TechSpot

Virus/Malware Win32:Bamital-x

By Gremmy
Aug 22, 2010
  1. Managed to get this virus on my computer somehow, seems to be hijacking my browser and redirecting me to random websites.

    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 4461

    Windows 6.0.6002 Service Pack 2
    Internet Explorer 8.0.6001.18943

    22/08/2010 12:37:36
    mbam-log-2010-08-22 (12-37-36).txt

    Scan type: Full scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|K:\|)
    Objects scanned: 394515
    Time elapsed: 1 hour(s), 19 minute(s), 49 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
     
  2. Gremmy

    Gremmy TS Rookie Topic Starter Posts: 45

    GMER 1.0.15.15281 - http://www.gmer.net
    Rootkit scan 2010-08-22 14:16:10
    Windows 6.0.6002 Service Pack 2
    Running: z9g1iwmt.exe; Driver: C:\Users\Theo\AppData\Local\Temp\pxldipog.sys


    ---- System - GMER 1.0.15 ----

    SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwClose [0x8F0FB88E]
    SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwCreateFile [0x8F0FB0EC]
    SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwCreateKey [0x8F0FADCE]
    SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwCreateSection [0x8F0FC938]
    SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwDeleteKey [0x8F0FAED8]
    SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwDeleteValueKey [0x8F0FAFC2]
    SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwLoadDriver [0x8F0FBBBC]
    SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwOpenFile [0x8F0FB3F4]
    SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwSetInformationFile [0x8F0FB526]
    SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwSetValueKey [0x8F0FABFC]
    SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwTerminateProcess [0x8F0FBB04]
    SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwWriteFile [0x8F0FB70C]

    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateProcessEx [0x8F1AAB9C]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateSection [0x8F1AA9C0]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwLoadDriver [0x8F1AAAFA]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) NtCreateSection
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObInsertObject
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObMakeTemporaryObject

    ---- Kernel code sections - GMER 1.0.15 ----

    .text ntkrnlpa.exe!KeSetEvent + 1A9 822FA90C 4 Bytes [8E, B8, 0F, 8F]
    .text ntkrnlpa.exe!KeSetEvent + 1D9 822FA93C 4 Bytes [EC, B0, 0F, 8F]
    .text ntkrnlpa.exe!KeSetEvent + 1E9 822FA94C 4 Bytes [CE, AD, 0F, 8F]
    .text ntkrnlpa.exe!KeSetEvent + 215 822FA978 4 Bytes [38, C9, 0F, 8F]
    .text ntkrnlpa.exe!KeSetEvent + 2D5 822FAA38 4 Bytes [D8, AE, 0F, 8F]
    .text ...
    PAGE ntkrnlpa.exe!ZwLoadDriver 823B9DF0 7 Bytes JMP 8F1AAAFE \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
    PAGE ntkrnlpa.exe!ObMakeTemporaryObject 8242528F 5 Bytes JMP 8F1A65B4 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
    PAGE ntkrnlpa.exe!ObInsertObject 8247E063 5 Bytes JMP 8F1A7F6C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
    PAGE ntkrnlpa.exe!NtCreateSection 8247F905 7 Bytes JMP 8F1AA9C4 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
    PAGE ntkrnlpa.exe!ZwCreateProcessEx 824DF90A 7 Bytes JMP 8F1AABA0 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)

    ---- User code sections - GMER 1.0.15 ----

    .text C:\Windows\Explorer.EXE[1856] kernel32.dll!CreateProcessInternalW 75AD53DF 5 Bytes JMP 0047874A
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3304] ntdll.dll!LdrLoadDll 77239390 5 Bytes JMP 00D313F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3304] WS2_32.dll!closesocket 7673330C 5 Bytes JMP 0005660B
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3304] WS2_32.dll!recv 7673343A 5 Bytes JMP 000563C0
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3304] WS2_32.dll!WSASend 76734496 5 Bytes JMP 00056477
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3304] WS2_32.dll!send 7673659B 5 Bytes JMP 0005634D
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3304] WS2_32.dll!WSARecv 76738400 5 Bytes JMP 00056511
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3800] USER32.dll!TrackPopupMenu 76A114F3 5 Bytes JMP 66F7721D C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

    ---- User IAT/EAT - GMER 1.0.15 ----

    IAT C:\Windows\system32\services.exe[600] @ C:\Windows\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00130002
    IAT C:\Windows\system32\services.exe[600] @ C:\Windows\system32\services.exe [KERNEL32.dll!CreateProcessW] 00130000

    ---- Devices - GMER 1.0.15 ----

    Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/ALWIL Software)

    AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
    AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
    AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

    ---- EOF - GMER 1.0.15 ----
     
  3. Gremmy

    Gremmy TS Rookie Topic Starter Posts: 45

    DDS (Ver_10-03-17.01) - NTFSx86
    Run by Theo at 14:16:19.96 on 22/08/2010
    Internet Explorer: 8.0.6001.18943
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3325.1765 [GMT 1:00]

    SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
    SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
    SP: Spyware Terminator *disabled* (Updated) {55EE49A8-16BE-4601-BBE6-607B7F7317DE}

    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Program Files\Dell\DellDock\DockLogin.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
    C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
    C:\Program Files\MagicDisc\MagicDisc.exe
    C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Program Files\Spyware Terminator\sp_rsser.exe
    C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Users\Theo\Desktop\dds.scr
    C:\Windows\system32\wbem\wmiprvse.exe

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://google.com/
    uInternet Settings,ProxyServer = http=127.0.0.1:6522
    uInternet Settings,ProxyOverride = <local>
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - c:\program files\bitcomet\tools\BitCometBHO_1.3.7.16.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
    TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
    mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
    mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
    mRun: [SpywareTerminator] "c:\program files\spyware terminator\SpywareTerminatorShield.exe"
    StartupFolder: c:\users\theo\appdata\roaming\micros~1\windows\startm~1\programs\startup\magicd~1.lnk - c:\program files\magicdisc\MagicDisc.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wg111v2\WG111v2.exe
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: &D&ownload &with BitComet - c:\program files\bitcomet\BitComet.exe/AddLink.htm
    IE: &D&ownload all video with BitComet - c:\program files\bitcomet\BitComet.exe/AddVideo.htm
    IE: &D&ownload all with BitComet - c:\program files\bitcomet\BitComet.exe/AddAllLink.htm
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
    IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://c:\program files\bitcomet\tools\BitCometBHO_1.3.7.16.dll/206
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
    Notify: igfxcui - igfxdev.dll
    SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

    ================= FIREFOX ===================

    FF - ProfilePath - c:\users\theo\appdata\roaming\mozilla\firefox\profiles\q15h6s1j.default\
    FF - prefs.js: network.proxy.type - 4
    FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
    FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
    FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
    FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll
    FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
    FF - plugin: c:\users\theo\appdata\roaming\facebook\npfbplugin_1_0_3.dll
    FF - plugin: c:\users\theo\appdata\roaming\mozilla\firefox\profiles\q15h6s1j.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
    FF - plugin: c:\windows\system32\tvuax\npTVUAx.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

    ---- FIREFOX POLICIES ----
    FF - user.js: network.cookie.cookieBehavior - 0
    FF - user.js: privacy.clearOnShutdown.cookies - false
    FF - user.js: security.warn_viewing_mixed - false
    FF - user.js: security.warn_viewing_mixed.show_once - false
    FF - user.js: security.warn_submit_insecure - false
    FF - user.js: security.warn_submit_insecure.show_once - false
    c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
    c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
     
  4. Gremmy

    Gremmy TS Rookie Topic Starter Posts: 45

    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
    c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
    c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
    c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

    ============= SERVICES / DRIVERS ===============

    R0 SCMNdisP;General NDIS Protocol Driver;c:\windows\system32\drivers\SCMNdisP.sys [2010-1-10 21728]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-8-21 165456]
    R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-11-23 9968]
    R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-11-23 74480]
    R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2010-8-21 142592]
    R2 AERTFilters;Andrea RT Filters Service;c:\program files\realtek\audio\hda\AERTSrv.exe [2009-7-4 81920]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-8-21 17744]
    R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-8-21 50256]
    R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-8-21 40384]
    R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-12-18 155648]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2010-6-7 240232]
    R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-8-21 40384]
    R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-8-21 40384]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-3-4 135664]
    S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
    S3 PCD5SRVC{3F6A8B78-EC003E00-05040104};PCD5SRVC{3F6A8B78-EC003E00-05040104} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\dellsu~1\hwdiag\bin\PCD5SRVC.pkms [2008-11-5 22904]
    S3 RTL8187;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\drivers\wg111v2.sys [2007-12-26 288768]
    S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [2007-12-26 288768]
    S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-11-23 7408]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

    =============== Created Last 30 ================

    2010-08-21 21:17:41 0 d-----w- C:\$RECYCLE.BIN
    2010-08-21 17:33:36 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
    2010-08-21 17:33:36 0 d-----w- c:\users\theo\appdata\roaming\Spyware Terminator
    2010-08-21 17:33:35 0 d-----w- c:\programdata\Spyware Terminator
    2010-08-21 17:33:35 0 d-----w- c:\program files\Spyware Terminator
    2010-08-21 17:23:38 0 d---a-w- c:\programdata\TEMP
    2010-08-21 15:43:42 50256 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2010-08-21 15:42:51 38848 ----a-w- c:\windows\avastSS.scr
    2010-08-21 14:48:25 691 ----a-w- c:\users\theo\appdata\roaming\GetValue.vbs
    2010-08-21 14:48:25 35 ----a-w- c:\users\theo\appdata\roaming\SetValue.bat
    2010-08-21 13:56:01 0 d-----w- c:\programdata\Alwil Software
    2010-08-20 23:24:43 0 d-----w- C:\$RECYCLE(0).BIN
    2010-08-20 23:11:15 185856 ----a-w- c:\windows\system32\drivers\netbt.sys
    2010-08-20 22:55:26 5 ----a-w- C:\zrpt.xml
    2010-08-19 14:07:41 0 d-----w- c:\program files\common files\DivX Shared
    2010-08-19 14:06:58 0 d-----w- c:\program files\DivX
    2010-08-19 14:06:42 0 d-----w- c:\programdata\DivX
    2010-08-18 16:59:58 0 d-----w- c:\users\theo\appdata\roaming\ProfitUI Reborn Updater
    2010-08-12 23:44:58 36864 ----a-w- c:\windows\system32\rtutils.dll
    2010-08-12 23:44:45 3600768 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2010-08-12 23:44:44 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
    2010-08-12 23:44:40 1248768 ----a-w- c:\windows\system32\msxml3.dll
    2010-08-12 23:44:38 302080 ----a-w- c:\windows\system32\drivers\srv.sys
    2010-08-12 23:44:38 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
    2010-08-12 23:44:36 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2010-08-05 14:05:04 98816 ----a-w- c:\windows\sed.exe
    2010-08-05 14:05:04 77312 ----a-w- c:\windows\MBR.exe
    2010-08-05 14:05:04 256512 ----a-w- c:\windows\PEV.exe
    2010-08-05 14:05:04 161792 ----a-w- c:\windows\SWREG.exe

    ==================== Find3M ====================

    2010-08-22 12:23:39 8050 ----a-w- c:\users\theo\appdata\roaming\wklnhst.dat
    2010-08-22 08:27:39 36821 ----a-w- c:\programdata\nvModes.dat
    2010-07-04 17:55:05 51200 ----a-w- c:\windows\inf\infpub.dat
    2010-07-04 17:55:05 143360 ----a-w- c:\windows\inf\infstrng.dat
    2010-07-04 17:54:57 143360 ----a-w- c:\windows\inf\infstor.dat
    2010-06-26 06:05:49 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-06-26 06:02:15 71680 ----a-w- c:\windows\system32\iesetup.dll
    2010-06-26 06:02:15 109056 ----a-w- c:\windows\system32\iesysprep.dll
    2010-06-26 04:25:02 133632 ----a-w- c:\windows\system32\ieUnatt.exe
    2010-06-21 13:37:03 2037760 ----a-w- c:\windows\system32\win32k.sys
    2010-06-11 16:16:20 274944 ----a-w- c:\windows\system32\schannel.dll
    2010-06-07 23:57:00 9712744 ----a-w- c:\windows\system32\nvd3dum.dll
    2010-06-07 23:57:00 56936 ----a-w- c:\windows\system32\OpenCL.dll
    2010-06-07 23:57:00 4967528 ----a-w- c:\windows\system32\nvwgf2um.dll
    2010-06-07 23:57:00 4513384 ----a-w- c:\windows\system32\nvcuda.dll
    2010-06-07 23:57:00 2632296 ----a-w- c:\windows\system32\nvcuvenc.dll
    2010-06-07 23:57:00 232040 ----a-w- c:\windows\system32\nvcod1921.dll
    2010-06-07 23:57:00 232040 ----a-w- c:\windows\system32\nvcod.dll
    2010-06-07 23:57:00 2145896 ----a-w- c:\windows\system32\nvcuvid.dll
    2010-06-07 23:57:00 1592424 ----a-w- c:\windows\system32\nvapi.dll
    2010-06-07 23:57:00 15764072 ----a-w- c:\windows\system32\nvoglv32.dll
    2010-06-07 23:57:00 10263144 ----a-w- c:\windows\system32\nvcompiler.dll
    2010-06-07 16:48:04 13917800 ----a-w- c:\windows\system32\nvcpl.dll
    2010-06-07 16:48:04 1331816 ----a-w- c:\windows\system32\nvsvc.dll
    2010-06-07 16:48:04 129640 ----a-w- c:\windows\system32\nvvsvc.exe
    2010-06-07 16:48:04 110696 ----a-w- c:\windows\system32\nvmctray.dll
    2010-05-27 20:08:17 81920 ----a-w- c:\windows\system32\iccvid.dll
    2010-05-26 17:06:41 34304 ----a-w- c:\windows\system32\atmlib.dll
    2010-05-26 14:47:41 289792 ----a-w- c:\windows\system32\atmfd.dll
    2010-01-03 00:00:40 665600 ----a-w- c:\windows\inf\drvindex.dat
    2008-01-21 02:43:21 174 --sha-w- c:\program files\desktop.ini
    2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
    2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
    2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
    2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
    2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
    2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
    2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
    2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
    2004-06-02 00:47:51 1774540 ----a-w- c:\program files\Picture 005.jpg
    2010-05-01 15:35:14 245760 --sha-w- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
    2009-07-04 18:37:59 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

    ============= FINISH: 14:16:31.39 ===============
     
  5. Gremmy

    Gremmy TS Rookie Topic Starter Posts: 45

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-03-17.01)

    Microsoft® Windows Vista™ Home Premium
    Boot Device: \Device\HarddiskVolume3
    Install Date: 04/07/2009 11:49:41
    System Uptime: 22/08/2010 09:27:10 (5 hours ago)

    Motherboard: Dell Inc. | | 0N826N
    Processor: Intel(R) Core(TM)2 Quad CPU Q8200 @ 2.33GHz | Socket 775 | 2331/333mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 451 GiB total, 353.099 GiB free.
    D: is FIXED (NTFS) - 15 GiB total, 9.719 GiB free.
    E: is CDROM (CDFS)
    F: is FIXED (NTFS) - 149 GiB total, 23.14 GiB free.
    G: is Removable
    H: is Removable
    I: is Removable
    J: is Removable
    K: is CDROM (CDFS)

    ==== Disabled Device Manager Items =============

    ==== System Restore Points ===================

    No restore point in system.

    ==== Installed Programs ======================

    Acrobat.com
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 9
    Advanced Combat Tracker (remove only)
    avast! Free Antivirus
    Betfair Poker
    BitComet 1.16
    CCleaner
    Compatibility Pack for the 2007 Office system
    Counter-Strike: Source
    Dell Dock
    Dell Edoc Viewer
    Dell Support Center (Support Software)
    DivX Setup
    EQ2MAP Updater 1.2.4
    Facebook Plug-In
    Garena
    Google Toolbar for Internet Explorer
    Google Update Helper
    HijackThis 2.0.2
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Java(TM) 6 Update 13
    Junk Mail filter update
    Magic ISO Maker v5.5 (build 0276)
    MagicDisc 2.7.106
    Malwarebytes' Anti-Malware
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft Choice Guard
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Search Enhancement Pack
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Sync Framework Runtime Native v1.0 (x86)
    Microsoft Sync Framework Services Native v1.0 (x86)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Works
    Mohawk Voice 1.1
    Mozilla Firefox (3.6.8)
    MSVCRT
    NETGEAR WG111v2 wireless USB 2.0 adapter
    NVIDIA Display Control Panel
    NVIDIA Drivers
    NVIDIA PhysX
    NVIDIA Stereoscopic 3D Driver
    OGA Notifier 2.0.0048.0
    ProfitUI Reborn Updater
    Realtek High Definition Audio Driver
    Roxio Creator Audio
    Roxio Creator Copy
    Roxio Creator Data
    Roxio Creator DE
    Roxio Creator Tools
    Roxio Express Labeler 3
    Roxio Update Manager
    Spyware Terminator
    Steam
    SUPERAntiSpyware Free Edition
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    VC80CRTRedist - 8.0.50727.4053
    Ventrilo Client
    VLC media player 1.0.3
    Warcraft III
    Warcraft III: All Products
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Mail
    Windows Live Messenger
    Windows Live Movie Maker
    Windows Live Photo Gallery
    Windows Live Sign-in Assistant
    Windows Live Sync
    Windows Live Toolbar
    Windows Live Upload Tool
    Windows Live Writer
    WinRAR archiver

    ==== Event Viewer Messages From Past Week ========

    22/08/2010 09:25:57, Error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
    21/08/2010 22:16:21, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
    21/08/2010 19:28:31, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
    21/08/2010 19:19:23, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD aswRdr aswSP aswTdi DfsC NetBIOS netbt nsiproxy PSched RasAcd rdbss SASDIFSV SASKUTIL Smb spldr sp_rsdrv2 tdx Wanarpv6
    21/08/2010 19:19:23, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    21/08/2010 19:19:23, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    21/08/2010 19:19:23, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.
    21/08/2010 19:19:23, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    21/08/2010 19:19:23, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    21/08/2010 19:19:23, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    21/08/2010 19:19:23, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    21/08/2010 19:19:23, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.
    21/08/2010 19:19:23, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    21/08/2010 19:19:23, Error: Service Control Manager [7001] - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    21/08/2010 19:19:23, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    21/08/2010 19:19:23, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    21/08/2010 19:19:23, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    21/08/2010 19:19:23, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
    21/08/2010 19:18:38, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    21/08/2010 19:18:38, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    21/08/2010 19:18:04, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
    21/08/2010 19:18:04, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
    21/08/2010 19:18:04, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
    21/08/2010 19:18:02, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    21/08/2010 19:17:57, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    21/08/2010 18:36:51, Error: Service Control Manager [7034] - The SCM_Service service terminated unexpectedly. It has done this 1 time(s).
    21/08/2010 15:45:07, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SASDIFSV SASKUTIL spldr Wanarpv6
    21/08/2010 14:22:33, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
    21/08/2010 14:08:23, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC NetBIOS netbt nsiproxy PSched RasAcd rdbss SASDIFSV SASKUTIL Smb spldr tdx Wanarpv6
    21/08/2010 13:34:18, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service VSS with arguments "" in order to run the server: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
    20/08/2010 23:57:46, Error: EventLog [6008] - The previous system shutdown at 23:55:37 on 20/08/2010 was unexpected.
    19/08/2010 16:07:16, Error: EventLog [6008] - The previous system shutdown at 16:06:08 on 19/08/2010 was unexpected.
    16/08/2010 16:31:42, Error: PlugPlayManager [12] - The device 'Maxtor 6V160E0 ATA Device' (IDE\DiskMaxtor_6V160E0__________________________VA111630\5&9bbbd79&0&1.0.0) disappeared from the system without first being prepared for removal.
    16/08/2010 16:31:41, Error: disk [15] - The device, \Device\Harddisk1\DR1, is not ready for access yet.
    15/08/2010 19:12:40, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.0.2 for the Network Card with network address 000FB5CD5F8C has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).

    ==== End Of File ===========================
     
  6. Gremmy

    Gremmy TS Rookie Topic Starter Posts: 45

    Any help would be greatly appreciated, this is driving me nuts =(
     
  7. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Gremmy, there is something you need to be aware of. This is a very busy forum. Your last log was only posted 37 minutes ago and although the problem may be "driving you nuts", it makes me a bit nuts that you are bumping a thread only 3 minutes later!

    This is Sunday morning and there are others ahead of you. I will check your logs as soon as I can.

    It look like you have the hidden files and folders showing. This is not safe, so please check and re-hide:
    • Open the Control Panel> go to Folder Options
    • Select the View tab.
    • Scroll down to Hidden files and folders.
    • Check 'Do not show hidden files and folders.
    • Check Hide protected operating system files (Recommended).
    • Click Apply> OK
    • Close Folder Options.
    • Reboot the computer.
    You can run the following 2 scans while I'm checking these logs:

    Please download ComboFix from Here and save to your Desktop.

    • [1]. Do NOT rename Combofix unless instructed.
      [2].Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3].Close any open browsers.
      [4]. Double click combofix.exe & follow the prompts to run.
    • NOTE: Combofix will disconnect your machine from the Internet as soon as it starts. The connection is automatically restored before CF completes its run. If it does not, restart your computer to restore your connection.
      [5]. If Combofix asks you to install Recovery Console, please allow it.
      [6]. If Combofix asks you to update the program, always allow.
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      [7]. A report will be generated after the scan. Please paste the C:\ComboFix.txt in next reply. Split the report into 2 replies if needed.
    Note: Do not mouseclick combofix's window while it's running. That may cause it to stall.
    Note: Make sure you re-enable your security programs, when you're done with Combofix..
    =======================================
    Run Eset NOD32 Online AntiVirus scan HERE
    1. Tick the box next to YES, I accept the Terms of Use.
    2. Click Start
    3. When asked, allow the Active X control to install
    4. Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
    5. Click Start
    6. Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
    7. Click Scan
    8. Wait for the scan to finish
    9. Re-enable your Antivirus software.
    10. A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.

    Please do not use any other cleaning programs or scans while I'm helping you, unless I direct you to. Do not use a Registry cleaner or make any changes in the Registry.
     
  8. Gremmy

    Gremmy TS Rookie Topic Starter Posts: 45

    ComboFix 10-08-21.06 - Theo 22/08/2010 15:47:02.4.4 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3325.2215 [GMT 1:00]
    Running from: c:\users\Theo\Desktop\ComboFix.exe
    SP: Spyware Terminator *disabled* (Updated) {55EE49A8-16BE-4601-BBE6-607B7F7317DE}
    SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
    SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
    * Created a new restore point
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    Infected copy of c:\windows\explorer.exe was found and disinfected
    Restored copy from - c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe

    Infected copy of c:\windows\System32\wininit.exe was found and disinfected
    Restored copy from - c:\windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe

    .
    ((((((((((((((((((((((((( Files Created from 2010-07-22 to 2010-08-22 )))))))))))))))))))))))))))))))
    .

    2010-08-22 14:52 . 2010-08-22 14:54 -------- d-----w- c:\users\Theo\AppData\Local\temp
    2010-08-22 14:52 . 2010-08-22 14:52 -------- d-----w- c:\users\Default\AppData\Local\temp
    2010-08-21 17:33 . 2010-08-21 17:35 -------- d-----w- c:\users\Theo\AppData\Roaming\Spyware Terminator
    2010-08-21 17:33 . 2010-08-21 17:33 6144 ----a-w- c:\programdata\Spyware Terminator\sp_rsdel.exe
    2010-08-21 17:33 . 2010-08-21 17:33 5632 ----a-w- c:\programdata\Spyware Terminator\fileobjinfo.sys
    2010-08-21 17:33 . 2010-08-21 17:33 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
    2010-08-21 17:33 . 2010-08-22 03:29 -------- d-----w- c:\program files\Spyware Terminator
    2010-08-21 17:33 . 2010-08-22 03:26 -------- d-----w- c:\programdata\Spyware Terminator
    2010-08-21 15:43 . 2010-06-28 20:37 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2010-08-21 15:43 . 2010-06-28 20:32 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2010-08-21 15:43 . 2010-06-28 20:33 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2010-08-21 15:43 . 2010-06-28 20:37 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2010-08-21 15:43 . 2010-06-28 20:32 50256 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2010-08-21 15:42 . 2010-06-28 20:57 38848 ----a-w- c:\windows\avastSS.scr
    2010-08-21 15:42 . 2010-06-28 20:57 165032 ----a-w- c:\windows\system32\aswBoot.exe
    2010-08-21 14:48 . 2010-08-21 14:52 35 ----a-w- c:\users\Theo\AppData\Roaming\SetValue.bat
    2010-08-21 13:56 . 2010-08-21 13:56 -------- d-----w- c:\programdata\Alwil Software
    2010-08-21 13:56 . 2010-08-21 13:56 -------- d-----w- c:\program files\Alwil Software
    2010-08-21 13:35 . 2010-08-21 14:29 -------- d-----w- c:\users\Theo\AppData\Local\Temp(149)
    2010-08-21 12:41 . 2010-08-21 13:22 -------- d-----w- c:\users\Theo\AppData\Local\Temp(148)
    2010-08-20 23:24 . 2010-08-21 22:31 -------- d-----w- C:\$RECYCLE(0).BIN
    2010-08-20 23:11 . 2009-04-11 04:45 185856 ----a-w- c:\windows\system32\drivers\netbt.sys
    2010-08-19 14:58 . 2010-08-19 16:25 -------- d-----w- c:\users\Theo\AppData\Local\ixiejwtcn
    2010-08-19 14:58 . 2010-08-19 16:25 -------- d-----w- c:\users\Theo\AppData\Local\rxcfjetjl
    2010-08-19 14:07 . 2010-08-19 14:07 54153 ----a-w- c:\programdata\DivX\DFXPlugin\Uninstaller.exe
    2010-08-19 14:07 . 2010-08-19 14:07 54128 ----a-w- c:\programdata\DivX\Converter\Uninstaller.exe
    2010-08-19 14:07 . 2010-08-19 14:07 54644 ----a-w- c:\programdata\DivX\TranscodeEngine\Uninstaller.exe
    2010-08-19 14:07 . 2010-08-19 14:07 57409 ----a-w- c:\programdata\DivX\ControlPanel\Uninstaller.exe
    2010-08-19 14:07 . 2010-08-19 14:07 54101 ----a-w- c:\programdata\DivX\MPEG2Plugin\Uninstaller.exe
    2010-08-19 14:07 . 2010-08-19 14:07 52963 ----a-w- c:\programdata\DivX\MSVC80CRTRedist\Uninstaller.exe
    2010-08-19 14:07 . 2010-08-19 14:07 54073 ----a-w- c:\programdata\DivX\Qt4.5\Uninstaller.exe
    2010-08-19 14:07 . 2010-08-21 23:41 -------- d-----w- c:\program files\Common Files\DivX Shared
    2010-08-19 14:07 . 2010-08-19 14:07 56969 ----a-w- c:\programdata\DivX\ASPEncoder\Uninstaller.exe
    2010-08-19 14:06 . 2010-08-21 23:41 -------- d-----w- c:\program files\DivX
    2010-08-19 14:06 . 2010-08-19 14:09 -------- d-----w- c:\programdata\DivX
    2010-08-18 16:59 . 2010-08-21 23:41 -------- d-----w- c:\users\Theo\AppData\Roaming\ProfitUI Reborn Updater
    2010-08-12 23:44 . 2010-06-18 17:31 36864 ----a-w- c:\windows\system32\rtutils.dll
    2010-08-12 23:44 . 2010-06-08 17:35 3600768 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2010-08-12 23:44 . 2010-06-08 17:35 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
    2010-08-12 23:44 . 2010-06-11 16:15 1248768 ----a-w- c:\windows\system32\msxml3.dll
    2010-08-12 23:44 . 2010-06-18 15:04 302080 ----a-w- c:\windows\system32\drivers\srv.sys
    2010-08-12 23:44 . 2010-06-18 15:04 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
    2010-08-12 23:44 . 2010-06-16 16:04 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2010-08-08 16:21 . 2010-08-21 23:38 -------- d-----w- c:\users\Theo\AppData\Local\Progvo_Software
    2010-08-04 23:57 . 2010-08-05 00:10 -------- d-----w- c:\users\Theo\AppData\Local\osouudblj

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-08-22 14:54 . 2007-01-01 00:12 36821 ----a-w- c:\programdata\nvModes.dat
    2010-08-22 14:53 . 2007-01-01 00:10 -------- d-----w- c:\programdata\NVIDIA
    2010-08-22 14:35 . 2010-06-29 12:53 8204 ----a-w- c:\users\Theo\AppData\Roaming\wklnhst.dat
    2010-08-22 14:30 . 2010-04-22 18:16 -------- d-----w- c:\users\Theo\AppData\Roaming\Advanced Combat Tracker
    2010-08-22 13:35 . 2009-12-26 20:36 -------- d-----w- c:\users\Theo\AppData\Roaming\vlc
    2010-08-21 23:41 . 2010-04-13 15:12 -------- d-----w- c:\users\Theo\AppData\Roaming\Ventrilo
    2010-08-21 23:41 . 2010-02-27 16:24 -------- d-----w- c:\program files\EQ2MAP Updater
    2010-08-21 23:41 . 2009-12-26 19:52 -------- d-----w- c:\program files\Steam
    2010-08-21 23:41 . 2009-07-04 09:02 -------- d-----w- c:\program files\Microsoft Works
    2010-08-21 23:41 . 2009-12-26 19:52 -------- d-----w- c:\program files\Common Files\Steam
    2010-08-21 23:41 . 2009-07-04 09:04 -------- d-----w- c:\program files\Common Files\PX Storage Engine
    2010-08-21 23:37 . 2010-04-27 23:42 -------- d-----w- c:\program files\Mohawk Voice
    2010-08-21 14:52 . 2010-08-21 14:48 691 ----a-w- c:\users\Theo\AppData\Roaming\GetValue.vbs
    2010-08-20 23:49 . 2009-12-26 23:31 117760 ----a-w- c:\users\Theo\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
    2010-08-20 22:55 . 2010-02-03 02:09 -------- d-----w- c:\users\Theo\AppData\Roaming\Irce
    2010-08-19 23:31 . 2010-08-19 14:08 -------- d-----w- c:\users\Theo\AppData\Roaming\DivX
    2010-08-16 09:03 . 2010-03-17 05:59 -------- d-----w- c:\users\Theo\AppData\Roaming\Mieb
    2010-08-16 01:37 . 2010-06-12 20:21 -------- d-----w- c:\users\Theo\AppData\Roaming\Elgi
    2010-08-13 17:32 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
    2010-08-05 02:33 . 2010-05-19 22:45 -------- d-----w- c:\users\Theo\AppData\Roaming\Cyzuy
    2010-08-05 00:18 . 2010-02-27 17:33 1356 ----a-w- c:\users\Theo\AppData\Local\d3d9caps.dat
    2010-08-04 23:57 . 2010-02-13 09:00 -------- d-----w- c:\users\Theo\AppData\Roaming\Imam
    2010-07-04 17:56 . 2009-12-26 23:29 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
    2010-07-04 17:56 . 2007-01-01 00:09 -------- d-----w- c:\program files\NVIDIA Corporation
    2010-07-04 17:55 . 2010-07-04 17:55 -------- d-----w- c:\programdata\NVIDIA Corporation
    2010-07-04 03:45 . 2010-07-04 03:45 -------- d-----w- c:\programdata\TVU Networks
    2010-06-29 12:53 . 2010-06-29 12:53 -------- d-----w- c:\users\Theo\AppData\Roaming\Template
    2010-06-26 07:59 . 2009-12-26 23:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-06-26 06:05 . 2010-08-12 23:45 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-06-26 06:02 . 2010-08-12 23:45 71680 ----a-w- c:\windows\system32\iesetup.dll
    2010-06-26 06:02 . 2010-08-12 23:45 109056 ----a-w- c:\windows\system32\iesysprep.dll
    2010-06-26 04:25 . 2010-08-12 23:45 133632 ----a-w- c:\windows\system32\ieUnatt.exe
    2010-06-26 02:02 . 2010-06-26 02:02 -------- d-----w- c:\program files\Microsoft.NET
    2010-06-21 18:17 . 2010-06-21 18:17 50354 ----a-w- c:\users\Theo\AppData\Roaming\Facebook\uninstall.exe
    2010-06-21 13:37 . 2010-08-12 23:45 2037760 ----a-w- c:\windows\system32\win32k.sys
    2010-06-11 16:16 . 2010-08-12 23:45 274944 ----a-w- c:\windows\system32\schannel.dll
    2010-06-09 23:01 . 2007-11-14 01:00 45648 ----a-w- c:\windows\system32\drivers\pxhelp20.sys
    2010-06-09 10:45 . 2010-06-09 10:45 5591040 ----a-w- c:\users\Theo\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
    2010-06-07 23:57 . 2010-07-04 17:53 56936 ----a-w- c:\windows\system32\OpenCL.dll
    2010-06-07 23:57 . 2010-07-04 17:53 4967528 ----a-w- c:\windows\system32\nvwgf2um.dll
    2010-06-07 23:57 . 2010-07-04 17:53 10888168 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
    2010-06-07 23:57 . 2010-07-04 17:53 4513384 ----a-w- c:\windows\system32\nvcuda.dll
    2010-06-07 23:57 . 2010-07-04 17:53 2632296 ----a-w- c:\windows\system32\nvcuvenc.dll
    2010-06-07 23:57 . 2010-07-04 17:53 2145896 ----a-w- c:\windows\system32\nvcuvid.dll
    2010-06-07 23:57 . 2010-07-04 17:53 15764072 ----a-w- c:\windows\system32\nvoglv32.dll
    2010-06-07 23:57 . 2010-07-04 17:53 232040 ----a-w- c:\windows\system32\nvcod1921.dll
    2010-06-07 23:57 . 2010-07-04 17:53 232040 ----a-w- c:\windows\system32\nvcod.dll
    2010-06-07 23:57 . 2010-07-04 17:53 10263144 ----a-w- c:\windows\system32\nvcompiler.dll
    2010-06-07 23:57 . 2007-01-01 00:08 9712744 ----a-w- c:\windows\system32\nvd3dum.dll
    2010-06-07 23:57 . 2007-01-01 00:08 1592424 ----a-w- c:\windows\system32\nvapi.dll
    2010-06-07 16:48 . 2010-06-07 16:48 13917800 ----a-w- c:\windows\system32\nvcpl.dll
    2010-06-07 16:48 . 2010-06-07 16:48 1331816 ----a-w- c:\windows\system32\nvsvc.dll
    2010-06-07 16:48 . 2010-06-07 16:48 129640 ----a-w- c:\windows\system32\nvvsvc.exe
    2010-06-07 16:48 . 2010-06-07 16:48 110696 ----a-w- c:\windows\system32\nvmctray.dll
    2010-05-27 20:08 . 2010-08-12 23:45 81920 ----a-w- c:\windows\system32\iccvid.dll
    2010-05-26 17:06 . 2010-06-11 14:00 34304 ----a-w- c:\windows\system32\atmlib.dll
    2010-05-26 14:47 . 2010-06-11 14:00 289792 ----a-w- c:\windows\system32\atmfd.dll
    2004-06-02 00:47 . 2009-02-28 19:25 1774540 ----a-w- c:\program files\Picture 005.jpg
    2009-07-04 18:37 . 2009-04-11 17:43 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
    .

    ------- Sigcheck -------

    [-] 2009-04-11 . 83DE263963AC17119702EEB3E07464CA . 2923520 . . [6.0.6000.16386] . . c:\windows\explorer.exe
    [7] 2009-04-11 . D07D4C3038F3578FFCE1C0237F2A1253 . 2926592 . . [6.0.6000.16386] . . c:\windows\ERDNT\cache\explorer.exe
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-12-26 39408]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-01-13 6609440]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-01-13 150040]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-01-13 170520]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2009-01-13 141848]
    "dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-01-29 206064]
    "avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]
    "SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2010-08-21 2176512]

    c:\users\Theo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2009-12-27 576000]

    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    NETGEAR WG111v2 Smart Wizard.lnk - c:\program files\NETGEAR\WG111v2\WG111v2.exe [2010-1-10 1261568]

    c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-2-27 1316192]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2009-09-03 14:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys]
    @="FSFilter System Recovery"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @="Service"

    [HKLM\~\startupfolder\C:^Users^Theo^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dell Dock.lnk]
    path=c:\users\Theo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
    backup=c:\windows\pss\Dell Dock.lnk.Startup
    backupExtension=.Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2008-06-12 00:38 34672 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
    2010-06-03 00:50 1144104 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
    2010-04-29 14:39 1090952 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
    2009-07-26 16:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminator]
    2010-08-21 17:33 2176512 ----a-w- c:\program files\Spyware Terminator\SpywareTerminatorShield.Exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminatorUpdate]
    2010-08-21 17:33 3037696 ----a-w- c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    2009-12-26 22:27 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
    "AntiVirusOverride"=dword:00000001
    "VistaSp2"=hex(b):08,dc,b6,40,3a,8b,ca,01

    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-04 135664]
    R3 GarenaPEngine;GarenaPEngine;c:\users\Theo\AppData\Local\Temp\ZWM8A94.tmp [x]
    R3 PCD5SRVC{3F6A8B78-EC003E00-05040104};PCD5SRVC{3F6A8B78-EC003E00-05040104} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\DELLSU~1\HWDiag\bin\PCD5SRVC.pkms [2008-11-04 22904]
    R3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\DRIVERS\wg111v2.sys [2007-12-26 288768]
    R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-11-23 7408]
    R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
    S0 SCMNdisP;General NDIS Protocol Driver;c:\windows\system32\DRIVERS\scmndisp.sys [2007-01-19 21728]
    S1 aswSP;aswSP; [x]
    S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-11-23 9968]
    S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2009-11-23 74480]
    S1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2010-08-21 142592]
    S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSrv.exe [2009-01-13 81920]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-06-28 50256]
    S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-06-07 240232]
    S3 RTL8187;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\DRIVERS\wg111v2.sys [2007-12-26 288768]


    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    .
    Contents of the 'Scheduled Tasks' folder

    2010-08-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-03-04 15:18]

    2010-08-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-03-04 15:18]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://google.com/
    uInternet Settings,ProxyServer = http=127.0.0.1:6522
    uInternet Settings,ProxyOverride = <local>
    IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
    IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
    IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
    FF - ProfilePath - c:\users\Theo\AppData\Roaming\Mozilla\Firefox\Profiles\q15h6s1j.default\
    FF - prefs.js: network.proxy.type - 4
    FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
    FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
    FF - plugin: c:\program files\NVIDIA Corporation\3D Vision\npnv3dv.dll
    FF - plugin: c:\program files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
    FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: c:\users\Theo\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
    FF - plugin: c:\users\Theo\AppData\Roaming\Mozilla\Firefox\Profiles\q15h6s1j.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
    FF - plugin: c:\windows\system32\TVUAx\npTVUAx.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    ---- FIREFOX POLICIES ----
    FF - user.js: network.cookie.cookieBehavior - 0
     
  9. Gremmy

    Gremmy TS Rookie Topic Starter Posts: 45

    FF - user.js: privacy.clearOnShutdown.cookies - false
    FF - user.js: security.warn_viewing_mixed - false
    FF - user.js: security.warn_viewing_mixed.show_once - false
    FF - user.js: security.warn_submit_insecure - false
    FF - user.js: security.warn_submit_insecure.show_once - false
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-08-22 15:54
    Windows 6.0.6002 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\GarenaPEngine]
    "ImagePath"="\??\c:\users\Theo\AppData\Local\Temp\ZWM8A94.tmp"

    [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\PCD5SRVC{3F6A8B78-EC003E00-05040104}]
    "ImagePath"="\??\c:\progra~1\DELLSU~1\HWDiag\bin\PCD5SRVC.pkms"
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\nvvsvc.exe
    c:\windows\system32\nvvsvc.exe
    c:\program files\Alwil Software\Avast5\AvastSvc.exe
    c:\program files\Alwil Software\Avast5\AvastUI.exe
    c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    c:\program files\Spyware Terminator\sp_rsser.exe
    c:\windows\system32\WUDFHost.exe
    c:\program files\Windows Media Player\wmpnetwk.exe
    c:\program files\Dell Support Center\bin\sprtsvc.exe
    c:\windows\servicing\TrustedInstaller.exe
    c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
    .
    **************************************************************************
    .
    Completion time: 2010-08-22 15:58:09 - machine was rebooted
    ComboFix-quarantined-files.txt 2010-08-22 14:58
    ComboFix2.txt 2010-08-21 21:22
    ComboFix3.txt 2010-08-21 13:03
    ComboFix4.txt 2010-08-21 12:46
    ComboFix5.txt 2010-08-22 14:45

    Pre-Run: 379,108,188,160 bytes free
    Post-Run: 379,057,115,136 bytes free

    - - End Of File - - 7C91C9BEEFFB50BA8EBC136941639A57
     
  10. Gremmy

    Gremmy TS Rookie Topic Starter Posts: 45

    ESETSmartInstaller@High as downloader log:
    all ok
    # version=7
    # OnlineScannerApp.exe=1.0.0.1
    # OnlineScanner.ocx=1.0.0.6211
    # api_version=3.0.2
    # EOSSerial=a9e16ef999d75b42a189f38a3f8a45bc
    # end=finished
    # remove_checked=false
    # archives_checked=false
    # unwanted_checked=true
    # unsafe_checked=false
    # antistealth_checked=true
    # utc_time=2010-08-22 04:09:50
    # local_time=2010-08-22 05:09:50 (+0000, GMT Daylight Time)
    # country="United Kingdom"
    # lang=1033
    # osver=6.0.6002 NT Service Pack 2
    # compatibility_mode=512 16777215 100 0 20096977 20096977 0 0
    # compatibility_mode=768 16777215 100 0 90372 90372 0 0
    # compatibility_mode=5892 16776573 100 100 55237 120022061 0 0
    # compatibility_mode=7937 16777213 100 100 41580 7657533 0 0
    # compatibility_mode=8192 67108863 100 0 138 138 0 0
    # scanned=280098
    # found=3
    # cleaned=0
    # scan_time=4056
    C:\Qoobox\Quarantine\C\Users\Theo\AppData\Roaming\Uhum\sodi.exe.vir a variant of Win32/Kryptik.FTQ trojan 00000000000000000000000000000000 I
    C:\Windows\System32\hlp.dat Win32/Bamital.DT trojan 00000000000000000000000000000000 I
    F:\Downloads\Warcraft III Reign of Chaos, The Frozen Throne + Update Patch War3TFT_123a_English +CD Key\CDKey\Warcraft III Reign Of Chaos Keygen.exe probably a variant of Win32/IRCBot.EEUKPVI trojan 00000000000000000000000000000000 I
     
  11. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Please download OTMovit by Old Timer and save to your desktop.
    • Double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
    • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

      Code:
      :Processes	
      
      :Files  
      C:\Windows\System32\hlp.dat 
      F:\Downloads\Warcraft III Reign of Chaos, The Frozen Throne + Update Patch War3TFT_123a_English +CD Key\CDKey\Warcraft III Reign Of Chaos Keygen.exe 
      
      :Commands
      [purity]
      [emptytemp]
      [start explorer]
      [Reboot]
    • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window and choose Paste.
    • Click the red Moveit! button.
    • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
    • Close OTMoveIt3
    If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

    Warcraft III Reign Of Chaos Keygen.exe is a pirated program. It will have to be uninstalled if you want to continue support. I recommend you do that because you still have some entries to be removed and identified..

    Why are there multiple runs of Combofix?
    ComboFix2.txt 2010-08-21 21:22
    ComboFix3.txt 2010-08-21 13:03
    ComboFix4.txt 2010-08-21 12:46
    ComboFix5.txt 2010-08-22 14:45
     
  12. Gremmy

    Gremmy TS Rookie Topic Starter Posts: 45

    All processes killed
    ========== PROCESSES ==========
    ========== FILES ==========
    File move failed. C:\Windows\System32\hlp.dat scheduled to be moved on reboot.
    File/Folder F:\Downloads\Warcraft III Reign of Chaos, The Frozen Throne + Update Patch War3TFT_123a_English +CD Key\CDKey\Warcraft III Reign Of Chaos Keygen.exe not found.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    User: Theo
    ->Temp folder emptied: 140096 bytes
    ->Temporary Internet Files folder emptied: 143024 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 50609940 bytes
    ->Flash cache emptied: 456 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
    %systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 49.00 mb


    OTM by OldTimer - Version 3.1.15.0 log created on 08222010_193003

    Files moved on Reboot...
    File move failed. C:\Windows\System32\hlp.dat scheduled to be moved on reboot.
    File C:\Windows\temp\_avast5_\Webshlock.txt not found!

    Registry entries deleted on Reboot...

    I uninstalled Warcraft III Reign Of Chaos Keygen.exe and followed your instructions.

    There are multiple runs of Combofix due to me asking for help yesterday on another forum but the problem was never fixed. =(

    Again, thanks for taking your time out Bobbye.. much appreciated
     
  13. Gremmy

    Gremmy TS Rookie Topic Starter Posts: 45

    I know your busy, just awaiting next instructions.. thanks
     
  14. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Gremmy, do you have any idea what the following app data folders are for? I've included the date they were created:
    2010-08-19 16:25 > c:\users\Theo\AppData\Local\ixiejwtcn
    2010-08-19 16:25 > c:\users\Theo\AppData\Local\rxcfjetjl
    2010-08-05 00:10 > c:\users\Theo\AppData\Local\osouudblj


    I have some script set up for you to run in Combofix, But I cannot identify these folders.

    It also appears that there is a problem with dependencies not running for some of the Services. Have you disabled or changed the Startup Type for any Services recently?
     
  15. Gremmy

    Gremmy TS Rookie Topic Starter Posts: 45

    I do not recognise those folders whatsoever. However, I did recently disable start up for msn messenger by typing "msconfig" in the run section, within the last 2-3 days in fact.

    Many thanks Bobbye
     
  16. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    You're welcome. But before I move these files, I'd like you to submit for identification:

    Suspicious file(s) to scan: > browse or upload:

    c:\users\Theo\AppData\Local\ixiejwtcn

    c:\users\Theo\AppData\Local\rxcfjetjl

    Browse to or upload each of the above, one at a time, then scan. Use any one of the sites below.

    http://www.virustotal.com/
    http://virusscan.jotti.org/en
    http://www.virscan.org/

    1, You can UPLOAD any files, but there is 20Mb limit per file.
    2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
    3, VirSCAN can scan compressed files with password 'infected' or 'virus'.

    I have some script set up for you to run. As soon as I see the logs from the online ID, I'll know whether to add it.
     
  17. Gremmy

    Gremmy TS Rookie Topic Starter Posts: 45

    Can't seem to upload any of those folders as they're both empty? That or i'm doing something wrong?
     
  18. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Okay, off they go!
    Please run this Custom CFScript


    • [1]. Close any open browsers.
      [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3]. Open notepad and copy/paste the text in the code below into it:
    Code:
    KillAll::
    File::
    
    Folder::
    C:\zrpt.xml
    c:\users\Theo\AppData\Local\temp
    c:\users\Default\AppData\Local\temp
    c:\users\Theo\AppData\Local\Temp(149)
    c:\users\Theo\AppData\Local\Temp(148)
    c:\users\Theo\AppData\Local\ixiejwtcn
    c:\users\Theo\AppData\Local\rxcfjetjl
    c:\users\Theo\AppData\Local\osouudblj
    
    Registry::
    
    Driver::
    aswSP
    aswFsBlk
    
    Save this as CFScript.txt, in the same location as ComboFix.exe
    [​IMG]

    Referring to the picture above, drag CFScript into ComboFix.exe

    When finished, it will produce a log for you at C:\ComboFix.txt . Please attach to your next reply.
    ====================
    Download the HijackThis Installer HERE and save to the desktop:
    1. Double-click on HJTInstall.exe to run the program.
    2. By default it will install to C:\Program Files\Trend Micro\HijackThis.
    3. Accept the license agreement by clicking the "I Accept" button.
    4. Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log.
    5. Click "Save log" to save the log file and then the log will open in notepad.
    6. Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
    7. Come back here to this thread and paste (Ctrl+V) the log in your next reply.

    NOTE: Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.

    Note: You continue to put the system at risk for using BitComet for downloading.
     
  19. Gremmy

    Gremmy TS Rookie Topic Starter Posts: 45

    When I ran combofix and it had finished scanning it gave me the msg it needed to restart, the computer seemed to freeze at "logging off" point for quite some time. I had to manually turn the computer off then back on again. It still produced the combofix log however.

    I'll uninstall BitComet whilst awaiting your reply, many thanks Bobbye
     

    Attached Files:

  20. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Not good- a file that was disinfected in Combofix has become infected again. I'd like you to rescan with the Eset scanner first.

    Then uninstall the version of HijackThis you have and run the current version in the thread> http://www.techspot.com/vb/topic58138.html

    Paste both logs in next reply.
     
  21. Gremmy

    Gremmy TS Rookie Topic Starter Posts: 45


    Doesn't seem to be a link for hijackthis in that thread?
     
  22. Gremmy

    Gremmy TS Rookie Topic Starter Posts: 45

    Please ignore, the Eset log was an old one (new one could not be found)
     
  23. Gremmy

    Gremmy TS Rookie Topic Starter Posts: 45

    Here's the Eset log
     

    Attached Files:

  24. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Sorry about the missing HijackThis link- you're right- it isn't in the thread any more!

    Download the HijackThis Installer HERE and save to the desktop:
    1. Double-click on HJTInstall.exe to run the program.
    2. By default it will install to C:\Program Files\Trend Micro\HijackThis.
    3. Accept the license agreement by clicking the "I Accept" button.
    4. Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log.
    5. Click "Save log" to save the log file and then the log will open in notepad.
    6. Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
    7. Come back here to this thread and paste (Ctrl+V) the log in your next reply.

    NOTE: Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.

    Eset log is clean. How is the system running now?
     
  25. Gremmy

    Gremmy TS Rookie Topic Starter Posts: 45

    Seems to be running much, much better... I randomly googled a couple of keywords and it did NOT re-direct me. As requested

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 22:00:44, on 26/08/2010
    Platform: Windows Vista SP2 (WinNT 6.00.1906)
    MSIE: Internet Explorer v8.00 (8.00.6001.18943)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
    C:\Program Files\Dell Support Center\bin\sprtcmd.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
    C:\Program Files\MagicDisc\MagicDisc.exe
    C:\Windows\Explorer.exe
    C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    C:\Program Files\Sony\Station\Station Launcher\LaunchPad2\StationLauncher.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Sony\EverQuest II\EverQuest2.exe
    C:\Program Files\Sony\EverQuest II\EQ2VoiceService.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:6522
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
    O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')
    O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
    O4 - Global Startup: NETGEAR WG111v2 Smart Wizard.lnk = ?
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
    O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
    O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe
    O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
    O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
    O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

    --
    End of file - 6518 bytes
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...