imagine such weather over here in England. Though I will admit to being curious as natures always fascinated me. I hope there was no damage for you or anyone.

I'll run the script and scan when I get in later so about 4 hours time. I wouldn't have thought avg would get rid of the Trojan so easily, and do you think it's safe to connect my iPhone or iPad to it again? I don't know if they can get such things on them but I really wouldn't want to screw those up. I wish I knew how I got it I havent been on any different sites lately a d my browsing is limited to google and a few trusted gaming sites and YouTube. Strange.
 
Hi, I ran the combo fix script you sent and heres the results, going to reinstall AVG now and then do the security check too.


ComboFix 11-03-31.04 - Christopher 01/04/2011 12:07:23.3.4 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.4094.2425 [GMT 1:00]
Running from: c:\users\Christopher\Desktop\ComboFix.exe
Command switches used :: c:\users\Christopher\Desktop\CFScript.txt
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
FILE ::
"c:\windows\system32\DRIVERS\NVAMACPI.sys"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\MALWAREBYTES ANTI-MALWARE
c:\program files (x86)\MALWAREBYTES ANTI-MALWARE\MBAMEXT.DLL
c:\program files\Packard Bell\SetupMyPC\SmpSys.exe
c:\programdata\McAfee
c:\programdata\McAfee\MCLOGS\Common\MsiExec\MsiExec000.log
c:\windows\system32\DRIVERS\NVAMACPI.sys
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_nvamacpi
.
.
((((((((((((((((((((((((( Files Created from 2011-03-01 to 2011-04-01 )))))))))))))))))))))))))))))))
.
.
2073-04-13 17:17 . 2006-11-21 20:48 203576 ------w- c:\program files (x86)\Microsoft Games\Age of Empires III\autopatcher2.exe
2011-04-01 11:15 . 2011-04-01 11:15 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-03-30 11:58 . 2011-03-30 11:58 -------- d-----w- c:\program files (x86)\ESET
2011-03-18 20:36 . 2011-03-18 20:36 -------- d-----w- c:\program files\iPod
2011-03-18 20:35 . 2011-03-18 20:36 -------- d-----w- c:\program files\iTunes
2011-03-18 20:35 . 2011-03-18 20:36 -------- d-----w- c:\program files (x86)\iTunes
2011-03-14 18:13 . 2011-03-14 19:39 -------- d-----w- c:\users\Christopher\AppData\Roaming\.minecraft
2011-03-14 18:06 . 2011-03-14 18:06 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-03-14 18:06 . 2011-03-14 18:06 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-03-14 18:06 . 2011-03-14 18:06 -------- d-----w- c:\program files (x86)\Java
2011-03-13 16:22 . 2011-03-19 16:28 -------- d-----w- c:\users\Christopher\AppData\Roaming\Rift
2011-03-12 21:21 . 2011-03-12 21:21 -------- d-----w- c:\users\Christopher\AppData\Roaming\AVG10
2011-03-12 21:15 . 2011-03-12 21:15 -------- d-----w- c:\program files (x86)\AVG
2011-03-12 12:28 . 2011-03-12 12:28 103864 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
2011-03-09 17:21 . 2010-12-17 17:12 2424320 ----a-w- c:\windows\system32\mstscax.dll
2011-03-09 17:21 . 2010-12-17 16:43 2067456 ----a-w- c:\windows\SysWow64\mstscax.dll
2011-03-09 17:21 . 2010-12-17 15:35 730624 ----a-w- c:\windows\system32\mstsc.exe
2011-03-09 17:21 . 2010-12-17 15:06 677888 ----a-w- c:\windows\SysWow64\mstsc.exe
2011-03-09 17:21 . 2010-12-29 17:53 416768 ----a-w- c:\windows\system32\sbe.dll
2011-03-09 17:21 . 2010-12-29 17:53 210944 ----a-w- c:\windows\system32\sbeio.dll
2011-03-09 17:21 . 2010-12-29 17:53 560128 ----a-w- c:\windows\system32\EncDec.dll
2011-03-09 17:21 . 2010-12-29 17:51 226816 ----a-w- c:\windows\system32\mpg2splt.ax
2011-03-09 17:21 . 2010-12-29 17:41 323072 ----a-w- c:\windows\SysWow64\sbe.dll
2011-03-09 17:21 . 2010-12-29 17:41 153088 ----a-w- c:\windows\SysWow64\sbeio.dll
2011-03-09 17:21 . 2010-12-29 17:41 429056 ----a-w- c:\windows\SysWow64\EncDec.dll
2011-03-09 17:21 . 2010-12-29 17:39 177664 ----a-w- c:\windows\SysWow64\mpg2splt.ax
2011-03-08 21:06 . 2011-03-08 21:06 -------- d-----w- c:\users\Christopher\AppData\Roaming\Malwarebytes
2011-03-08 21:06 . 2010-12-20 18:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-03-08 21:06 . 2011-03-08 21:06 -------- d-----w- c:\programdata\Malwarebytes
2011-03-08 21:06 . 2011-03-08 21:06 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-03-08 21:06 . 2010-12-20 18:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-04 20:39 . 2011-03-04 20:39 -------- d-----w- c:\program files\Bonjour
2011-03-04 20:39 . 2011-03-04 20:39 -------- d-----w- c:\program files (x86)\Bonjour
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-26 01:19 . 2011-02-26 01:19 41872 ----a-w- c:\windows\SysWow64\xfcodec.dll
2011-02-26 01:19 . 2011-02-26 01:19 27536 ----a-w- c:\windows\system32\xfcodec64.dll
2011-02-18 16:36 . 2011-02-18 16:36 51712 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
2011-02-18 16:36 . 2011-02-18 16:36 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-02-16 19:07 . 2009-05-24 13:33 270904 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2011-02-16 19:07 . 2009-04-02 20:45 270904 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2011-02-16 19:05 . 2009-04-02 20:45 215128 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2011-01-08 09:31 . 2011-02-09 18:20 48128 ----a-w- c:\windows\system32\atmlib.dll
2011-01-08 07:50 . 2011-02-09 18:20 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2011-01-08 06:17 . 2011-02-09 18:20 367104 ----a-w- c:\windows\system32\atmfd.dll
2011-01-08 05:57 . 2011-02-09 18:20 292352 ----a-w- c:\windows\SysWow64\atmfd.dll
.
.
((((((((((((((((((((((((((((( SnapShot_2011-03-30_15.50.43 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-21 02:23 . 2011-03-30 15:37 76164 c:\windows\system32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-01-21 02:23 . 2011-04-01 10:51 76164 c:\windows\system32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
- 2006-11-02 15:45 . 2011-03-30 15:37 86558 c:\windows\system32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 15:45 . 2011-04-01 10:51 86558 c:\windows\system32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-03-28 12:51 . 2011-04-01 10:51 22810 c:\windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1744426918-3034555884-2614701510-1000_UserData.bin
- 2009-03-28 12:51 . 2011-03-30 15:37 22810 c:\windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1744426918-3034555884-2614701510-1000_UserData.bin
- 2009-03-28 12:48 . 2011-03-30 11:57 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-03-28 12:48 . 2011-04-01 10:53 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-03-28 12:48 . 2011-04-01 10:53 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-03-28 12:48 . 2011-03-30 11:57 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-03-28 12:48 . 2011-03-30 11:57 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-03-28 12:48 . 2011-04-01 10:53 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-11-28 18:18 . 2011-04-01 10:50 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-11-28 18:18 . 2011-03-30 15:35 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-11-28 18:18 . 2011-04-01 10:50 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-11-28 18:18 . 2011-03-30 15:35 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-04-01 11:17 . 2011-04-01 11:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-03-30 15:35 . 2011-03-30 15:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-04-01 11:17 . 2011-04-01 11:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-03-30 15:35 . 2011-03-30 15:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2006-11-02 12:46 . 2011-03-30 15:43 709002 c:\windows\system32\perfh009.dat
+ 2006-11-02 12:46 . 2011-04-01 10:56 709002 c:\windows\system32\perfh009.dat
+ 2006-11-02 12:46 . 2011-04-01 10:56 145336 c:\windows\system32\perfc009.dat
- 2006-11-02 12:46 . 2011-03-30 15:43 145336 c:\windows\system32\perfc009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"Google Update"="c:\users\Christopher\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-10-21 136176]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-09-21 47904]
"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2010-03-12 119152]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-03-07 421160]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate1c9d4b82f48e567;Google Update Service (gupdate1c9d4b82f48e567);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-05-14 133104]
R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-12-15 25832]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2009-08-18 1038088]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]
S2 ETService;Empowering Technology Service;c:\program files\Packard Bell\Packard Bell Recovery Management\Service\ETService.exe [2008-07-16 24576]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 SrvCDEject;SrvCDEject;c:\program files (x86)\Packard Bell\SrvCDEject.exe [2008-02-26 600576]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-07-09 248936]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-05-14 17:19]
.
2011-03-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-05-14 17:19]
.
2011-03-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1744426918-3034555884-2614701510-1000Core.job
- c:\users\Christopher\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-01 20:45]
.
2011-04-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1744426918-3034555884-2614701510-1000UA.job
- c:\users\Christopher\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-01 20:45]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 08:26 91648 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 08:26 91648 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 08:26 91648 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 08:26 91648 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 08:26 91648 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 08:26 91648 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 08:26 91648 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 08:26 91648 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 08:26 91648 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"combofix"="c:\combofix\CF26801.cfxxe" [X]
"NVRaidService"="c:\windows\system32\nvraidservice.exe" [2008-08-18 333344]
"RtHDVCpl"="RAVCpl64.exe" [2008-09-18 6495264]
"Skytel"="Skytel.exe" [2008-09-18 1833504]
"FijiKeyboard"="c:\acer\Preload\Autorun\DRV\FIJI Keyboard\ABoard.exe" [2008-09-18 79416]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://bridgecommander.filefront.com/
mLocal Page = %SystemRoot%\system32\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\Christopher\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm
IE: Free YouTube to Mp3 Converter - c:\users\Christopher\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\JSXFile\shell\Edit]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\JSXFile\shell\Open]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Photoshop.Image.11\protocol\StdFileEditing\server]
@DACL=(02 0000)
@="c:\\Program Files (x86)\\Adobe\\Adobe Photoshop CS4\\Photoshop.exe"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\windows\system32\HidService.exe
c:\windows\SysWOW64\PnkBstrA.exe
.
**************************************************************************
.
Completion time: 2011-04-01 12:24:43 - machine was rebooted
ComboFix-quarantined-files.txt 2011-04-01 11:24
ComboFix2.txt 2011-03-30 15:53
ComboFix3.txt 2011-03-12 18:40
.
Pre-Run: 102,006,693,888 bytes free
Post-Run: 101,689,638,912 bytes free
.
Current=1 Default=1 Failed=0 LastKnownGood=5 Sets=1,2,3,5
- - End Of File - - A22391DAD2B9D8F44263B952A399D12D




I also did a full scan with Malwarebytes too.

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6234

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

01/04/2011 14:05:15
mbam-log-2011-04-01 (14-05-15).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|G:\|H:\|)
Objects scanned: 648267
Time elapsed: 1 hour(s), 36 minute(s), 55 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
 
Heres the security check log.

However I seem to have a slight problem now, I tried to reinstall AVG and so downloaded the free version from here: http://free.avg.com/us-en/download-avg-anti-virus-free but the program doesnt install, it tries to says gathering information and then just shuts off. Please tell me thats not a symptom of something since so fars everything is fine and says its clean.


Results of screen317's Security Check version 0.99.10
Windows Vista (UAC is disabled!)
Out of date service pack!!
Internet Explorer 7 Out of date!
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Disabled!
ESET Online Scanner v3
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Java(TM) 6 Update 24
Adobe Reader 9.4.3
Out of date Adobe Reader installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent
``````````End of Log````````````
 
hi, may I ask what the script did that I input into combofix earlier? As usually I have about 80 processes running at default and now im getting about 64 did it shut off something important because I still cant get this AVG to install. Everything else seems fine though.
 
Did you follow this in my Reply #4:
Temporary AV:
Avira-AntiVir-Personal-Free-Antivirus
Avast Free Version
Click to expand...

The links are in that post. Is there any reason why you can't leave AVG off the system until we finish?
I'm reviewing the Combofix log now.

Edit: The script I had you run through Combofix was to remove bad processes or redundant entries like McAfee data. It is not meant to trim the system down or stop default programs from starting. Just for curiosity, where did you count 80 that is now 64? Where are these processes? If you are counting processes in the Task Manager, 35-40 is a better number than 64 or 80! But that will be your job to stop unnecessary processes from starting on boot and uninstall programs you no longer use.
 
hi, sorry i never noticed the temporary AV bit, should I try one of those now? Which is best in your opinion? Hope the weather wasn't too bad for you.
 
I went back into my reply using an Edit at the same time you posted. Either one of the AV program is good- and free. My preference would be Avast.

Storm had 9 tornadoes, high winds and pelting rain- almost all day. Lot of damage in the central part of the state.
 
geez I hope you didnt get any damage, I will go install avast now and wait for the next step. I hope i'm not infected
 
I've just installed and updated avast that's fine and I'm running a full scan with it. Er the task manager is what I looked at the processes yes. And I have no idea what's not running anymore since combo but everything seems fine.

I'll post the results when it's done, could take a while heh
 
You seem to think that Combofix-or what I put in the script-has somehow sabotages your system. That is not the case: you has two installs of Malwarebytes, so I removed one of them:
c:\program files (x86)\MALWAREBYTES ANTI-MALWARE

I stopped 2 entries for Packard Bell "Set up my PC" from 2008, the Nvidia Away process I asked you about. Please do not think all you see in Combofix are processes that were removed! That simply isn't right. In fact, the entire 'Snapshot' section is just what it says> a snapshot of everything on the system! That section varies in different logs and doesn't always spit the long section out!
 
You seem to have misunderstood me. When I said I hope you didn't get any damage I was referring to the storms in your area damaging your property. I know combo hasn't damaged anything.

And informing you that I have a few less processes, nothing important by the looks of it either.
 
Do you think we can sort it by tomorrow night? As I really need my pc this week, im not trying to rush you, just wondering on your thoughts of whether I have a problem still.
 
hi. I am going back to work tomorrow, this week was my week off, great week heh. So I'm not going to have alot of time to fix it up really. So basically, I was going to reformat the computer tomorrow if you think theres cause for me to do so, as that would get rid of things and I can start from scratch with the computer.

Though I'd ideally like to avoid that since I've had no problems for 2 years and so have 2 years worth of stuff on here.
 
Hi I know I'm beginning to come across as a pain but I tried to do a system restore/reformat to it's factory state by Pressing f11 at bootup but nothing happened it just booted as normal. I'm going to have to get my pc's supplier to send me a system reformat disk sigh. I really need it soon.

Also earlier it crashed and came up with a weird windows activation error saying there was an unauthorised change to windows and I would receive no further notification of windows activation or licence. Its legitimate and I haven't done anything to it.

This is so frustrating.
 
And I have no idea what's not running anymore since combo
Click to expand...

Yes, I took this to mean you thought Combofix caused problems. Misunderstood.

Please tell me if you are having any of the original malware problems? Any new related problems? The Eset scan was clean.
 
It's not coming up with malware no bu the computer crashing and giving me a windows activation error I have never heard of before. I don't know what's going on with it since the system reformat isn't coming up either by pressing f11 at startup.
 
I'm not seeing this as a malware related problem. And I can't deal with an error unless I know what you were trying to do when you got the error message. And then I need to know exactly what it said. Noting the time of the error on the computer clock and then checking the Event Viewer system & App logs for any Error event occurring at the same time will give you additional information.

Help for using the Event viewer in Vista here: http://www.computerperformance.co.uk/vista/vista_event_viewer.htm
 
Status
Not open for further replies.

Similar threads

uber_beetle
Infected with fake ad pop-ups - posting FRST and Addition
Replies
12
Views
785
uber_beetle
uber_beetle
wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni
A
Infected: Antivirus says it's Trojan:Script/Wacatac.H!ml
Replies
12
Views
2K
adidaman27
A

Latest posts

Back