mouse/keyboard not working after infection

Jjude · June 4, 2012

hi and thank you for any help you can give. i have been using malwarebytes for a very long time and always recomend to newcomers. a friend has a dell inspiron win7 and it was riddled with all sorts, i had to use a usb mouse and onboard keyboard to get this far. mbam cant find anything now nor can superantispyware, avast is clear too. this entry worries me though Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 191318 Time elapsed: 7 minute(s), 47 second(s) my main concern right now is to get mouse and keyboard working is it possible anyone can help? thanks in advance Jjude iwas advisedto run dds and attach these two files thanks in advance

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 9.0.8112.16421

Run by Darren at 22:51:35 on 2012-06-04

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.44.1033.18.3032.2024 [GMT 1:00]

.

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

c:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\SUPERAntiSpyware\SASCORE.EXE

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\3 Mobile Broadband\3Connect\BecHelperService.exe

C:\Windows\system32\taskhost.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Microsoft\BingBar\SeaPort.EXE

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\AVG Secure Search\vprot.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Program Files\Software Informer\softinfo.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\ctfmon.exe

C:\Windows\system32\DllHost.exe

C:\Windows\System32\osk.exe

C:\Windows\system32\conhost.exe

.

============== Pseudo HJT Report ===============

.

uInternet Settings,ProxyOverride = *.local

uURLSearchHooks: MapNeto 1.1 Toolbar: {f5046a39-68f3-4732-995f-eb2ea26d93fb} - c:\program files\mapneto_1.1\prxtbMap2.dll

mURLSearchHooks: MapNeto 1.1 Toolbar: {f5046a39-68f3-4732-995f-eb2ea26d93fb} - c:\program files\mapneto_1.1\prxtbMap2.dll

BHO: ALOT Appbar Helper: {85f5cf95-ec8f-49fc-bb3f-38c79455cba2} - c:\program files\alotappbar\bin\bho\ALOTHelperBHO.dll

BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll

BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\11.0.0.9\AVG Secure Search_toolbar.dll

BHO: DealPly: {a6174f27-1fff-e1d6-a93f-ba48ad5dd448} - c:\program files\dealply\DealPlyIE.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: MapNeto 1.1 Toolbar: {f5046a39-68f3-4732-995f-eb2ea26d93fb} - c:\program files\mapneto_1.1\prxtbMap2.dll

TB: MapNeto 1.1 Toolbar: {f5046a39-68f3-4732-995f-eb2ea26d93fb} - c:\program files\mapneto_1.1\prxtbMap2.dll

TB: ALOT Appbar: {a531d99c-5a22-449b-83da-872725c6d0ed} - c:\program files\alotappbar\bin\ALOTHelper.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"

TB: MSN Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\msn toolbar\01.01.2607.0\en-us\msntb.dll

TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\11.0.0.9\AVG Secure Search_toolbar.dll

TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll

TB: {30F9B915-B755-4826-820B-08FBA6BD249D} - No File

{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [software Informer] "c:\program files\software informer\softinfo.exe" -autorun

uRun: [fsm]

uRun: [Facebook Update] "c:\users\darren\appdata\local\facebook\update\FacebookUpdate.exe" /c /nocrashserver

uRun: [MsnMsgr] "c:\program files\msn messenger\MsnMsgr.Exe" /background

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey

mRun: [vProt] "c:\program files\avg secure search\vprot.exe"

mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui

StartupFolder: c:\users\darren\appdata\roaming\micros~1\windows\startm~1\programs\startup\bbcipl~1.lnk - c:\program files\bbc iplayer desktop\BBC iPlayer Desktop.exe

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 192.168.2.1

TCP: Interfaces\{7551D652-7A92-46E1-AB92-1F30EF4A3B8A} : DhcpNameServer = 192.168.2.1

TCP: Interfaces\{8BF824F1-8589-422F-BB39-5FE72C44B99D} : DhcpNameServer = 192.168.2.1

TCP: Interfaces\{8BF824F1-8589-422F-BB39-5FE72C44B99D}\244564F4E4 : DhcpNameServer = 192.168.22.22 192.168.22.23

TCP: Interfaces\{8BF824F1-8589-422F-BB39-5FE72C44B99D}\2445F40756E6A7F6E656D284 : DhcpNameServer = 192.168.22.22 192.168.22.23

TCP: Interfaces\{AF935794-92FD-4F62-B29C-EC67C4B17158} : DhcpNameServer = 82.132.254.2 82.132.254.3

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\11.0.2\ViProtocol.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\darren\appdata\roaming\mozilla\firefox\profiles\oovn7040.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/

FF - plugin: c:\program files\common files\avg secure search\sitesafetyinstaller\11.0.2\npsitesafety.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.50401.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\users\darren\appdata\local\facebook\video\skype\npFacebookVideoCalling.dll

FF - plugin: c:\users\darren\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll

.

---- FIREFOX POLICIES ----

FF - user.js: extensions.funmoods_i.hmpg - true

FF - user.js: extensions.funmoods_i.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=fmacs

FF - user.js: extensions.funmoods_i.dfltSrch - true

FF - user.js: extensions.funmoods_i.srchPrvdr - Search

FF - user.js: extensions.funmoods_i.dnsErr - true

FF - user.js: extensions.funmoods_i.newTab - true

FF - user.js: extensions.funmoods_i.newTabUrl - hxxp://start.funmoods.com/?f=2&a=fmacs

FF - user.js: extensions.funmoods_i.tlbrSrchUrl - hxxp://start.funmoods.com/results.php?f=3&a=fmacs&q=

FF - user.js: extensions.funmoods_i.id - 007eed7b00000000000000225fa43919

FF - user.js: extensions.funmoods_i.instlDay - 15440

FF - user.js: extensions.funmoods_i.vrsn - 1.5.12.2

FF - user.js: extensions.funmoods_i.vrsni - 1.5.12.2

FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.12.220:08:38

FF - user.js: extensions.funmoods_i.prtnrId - funmoods

FF - user.js: extensions.funmoods_i.prdct - funmoods

FF - user.js: extensions.funmoods_i.aflt - fmacs

FF - user.js: extensions.funmoods_i.smplGrp - none

FF - user.js: extensions.funmoods_i.tlbrId - base

FF - user.js: extensions.funmoods_i.instlRef -

FF - user.js: extensions.funmoods_i.dfltLng -

FF - user.js: extensions.funmoods_i.excTlbr - false

.

============= SERVICES / DRIVERS ===============

.

R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 171064]

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-6-4 612184]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-6-4 337880]

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]

R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]

R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-12 116608]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-6-4 20696]

R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-6-4 57688]

R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-6-4 44768]

R2 BecHelperService;BecHelperService;c:\program files\3 mobile broadband\3connect\BecHelperService.exe [2011-10-28 1737464]

R2 vToolbarUpdater11.0.2;vToolbarUpdater11.0.2;c:\program files\common files\avg secure search\vtoolbarupdater\11.0.2\ToolbarUpdater.exe [2012-5-12 932736]

R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-7-13 311296]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-10-26 136176]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-4-1 183560]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-10-26 136176]

S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2009-9-7 7168]

S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-6-4 129976]

S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2011-8-2 18432]

S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 74112]

S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2012-3-26 214952]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-5-25 15872]

S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-5-25 52224]

S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-7-8 1343400]

.

=============== Created Last 30 ================

.

2012-06-04 20:17:55 118784 ----a-w- c:\windows\system32\MSSTDFMT.DLL

2012-06-04 20:17:55 1071088 ----a-w- c:\windows\system32\MSCOMCTL.OCX

2012-06-04 20:17:20 -------- d-----w- c:\program files\SpywareBlaster

2012-06-04 20:03:06 44376 ----a-w- c:\windows\system32\drivers\aswRdr2.sys

2012-06-04 20:03:04 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2012-06-04 20:03:00 57688 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2012-06-04 20:01:41 41184 ----a-w- c:\windows\avastSS.scr

2012-06-04 20:01:20 -------- d-----w- c:\programdata\AVAST Software

2012-06-04 20:01:20 -------- d-----w- c:\program files\AVAST Software

2012-06-04 19:15:10 -------- d-----w- c:\users\darren\appdata\roaming\SUPERAntiSpyware.com

2012-06-04 19:14:43 -------- d-----w- c:\programdata\SUPERAntiSpyware.com

2012-06-04 19:14:43 -------- d-----w- c:\program files\SUPERAntiSpyware

2012-06-04 18:33:17 6737808 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{ee4f3722-b18e-4c86-ac16-8bd3f6a91ec6}\mpengine.dll

2012-06-04 13:29:50 -------- d-----w- c:\users\darren\appdata\roaming\Malwarebytes

2012-06-04 13:28:34 -------- d-----w- c:\programdata\Malwarebytes

2012-06-04 13:28:32 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-06-04 13:28:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-05-13 10:25:36 -------- d-sh--w- c:\programdata\BAAQYZS

2012-05-13 10:25:20 -------- d-sh--w- c:\programdata\c795ae

2012-05-13 10:05:02 6734704 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll

2012-05-12 21:49:26 -------- d-----w- c:\users\darren\appdata\local\AVG Secure Search

2012-05-12 21:49:09 -------- d-----w- c:\programdata\AVG Secure Search

2012-05-12 21:49:06 -------- d-----w- c:\program files\common files\AVG Secure Search

2012-05-12 21:49:05 -------- d-----w- c:\program files\AVG Secure Search

2012-05-12 21:46:48 -------- d-----w- c:\program files\MSN Toolbar

2012-05-12 21:46:16 -------- d-----w- c:\program files\MSN Messenger

2012-05-12 21:45:22 -------- d--h--w- c:\programdata\Common Files

2012-05-12 21:42:00 -------- d-----w- c:\program files\Microsoft

2012-05-12 21:41:51 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll

2012-05-12 21:41:51 515416 ----a-w- c:\windows\system32\XAudio2_5.dll

2012-05-12 21:41:51 453456 ----a-w- c:\windows\system32\d3dx10_42.dll

2012-05-12 21:41:18 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll

2012-05-12 21:39:51 7450888 ----a-w- c:\program files\common files\windows live\.cache\c190166c1cd308703\bingbarsetup.exe

2012-05-12 21:39:39 15712 ----a-w- c:\program files\common files\windows live\.cache\bb38abf11cd308702\MeshBetaRemover.exe

2012-05-12 21:39:32 537432 ----a-w- c:\program files\common files\windows live\.cache\b6d5226f1cd308701\DXSETUP.exe

2012-05-12 21:39:31 89944 ----a-w- c:\program files\common files\windows live\.cache\b6d5226f1cd308701\DSETUP.dll

2012-05-12 21:39:31 1801048 ----a-w- c:\program files\common files\windows live\.cache\b6d5226f1cd308701\dsetup32.dll

2012-05-12 21:38:10 -------- d-----w- c:\program files\DealPly

2012-05-09 11:46:14 1291632 ----a-w- c:\windows\system32\drivers\tcpip.sys

2012-05-09 11:46:12 936960 ----a-w- c:\program files\common files\microsoft shared\ink\journal.dll

2012-05-09 11:46:11 1221632 ----a-w- c:\program files\windows journal\NBDoc.DLL

2012-05-09 11:46:10 989184 ----a-w- c:\program files\windows journal\JNTFiltr.dll

2012-05-09 11:46:10 969216 ----a-w- c:\program files\windows journal\JNWDRV.dll

2012-05-09 11:46:04 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-05-09 11:46:03 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-05-09 11:46:02 2343424 ----a-w- c:\windows\system32\win32k.sys

2012-05-09 11:45:55 56176 ----a-w- c:\windows\system32\drivers\partmgr.sys

2012-05-09 11:45:54 1077248 ----a-w- c:\windows\system32\DWrite.dll

.

==================== Find3M ====================

.

2012-03-20 19:44:12 74112 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys

2012-03-20 19:44:12 171064 ----a-w- c:\windows\system32\drivers\MpFilter.sys

.

============= FINISH: 22:52:31.20 ===============

DDS.txt

Attach.txt

LDTate · June 6, 2012

Hello and Welcome to the forum.

Looks like you're running 2 anti-virus programs.

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}

Never install more than one Antivirus and Firewall! Rather than giving you extra protection, it will decrease the reliability of it seriously!

The reason for this is that if both products have their automatic (Real-Time) protection switched on, your system may lock up due to both software products attempting to access the same file at the same time.

Also because more than one Antivirus and Firewall installed are not compatible with each other, it can cause system performance problems and a serious system slowdown.

Please do not delete anything unless instructed to.

1.Click Start > Settings > Control Panel.

2.Next, open Add/Remove Programs and remove either:

avast! Antivirus

Microsoft Security Essentials

Reboot and let me know how it's running

Jjude · June 6, 2012

Hi, and thank you for looking at my problem. When the laptop was passed to me to see if i could help, I thought it would be beyond my expertise. It is really, but when you get your teeth into something seems the challenge has been took and you want to face it till the end. I do believe I have gotten rid of most the problems, though that was through the programs like Malwarebytes and Superantispyware etc, rather than what I could do.

I have now removed Avast, which I put on myself not realising microsoft security was also an AV program (as its not something Ive ever used or saw being used. That is one for my notebook.)

When I got the laptop, it had babylon search on chrome which was a pain at first, but hopefull i got rid successfully, mywebsearch was also a problem, and in micro sec, ive just noticed it had quarrentines 2 trojans and a worm, i will remove unless you need the names.

The laptop now seems to be working fine, apart from the touchpad mouse and the keyboard. At the moment Im using a USB mouse, and onboard keyboard, which can be a pain if I need to type from that laptop, fortunately I can use my own laptop for that.

LDTate · June 6, 2012

You need to look in device manager and see if it's disabled

Right Click on My Computer > Properties > Hardware > Device Manager >

See if the mouse and keyboard devices have a red x or yellow ? mark

I'd uninstall them both while in device manager and reboot. See if Windows re-installs them. If it doesn't, then you need to go to the manufactor of the laptop's website and download the drivers for them

Jjude · June 6, 2012

Hi Thanks again for the help, unfortunately being a dell product things arent always where they should be. the device manager had a number of yellow triangles with an exclamation mark in, not one refering to touchpad or keyboard. there isnt any entry refering to either so thank you for your help and I will refer to dell

Much appreciated. Jjude x

LDTate · June 6, 2012

I'd get rid of the FF extensions like this if they don't want them.

FF - user.js: extensions.funmoods_i.hmpg - true

If you have the time, lets also do this:

Please do not attach the scan results from Combofx. Use copy/paste.

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Download ComboFix from one of these locations:

Link 1

Link 2 If using this link, Right Click and select Save As.

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs
Double click on ComboFix.exe & follow the prompts.
Notes: Combofix will run without the Recovery Console installed. Skip the Recovery Console part if you're running Vista or Windows 7.
Note: If you have XP SP3, use the XP SP2 package.
If Vista or Windows 7, skip the Recovery Console part
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt using Copy / Paste in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.

2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.

3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.

4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Give it atleast 20-30 minutes to finish if needed.

Please do not attach the scan results from Combofx. Use copy/paste.

Also please describe how your computer behaves at the moment.

Jjude · June 6, 2012

i do apologize for keeping you waiting i popped out for a while.

ive run cf , here's the log

computer seems to be fine thanks

ComboFix 12-06-06.02 - Darren 06/06/2012 18:48:10.1.2 - x86

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.44.1033.18.3032.2219 [GMT 1:00]

Running from: c:\users\Darren\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}

SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\program files\alotappbar

c:\program files\alotappbar\alotUninst.exe

c:\program files\alotappbar\bin\alotappbar.dll

c:\program files\alotappbar\bin\alothelper.dll

c:\program files\alotappbar\bin\ALOTSettings.exe

c:\program files\alotappbar\bin\alotwidgets.exe

c:\program files\alotappbar\bin\BHO\ALOTHelperBHO.dll

c:\program files\FilmFanatic

c:\program files\FilmFanatic\bar\IE9Mesg\COMMON.T8S

c:\program files\FilmFanatic\bar\Message\COMMON.T8S

c:\program files\FilmFanatic\bar\Settings\s_pid.dat

c:\program files\FilmFanaticEI

c:\program files\FilmFanaticEI\Installr\1.bin\NPpaEISb.dll

c:\program files\FilmFanaticEI\Installr\1.bin\paEIPlug.dll

c:\program files\FilmFanaticEI\Installr\1.bin\paEZSETP.dll

c:\program files\TelevisionFanaticEI

c:\users\Darren\AppData\Roaming\inst.exe

c:\users\Darren\AppData\Roaming\Microsoft\Windows\Recent\ANTIGEN.tmp

c:\users\Darren\AppData\Roaming\Microsoft\Windows\Recent\CLSV.exe

c:\users\Darren\AppData\Roaming\Microsoft\Windows\Recent\delfile.dll

c:\users\Darren\AppData\Roaming\Microsoft\Windows\Recent\dudl.tmp

c:\users\Darren\AppData\Roaming\Microsoft\Windows\Recent\energy.drv

c:\users\Darren\AppData\Roaming\Microsoft\Windows\Recent\energy.exe

c:\users\Darren\AppData\Roaming\Microsoft\Windows\Recent\exec.exe

c:\users\Darren\AppData\Roaming\Microsoft\Windows\Recent\FW.dll

c:\users\Darren\AppData\Roaming\Microsoft\Windows\Recent\grid.tmp

c:\users\Darren\AppData\Roaming\Microsoft\Windows\Recent\hymt.sys

c:\users\Darren\AppData\Roaming\Microsoft\Windows\Recent\pal.exe

c:\users\Darren\AppData\Roaming\Microsoft\Windows\Recent\pal.sys

c:\users\Darren\AppData\Roaming\Microsoft\Windows\Recent\PE.dll

c:\users\Darren\AppData\Roaming\Microsoft\Windows\Recent\PE.tmp

c:\users\Darren\AppData\Roaming\Microsoft\Windows\Recent\runddl.tmp

c:\users\Darren\AppData\Roaming\Microsoft\Windows\Recent\SICKBOY.drv

c:\users\Darren\AppData\Roaming\Microsoft\Windows\Recent\sld.dll

c:\users\Darren\AppData\Roaming\Microsoft\Windows\Recent\std.tmp

c:\users\Darren\AppData\Roaming\Microsoft\Windows\Recent\tjd.drv

c:\users\Darren\AppData\Roaming\vso_ts_preview.xml

c:\windows\Downloaded Program Files\f3initialsetup1.0.1.1.inf

.

((((((((((((((((((((((((( Files Created from 2012-05-06 to 2012-06-06 )))))))))))))))))))))))))))))))

.

2012-06-06 17:44 . 2012-06-06 17:44 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{07D36730-7719-453E-9C25-E0CC43AAFF7C}\offreg.dll

2012-06-06 13:48 . 2012-05-08 16:40 6737808 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{07D36730-7719-453E-9C25-E0CC43AAFF7C}\mpengine.dll

2012-06-04 20:17 . 2010-01-10 17:40 118784 ----a-w- c:\windows\system32\MSSTDFMT.DLL

2012-06-04 20:17 . 2010-01-10 17:40 1071088 ----a-w- c:\windows\system32\MSCOMCTL.OCX

2012-06-04 20:17 . 2012-06-04 20:18 -------- d-----w- c:\program files\SpywareBlaster

2012-06-04 20:01 . 2012-06-06 13:44 -------- d-----w- c:\programdata\AVAST Software

2012-06-04 20:01 . 2012-06-04 20:01 -------- d-----w- c:\program files\AVAST Software

2012-06-04 19:15 . 2012-06-04 19:15 -------- d-----w- c:\users\Darren\AppData\Roaming\SUPERAntiSpyware.com

2012-06-04 19:14 . 2012-06-04 19:15 -------- d-----w- c:\program files\SUPERAntiSpyware

2012-06-04 19:14 . 2012-06-04 19:14 -------- d-----w- c:\programdata\SUPERAntiSpyware.com

2012-06-04 18:33 . 2012-05-08 16:40 6737808 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-06-04 13:29 . 2012-06-04 13:29 -------- d-----w- c:\users\Darren\AppData\Roaming\Malwarebytes

2012-06-04 13:28 . 2012-06-04 13:28 -------- d-----w- c:\programdata\Malwarebytes

2012-06-04 13:28 . 2012-04-04 14:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-06-04 13:28 . 2012-06-04 13:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-05-13 10:25 . 2012-05-13 10:25 -------- d-sh--w- c:\programdata\BAAQYZS

2012-05-13 10:25 . 2012-05-13 10:25 -------- d-sh--w- c:\programdata\c795ae

2012-05-12 21:49 . 2012-05-12 21:49 -------- d-----w- c:\users\Darren\AppData\Local\AVG Secure Search

2012-05-12 21:49 . 2012-05-12 21:49 -------- d-----w- c:\programdata\AVG Secure Search

2012-05-12 21:49 . 2012-05-12 21:49 -------- d-----w- c:\program files\Common Files\AVG Secure Search

2012-05-12 21:49 . 2012-05-12 21:49 -------- d-----w- c:\program files\AVG Secure Search

2012-05-12 21:46 . 2012-05-12 21:46 -------- d-----w- c:\program files\MSN Toolbar

2012-05-12 21:46 . 2012-05-12 21:46 -------- d-----w- c:\program files\MSN Messenger

2012-05-12 21:45 . 2012-05-12 21:45 -------- d--h--w- c:\programdata\Common Files

2012-05-12 21:42 . 2012-05-12 21:42 -------- d-----w- c:\program files\Microsoft

2012-05-12 21:41 . 2009-09-04 16:44 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll

2012-05-12 21:41 . 2009-09-04 16:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll

2012-05-12 21:41 . 2009-09-04 16:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll

2012-05-12 21:41 . 2006-11-29 12:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll

2012-05-12 21:40 . 2012-06-06 13:39 -------- d-----w- c:\program files\Microsoft Silverlight

2012-05-12 21:39 . 2012-05-12 21:39 7450888 ----a-w- c:\program files\Common Files\Windows Live\.cache\c190166c1cd308703\bingbarsetup.exe

2012-05-12 21:39 . 2012-05-12 21:39 15712 ----a-w- c:\program files\Common Files\Windows Live\.cache\bb38abf11cd308702\MeshBetaRemover.exe

2012-05-12 21:39 . 2012-05-12 21:39 537432 ----a-w- c:\program files\Common Files\Windows Live\.cache\b6d5226f1cd308701\DXSETUP.exe

2012-05-12 21:39 . 2012-05-12 21:39 1801048 ----a-w- c:\program files\Common Files\Windows Live\.cache\b6d5226f1cd308701\dsetup32.dll

2012-05-12 21:39 . 2012-05-12 21:39 89944 ----a-w- c:\program files\Common Files\Windows Live\.cache\b6d5226f1cd308701\DSETUP.dll

2012-05-12 21:38 . 2012-06-04 21:52 -------- d-----w- c:\program files\DealPly

2012-05-09 11:46 . 2012-03-30 10:23 1291632 ----a-w- c:\windows\system32\drivers\tcpip.sys

2012-05-09 11:46 . 2012-03-31 04:29 936960 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll

2012-05-09 11:46 . 2012-03-31 04:30 1221632 ----a-w- c:\program files\Windows Journal\NBDoc.DLL

2012-05-09 11:46 . 2012-03-31 04:29 989184 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll

2012-05-09 11:46 . 2012-03-31 04:29 969216 ----a-w- c:\program files\Windows Journal\JNWDRV.dll

2012-05-09 11:46 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-05-09 11:46 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-05-09 11:46 . 2012-03-31 02:36 2343424 ----a-w- c:\windows\system32\win32k.sys

2012-05-09 11:45 . 2012-03-17 07:27 56176 ----a-w- c:\windows\system32\drivers\partmgr.sys

2012-05-09 11:45 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\system32\DWrite.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-03-20 19:44 . 2011-04-27 14:25 74112 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys

2012-03-20 19:44 . 2011-04-18 12:18 171064 ----a-w- c:\windows\system32\drivers\MpFilter.sys

2012-04-21 01:19 . 2012-06-04 19:09 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{f5046a39-68f3-4732-995f-eb2ea26d93fb}"= "c:\program files\MapNeto_1.1\prxtbMap2.dll" [2011-05-09 176936]

.

[HKEY_CLASSES_ROOT\clsid\{f5046a39-68f3-4732-995f-eb2ea26d93fb}]

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]

2012-05-12 21:49 2067328 ----a-w- c:\program files\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f5046a39-68f3-4732-995f-eb2ea26d93fb}]

2011-05-09 09:49 176936 ----a-w- c:\program files\MapNeto_1.1\prxtbMap2.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{f5046a39-68f3-4732-995f-eb2ea26d93fb}"= "c:\program files\MapNeto_1.1\prxtbMap2.dll" [2011-05-09 176936]

"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll" [2012-05-12 2067328]

.

[HKEY_CLASSES_ROOT\clsid\{f5046a39-68f3-4732-995f-eb2ea26d93fb}]

.

[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{F5046A39-68F3-4732-995F-EB2EA26D93FB}"= "c:\program files\MapNeto_1.1\prxtbMap2.dll" [2011-05-09 176936]

.

[HKEY_CLASSES_ROOT\clsid\{f5046a39-68f3-4732-995f-eb2ea26d93fb}]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-10-26 39408]

"Software Informer"="c:\program files\Software Informer\softinfo.exe" [2009-11-25 2011205]

"Facebook Update"="c:\users\Darren\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-02-28 137536]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-12-08 421736]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]

"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-05-12 1116544]

.

c:\users\Darren\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

BBC iPlayer Desktop.lnk - c:\program files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe [N/A]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys [x]

R0 szkg5;szkg5;c:\windows\system32\DRIVERS\szkg.sys [x]

R0 szkgfs;szkgfs;c:\windows\system32\drivers\szkgfs.sys [x]

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-10-26 136176]

R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-04-01 183560]

R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-10-26 136176]

R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2009-09-07 7168]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-21 129976]

R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [2011-08-02 18432]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-20 74112]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 214952]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-07-08 1343400]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]

S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]

S2 BecHelperService;BecHelperService;c:\program files\3 Mobile Broadband\3Connect\BecHelperService.exe [2010-01-28 1737464]

S2 vToolbarUpdater11.0.2;vToolbarUpdater11.0.2;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe [2012-05-12 932736]

S3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [2011-05-10 47360]

S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-07-13 311296]

.

Contents of the 'Scheduled Tasks' folder

.

2012-06-04 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2379781473-1076266429-366681059-1000Core.job

- c:\users\Darren\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-02-28 21:26]

.

2012-06-06 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2379781473-1076266429-366681059-1000UA.job

- c:\users\Darren\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-02-28 21:26]

.

2012-06-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-26 17:34]

.

2012-06-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-26 17:34]

.

------- Supplementary Scan -------

.

uInternet Settings,ProxyOverride = *.local

TCP: DhcpNameServer = 192.168.2.1

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\11.0.2\ViProtocol.dll

FF - ProfilePath - c:\users\Darren\AppData\Roaming\Mozilla\Firefox\Profiles\oovn7040.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/

FF - user.js: extensions.funmoods_i.hmpg - true

FF - user.js: extensions.funmoods_i.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=fmacs

FF - user.js: extensions.funmoods_i.dfltSrch - true

FF - user.js: extensions.funmoods_i.srchPrvdr - Search

FF - user.js: extensions.funmoods_i.dnsErr - true

FF - user.js: extensions.funmoods_i.newTab - true

FF - user.js: extensions.funmoods_i.newTabUrl - hxxp://start.funmoods.com/?f=2&a=fmacs

FF - user.js: extensions.funmoods_i.tlbrSrchUrl - hxxp://start.funmoods.com/results.php?f=3&a=fmacs&q=

FF - user.js: extensions.funmoods_i.id - 007eed7b00000000000000225fa43919

FF - user.js: extensions.funmoods_i.instlDay - 15440

FF - user.js: extensions.funmoods_i.vrsn - 1.5.12.2

FF - user.js: extensions.funmoods_i.vrsni - 1.5.12.2

FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.12.220:08

FF - user.js: extensions.funmoods_i.prtnrId - funmoods

FF - user.js: extensions.funmoods_i.prdct - funmoods

FF - user.js: extensions.funmoods_i.aflt - fmacs

FF - user.js: extensions.funmoods_i.smplGrp - none

FF - user.js: extensions.funmoods_i.tlbrId - base

FF - user.js: extensions.funmoods_i.instlRef -

FF - user.js: extensions.funmoods_i.dfltLng -

FF - user.js: extensions.funmoods_i.excTlbr - false

.

- - - - ORPHANS REMOVED - - - -

.

BHO-{85F5CF95-EC8F-49fc-BB3F-38C79455CBA2} - c:\program files\alotappbar\bin\BHO\ALOTHelperBHO.dll

Toolbar-{A531D99C-5A22-449b-83DA-872725C6D0ED} - c:\program files\alotappbar\bin\ALOTHelper.dll

WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)

WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)

HKCU-Run-fsm - (no file)

AddRemove-alotAppbar - c:\program files\alotappbar\alotUninst.exe

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-2379781473-1076266429-366681059-1000\Software\AppDataLow\Software\Conduit\Community Alerts\Settings\Locales\e*n**.ùÌ³gS]

@Allowed: (Read) (RestrictedCode)

@SACL=(02 0001)

"LP_LastUpdateTime"="0"

"LP_LastCheckTime"=dword:4ed9fea2

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-06-06 18:56:58

ComboFix-quarantined-files.txt 2012-06-06 17:56

.

Pre-Run: 130,808,455,168 bytes free

Post-Run: 131,667,365,888 bytes free

.

- - End Of File - - 334E6164065B4F14B93FDF8C22AABF44

LDTate · June 6, 2012

Do you want to remove these? extensions.funmoods

Jjude · June 6, 2012

yes but having trouble finding them.

LDTate · June 6, 2012

I've give you a fix in a minute.

LDTate · June 6, 2012

Copy/paste the text in the Codebox below into notepad:

Here's how to do that:

Click Start > Run type Notepad click OK.

This will open an empty notepad file:

Take your mouse, and place your cursor at the beginning of the text in the box below, then click and hold the left mouse button, while pulling your mouse over the text. This should highlight the text. Now release the left mouse button. Now, with the cursor over the highlighted text, right click the mouse for options, and select 'copy'. Now over the empty Notepad box, right click your mouse again, and select 'paste' and you will have copied and pasted the text.

KillAll::

FireFox::
FF - ProfilePath - c:\users\Darren\AppData\Roaming\Mozilla\Firefox\Profiles\oovn7040.default\
FF - user.js: extensions.funmoods_i.hmpg - true
FF - user.js: extensions.funmoods_i.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=fmacs
FF - user.js: extensions.funmoods_i.dfltSrch - true
FF - user.js: extensions.funmoods_i.srchPrvdr - Search
FF - user.js: extensions.funmoods_i.dnsErr - true
FF - user.js: extensions.funmoods_i.newTab - true
FF - user.js: extensions.funmoods_i.newTabUrl - hxxp://start.funmoods.com/?f=2&a=fmacs
FF - user.js: extensions.funmoods_i.tlbrSrchUrl - hxxp://start.funmoods.com/results.php?f=3&a=fmacs&q=
FF - user.js: extensions.funmoods_i.id - 007eed7b00000000000000225fa43919
FF - user.js: extensions.funmoods_i.instlDay - 15440
FF - user.js: extensions.funmoods_i.vrsn - 1.5.12.2
FF - user.js: extensions.funmoods_i.vrsni - 1.5.12.2
FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.12.220:08
FF - user.js: extensions.funmoods_i.prtnrId - funmoods
FF - user.js: extensions.funmoods_i.prdct - funmoods
FF - user.js: extensions.funmoods_i.aflt - fmacs
FF - user.js: extensions.funmoods_i.smplGrp - none
FF - user.js: extensions.funmoods_i.tlbrId - base
FF - user.js: extensions.funmoods_i.instlRef -
FF - user.js: extensions.funmoods_i.dfltLng -
FF - user.js: extensions.funmoods_i.excTlbr - false

Save this file to your desktop, Save this as "CFScript"

Here's how to do that:

1.Click File;

2.Click Save As... Change the directory to your desktop;

3.Change the Save as type to "All Files";

4.Type in the file name: CFScript

5.Click Save ...

Drag CFScript.txt into ComboFix.exe

Then post the results log using Copy / Paste

Also please describe how your computer behaves at the moment.

LDTate · June 6, 2012

That might not work because you're using IE9 which strips everything away so I'll add the fix as a text attachment.

Open it in Notepad Save this as "CFScript"

Drag CFScript.txt into ComboFix.exe

CFScript.txt

Jjude · June 6, 2012

sorry, already done before I saw your last post, now i cant open IE Firefox or chrome.

LDTate · June 6, 2012

Do a shutdown / restart

Jjude · June 6, 2012

that worked, do you want the log from the first instruction, or should I just go ahead and do the second then post the log.

LDTate · June 6, 2012

Just do the second one using the attached text file.

BTW, did you get the mouse / keyboard working?

LDTate · June 6, 2012

I'll be offline for a about 90 mins.

Jjude · June 6, 2012

results of the second scan . no unfortunately i didn't sort kb/mouse , downloaded touchpad driver but it didn't work .still using usb mouse and onboard keyboard . thank you for this help your star. and your 90 min break will give me time to tidy round and get in half hour practice on the piano.

ComboFix 12-06-06.02 - Darren 06/06/2012 20:06:04.3.2 - x86

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.44.1033.18.3032.2208 [GMT 1:00]

Running from: c:\users\Darren\Desktop\ComboFix.exe

Command switches used :: c:\users\Darren\Desktop\CFScript.txt

AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}

SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

((((((((((((((((((((((((( Files Created from 2012-05-06 to 2012-06-06 )))))))))))))))))))))))))))))))

.

2012-06-06 19:12 . 2012-06-06 19:12 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-06-06 18:16 . 2012-05-08 16:40 6737808 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{49028A88-32E3-4D99-BFEB-5FA153427D13}\mpengine.dll

2012-06-06 17:57 . 2012-06-06 19:13 -------- d-----w- c:\users\Darren\AppData\Local\temp