Jump to content

Recommended Posts

Hello!

I got hit by the AV protection 2011 virus, panicked, and performed System Restore before I could lose complete control. After running my antivirus program I found out that there were malicious scripts hiding in my Java cache. I cleared the cache, but now I'm not sure if there's something else lurking in my PC. Thanks in advance.

++++++++++++++++++++++ MB LOG +++++++++++++++++++++

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 8222

Windows 6.0.6002 Service Pack 2

Internet Explorer 9.0.8112.16421

11/22/2011 9:34:43 PM

mbam-log-2011-11-22 (21-34-43).txt

Scan type: Quick scan

Objects scanned: 155041

Time elapsed: 1 minute(s), 59 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

++++++++++++++++DDS.txt++++++++++++++++

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 9.0.8112.16421

Run by Asapaboi at 21:37:50 on 2011-11-22

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3061.1693 [GMT -8:00]

.

AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\Protector Suite QL\upeksvr.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\agrsmsvc.exe

C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k imgsvc

c:\Toshiba\IVP\swupdate\swupdtmr.exe

C:\Windows\system32\TODDSrv.exe

C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\ltmoh\ltmoh.exe

C:\Program Files\Toshiba\Power Saver\TPwrMain.exe

C:\Program Files\Synaptics\SynTP\SynToshiba.exe

C:\Program Files\Toshiba\SmoothView\SmoothView.exe

C:\Program Files\Toshiba\FlashCards\TCrdMain.exe

C:\Program Files\Toshiba\Utilities\KeNotify.exe

C:\Toshiba\IVP\ISM\pinger.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Windows\system32\igfxsrvc.exe

C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe

C:\Program Files\Alwil Software\Avast5\AvastUI.exe

C:\Windows\System32\spool\drivers\w32x86\3\WrtProc.exe

C:\Program Files\Protector Suite QL\psqltray.exe

C:\Program Files\DAEMON Tools Lite\DTLite.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

C:\Windows\system32\Macromed\Flash\FlashUtil11c_ActiveX.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\NOTEPAD.EXE

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\NOTEPAD.EXE

C:\Windows\system32\SearchProtocolHost.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = about:blank

mDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

uRun: [cdloader] "c:\users\asapaboi\appdata\roaming\mjusbsp\cdloader2.exe" MAGICJACK

uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun

uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messenger\YahooMessenger.exe" -quiet

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

mRun: [RtHDVCpl] RtHDVCpl.exe

mRun: [LtMoh] c:\program files\ltmoh\Ltmoh.exe

mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE

mRun: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe

mRun: [smoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe

mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe

mRun: [HWSetup] c:\program files\toshiba\utilities\HWSetup.exe hwSetUP

mRun: [sVPWUTIL] c:\program files\toshiba\utilities\SVPWUTIL.exe SVPwUTIL

mRun: [KeNotify] c:\program files\toshiba\utilities\KeNotify.exe

mRun: [PINGER] c:\toshiba\ivp\ism\pinger.exe /run

mRun: [synTPStart] c:\program files\synaptics\syntp\SynTPStart.exe

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [PSQLLauncher] "c:\program files\protector suite ql\launcher.exe" /startup

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"

mRun: [WrtMon.exe] c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe

mRun: [avast] "c:\program files\alwil software\avast5\avastUI.exe" /nogui

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

StartupFolder: c:\users\asapaboi\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: DisableCAD = 1 (0x1)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

TCP: DhcpNameServer = 209.18.47.61 209.18.47.62

TCP: Interfaces\{6F2E565A-2A4D-4CBA-A6F8-EDA5F5B1B675} : DhcpNameServer = 209.18.47.61 209.18.47.62

Notify: igfxcui - igfxdev.dll

Notify: psfus - c:\windows\system32\psqlpwd.dll

LSA: Notification Packages = scecli psqlpwd

.

============= SERVICES / DRIVERS ===============

.

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-9-19 442200]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-2-7 320856]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-2-7 20568]

R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-2-7 54616]

R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2011-2-7 44768]

R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-5-29 21504]

R3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2008-11-17 3668480]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

.

=============== Created Last 30 ================

.

2011-11-23 05:25:56 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-11-23 05:19:34 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{0a16822a-3984-41eb-aced-6486d8e4d165}\offreg.dll

2011-11-22 20:15:29 6668624 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{0a16822a-3984-41eb-aced-6486d8e4d165}\mpengine.dll

2011-11-22 19:41:22 -------- d-----w- c:\users\asapaboi\appdata\roaming\pH55ssQJ7dEK

2011-11-22 19:40:58 -------- d-----w- c:\users\asapaboi\appdata\roaming\rRRZZ9hhTXjUClI

2011-11-22 19:40:36 -------- d-----w- c:\users\asapaboi\appdata\roaming\yBBryA0vSb3Q6KR

2011-11-09 04:56:29 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat

2011-11-09 04:56:24 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys

2011-11-09 04:56:20 707584 ----a-w- c:\program files\common files\system\wab32.dll

2011-10-28 03:36:47 -------- d-----w- c:\users\asapaboi\appdata\roaming\OverDrive

.

==================== Find3M ====================

.

2011-11-10 03:45:28 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-10-03 12:06:03 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-09-06 20:45:29 41184 ----a-w- c:\windows\avastSS.scr

2011-09-06 20:38:05 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2011-09-06 20:36:26 54616 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2011-09-06 13:30:12 2043392 ----a-w- c:\windows\system32\win32k.sys

2011-09-01 02:35:59 1798144 ----a-w- c:\windows\system32\jscript9.dll

2011-09-01 02:28:15 1126912 ----a-w- c:\windows\system32\wininet.dll

2011-09-01 02:22:54 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2011-09-01 00:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-08-25 16:15:04 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll

2011-08-25 16:14:01 563712 ----a-w- c:\windows\system32\oleaut32.dll

2011-08-25 16:14:01 238080 ----a-w- c:\windows\system32\oleacc.dll

2011-08-25 13:31:01 4096 ----a-w- c:\windows\system32\oleaccrc.dll

.

============= FINISH: 21:40:10.58 ===============

++++++++++++++DDS ATTACH++++++++++++++++++++

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft® Windows Vista™ Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 1/31/2007 2:54:16 PM

System Uptime: 11/22/2011 9:17:51 PM (0 hours ago)

.

Motherboard: TOSHIBA | | IAKAA

Processor: Intel® Core2 CPU T5500 @ 1.66GHz | U2E1 | 1667/mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 92 GiB total, 23.344 GiB free.

D: is FIXED (NTFS) - 112 GiB total, 3.219 GiB free.

E: is CDROM ()

F: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP1283: 11/18/2011 1:22:17 AM - Windows Update

RP1284: 11/22/2011 2:12:22 AM - Windows Update

RP1286: 11/22/2011 11:43:42 AM - Windows Defender Checkpoint

RP1287: 11/22/2011 12:14:27 PM - Windows Update

.

==== Installed Programs ======================

.

ACDSee 10 Photo Manager

Activation Assistant for the 2007 Microsoft Office suites

Adobe Flash Player 11 ActiveX

Adobe Reader 8.1.4

Adobe Shockwave Player 11

avast! Free Antivirus

Bluetooth Stack for Windows by Toshiba

Canon MP Navigator EX 1.0

Canon MX310 series

CD/DVD Drive Acoustic Silencer

Chuzzle Deluxe

Combined Community Codec Pack 2007-02-22

Desktop Dialer

DVD MovieFactory for TOSHIBA

DVDFab 6.2.1.8 (31/12/2009)

Granado Espada

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

ID3-TagIT 3

Intel® Graphics Media Accelerator Driver

Java Auto Updater

Java 6 Update 29

Java SE Runtime Environment 6

JEOPARDY

Malwarebytes' Anti-Malware version 1.51.2.1300

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft Office Excel MUI (English) 2007

Microsoft Office Home and Student 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable - KB2467175

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Works

Microsoft XML Parser

MSVC80_x86

MSXML 4.0 SP2 (KB927978)

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB941833)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

neroxml

Presto! PageManager 7.15.16

Protector Suite QL 5.8

Real Alternative 1.52

Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista

Realtek High Definition Audio Driver

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Spelling Dictionaries Support For Adobe Reader 8

Synaptics Pointing Device Driver

TagScanner 5.0 build 511

Texas Instruments PCIxx21/x515/xx12 drivers.

TIPCI

TOSHIBA Assist

TOSHIBA ConfigFree

TOSHIBA Disc Creator

TOSHIBA Extended Tiles for Windows Mobility Center

TOSHIBA Flash Cards Support Utility

TOSHIBA Game Console

TOSHIBA Hardware Setup

TOSHIBA Media Center Game Console

Toshiba Registration

TOSHIBA SD Memory Utilities

TOSHIBA Software Modem

TOSHIBA Software Upgrades

TOSHIBA Speech System Applications

TOSHIBA Speech System SR Engine(U.S.) Version1.0

TOSHIBA Speech System TTS Engine(U.S.) Version1.0

TOSHIBA Supervisor Password

TOSHIBA Value Added Package

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Utility Common Driver

WinDVD for TOSHIBA

WinRAR archiver

Yahoo! Messenger

.

==== Event Viewer Messages From Past Week ========

.

11/22/2011 9:19:53 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Tosrfcom

11/22/2011 12:07:42 PM, Error: Service Control Manager [7022] - The avast! Antivirus service hung on starting.

11/22/2011 12:03:47 PM, Error: Microsoft-Windows-Windows Defender [2004] - Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. Signatures Attempted: Current Error Code: 0x8050a001 Error description: The program can't find definition files that help detect unwanted software. Check for updates to the definition files, and then try again. For information on installing updates, see Help and Support. Signatures loading: Backup Loading signature version: 1.115.2100.0 Loading engine version: 1.1.7801.0

11/22/2011 11:50:06 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD aswRdr aswSnx aswSP aswTdi DfsC NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb spldr sptd tdx Tosrfcom Wanarpv6

11/22/2011 11:50:06 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

11/22/2011 11:50:06 AM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.

11/22/2011 11:50:06 AM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.

11/22/2011 11:50:06 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

11/22/2011 11:50:06 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.

11/22/2011 11:50:06 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

11/22/2011 11:50:06 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

11/22/2011 11:50:06 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.

11/22/2011 11:50:06 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

11/22/2011 11:50:06 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.

11/22/2011 11:50:06 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

11/22/2011 11:50:06 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.

11/22/2011 11:50:06 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

11/22/2011 11:50:06 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

11/22/2011 11:49:57 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

11/22/2011 11:49:57 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

11/22/2011 11:49:37 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

11/22/2011 11:49:23 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}

11/22/2011 11:49:23 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

11/22/2011 11:49:23 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}

11/22/2011 11:49:19 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

11/22/2011 11:49:11 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

11/22/2011 11:48:10 AM, Error: sptd [4] - Driver detected an internal error in its data structures for .

11/22/2011 11:30:03 AM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

11/21/2011 7:08:04 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} to the user Asapaboi-PC\Asapaboi SID (S-1-5-21-1276177871-1407396258-3323346848-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

11/18/2011 1:53:36 PM, Error: EventLog [6008] - The previous system shutdown at 9:52:05 AM on 11/18/2011 was unexpected.

11/15/2011 2:18:50 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Presentation Foundation Font Cache 3.0.0.0 service to connect.

11/15/2011 2:18:50 PM, Error: Service Control Manager [7000] - The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

.

==== End Of File ===========================

Link to post
Share on other sites

Hello scaredycat! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/paste in your next reply.

Please follow this guide to remove it:

http://forums.malwarebytes.org/index.php?showtopic=100097

When you are ready, please post the log file from Malwarebytes' Anti-Malware and a new fresh log files from DDS.

Link to post
Share on other sites

Thank you for responding. Here are the logs:

+++++++MBAM LOG+++++++

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 8232

Windows 6.0.6002 Service Pack 2

Internet Explorer 9.0.8112.16421

11/24/2011 8:10:08 AM

mbam-log-2011-11-24 (08-10-08).txt

Scan type: Quick scan

Objects scanned: 155251

Time elapsed: 4 minute(s), 17 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

++++++++++++DDS.TXT+++++++++++++

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 9.0.8112.16421

Run by Asapaboi at 8:12:22 on 2011-11-24

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3061.1918 [GMT -8:00]

.

AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\Protector Suite QL\upeksvr.exe

C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\agrsmsvc.exe

C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k imgsvc

c:\Toshiba\IVP\swupdate\swupdtmr.exe

C:\Windows\system32\TODDSrv.exe

C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\ltmoh\ltmoh.exe

C:\Program Files\Synaptics\SynTP\SynToshiba.exe

C:\Program Files\Toshiba\Power Saver\TPwrMain.exe

C:\Program Files\Toshiba\SmoothView\SmoothView.exe

C:\Program Files\Toshiba\FlashCards\TCrdMain.exe

C:\Program Files\Toshiba\Utilities\KeNotify.exe

C:\Toshiba\IVP\ISM\pinger.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\Alwil Software\Avast5\AvastUI.exe

C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe

C:\Program Files\Protector Suite QL\psqltray.exe

C:\Windows\System32\spool\drivers\w32x86\3\WrtProc.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Macromed\Flash\FlashUtil11c_ActiveX.exe

C:\Program Files\DAEMON Tools Lite\DTLite.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe

C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = about:blank

mDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

uRun: [cdloader] "c:\users\asapaboi\appdata\roaming\mjusbsp\cdloader2.exe" MAGICJACK

uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun

uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messenger\YahooMessenger.exe" -quiet

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

mRun: [RtHDVCpl] RtHDVCpl.exe

mRun: [LtMoh] c:\program files\ltmoh\Ltmoh.exe

mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE

mRun: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe

mRun: [smoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe

mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe

mRun: [HWSetup] c:\program files\toshiba\utilities\HWSetup.exe hwSetUP

mRun: [sVPWUTIL] c:\program files\toshiba\utilities\SVPWUTIL.exe SVPwUTIL

mRun: [KeNotify] c:\program files\toshiba\utilities\KeNotify.exe

mRun: [PINGER] c:\toshiba\ivp\ism\pinger.exe /run

mRun: [synTPStart] c:\program files\synaptics\syntp\SynTPStart.exe

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [PSQLLauncher] "c:\program files\protector suite ql\launcher.exe" /startup

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"

mRun: [avast] "c:\program files\alwil software\avast5\avastUI.exe" /nogui

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [WrtMon.exe] c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe

mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent

StartupFolder: c:\users\asapaboi\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: DisableCAD = 1 (0x1)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

TCP: DhcpNameServer = 209.18.47.61 209.18.47.62

TCP: Interfaces\{6F2E565A-2A4D-4CBA-A6F8-EDA5F5B1B675} : DhcpNameServer = 209.18.47.61 209.18.47.62

Notify: igfxcui - igfxdev.dll

Notify: psfus - c:\windows\system32\psqlpwd.dll

LSA: Notification Packages = scecli psqlpwd

.

============= SERVICES / DRIVERS ===============

.

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-9-19 442200]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-2-7 320856]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-2-7 20568]

R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-2-7 54616]

R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2011-2-7 44768]

R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-5-29 21504]

R3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2008-11-17 3668480]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

.

=============== Created Last 30 ================

.

2011-11-24 16:04:16 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-11-24 16:04:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-11-24 15:58:40 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{0a16822a-3984-41eb-aced-6486d8e4d165}\offreg.dll

2011-11-22 20:15:29 6668624 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{0a16822a-3984-41eb-aced-6486d8e4d165}\mpengine.dll

2011-11-22 19:41:22 -------- d-----w- c:\users\asapaboi\appdata\roaming\pH55ssQJ7dEK

2011-11-22 19:40:58 -------- d-----w- c:\users\asapaboi\appdata\roaming\rRRZZ9hhTXjUClI

2011-11-22 19:40:36 -------- d-----w- c:\users\asapaboi\appdata\roaming\yBBryA0vSb3Q6KR

2011-11-09 04:56:29 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat

2011-11-09 04:56:24 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys

2011-11-09 04:56:20 707584 ----a-w- c:\program files\common files\system\wab32.dll

2011-10-28 03:36:47 -------- d-----w- c:\users\asapaboi\appdata\roaming\OverDrive

.

==================== Find3M ====================

.

2011-11-10 03:45:28 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-10-03 12:06:03 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-09-06 20:45:29 41184 ----a-w- c:\windows\avastSS.scr

2011-09-06 20:38:05 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2011-09-06 20:36:26 54616 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2011-09-06 13:30:12 2043392 ----a-w- c:\windows\system32\win32k.sys

2011-09-01 02:35:59 1798144 ----a-w- c:\windows\system32\jscript9.dll

2011-09-01 02:28:15 1126912 ----a-w- c:\windows\system32\wininet.dll

2011-09-01 02:22:54 2382848 ----a-w- c:\windows\system32\mshtml.tlb

.

============= FINISH: 8:14:25.34 ===============

+++++++++ATTACH.TXT++++++++++++

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft® Windows Vista™ Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 1/31/2007 2:54:16 PM

System Uptime: 11/24/2011 7:58:13 AM (1 hours ago)

.

Motherboard: TOSHIBA | | IAKAA

Processor: Intel® Core2 CPU T5500 @ 1.66GHz | U2E1 | 1667/mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 92 GiB total, 22.176 GiB free.

D: is FIXED (NTFS) - 112 GiB total, 3.219 GiB free.

E: is CDROM ()

F: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP1283: 11/18/2011 1:22:17 AM - Windows Update

RP1284: 11/22/2011 2:12:22 AM - Windows Update

RP1286: 11/22/2011 11:43:42 AM - Windows Defender Checkpoint

RP1287: 11/22/2011 12:14:27 PM - Windows Update

.

==== Installed Programs ======================

.

ACDSee 10 Photo Manager

Activation Assistant for the 2007 Microsoft Office suites

Adobe Flash Player 11 ActiveX

Adobe Reader 8.1.4

Adobe Shockwave Player 11

avast! Free Antivirus

Bluetooth Stack for Windows by Toshiba

Canon MP Navigator EX 1.0

Canon MX310 series

CD/DVD Drive Acoustic Silencer

Chuzzle Deluxe

Combined Community Codec Pack 2007-02-22

Desktop Dialer

DVD MovieFactory for TOSHIBA

DVDFab 6.2.1.8 (31/12/2009)

Granado Espada

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

ID3-TagIT 3

Intel® Graphics Media Accelerator Driver

Java Auto Updater

Java 6 Update 29

Java SE Runtime Environment 6

JEOPARDY

Malwarebytes' Anti-Malware version 1.51.2.1300

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft Office Excel MUI (English) 2007

Microsoft Office Home and Student 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable - KB2467175

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Works

Microsoft XML Parser

MSVC80_x86

MSXML 4.0 SP2 (KB927978)

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB941833)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

neroxml

Presto! PageManager 7.15.16

Protector Suite QL 5.8

Real Alternative 1.52

Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista

Realtek High Definition Audio Driver

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Spelling Dictionaries Support For Adobe Reader 8

Synaptics Pointing Device Driver

TagScanner 5.0 build 511

Texas Instruments PCIxx21/x515/xx12 drivers.

TIPCI

TOSHIBA Assist

TOSHIBA ConfigFree

TOSHIBA Disc Creator

TOSHIBA Extended Tiles for Windows Mobility Center

TOSHIBA Flash Cards Support Utility

TOSHIBA Game Console

TOSHIBA Hardware Setup

TOSHIBA Media Center Game Console

Toshiba Registration

TOSHIBA SD Memory Utilities

TOSHIBA Software Modem

TOSHIBA Software Upgrades

TOSHIBA Speech System Applications

TOSHIBA Speech System SR Engine(U.S.) Version1.0

TOSHIBA Speech System TTS Engine(U.S.) Version1.0

TOSHIBA Supervisor Password

TOSHIBA Value Added Package

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Utility Common Driver

WinDVD for TOSHIBA

WinRAR archiver

Yahoo! Messenger

.

==== Event Viewer Messages From Past Week ========

.

11/24/2011 8:00:16 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Tosrfcom

11/22/2011 12:07:42 PM, Error: Service Control Manager [7022] - The avast! Antivirus service hung on starting.

11/22/2011 12:03:47 PM, Error: Microsoft-Windows-Windows Defender [2004] - Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. Signatures Attempted: Current Error Code: 0x8050a001 Error description: The program can't find definition files that help detect unwanted software. Check for updates to the definition files, and then try again. For information on installing updates, see Help and Support. Signatures loading: Backup Loading signature version: 1.115.2100.0 Loading engine version: 1.1.7801.0

11/22/2011 11:50:06 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD aswRdr aswSnx aswSP aswTdi DfsC NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb spldr sptd tdx Tosrfcom Wanarpv6

11/22/2011 11:50:06 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

11/22/2011 11:50:06 AM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.

11/22/2011 11:50:06 AM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.

11/22/2011 11:50:06 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

11/22/2011 11:50:06 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.

11/22/2011 11:50:06 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

11/22/2011 11:50:06 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

11/22/2011 11:50:06 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.

11/22/2011 11:50:06 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

11/22/2011 11:50:06 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.

11/22/2011 11:50:06 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

11/22/2011 11:50:06 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.

11/22/2011 11:50:06 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

11/22/2011 11:50:06 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

11/22/2011 11:49:57 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

11/22/2011 11:49:57 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

11/22/2011 11:49:37 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

11/22/2011 11:49:23 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}

11/22/2011 11:49:23 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

11/22/2011 11:49:23 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}

11/22/2011 11:49:19 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

11/22/2011 11:49:11 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

11/22/2011 11:48:10 AM, Error: sptd [4] - Driver detected an internal error in its data structures for .

11/22/2011 11:30:03 AM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

11/21/2011 7:08:04 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} to the user Asapaboi-PC\Asapaboi SID (S-1-5-21-1276177871-1407396258-3323346848-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

11/18/2011 1:53:36 PM, Error: EventLog [6008] - The previous system shutdown at 9:52:05 AM on 11/18/2011 was unexpected.

.

==== End Of File ===========================

Link to post
Share on other sites

Wow that was quick!

Here's the combofix log:

++++++++Combofix++++++++++++

ComboFix 11-11-24.01 - Asapaboi 11/24/2011 10:41:50.1.2 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3061.1844 [GMT -8:00]

Running from: c:\users\Asapaboi\Desktop\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files\StartNow Toolbar

c:\program files\StartNow Toolbar\Resources\images\engine_images.png

c:\program files\StartNow Toolbar\Resources\images\engine_maps.png

c:\program files\StartNow Toolbar\Resources\images\engine_news.png

c:\program files\StartNow Toolbar\Resources\images\engine_videos.png

c:\program files\StartNow Toolbar\Resources\images\engine_web.png

c:\program files\StartNow Toolbar\Resources\images\icon_amazon.png

c:\program files\StartNow Toolbar\Resources\images\icon_ebay.png

c:\program files\StartNow Toolbar\Resources\images\icon_facebook.png

c:\program files\StartNow Toolbar\Resources\images\icon_games.png

c:\program files\StartNow Toolbar\Resources\images\icon_msn.png

c:\program files\StartNow Toolbar\Resources\images\icon_shopping.png

c:\program files\StartNow Toolbar\Resources\images\icon_travel.png

c:\program files\StartNow Toolbar\Resources\images\icon_twitter.png

c:\program files\StartNow Toolbar\Resources\images\startnow_logo.png

c:\program files\StartNow Toolbar\Resources\installer.xml

c:\program files\StartNow Toolbar\Resources\protect\index.html

c:\program files\StartNow Toolbar\Resources\protect\NotIE6.css

c:\program files\StartNow Toolbar\Resources\protect\OnlyIE6.css

c:\program files\StartNow Toolbar\Resources\protect\SearchProtectIcon.png

c:\program files\StartNow Toolbar\Resources\protect\window.css

c:\program files\StartNow Toolbar\Resources\reactivate\index.html

c:\program files\StartNow Toolbar\Resources\reactivate\LeftImage.png

c:\program files\StartNow Toolbar\Resources\reactivate\NotIE6.css

c:\program files\StartNow Toolbar\Resources\reactivate\OnlyIE6.css

c:\program files\StartNow Toolbar\Resources\reactivate\window.css

c:\program files\StartNow Toolbar\Resources\skin\chevron_button.png

c:\program files\StartNow Toolbar\Resources\skin\searchbox_button_hover.png

c:\program files\StartNow Toolbar\Resources\skin\searchbox_button_normal.png

c:\program files\StartNow Toolbar\Resources\skin\searchbox_dropdown_button_normal.png

c:\program files\StartNow Toolbar\Resources\skin\searchbox_input_background.png

c:\program files\StartNow Toolbar\Resources\skin\searchbox_input_left.png

c:\program files\StartNow Toolbar\Resources\skin\searchbox_input_middle.png

c:\program files\StartNow Toolbar\Resources\skin\separator.png

c:\program files\StartNow Toolbar\Resources\skin\splitter.png

c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ff_hover_c.png

c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_c.png

c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_l.png

c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_r.png

c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_c.png

c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_l.png

c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_r.png

c:\program files\StartNow Toolbar\Resources\toolbar.xml

c:\program files\StartNow Toolbar\Resources\update.xml

c:\program files\StartNow Toolbar\uninstall.dat

c:\programdata\ntuser.dat

c:\programdata\xp

c:\programdata\xp\EBLib.dll

c:\programdata\xp\TPwSav.sys

c:\users\Asapaboi\AppData\Roaming\inst.exe

c:\users\Asapaboi\Documents\~WRL0003.tmp

c:\windows\security\Database\tmp.edb

.

.

((((((((((((((((((((((((( Files Created from 2011-10-24 to 2011-11-24 )))))))))))))))))))))))))))))))

.

.

2011-11-24 16:04 . 2011-11-24 16:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-11-24 16:04 . 2011-09-01 01:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-11-24 15:58 . 2011-11-24 15:58 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0A16822A-3984-41EB-ACED-6486D8E4D165}\offreg.dll

2011-11-22 20:15 . 2011-10-07 03:48 6668624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0A16822A-3984-41EB-ACED-6486D8E4D165}\mpengine.dll

2011-11-22 19:41 . 2011-11-22 19:41 -------- d-----w- c:\users\Asapaboi\AppData\Roaming\pH55ssQJ7dEK

2011-11-22 19:40 . 2011-11-22 19:40 -------- d-----w- c:\users\Asapaboi\AppData\Roaming\rRRZZ9hhTXjUClI

2011-11-22 19:40 . 2011-11-22 19:40 -------- d-----w- c:\users\Asapaboi\AppData\Roaming\yBBryA0vSb3Q6KR

2011-11-09 04:56 . 2011-10-17 11:41 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat

2011-11-09 04:56 . 2011-09-20 21:02 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys

2011-11-09 04:56 . 2011-09-30 15:57 707584 ----a-w- c:\program files\Common Files\System\wab32.dll

2011-10-28 03:36 . 2011-10-28 03:36 -------- d-----w- c:\users\Asapaboi\AppData\Roaming\OverDrive

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-11-10 03:45 . 2011-07-09 00:47 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-10-03 12:06 . 2011-05-08 21:33 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-09-06 20:45 . 2011-02-08 04:15 41184 ----a-w- c:\windows\avastSS.scr

2011-09-06 20:45 . 2011-02-08 04:15 199304 ----a-w- c:\windows\system32\aswBoot.exe

2011-09-06 20:38 . 2011-09-19 23:43 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2011-09-06 20:37 . 2011-02-08 04:15 320856 ----a-w- c:\windows\system32\drivers\aswSP.sys

2011-09-06 20:36 . 2011-02-08 04:15 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2011-09-06 20:36 . 2011-02-08 04:15 52568 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2011-09-06 20:36 . 2011-02-08 04:15 54616 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2011-09-06 20:36 . 2011-02-08 04:15 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2011-09-06 13:30 . 2011-10-13 03:57 2043392 ----a-w- c:\windows\system32\win32k.sys

2011-09-01 02:35 . 2011-10-13 08:53 1798144 ----a-w- c:\windows\system32\jscript9.dll

2011-09-01 02:28 . 2011-10-13 08:53 1126912 ----a-w- c:\windows\system32\wininet.dll

2011-09-01 02:22 . 2011-10-13 08:53 2382848 ----a-w- c:\windows\system32\mshtml.tlb

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2011-09-06 20:45 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]

@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"

[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]

2007-11-14 19:22 3186440 ----a-w- c:\program files\Protector Suite QL\farchns.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]

@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"

[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]

2007-11-14 19:22 3186440 ----a-w- c:\program files\Protector Suite QL\farchns.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"cdloader"="c:\users\Asapaboi\AppData\Roaming\mjusbsp\cdloader2.exe" [2009-04-10 50520]

"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]

"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2011-08-22 6276408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-03-20 1451304]

"RtHDVCpl"="RtHDVCpl.exe" [2006-11-09 3784704]

"LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2005-12-16 188416]

"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2006-12-20 411768]

"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2006-12-08 55416]

"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2006-12-12 448632]

"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2006-12-15 530552]

"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2006-11-01 413696]

"SVPWUTIL"="c:\program files\TOSHIBA\Utilities\SVPWUTIL.exe" [2006-01-19 421888]

"KeNotify"="c:\program files\TOSHIBA\Utilities\KeNotify.exe" [2006-11-07 34352]

"PINGER"="c:\toshiba\IVP\ISM\pinger.exe" [2006-07-20 151552]

"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-07-27 204800]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-12 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-12 166424]

"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-12 133656]

"PSQLLauncher"="c:\program files\Protector Suite QL\launcher.exe" [2007-11-14 49416]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]

"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-09-06 3722416]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

"WrtMon.exe"="c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe" [2006-09-20 20480]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-09-01 449608]

.

c:\users\Asapaboi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"DisableCAD"= 1 (0x1)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]

2007-11-14 19:07 96008 ----a-w- c:\windows\System32\psqlpwd.dll

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Notification Packages REG_MULTI_SZ scecli psqlpwd

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]

"DisableMonitoring"=dword:00000001

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

R3 XDva011;XDva011;c:\windows\system32\XDva011.sys [x]

R3 XDva020;XDva020;c:\windows\system32\XDva020.sys [x]

R3 XDva030;XDva030;c:\windows\system32\XDva030.sys [x]

R3 XDva031;XDva031;c:\windows\system32\XDva031.sys [x]

R3 XDva033;XDva033;c:\windows\system32\XDva033.sys [x]

R3 XDva035;XDva035;c:\windows\system32\XDva035.sys [x]

R3 XDva052;XDva052;c:\windows\system32\XDva052.sys [x]

R3 XDva098;XDva098;c:\windows\system32\XDva098.sys [x]

R3 XDva189;XDva189;c:\windows\system32\XDva189.sys [x]

R3 XDva190;XDva190;c:\windows\system32\XDva190.sys [x]

R3 XDva197;XDva197;c:\windows\system32\XDva197.sys [x]

R3 XDva212;XDva212;c:\windows\system32\XDva212.sys [x]

R3 XDva219;XDva219;c:\windows\system32\XDva219.sys [x]

R3 XDva220;XDva220;c:\windows\system32\XDva220.sys [x]

R3 XDva224;XDva224;c:\windows\system32\XDva224.sys [x]

R3 XDva228;XDva228;c:\windows\system32\XDva228.sys [x]

R3 XDva231;XDva231;c:\windows\system32\XDva231.sys [x]

R3 XDva234;XDva234;c:\windows\system32\XDva234.sys [x]

R3 XDva260;XDva260;c:\windows\system32\XDva260.sys [x]

R3 XDva269;XDva269;c:\windows\system32\XDva269.sys [x]

R3 XDva279;XDva279;c:\windows\system32\XDva279.sys [x]

R3 XDva288;XDva288;c:\windows\system32\XDva288.sys [x]

R3 XDva295;XDva295;c:\windows\system32\XDva295.sys [x]

R3 XDva351;XDva351;c:\windows\system32\XDva351.sys [x]

R3 XDva356;XDva356;c:\windows\system32\XDva356.sys [x]

R3 XDva370;XDva370;c:\windows\system32\XDva370.sys [x]

R3 XDva375;XDva375;c:\windows\system32\XDva375.sys [x]

R3 XDva380;XDva380;c:\windows\system32\XDva380.sys [x]

R3 XDva383;XDva383;c:\windows\system32\XDva383.sys [x]

R3 XDva385;XDva385;c:\windows\system32\XDva385.sys [x]

R3 XDva387;XDva387;c:\windows\system32\XDva387.sys [x]

R3 XDva389;XDva389;c:\windows\system32\XDva389.sys [x]

R3 XDva390;XDva390;c:\windows\system32\XDva390.sys [x]

R3 XDva391;XDva391;c:\windows\system32\XDva391.sys [x]

S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-01-07 691696]

S1 aswSnx;aswSnx; [x]

S1 aswSP;aswSP; [x]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-09-06 54616]

S3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

.

.

------- Supplementary Scan -------

.

uStart Page = about:blank

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html

TCP: DhcpNameServer = 209.18.47.61 209.18.47.62

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-11-24 10:49

Windows 6.0.6002 Service Pack 2 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.032"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ani\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.ani"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.arw"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.bay"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.bmp"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.bw"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.cr2"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.crw"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.cs1"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cur\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.cur"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.dcr"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.dcx"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.dib"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.djv"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.djvu"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.dng"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.emf"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.eps"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.erf"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.fff"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.fpx"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.gif"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.hdr"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icl\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.icl"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.icn"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ico\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.ico"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.iff"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.ilbm"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.int"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.inta"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.iw4"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.j2c"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.j2k"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.jfif"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.jif"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.jp2"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.jpc"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.jpe"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.jpeg"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.jpg"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.jpk"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.jpx"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.lbm"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.mef"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.mos"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.mrw"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.nef"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.orf"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.pbm"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.pcd"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.pct"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.pcx"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.pef"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.pgm"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.pic"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.pict"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.pix"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.png"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.ppm"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.psd"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.psp"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.pspimage"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.raf"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.ras"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.raw"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.rgb"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.rgba"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.rle"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.rsb"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgi\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.sgi"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.sr2"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.srf"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.tga"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.thm"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.tif"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.tiff"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.ttc"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.ttf"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v10o\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.v10o"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v10p\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.v10p"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v10pf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.v10pf"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.wbm"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.wbmp"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.wmf"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.xbm"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.xif"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.xmp"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.xpm"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'lsass.exe'(796)

c:\windows\system32\psqlpwd.dll

c:\program files\Protector Suite QL\homefus2.dll

c:\program files\Protector Suite QL\infql2.dll

.

Completion time: 2011-11-24 10:51:51

ComboFix-quarantined-files.txt 2011-11-24 18:51

.

Pre-Run: 23,574,532,096 bytes free

Post-Run: 25,094,533,120 bytes free

.

- - End Of File - - 8EBD34FD283038CD984D762DA74F8B1C

Link to post
Share on other sites

Open Notepad and copy and paste the text in the code box below into it:

Folder::
c:\users\Asapaboi\AppData\Roaming\pH55ssQJ7dEK
c:\users\Asapaboi\AppData\Roaming\rRRZZ9hhTXjUClI
c:\users\Asapaboi\AppData\Roaming\yBBryA0vSb3Q6KR

Save the file to your desktop and name it CFScript.txt

Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.

CFScriptB-4.gif

This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply.

Note: These instructions and script were created specifically for this user. If you are not this user, do NOT follow these instructions or use this script as it could damage the workings of your system.

In your next post here, please include ComboFix.txt and let me know how are things there.

Link to post
Share on other sites

Here's the log. I'd like to apologize in advance for any delay in the latter steps. I'm feeling a little sick right now so I might not get back to you immediately.

++++++combofix log++++++

ComboFix 11-11-24.01 - Asapaboi 11/24/2011 13:23:41.2.2 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3061.1627 [GMT -8:00]

Running from: c:\users\Asapaboi\Desktop\ComboFix.exe

Command switches used :: c:\users\Asapaboi\Desktop\CFScript.txt

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((( Files Created from 2011-10-24 to 2011-11-24 )))))))))))))))))))))))))))))))

.

.

2011-11-24 21:29 . 2011-11-24 21:29 -------- d-----w- c:\users\Asapaboi\AppData\Local\temp

2011-11-24 21:29 . 2011-11-24 21:29 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-11-24 19:01 . 2011-11-24 19:01 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0A16822A-3984-41EB-ACED-6486D8E4D165}\offreg.dll

2011-11-24 16:04 . 2011-11-24 16:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-11-24 16:04 . 2011-09-01 01:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-11-22 20:15 . 2011-10-07 03:48 6668624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0A16822A-3984-41EB-ACED-6486D8E4D165}\mpengine.dll

2011-11-22 19:41 . 2011-11-22 19:41 -------- d-----w- c:\users\Asapaboi\AppData\Roaming\pH55ssQJ7dEK

2011-11-22 19:40 . 2011-11-22 19:40 -------- d-----w- c:\users\Asapaboi\AppData\Roaming\rRRZZ9hhTXjUClI

2011-11-22 19:40 . 2011-11-22 19:40 -------- d-----w- c:\users\Asapaboi\AppData\Roaming\yBBryA0vSb3Q6KR

2011-11-09 04:56 . 2011-10-17 11:41 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat

2011-11-09 04:56 . 2011-09-20 21:02 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys

2011-11-09 04:56 . 2011-09-30 15:57 707584 ----a-w- c:\program files\Common Files\System\wab32.dll

2011-10-28 03:36 . 2011-10-28 03:36 -------- d-----w- c:\users\Asapaboi\AppData\Roaming\OverDrive

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-11-10 03:45 . 2011-07-09 00:47 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-10-03 12:06 . 2011-05-08 21:33 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-09-06 20:45 . 2011-02-08 04:15 41184 ----a-w- c:\windows\avastSS.scr

2011-09-06 20:45 . 2011-02-08 04:15 199304 ----a-w- c:\windows\system32\aswBoot.exe

2011-09-06 20:38 . 2011-09-19 23:43 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2011-09-06 20:37 . 2011-02-08 04:15 320856 ----a-w- c:\windows\system32\drivers\aswSP.sys

2011-09-06 20:36 . 2011-02-08 04:15 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2011-09-06 20:36 . 2011-02-08 04:15 52568 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2011-09-06 20:36 . 2011-02-08 04:15 54616 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2011-09-06 20:36 . 2011-02-08 04:15 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2011-09-06 13:30 . 2011-10-13 03:57 2043392 ----a-w- c:\windows\system32\win32k.sys

2011-09-01 02:35 . 2011-10-13 08:53 1798144 ----a-w- c:\windows\system32\jscript9.dll

2011-09-01 02:28 . 2011-10-13 08:53 1126912 ----a-w- c:\windows\system32\wininet.dll

2011-09-01 02:22 . 2011-10-13 08:53 2382848 ----a-w- c:\windows\system32\mshtml.tlb

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2011-09-06 20:45 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]

@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"

[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]

2007-11-14 19:22 3186440 ----a-w- c:\program files\Protector Suite QL\farchns.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]

@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"

[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]

2007-11-14 19:22 3186440 ----a-w- c:\program files\Protector Suite QL\farchns.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"cdloader"="c:\users\Asapaboi\AppData\Roaming\mjusbsp\cdloader2.exe" [2009-04-10 50520]

"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]

"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2011-08-22 6276408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-03-20 1451304]

"RtHDVCpl"="RtHDVCpl.exe" [2006-11-09 3784704]

"LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2005-12-16 188416]

"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2006-12-20 411768]

"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2006-12-08 55416]

"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2006-12-12 448632]

"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2006-12-15 530552]

"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2006-11-01 413696]

"SVPWUTIL"="c:\program files\TOSHIBA\Utilities\SVPWUTIL.exe" [2006-01-19 421888]

"KeNotify"="c:\program files\TOSHIBA\Utilities\KeNotify.exe" [2006-11-07 34352]

"PINGER"="c:\toshiba\IVP\ISM\pinger.exe" [2006-07-20 151552]

"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-07-27 204800]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-12 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-12 166424]

"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-12 133656]

"PSQLLauncher"="c:\program files\Protector Suite QL\launcher.exe" [2007-11-14 49416]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]

"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-09-06 3722416]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

"WrtMon.exe"="c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe" [2006-09-20 20480]

.

c:\users\Asapaboi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"DisableCAD"= 1 (0x1)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]

2007-11-14 19:07 96008 ----a-w- c:\windows\System32\psqlpwd.dll

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Notification Packages REG_MULTI_SZ scecli psqlpwd

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]

"DisableMonitoring"=dword:00000001

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

R3 XDva011;XDva011;c:\windows\system32\XDva011.sys [x]

R3 XDva020;XDva020;c:\windows\system32\XDva020.sys [x]

R3 XDva030;XDva030;c:\windows\system32\XDva030.sys [x]

R3 XDva031;XDva031;c:\windows\system32\XDva031.sys [x]

R3 XDva033;XDva033;c:\windows\system32\XDva033.sys [x]

R3 XDva035;XDva035;c:\windows\system32\XDva035.sys [x]

R3 XDva052;XDva052;c:\windows\system32\XDva052.sys [x]

R3 XDva098;XDva098;c:\windows\system32\XDva098.sys [x]

R3 XDva189;XDva189;c:\windows\system32\XDva189.sys [x]

R3 XDva190;XDva190;c:\windows\system32\XDva190.sys [x]

R3 XDva197;XDva197;c:\windows\system32\XDva197.sys [x]

R3 XDva212;XDva212;c:\windows\system32\XDva212.sys [x]

R3 XDva219;XDva219;c:\windows\system32\XDva219.sys [x]

R3 XDva220;XDva220;c:\windows\system32\XDva220.sys [x]

R3 XDva224;XDva224;c:\windows\system32\XDva224.sys [x]

R3 XDva228;XDva228;c:\windows\system32\XDva228.sys [x]

R3 XDva231;XDva231;c:\windows\system32\XDva231.sys [x]

R3 XDva234;XDva234;c:\windows\system32\XDva234.sys [x]

R3 XDva260;XDva260;c:\windows\system32\XDva260.sys [x]

R3 XDva269;XDva269;c:\windows\system32\XDva269.sys [x]

R3 XDva279;XDva279;c:\windows\system32\XDva279.sys [x]

R3 XDva288;XDva288;c:\windows\system32\XDva288.sys [x]

R3 XDva295;XDva295;c:\windows\system32\XDva295.sys [x]

R3 XDva351;XDva351;c:\windows\system32\XDva351.sys [x]

R3 XDva356;XDva356;c:\windows\system32\XDva356.sys [x]

R3 XDva370;XDva370;c:\windows\system32\XDva370.sys [x]

R3 XDva375;XDva375;c:\windows\system32\XDva375.sys [x]

R3 XDva380;XDva380;c:\windows\system32\XDva380.sys [x]

R3 XDva383;XDva383;c:\windows\system32\XDva383.sys [x]

R3 XDva385;XDva385;c:\windows\system32\XDva385.sys [x]

R3 XDva387;XDva387;c:\windows\system32\XDva387.sys [x]

R3 XDva389;XDva389;c:\windows\system32\XDva389.sys [x]

R3 XDva390;XDva390;c:\windows\system32\XDva390.sys [x]

R3 XDva391;XDva391;c:\windows\system32\XDva391.sys [x]

S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-01-07 691696]

S1 aswSnx;aswSnx; [x]

S1 aswSP;aswSP; [x]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-09-06 54616]

S3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

.

.

------- Supplementary Scan -------

.

uStart Page = about:blank

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html

TCP: DhcpNameServer = 209.18.47.61 209.18.47.62

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-11-24 13:29

Windows 6.0.6002 Service Pack 2 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.032"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ani\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.ani"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.arw"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.bay"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.bmp"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.bw"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.cr2"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.crw"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.cs1"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cur\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.cur"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.dcr"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.dcx"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.dib"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.djv"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.djvu"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.dng"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.emf"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.eps"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.erf"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.fff"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.fpx"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.gif"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.hdr"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icl\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.icl"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.icn"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ico\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.ico"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.iff"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.ilbm"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.int"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.inta"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.iw4"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.j2c"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.j2k"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.jfif"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.jif"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.jp2"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.jpc"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.jpe"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.jpeg"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.jpg"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.jpk"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.jpx"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.lbm"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.mef"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.mos"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.mrw"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.nef"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.orf"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.pbm"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.pcd"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.pct"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.pcx"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.pef"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.pgm"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.pic"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.pict"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.pix"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.png"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.ppm"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.psd"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.psp"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.pspimage"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.raf"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.ras"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.raw"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.rgb"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.rgba"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.rle"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.rsb"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgi\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.sgi"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.sr2"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.srf"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.tga"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.thm"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.tif"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.tiff"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.ttc"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.ttf"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v10o\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.v10o"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v10p\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.v10p"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v10pf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.v10pf"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.wbm"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.wbmp"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.wmf"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.xbm"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.xif"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.xmp"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.xpm"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'lsass.exe'(820)

c:\windows\system32\psqlpwd.dll

c:\program files\Protector Suite QL\homefus2.dll

c:\program files\Protector Suite QL\infql2.dll

.

- - - - - - - > 'Explorer.exe'(5052)

c:\program files\Protector Suite QL\farchns.dll

c:\program files\Protector Suite QL\infql2.dll

.

Completion time: 2011-11-24 13:31:54

ComboFix-quarantined-files.txt 2011-11-24 21:31

ComboFix2.txt 2011-11-24 18:51

.

Pre-Run: 23,401,807,872 bytes free

Post-Run: 23,599,353,856 bytes free

.

- - End Of File - - D1CA6FDB7E9700DD4D3DBF2C8B5A862A

Link to post
Share on other sites

Hm, I thought I did. But anyway, I redid the whole process and here is the log:

+++Combofix log+++++++

ComboFix 11-11-24.01 - Asapaboi 11/24/2011 19:00:28.3.2 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3061.1961 [GMT -8:00]

Running from: c:\users\Asapaboi\Desktop\ComboFix.exe

Command switches used :: c:\users\Asapaboi\Desktop\CFScript.txt

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Asapaboi\AppData\Roaming\pH55ssQJ7dEK

c:\users\Asapaboi\AppData\Roaming\rRRZZ9hhTXjUClI

c:\users\Asapaboi\AppData\Roaming\yBBryA0vSb3Q6KR

.

.

((((((((((((((((((((((((( Files Created from 2011-10-25 to 2011-11-25 )))))))))))))))))))))))))))))))

.

.

2011-11-25 03:06 . 2011-11-25 03:06 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-11-25 01:27 . 2011-11-25 01:27 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0A16822A-3984-41EB-ACED-6486D8E4D165}\offreg.dll

2011-11-24 21:31 . 2011-11-25 03:06 -------- d-----w- c:\users\Asapaboi\AppData\Local\temp

2011-11-24 16:04 . 2011-11-24 16:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-11-24 16:04 . 2011-09-01 01:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-11-22 20:15 . 2011-10-07 03:48 6668624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0A16822A-3984-41EB-ACED-6486D8E4D165}\mpengine.dll

2011-11-09 04:56 . 2011-10-17 11:41 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat

2011-11-09 04:56 . 2011-09-20 21:02 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys

2011-11-09 04:56 . 2011-09-30 15:57 707584 ----a-w- c:\program files\Common Files\System\wab32.dll

2011-10-28 03:36 . 2011-10-28 03:36 -------- d-----w- c:\users\Asapaboi\AppData\Roaming\OverDrive

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-11-10 03:45 . 2011-07-09 00:47 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-10-03 12:06 . 2011-05-08 21:33 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-09-06 20:45 . 2011-02-08 04:15 41184 ----a-w- c:\windows\avastSS.scr

2011-09-06 20:45 . 2011-02-08 04:15 199304 ----a-w- c:\windows\system32\aswBoot.exe

2011-09-06 20:38 . 2011-09-19 23:43 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2011-09-06 20:37 . 2011-02-08 04:15 320856 ----a-w- c:\windows\system32\drivers\aswSP.sys

2011-09-06 20:36 . 2011-02-08 04:15 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2011-09-06 20:36 . 2011-02-08 04:15 52568 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2011-09-06 20:36 . 2011-02-08 04:15 54616 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2011-09-06 20:36 . 2011-02-08 04:15 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2011-09-06 13:30 . 2011-10-13 03:57 2043392 ----a-w- c:\windows\system32\win32k.sys

2011-09-01 02:35 . 2011-10-13 08:53 1798144 ----a-w- c:\windows\system32\jscript9.dll

2011-09-01 02:28 . 2011-10-13 08:53 1126912 ----a-w- c:\windows\system32\wininet.dll

2011-09-01 02:22 . 2011-10-13 08:53 2382848 ----a-w- c:\windows\system32\mshtml.tlb

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2011-09-06 20:45 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]

@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"

[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]

2007-11-14 19:22 3186440 ----a-w- c:\program files\Protector Suite QL\farchns.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]

@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"

[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]

2007-11-14 19:22 3186440 ----a-w- c:\program files\Protector Suite QL\farchns.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"cdloader"="c:\users\Asapaboi\AppData\Roaming\mjusbsp\cdloader2.exe" [2009-04-10 50520]

"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]

"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2011-08-22 6276408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-03-20 1451304]

"RtHDVCpl"="RtHDVCpl.exe" [2006-11-09 3784704]

"LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2005-12-16 188416]

"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2006-12-20 411768]

"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2006-12-08 55416]

"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2006-12-12 448632]

"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2006-12-15 530552]

"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2006-11-01 413696]

"SVPWUTIL"="c:\program files\TOSHIBA\Utilities\SVPWUTIL.exe" [2006-01-19 421888]

"KeNotify"="c:\program files\TOSHIBA\Utilities\KeNotify.exe" [2006-11-07 34352]

"PINGER"="c:\toshiba\IVP\ISM\pinger.exe" [2006-07-20 151552]

"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-07-27 204800]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-12 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-12 166424]

"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-12 133656]

"PSQLLauncher"="c:\program files\Protector Suite QL\launcher.exe" [2007-11-14 49416]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]

"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-09-06 3722416]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

"WrtMon.exe"="c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe" [2006-09-20 20480]

.

c:\users\Asapaboi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"DisableCAD"= 1 (0x1)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]

2007-11-14 19:07 96008 ----a-w- c:\windows\System32\psqlpwd.dll

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Notification Packages REG_MULTI_SZ scecli psqlpwd

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]

"DisableMonitoring"=dword:00000001

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

R3 XDva011;XDva011;c:\windows\system32\XDva011.sys [x]

R3 XDva020;XDva020;c:\windows\system32\XDva020.sys [x]

R3 XDva030;XDva030;c:\windows\system32\XDva030.sys [x]

R3 XDva031;XDva031;c:\windows\system32\XDva031.sys [x]

R3 XDva033;XDva033;c:\windows\system32\XDva033.sys [x]

R3 XDva035;XDva035;c:\windows\system32\XDva035.sys [x]

R3 XDva052;XDva052;c:\windows\system32\XDva052.sys [x]

R3 XDva098;XDva098;c:\windows\system32\XDva098.sys [x]

R3 XDva189;XDva189;c:\windows\system32\XDva189.sys [x]

R3 XDva190;XDva190;c:\windows\system32\XDva190.sys [x]

R3 XDva197;XDva197;c:\windows\system32\XDva197.sys [x]

R3 XDva212;XDva212;c:\windows\system32\XDva212.sys [x]

R3 XDva219;XDva219;c:\windows\system32\XDva219.sys [x]

R3 XDva220;XDva220;c:\windows\system32\XDva220.sys [x]

R3 XDva224;XDva224;c:\windows\system32\XDva224.sys [x]

R3 XDva228;XDva228;c:\windows\system32\XDva228.sys [x]

R3 XDva231;XDva231;c:\windows\system32\XDva231.sys [x]

R3 XDva234;XDva234;c:\windows\system32\XDva234.sys [x]

R3 XDva260;XDva260;c:\windows\system32\XDva260.sys [x]

R3 XDva269;XDva269;c:\windows\system32\XDva269.sys [x]

R3 XDva279;XDva279;c:\windows\system32\XDva279.sys [x]

R3 XDva288;XDva288;c:\windows\system32\XDva288.sys [x]

R3 XDva295;XDva295;c:\windows\system32\XDva295.sys [x]

R3 XDva351;XDva351;c:\windows\system32\XDva351.sys [x]

R3 XDva356;XDva356;c:\windows\system32\XDva356.sys [x]

R3 XDva370;XDva370;c:\windows\system32\XDva370.sys [x]

R3 XDva375;XDva375;c:\windows\system32\XDva375.sys [x]

R3 XDva380;XDva380;c:\windows\system32\XDva380.sys [x]

R3 XDva383;XDva383;c:\windows\system32\XDva383.sys [x]

R3 XDva385;XDva385;c:\windows\system32\XDva385.sys [x]

R3 XDva387;XDva387;c:\windows\system32\XDva387.sys [x]

R3 XDva389;XDva389;c:\windows\system32\XDva389.sys [x]

R3 XDva390;XDva390;c:\windows\system32\XDva390.sys [x]

R3 XDva391;XDva391;c:\windows\system32\XDva391.sys [x]

S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-01-07 691696]

S1 aswSnx;aswSnx; [x]

S1 aswSP;aswSP; [x]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-09-06 54616]

S3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

.

.

------- Supplementary Scan -------

.

uStart Page = about:blank

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html

TCP: DhcpNameServer = 209.18.47.61 209.18.47.62

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-11-24 19:06

Windows 6.0.6002 Service Pack 2 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.032"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ani\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.ani"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.arw"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.bay"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.bmp"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.bw"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.cr2"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.crw"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.cs1"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cur\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.cur"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.dcr"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.dcx"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.dib"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.djv"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.djvu"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.dng"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.emf"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.eps"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.erf"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.fff"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.fpx"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.gif"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.hdr"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icl\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.icl"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.icn"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ico\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.ico"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.iff"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.ilbm"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.int"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.inta"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.iw4"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.j2c"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.j2k"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.jfif"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.jif"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.jp2"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.jpc"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.jpe"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.jpeg"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.jpg"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.jpk"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.jpx"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.lbm"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.mef"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.mos"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.mrw"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.nef"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.orf"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.pbm"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.pcd"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.pct"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.pcx"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.pef"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.pgm"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.pic"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.pict"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.pix"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.png"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.ppm"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.psd"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.psp"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.pspimage"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.raf"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.ras"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.raw"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.rgb"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.rgba"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.rle"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.rsb"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgi\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.sgi"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.sr2"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.srf"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.tga"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.thm"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.tif"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.tiff"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.ttc"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.ttf"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v10o\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.v10o"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v10p\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.v10p"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v10pf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.v10pf"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.wbm"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.wbmp"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.wmf"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.xbm"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.xif"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.xmp"

.

[HKEY_USERS\S-1-5-21-1276177871-1407396258-3323346848-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 10.0.xpm"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'lsass.exe'(792)

c:\windows\system32\psqlpwd.dll

c:\program files\Protector Suite QL\homefus2.dll

c:\program files\Protector Suite QL\infql2.dll

.

- - - - - - - > 'Explorer.exe'(5684)

c:\program files\Protector Suite QL\farchns.dll

c:\program files\Protector Suite QL\infql2.dll

.

Completion time: 2011-11-24 19:08:51

ComboFix-quarantined-files.txt 2011-11-25 03:08

ComboFix2.txt 2011-11-24 21:31

ComboFix3.txt 2011-11-24 18:51

.

Pre-Run: 23,453,949,952 bytes free

Post-Run: 23,411,499,008 bytes free

.

- - End Of File - - D2097103385E24592AB296D31397C808

Link to post
Share on other sites

This time is fine! :)

  1. Please run a free online scan with the ESET Online Scanner
    Note: You will need to use Internet Explorer for this scan
  2. Tick the box next to YES, I accept the Terms of Use
  3. Click Start
  4. When asked, allow the ActiveX control to install
  5. Click Start
  6. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  7. Click Scan (This scan can take several hours, so please be patient)
  8. Once the scan is completed, you may close the window
  9. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  10. Copy and paste that log as a reply to this topic

Link to post
Share on other sites

I have good news for you => You're system is clean! :)

Here are some tips to prevent future malware problems:

You need to ensure that you have the latest version of Adobe Reader. Before you download and install the latest version is important to uninstall it, so for this purpose: Click Start => Control Panel => Add or Remove Programs highlight it and click on Remove button. Next, click on each of the programs to download it:

Slowly and carefully install application and then restart your computer.

Let the cleaning tools we use. First get rid of ComboFix:

Go to Start => Run... and copy & paste next command in the field:

ComboFix /uninstall

Then hit Enter button.

This procedure will do the following:

  • Uninstall ComboFix
  • Delete its related folders and files
  • Reset your clock settings
  • Hide file extensions
  • Hide the system/hidden files
  • Resets System Restore again

Note: Make sure there's a space between ComboFix and /uninstall

At this stage, you don't need the online scanner, so:

To remove the ESET Online Scanner components from your computer, start the Add or Remove Programs applet from Control Panel, select the ESET Online Scanner entry and click Remove. A restart may be required to complete uninstallation.

Please manually delete DDS.

Some quick tips:

  1. Firewall - Your Windows OS has a built-in firewall, but it is weak and in no way good for the current requirements for optimal security, so I recommend you choose a suitable firewall on my advice below. A firewall will protect you from attacks coming from the global network. Without a firewall your computer is susceptible to being hacked and taken over. Here some good free firewall solutions:

[*]Alternative browser - Due to the large market share of Internet Explorer, it is a top target of the writers of malware, so we recommend using an alternative browser. There are many better alternatives to Internet Explorer regarding security, features and speed such as:

[*]Program updates - Updating the software is really important for the productivity, but also for their security. Here is an application that will help in checking the new versions and updates for your programs. It is called FileHippo Update Checker and you can download it from here.

[*]Clear old system restore points - Once your system is infected as a result there will be infected restore points that need to be cleaned.

  1. Open Start => All Programs => Accessories => System tools => Disk Cleanup.
  2. In the Drop down box that appears select your main drive e.g. C:\
  3. Click OK.
  4. The System will do some calculation and display a dialogue box with TABS.
  5. Select the More Options tab.
  6. At the bottom will be a system restore box with a CLEANUP button. Click on it.
  7. Accept the Warning and select OK again, the program will close and you are done.

[*]Create a new system restore point - Now that everything is fine, it is necessary to create a new restore point to restore your system to an earlier stage in case you get a problem. Do the following:

  1. Click Start, point to All Programs, point to Accessories, point to System Tools, and then click System Restore.
  2. In the System Restore dialog box, click Create a restore point, and then click Next.
  3. Type a description for your restore point, such as "After Cleanup", then click Create.

Safe surfing! ;)

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.