Jump to content

Am I Infected?


Recommended Posts

Sorry, i'm pretty new with all this stuff, but i believe i may have been keylogged as an account of mine has been used, even though i have never given the information away or used it on any unauthorized websites, afaik. Is my computer infected with anything? My hijackthis log:

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 16:41:21, on 01/01/2013

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v9.00 (9.00.8112.16457)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\HP SimplePass\TouchControl.exe

C:\Program Files (x86)\Steam\Steam.exe

C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe

C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe

C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe

C:\PROGRA~2\AD-AWA~1\AdAware.exe

C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe

C:\Users\Callum\Desktop\HijackThis.exe

C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe

C:\Windows\SysWOW64\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPNOT/2

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.funmoods.com/?f=1&a=axl&chnl=axl&cd=2XzuyEtN2Y1L1Qzu0E0Czy0AyByEyCtA0Bzz0D0DyCzzyB0AtN0D0Tzu0CtBtAyEtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1536472930

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPNOT/2

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.funmoods.com/?f=1&a=axl&chnl=axl&cd=2XzuyEtN2Y1L1Qzu0E0Czy0AyByEyCtA0Bzz0D0DyCzzyB0AtN0D0Tzu0CtBtAyEtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1536472930

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\coIEPlg.dll

O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\IPS\IPSBHO.DLL

O2 - BHO: Funmoods Helper Object - {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} - (no file)

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll

O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\coIEPlg.dll

O4 - HKLM\..\Run: [HPQuickWebProxy] "C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe

O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"

O4 - HKLM\..\Run: [ROC_roc_ssl_v12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12

O4 - HKLM\..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

O4 - HKLM\..\Run: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"

O4 - HKLM\..\Run: [Ad-Aware Antivirus] "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run

O4 - HKCU\..\Run: [Google Update] "C:\Users\Callum\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [KPeerNexonEU] C:\Nexon\NEXON_EU_Downloader\nxEULauncher.exe

O4 - HKCU\..\Run: [PeerBlock] C:\Program Files (x86)\PeerBlock\peerblock.exe

O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorun

O4 - HKCU\..\Run: [EPSON474F6D (Epson Stylus Office BX305)] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGJE.EXE /FU "C:\Windows\TEMP\E_S83E3.tmp" /EF "HKCU"

O4 - HKCU\..\Run: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe

O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (file missing)

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O23 - Service: Ad-Aware Service - Lavasoft Limited - C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: EPSON V5 Service4(04) (EPSON_EB_RPCV4_04) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE

O23 - Service: EPSON V3 Service4(04) (EPSON_PM_RPCV4_04) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE

O23 - Service: Easybits Services for Windows (ezSharedSvc) - EasyBits Software AS - C:\Windows\System32\ezSharedSvcHost.exe

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: TrueSuiteService (FPLService) - HP - C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe

O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe

O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

O23 - Service: HP Client Services (HPClientSvc) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe

O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe

O23 - Service: HPWMISVC - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe

O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

O23 - Service: IconMan_R - Realsil Microelectronics Inc. - C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Intel® Identity Protection Technology Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Ad-Aware (SBAMSvc) - GFI Software - C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe

O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

O23 - Service: TrueAPI Service component (TrueService) - AuthenTec, Inc. - C:\Program Files\Common Files\AuthenTec\TrueService.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 14783 bytes

Thanks in advance

Link to post
Share on other sites

MBAM LOG:

Malwarebytes Anti-Malware 1.70.0.1100

www.malwarebytes.org

Database version: v2013.01.01.03

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Callum :: CALLUM-HP [administrator]

01/01/2013 18:55:56

mbam-log-2013-01-01 (18-55-56).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 207238

Time elapsed: 1 minute(s), 3 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

DDS LOG:

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.7.2

Run by Callum at 18:56:45 on 2013-01-01

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.6092.3806 [GMT 0:00]

.

AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}

SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Program Files\IDT\WDM\STacSV64.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Program Files (x86)\HP SimplePass\TouchControl.exe

C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE

C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE

C:\Windows\SysWOW64\ezSharedSvcHost.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\PeerBlock\peerblock.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe

C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\IDT\WDM\sttray64.exe

C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Windows\system32\svchost.exe -k WbioSvcGroup

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Steam\Steam.exe

C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe

C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe

C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe

C:\Program Files\Common Files\AuthenTec\TrueService.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\Common Files\AuthenTec\TrueService.exe

C:\Program Files (x86)\Common Files\Steam\SteamService.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE

C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files (x86)\Internet Explorer\IELowutil.exe

C:\Users\Callum\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Callum\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Callum\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Callum\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Callum\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Callum\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Callum\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Callum\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://start.funmoods.com/?f=1&a=axl&chnl=axl&cd=2XzuyEtN2Y1L1Qzu0E0Czy0AyByEyCtA0Bzz0D0DyCzzyB0AtN0D0Tzu0CtBtAyEtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1536472930

mStart Page = hxxp://start.funmoods.com/?f=1&a=axl&chnl=axl&cd=2XzuyEtN2Y1L1Qzu0E0Czy0AyByEyCtA0Bzz0D0DyCzzyB0AtN0D0Tzu0CtBtAyEtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1536472930

mWinlogon: Userinit = C:\Windows\System32\userinit.exe

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll

uRun: [Google Update] "C:\Users\Callum\AppData\Local\Google\Update\GoogleUpdate.exe" /c

uRun: [KPeerNexonEU] C:\Nexon\NEXON_EU_Downloader\nxEULauncher.exe

uRun: [PeerBlock] C:\Program Files (x86)\PeerBlock\peerblock.exe

uRun: [EPSON474F6D (Epson Stylus Office BX305)] C:\Windows\System32\spool\DRIVERS\x64\3\E_IATIGJE.EXE /FU "C:\Windows\TEMP\E_S83E3.tmp" /EF "HKCU"

uRun: [AdobeBridge] <no file>

uRunOnce: [adawarebp] reg.exe delete "HKCU\Software\AppDataLow\Software\adawarebp" /f

uRunOnce: [adawarebp_XP] reg.exe delete "HKCU\Software\adawarebp" /f

uRunOnce: [adawarebp_DATA_FOLDER] cmd.exe /c rmdir "C:\ProgramData\Ad-Aware Browsing Protection" /s /q

uRunOnce: [adawarebp_INSTALL_FOLDER] cmd.exe /c rmdir "C:\Users\Callum\AppData\Local\adawarebp" /s /q

mRun: [HPQuickWebProxy] "C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"

mRun: [ROC_roc_ssl_v12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12

mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min

mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-Explorer: EnableShellExecuteHooks = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

mPolicies-System: HideFastUserSwitching = dword:0

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

LSP: C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll

.

INFO: HKCU has more than 50 listed domains.

If you wish to scan all of them, select the 'Force scan all domains' option.

.

.

INFO: HKLM has more than 50 listed domains.

If you wish to scan all of them, select the 'Force scan all domains' option.

.

TCP: NameServer = 192.168.1.1

TCP: Interfaces\{3658501E-6CF7-4167-B69C-B20F0BB694FE} : DHCPNameServer = 192.168.1.1

TCP: Interfaces\{3658501E-6CF7-4167-B69C-B20F0BB694FE}\244575966496D277964786D264F4E4 : DHCPNameServer = 192.168.22.22 192.168.22.23

TCP: Interfaces\{3658501E-6CF7-4167-B69C-B20F0BB694FE}\244584F6D65684572623D273051545 : DHCPNameServer = 192.168.1.254

TCP: Interfaces\{3658501E-6CF7-4167-B69C-B20F0BB694FE}\75962756C6563737 : DHCPNameServer = 192.168.1.1

TCP: Interfaces\{3658501E-6CF7-4167-B69C-B20F0BB694FE}\E45445745414256393 : DHCPNameServer = 192.168.0.1

TCP: Interfaces\{3658501E-6CF7-4167-B69C-B20F0BB694FE}\E4544574541425D2445716C62416E646D2E4 : DHCPNameServer = 192.168.0.1

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SSODL: WebCheck - <orphaned>

mASetup: {F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} - msiexec /fu {F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} /qn

x64-mStart Page = hxxp://start.funmoods.com/?f=1&a=axl&chnl=axl&cd=2XzuyEtN2Y1L1Qzu0E0Czy0AyByEyCtA0Bzz0D0DyCzzyB0AtN0D0Tzu0CtBtAyEtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1536472930

x64-BHO: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} -

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe

x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe

x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe

x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe

x64-Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe

x64-Run: [setDefault] C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe

x64-Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun

x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"

x64-IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} -

.

INFO: x64-HKLM has more than 50 listed domains.

If you wish to scan all of them, select the 'Force scan all domains' option.

.

x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-Notify: igfxcui - igfxdev.dll

x64-SSODL: WebCheck - <orphaned>

Hosts: 127.0.0.1 www.spywareinfo.com

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Callum\AppData\Roaming\Mozilla\Firefox\Profiles\580o8hg2.default\

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\npsitesafety.dll

FF - plugin: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll

FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Users\Callum\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll

FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll

FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1167637.dll

FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll

FF - plugin: C:\Windows\SysWOW64\npmproxy.dll

.

============= SERVICES / DRIVERS ===============

.

R0 gfibto;gfibto;C:\Windows\System32\drivers\gfibto.sys [2013-1-1 14456]

R1 avkmgr;avkmgr;C:\Windows\System32\drivers\avkmgr.sys [2013-1-1 27800]

R2 AntiVirMailService;Avira Mail Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe [2013-1-1 400160]

R2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2013-1-1 85280]

R2 AntiVirService;Avira Real-Time Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2013-1-1 109344]

R2 AntiVirWebService;Avira Web Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe [2013-1-1 565024]

R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2013-1-1 99912]

R2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [2012-8-29 166400]

R2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [2012-8-29 128512]

R2 ezSharedSvc;Easybits Services for Windows;C:\Windows\System32\ezSharedSvcHost.exe --> C:\Windows\System32\ezSharedSvcHost.exe [?]

R2 FPLService;TrueSuiteService;C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe [2012-9-3 1641320]

R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528]

R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]

R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2012-9-6 197536]

R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-3-5 35200]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-12-12 13592]

R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-12-12 2425960]

R2 jhi_service;Intel® Identity Protection Technology Host Interface Service;C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe [2011-2-24 212944]

R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-12-12 2656280]

R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\System32\drivers\clwvd.sys [2010-7-28 31088]

R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-8-26 317440]

R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2011-12-12 1860672]

R3 pbfilter;pbfilter;C:\Program Files (x86)\PeerBlock\pbfilter.sys [2012-8-13 24176]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-12-12 565352]

R3 TrueService;TrueAPI Service component;C:\Program Files\Common Files\AuthenTec\TrueService.exe [2012-7-16 401256]

RUnknown EraserUtilRebootDrv;EraserUtilRebootDrv; [x]

RUnknown SymIRON;SymIRON; [x]

RUnknown SymNetS;SymNetS; [x]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]

S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]

S3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2011-12-12 339048]

S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]

S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]

S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]

S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-9-28 53760]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-8-14 1255736]

S3 WSDScan;WSD Scan Support via UMB;C:\Windows\System32\drivers\WSDScan.sys [2009-7-14 25088]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]

.

=============== Created Last 30 ================

.

2013-01-01 17:11:00 564824 ----a-w- C:\Windows\System32\drivers\sptd.sys

2013-01-01 17:08:28 -------- d-----w- C:\Users\Callum\AppData\Roaming\Avira

2013-01-01 17:07:04 -------- d-----w- C:\Users\Callum\AppData\Roaming\Malwarebytes

2013-01-01 17:02:48 99912 ----a-w- C:\Windows\System32\drivers\avgntflt.sys

2013-01-01 17:02:48 27800 ----a-w- C:\Windows\System32\drivers\avkmgr.sys

2013-01-01 17:02:47 -------- d-----w- C:\ProgramData\Avira

2013-01-01 17:02:47 -------- d-----w- C:\Program Files (x86)\Avira

2013-01-01 16:24:38 -------- d-----w- C:\ProgramData\TrueSuite

2013-01-01 16:07:06 -------- d-----w- C:\Windows\pss

2013-01-01 15:58:27 -------- d-----w- C:\Program Files (x86)\HP SimplePass

2013-01-01 15:56:36 -------- d-----w- C:\Program Files\Common Files\AuthenTec

2013-01-01 15:56:36 -------- d-----w- C:\Program Files (x86)\Common Files\AuthenTec

2013-01-01 15:56:30 -------- d-----w- C:\ProgramData\HP SimplePass 2011

2013-01-01 15:33:20 -------- d-----w- C:\Users\Callum\AppData\Roaming\Symantec

2013-01-01 15:25:24 -------- d-----w- C:\Users\Callum\AppData\Roaming\LavasoftStatistics

2013-01-01 15:24:47 -------- d-----w- C:\Users\Callum\AppData\Local\Downloaded Installations

2013-01-01 15:24:40 14456 ----a-w- C:\Windows\System32\drivers\gfibto.sys

2013-01-01 15:24:26 -------- d-----w- C:\ProgramData\blekko toolbars

2013-01-01 15:24:25 -------- d-----w- C:\Users\Callum\AppData\Local\adawarebp

2013-01-01 15:24:24 -------- d-----w- C:\ProgramData\Ad-Aware Browsing Protection

2013-01-01 15:24:19 -------- d-----w- C:\Program Files (x86)\adawaretb

2013-01-01 15:24:18 -------- d-----w- C:\Program Files (x86)\Toolbar Cleaner

2013-01-01 15:23:12 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy

2013-01-01 15:23:12 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy

2013-01-01 15:21:30 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys

2013-01-01 15:21:30 -------- d-----w- C:\ProgramData\Malwarebytes

2013-01-01 15:21:30 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-01-01 15:21:20 -------- d-----w- C:\Users\Callum\AppData\Local\Programs

2013-01-01 15:19:32 -------- d-----w- C:\Users\Callum\AppData\Local\Avg2013

2012-12-25 23:33:14 -------- d-----w- C:\Program Files\CCleaner

2012-12-25 19:12:16 -------- d-----w- C:\Users\Callum\AppData\Roaming\Panda Security

2012-12-25 19:10:23 -------- d-----w- C:\ProgramData\Panda Security

2012-12-25 19:10:23 -------- d-----w- C:\Program Files (x86)\Panda Security

2012-12-25 19:08:55 -------- d-----w- C:\ProgramData\AVAST Software

2012-12-25 19:08:55 -------- d-----w- C:\Program Files\AVAST Software

2012-12-24 22:25:14 -------- d-----w- C:\Program Files (x86)\Rob Papen

2012-12-24 21:44:17 -------- d-----w- C:\Users\Callum\AppData\Roaming\KORG

2012-12-24 21:40:58 -------- d-----w- C:\Program Files (x86)\Common Files\KORG

2012-12-24 21:40:54 -------- d-----w- C:\Users\Callum\AppData\Roaming\FXpansion

2012-12-24 21:40:51 -------- d-----w- C:\ProgramData\KORG

2012-12-24 21:40:51 -------- d-----w- C:\Program Files (x86)\KORG Legacy

2012-12-24 21:39:49 -------- d-----w- C:\Program Files (x86)\FXpansion

2012-12-23 18:23:29 -------- d-----w- C:\Program Files\iPod

2012-12-23 18:23:28 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

2012-12-23 18:23:28 -------- d-----w- C:\Program Files\iTunes

2012-12-23 18:23:28 -------- d-----w- C:\Program Files (x86)\iTunes

2012-12-22 03:00:28 46080 ----a-w- C:\Windows\System32\atmlib.dll

2012-12-22 03:00:28 367616 ----a-w- C:\Windows\System32\atmfd.dll

2012-12-22 03:00:28 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll

2012-12-22 03:00:27 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll

2012-12-19 09:24:28 -------- d-----r- C:\Program Files (x86)\Skype

2012-12-18 12:31:03 -------- d-----w- C:\Users\Callum\AppData\Local\Microsoft Games

2012-12-15 18:28:15 -------- d-----w- C:\Users\Callum\AppData\Roaming\TuneUp Software

2012-12-15 17:19:17 -------- d-----w- C:\Users\Callum\AppData\Local\MFAData

2012-12-12 19:10:06 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2012-12-12 19:10:06 2048 ----a-w- C:\Windows\System32\tzres.dll

2012-12-12 19:10:03 3149824 ----a-w- C:\Windows\System32\win32k.sys

2012-12-11 16:18:53 -------- d-----w- C:\Users\Callum\AppData\Roaming\Research In Motion

2012-12-11 16:18:13 -------- d-----w- C:\ProgramData\Research In Motion

2012-12-11 15:28:08 53248 ----a-r- C:\Users\Callum\AppData\Roaming\Microsoft\Installer\{38676C9C-270F-43D1-926A-E45DE8820A6B}\ARPPRODUCTICON.exe

2012-12-11 14:20:33 -------- d-----w- C:\ProgramData\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF}

2012-12-10 15:51:03 -------- d-----w- C:\Users\Callum\AppData\Roaming\Trine2

2012-12-10 15:47:57 -------- d-----w- C:\Users\Callum\AppData\Local\SKIDROW

2012-12-10 15:38:52 -------- d-----w- C:\Program Files (x86)\Frozenbyte

2012-12-10 15:11:03 -------- d-----w- C:\Program Files (x86)\Common Files\Steam

2012-12-10 15:11:02 -------- d-----w- C:\Program Files (x86)\Steam

2012-12-02 20:41:23 -------- d-----w- C:\ProgramData\Cakewalk

2012-12-02 20:41:23 -------- d-----w- C:\Program Files\Cakewalk

.

==================== Find3M ====================

.

2012-11-14 06:11:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll

2012-11-14 06:04:11 1392128 ----a-w- C:\Windows\System32\wininet.dll

2012-11-14 06:02:49 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-11-14 05:57:46 599040 ----a-w- C:\Windows\System32\vbscript.dll

2012-11-14 05:57:35 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2012-11-14 05:52:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-11-14 02:09:22 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-11-14 01:58:15 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-11-14 01:57:37 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-11-14 01:49:25 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-11-14 01:48:27 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll

2012-11-14 01:44:42 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-11-02 05:59:11 478208 ----a-w- C:\Windows\System32\dpnet.dll

2012-11-02 05:11:31 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll

2012-10-16 08:38:37 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll

2012-10-16 08:38:34 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll

2012-10-16 07:39:52 561664 ----a-w- C:\Windows\apppatch\AcLayers.dll

2012-10-10 17:35:58 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

2012-10-10 17:35:58 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll

2012-10-10 17:35:58 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2012-10-09 18:17:13 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll

2012-10-09 18:17:13 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll

2012-10-09 17:40:31 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll

2012-10-09 17:40:31 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll

2012-10-04 17:46:16 362496 ----a-w- C:\Windows\System32\wow64win.dll

2012-10-04 17:46:15 243200 ----a-w- C:\Windows\System32\wow64.dll

2012-10-04 17:46:15 13312 ----a-w- C:\Windows\System32\wow64cpu.dll

2012-10-04 17:45:55 215040 ----a-w- C:\Windows\System32\winsrv.dll

2012-10-04 17:43:28 16384 ----a-w- C:\Windows\System32\ntvdm64.dll

2012-10-04 17:41:16 424960 ----a-w- C:\Windows\System32\KernelBase.dll

2012-10-04 16:47:41 5120 ----a-w- C:\Windows\SysWow64\wow32.dll

2012-10-04 16:47:41 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll

2012-10-04 15:21:55 338432 ----a-w- C:\Windows\System32\conhost.exe

2012-10-04 14:46:46 7680 ----a-w- C:\Windows\SysWow64\instnm.exe

2012-10-04 14:46:46 25600 ----a-w- C:\Windows\SysWow64\setup16.exe

2012-10-04 14:46:44 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll

2012-10-04 14:46:43 2048 ----a-w- C:\Windows\SysWow64\user.exe

2012-10-04 14:41:50 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

2012-10-04 14:41:50 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

2012-10-04 14:41:50 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

2012-10-04 14:41:50 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

.

============= FINISH: 18:57:09.15 ===============

Link to post
Share on other sites

  • Staff

Hi,

Please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

If after ComboFix reboots you get a message about an "Invalid Option Registry Key Marked for Deletion," please reboot again and the error will go away.

-screen317

Link to post
Share on other sites

Combofix:

ComboFix 13-01-01.02 - Callum 01/01/2013 19:17:27.1.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.6092.4273 [GMT 0:00]

Running from: c:\users\Callum\Desktop\ComboFix.exe

AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}

SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((( Files Created from 2012-12-01 to 2013-01-01 )))))))))))))))))))))))))))))))

.

.

2013-01-01 19:22 . 2013-01-01 19:22 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-01-01 17:11 . 2013-01-01 17:11 564824 ----a-w- c:\windows\system32\drivers\sptd.sys

2013-01-01 17:08 . 2013-01-01 17:08 -------- d-----w- c:\users\Callum\AppData\Roaming\Avira

2013-01-01 17:07 . 2013-01-01 17:07 -------- d-----w- c:\users\Callum\AppData\Roaming\Malwarebytes

2013-01-01 17:02 . 2013-01-01 17:00 27800 ----a-w- c:\windows\system32\drivers\avkmgr.sys

2013-01-01 17:02 . 2013-01-01 17:00 129216 ----a-w- c:\windows\system32\drivers\avipbb.sys

2013-01-01 17:02 . 2013-01-01 17:00 99912 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2013-01-01 17:02 . 2013-01-01 17:02 -------- d-----w- c:\programdata\Avira

2013-01-01 17:02 . 2013-01-01 17:02 -------- d-----w- c:\program files (x86)\Avira

2013-01-01 16:24 . 2013-01-01 16:24 -------- d-----w- c:\programdata\TrueSuite

2013-01-01 15:58 . 2013-01-01 15:59 -------- d-----w- c:\program files (x86)\HP SimplePass

2013-01-01 15:56 . 2013-01-01 15:56 -------- d-----w- c:\program files\Common Files\AuthenTec

2013-01-01 15:56 . 2013-01-01 15:56 -------- d-----w- c:\program files (x86)\Common Files\AuthenTec

2013-01-01 15:56 . 2013-01-01 15:56 -------- d-----w- c:\programdata\HP SimplePass 2011

2013-01-01 15:33 . 2013-01-01 15:33 -------- d-----w- c:\users\Callum\AppData\Roaming\Symantec

2013-01-01 15:25 . 2013-01-01 15:25 -------- d-----w- c:\users\Callum\AppData\Roaming\LavasoftStatistics

2013-01-01 15:24 . 2013-01-01 15:24 -------- d-----w- c:\users\Callum\AppData\Local\Downloaded Installations

2013-01-01 15:24 . 2013-01-01 15:24 14456 ----a-w- c:\windows\system32\drivers\gfibto.sys

2013-01-01 15:24 . 2013-01-01 15:24 -------- d-----w- c:\programdata\blekko toolbars

2013-01-01 15:24 . 2013-01-01 15:24 -------- d-----w- c:\users\Callum\AppData\Local\adawarebp

2013-01-01 15:24 . 2013-01-01 15:24 -------- d-----w- c:\programdata\Ad-Aware Browsing Protection

2013-01-01 15:24 . 2013-01-01 15:24 -------- d-----w- c:\program files (x86)\adawaretb

2013-01-01 15:24 . 2013-01-01 15:24 -------- d-----w- c:\program files (x86)\Toolbar Cleaner

2013-01-01 15:23 . 2013-01-01 17:29 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2013-01-01 15:23 . 2013-01-01 16:17 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy

2013-01-01 15:21 . 2013-01-01 15:21 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2013-01-01 15:21 . 2013-01-01 15:21 -------- d-----w- c:\programdata\Malwarebytes

2013-01-01 15:21 . 2012-12-14 16:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-01-01 15:21 . 2013-01-01 15:21 -------- d-----w- c:\users\Callum\AppData\Local\Programs

2013-01-01 15:19 . 2013-01-01 15:19 -------- d-----w- c:\users\Callum\AppData\Local\Avg2013

2012-12-25 23:33 . 2012-12-25 23:33 -------- d-----w- c:\program files\CCleaner

2012-12-25 19:28 . 2012-12-25 19:28 -------- d-----w- c:\programdata\RoboForm

2012-12-25 19:12 . 2012-12-25 19:12 -------- d-----w- c:\users\Callum\AppData\Roaming\Panda Security

2012-12-25 19:10 . 2013-01-01 15:34 -------- d-----w- c:\program files (x86)\Panda Security

2012-12-25 19:10 . 2012-12-25 19:10 -------- d-----w- c:\programdata\Panda Security

2012-12-25 19:10 . 2012-10-30 22:50 285328 ----a-w- c:\windows\system32\aswBoot.exe

2012-12-25 19:08 . 2012-12-25 23:08 -------- d-----w- c:\programdata\AVAST Software

2012-12-25 19:08 . 2012-12-25 19:08 -------- d-----w- c:\program files\AVAST Software

2012-12-24 22:25 . 2012-12-24 22:42 -------- d-----w- c:\program files (x86)\Rob Papen

2012-12-24 21:44 . 2012-12-24 21:44 -------- d-----w- c:\users\Callum\AppData\Roaming\KORG

2012-12-24 21:40 . 2012-12-24 21:41 -------- d-----w- c:\program files (x86)\Common Files\KORG

2012-12-24 21:40 . 2012-12-24 21:45 -------- d-----w- c:\users\Callum\AppData\Roaming\FXpansion

2012-12-24 21:40 . 2012-12-24 21:41 -------- d-----w- c:\program files (x86)\KORG Legacy

2012-12-24 21:40 . 2012-12-24 21:40 -------- d-----w- c:\programdata\KORG

2012-12-24 21:39 . 2012-12-24 21:42 -------- d-----w- c:\program files (x86)\FXpansion

2012-12-23 18:23 . 2012-12-23 18:23 -------- d-----w- c:\program files\iPod

2012-12-23 18:23 . 2012-12-23 18:23 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69

2012-12-23 18:23 . 2012-12-23 18:23 -------- d-----w- c:\program files\iTunes

2012-12-23 18:23 . 2012-12-23 18:23 -------- d-----w- c:\program files (x86)\iTunes

2012-12-23 18:13 . 2012-12-23 18:13 -------- d-----w- c:\users\Callum\AppData\Local\Mozilla

2012-12-23 18:13 . 2012-12-23 18:13 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service

2012-12-22 03:00 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll

2012-12-22 03:00 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll

2012-12-22 03:00 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll

2012-12-22 03:00 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll

2012-12-19 09:24 . 2012-12-19 09:24 -------- d-----w- c:\program files (x86)\Common Files\Skype

2012-12-19 09:24 . 2012-12-19 09:24 -------- d-----r- c:\program files (x86)\Skype

2012-12-18 12:31 . 2012-12-18 12:46 -------- d-----w- c:\users\Callum\AppData\Local\Microsoft Games

2012-12-15 18:28 . 2012-12-15 18:28 -------- d-----w- c:\users\Callum\AppData\Roaming\TuneUp Software

2012-12-15 17:19 . 2012-12-15 17:19 -------- d-----w- c:\users\Callum\AppData\Local\MFAData

2012-12-12 19:10 . 2012-11-09 05:45 2048 ----a-w- c:\windows\system32\tzres.dll

2012-12-12 19:10 . 2012-11-09 04:42 2048 ----a-w- c:\windows\SysWow64\tzres.dll

2012-12-12 19:10 . 2012-11-22 03:26 3149824 ----a-w- c:\windows\system32\win32k.sys

2012-12-11 16:18 . 2012-12-11 16:19 -------- d-----w- c:\users\Callum\AppData\Roaming\Research In Motion

2012-12-11 16:18 . 2012-12-11 16:18 -------- d-----w- c:\programdata\Research In Motion

2012-12-11 15:28 . 2012-12-11 15:28 53248 ----a-r- c:\users\Callum\AppData\Roaming\Microsoft\Installer\{38676C9C-270F-43D1-926A-E45DE8820A6B}\ARPPRODUCTICON.exe

2012-12-11 14:20 . 2012-12-11 14:20 -------- d-----w- c:\programdata\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF}

2012-12-10 15:51 . 2012-12-24 22:02 -------- d-----w- c:\users\Callum\AppData\Roaming\Trine2

2012-12-10 15:47 . 2012-12-10 15:47 -------- d-----w- c:\users\Callum\AppData\Local\SKIDROW

2012-12-10 15:38 . 2012-12-10 15:38 -------- d-----w- c:\program files (x86)\Frozenbyte

2012-12-10 15:11 . 2012-12-22 03:18 -------- d-----w- c:\program files (x86)\Common Files\Steam

2012-12-10 15:11 . 2013-01-01 16:40 -------- d-----w- c:\program files (x86)\Steam

2012-12-02 21:18 . 2012-12-02 21:18 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR

2012-12-02 20:41 . 2012-12-02 20:41 -------- d-----w- c:\programdata\Cakewalk

2012-12-02 20:41 . 2012-12-02 20:41 -------- d-----w- c:\program files\Cakewalk

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-10-16 08:38 . 2012-11-27 19:24 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll

2012-10-16 08:38 . 2012-11-27 19:24 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll

2012-10-16 07:39 . 2012-11-27 19:24 561664 ----a-w- c:\windows\apppatch\AcLayers.dll

2012-10-12 07:19 . 2012-10-19 15:30 9291768 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{12653385-7A58-471A-A428-D501FCDB96FE}\mpengine.dll

2012-10-10 17:35 . 2012-10-10 17:36 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll

2012-10-10 17:35 . 2012-10-10 17:36 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll

2012-10-10 17:35 . 2012-10-10 17:36 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2012-10-09 18:17 . 2012-11-16 15:59 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll

2012-10-09 18:17 . 2012-11-16 15:59 226816 ----a-w- c:\windows\system32\dhcpcore6.dll

2012-10-09 17:40 . 2012-11-16 15:59 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll

2012-10-09 17:40 . 2012-11-16 15:59 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll

2012-10-04 16:40 . 2012-12-12 19:09 44032 ----a-w- c:\windows\apppatch\acwow64.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"KPeerNexonEU"="c:\nexon\NEXON_EU_Downloader\nxEULauncher.exe" [2012-08-12 438272]

"PeerBlock"="c:\program files (x86)\PeerBlock\peerblock.exe" [2010-11-06 2646128]

"Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-12-10 1354736]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"HPQuickWebProxy"="c:\program files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe" [2011-10-08 169528]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]

"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 379960]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]

"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2012-03-05 578944]

"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]

"RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-11-02 90448]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544]

"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-01-01 384800]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]

"Malwarebytes Anti-Malware (cleanup)"="c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll" [2012-12-14 1091432]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"HideFastUserSwitching"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"EnableShellExecuteHooks"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

"Userinit"="c:\windows\system32\userinit.exe"

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk /p \??\C:\0autocheck autochk *

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]

S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-07-28 31088]

S4 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1309000.009\ccSetx64.sys [x]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - AVGNTFLT

*NewlyCreated* - AVIPBB

*NewlyCreated* - AVKMGR

*NewlyCreated* - PBFILTER

*Deregistered* - SymIM

.

Contents of the 'Scheduled Tasks' folder

.

2013-01-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1268015532-3082754672-2932673541-1001Core.job

- c:\users\Callum\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-12 15:59]

.

2013-01-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1268015532-3082754672-2932673541-1001UA.job

- c:\users\Callum\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-12 15:59]

.

2013-01-01 c:\windows\Tasks\HPCeeScheduleForCallum.job

- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 11:43]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-08-26 167704]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-08-26 392472]

"Persistence"="c:\windows\system32\igfxpers.exe" [2011-08-26 416024]

"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-09-08 1424896]

"SetDefault"="c:\program files\Hewlett-Packard\HP LaunchBox\SetDefault.exe" [2011-09-30 43320]

"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 825184]

"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]

.

------- Supplementary Scan -------

.

uStart Page = hxxp://start.funmoods.com/?f=1&a=axl&chnl=axl&cd=2XzuyEtN2Y1L1Qzu0E0Czy0AyByEyCtA0Bzz0D0DyCzzyB0AtN0D0Tzu0CtBtAyEtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1536472930

uLocal Page = c:\windows\system32\blank.htm

mStart Page = hxxp://start.funmoods.com/?f=1&a=axl&chnl=axl&cd=2XzuyEtN2Y1L1Qzu0E0Czy0AyByEyCtA0Bzz0D0DyCzzyB0AtN0D0Tzu0CtBtAyEtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1536472930

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000

LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll

TCP: DhcpNameServer = 192.168.1.1

FF - ProfilePath - c:\users\Callum\AppData\Roaming\Mozilla\Firefox\Profiles\580o8hg2.default\

.

- - - - ORPHANS REMOVED - - - -

.

Wow6432Node-HKCU-Run-AdobeBridge - (no file)

Wow6432Node-HKLM-Run-AVG_TRAY - c:\program files (x86)\AVG\AVG2012\avgtray.exe

Wow6432Node-HKLM-Run-ROC_roc_ssl_v12 - c:\program files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe

Wow6432Node-HKLM-Run-<NO NAME> - (no file)

HKLM_Wow6432Node-ActiveSetup-{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} - msiexec

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

AddRemove-Native Instruments Traktor DJ Studio 3 - c:\progra~2\NATIVE~1\TRAKTO~1\UNWISE.EXE

AddRemove-{5552453B-BB76-45E3-973D-F95E458ED780} - c:\programdata\{A9158F4E-7914-4019-808A-D4D4993E9958}\Kontakt 5 Setup PC.exe

AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2013-01-01 19:23:57

ComboFix-quarantined-files.txt 2013-01-01 19:23

.

Pre-Run: 571,573,755,904 bytes free

Post-Run: 571,184,558,080 bytes free

.

- - End Of File - - 896BDE6DFF780CD1A379B9E0C4183570

NEW DDS:

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.7.2

Run by Callum at 19:45:19 on 2013-01-01

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.6092.3848 [GMT 0:00]

.

AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}

SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Program Files\IDT\WDM\STacSV64.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE

C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE

C:\Windows\SysWOW64\ezSharedSvcHost.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\PeerBlock\peerblock.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe

C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\IDT\WDM\sttray64.exe

C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Windows\system32\svchost.exe -k WbioSvcGroup

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Steam\Steam.exe

C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe

C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe

C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe

C:\Program Files\Common Files\AuthenTec\TrueService.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\Common Files\AuthenTec\TrueService.exe

C:\Program Files (x86)\Common Files\Steam\SteamService.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE

C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files (x86)\Internet Explorer\IELowutil.exe

C:\Users\Callum\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Callum\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Callum\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Callum\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Callum\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Callum\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Callum\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Callum\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\igfxsrvc.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://start.funmoods.com/?f=1&a=axl&chnl=axl&cd=2XzuyEtN2Y1L1Qzu0E0Czy0AyByEyCtA0Bzz0D0DyCzzyB0AtN0D0Tzu0CtBtAyEtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1536472930

mStart Page = hxxp://start.funmoods.com/?f=1&a=axl&chnl=axl&cd=2XzuyEtN2Y1L1Qzu0E0Czy0AyByEyCtA0Bzz0D0DyCzzyB0AtN0D0Tzu0CtBtAyEtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1536472930

mWinlogon: Userinit = C:\Windows\System32\userinit.exe

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll

uRun: [KPeerNexonEU] C:\Nexon\NEXON_EU_Downloader\nxEULauncher.exe

uRun: [PeerBlock] C:\Program Files (x86)\PeerBlock\peerblock.exe

uRun: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent

mRun: [HPQuickWebProxy] "C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min

mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript

uPolicies-Explorer: NoDrives = dword:0

mPolicies-Explorer: EnableShellExecuteHooks = dword:1

mPolicies-Explorer: NoDrives = dword:0

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

mPolicies-System: HideFastUserSwitching = dword:0

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

LSP: C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll

.

INFO: HKCU has more than 50 listed domains.

If you wish to scan all of them, select the 'Force scan all domains' option.

.

.

INFO: HKLM has more than 50 listed domains.

If you wish to scan all of them, select the 'Force scan all domains' option.

.

TCP: NameServer = 192.168.1.1

TCP: Interfaces\{3658501E-6CF7-4167-B69C-B20F0BB694FE} : DHCPNameServer = 192.168.1.1

TCP: Interfaces\{3658501E-6CF7-4167-B69C-B20F0BB694FE}\244575966496D277964786D264F4E4 : DHCPNameServer = 192.168.22.22 192.168.22.23

TCP: Interfaces\{3658501E-6CF7-4167-B69C-B20F0BB694FE}\244584F6D65684572623D273051545 : DHCPNameServer = 192.168.1.254

TCP: Interfaces\{3658501E-6CF7-4167-B69C-B20F0BB694FE}\75962756C6563737 : DHCPNameServer = 192.168.1.1

TCP: Interfaces\{3658501E-6CF7-4167-B69C-B20F0BB694FE}\E45445745414256393 : DHCPNameServer = 192.168.0.1

TCP: Interfaces\{3658501E-6CF7-4167-B69C-B20F0BB694FE}\E4544574541425D2445716C62416E646D2E4 : DHCPNameServer = 192.168.0.1

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SSODL: WebCheck - <orphaned>

x64-mStart Page = hxxp://start.funmoods.com/?f=1&a=axl&chnl=axl&cd=2XzuyEtN2Y1L1Qzu0E0Czy0AyByEyCtA0Bzz0D0DyCzzyB0AtN0D0Tzu0CtBtAyEtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1536472930

x64-BHO: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} -

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe

x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe

x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe

x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe

x64-Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe

x64-Run: [setDefault] C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe

x64-Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun

x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"

x64-IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} -

.

INFO: x64-HKLM has more than 50 listed domains.

If you wish to scan all of them, select the 'Force scan all domains' option.

.

x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-Notify: igfxcui - igfxdev.dll

x64-SSODL: WebCheck - <orphaned>

Hosts: 127.0.0.1 www.spywareinfo.com

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Callum\AppData\Roaming\Mozilla\Firefox\Profiles\580o8hg2.default\

.

============= SERVICES / DRIVERS ===============

.

R0 gfibto;gfibto;C:\Windows\System32\drivers\gfibto.sys [2013-1-1 14456]

R1 avkmgr;avkmgr;C:\Windows\System32\drivers\avkmgr.sys [2013-1-1 27800]

R2 AntiVirMailService;Avira Mail Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe [2013-1-1 400160]

R2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2013-1-1 85280]

R2 AntiVirService;Avira Real-Time Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2013-1-1 109344]

R2 AntiVirWebService;Avira Web Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe [2013-1-1 565024]

R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2013-1-1 99912]

R2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [2012-8-29 166400]

R2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [2012-8-29 128512]

R2 ezSharedSvc;Easybits Services for Windows;C:\Windows\System32\ezSharedSvcHost.exe --> C:\Windows\System32\ezSharedSvcHost.exe [?]

R2 FPLService;TrueSuiteService;C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe [2012-9-3 1641320]

R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528]

R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]

R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2012-9-6 197536]

R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-3-5 35200]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-12-12 13592]

R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-12-12 2425960]

R2 jhi_service;Intel® Identity Protection Technology Host Interface Service;C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe [2011-2-24 212944]

R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-12-12 2656280]

R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\System32\drivers\clwvd.sys [2010-7-28 31088]

R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-8-26 317440]

R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2011-12-12 1860672]

R3 pbfilter;pbfilter;C:\Program Files (x86)\PeerBlock\pbfilter.sys [2012-8-13 24176]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-12-12 565352]

R3 TrueService;TrueAPI Service component;C:\Program Files\Common Files\AuthenTec\TrueService.exe [2012-7-16 401256]

RUnknown EraserUtilRebootDrv;EraserUtilRebootDrv; [x]

RUnknown SymIRON;SymIRON; [x]

RUnknown SymNetS;SymNetS; [x]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]

S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]

S3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2011-12-12 339048]

S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]

S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]

S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]

S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-9-28 53760]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-8-14 1255736]

S3 WSDScan;WSD Scan Support via UMB;C:\Windows\System32\drivers\WSDScan.sys [2009-7-14 25088]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]

.

=============== Created Last 30 ================

.

2013-01-01 19:43:26 -------- d-sh--w- C:\$RECYCLE.BIN

2013-01-01 19:16:10 98816 ----a-w- C:\Windows\sed.exe

2013-01-01 19:16:10 256000 ----a-w- C:\Windows\PEV.exe

2013-01-01 19:16:10 208896 ----a-w- C:\Windows\MBR.exe

2013-01-01 17:11:00 564824 ----a-w- C:\Windows\System32\drivers\sptd.sys

2013-01-01 17:08:28 -------- d-----w- C:\Users\Callum\AppData\Roaming\Avira

2013-01-01 17:07:04 -------- d-----w- C:\Users\Callum\AppData\Roaming\Malwarebytes

2013-01-01 17:02:48 99912 ----a-w- C:\Windows\System32\drivers\avgntflt.sys

2013-01-01 17:02:48 27800 ----a-w- C:\Windows\System32\drivers\avkmgr.sys

2013-01-01 17:02:47 -------- d-----w- C:\ProgramData\Avira

2013-01-01 17:02:47 -------- d-----w- C:\Program Files (x86)\Avira

2013-01-01 16:24:38 -------- d-----w- C:\ProgramData\TrueSuite

2013-01-01 16:07:06 -------- d-----w- C:\Windows\pss

2013-01-01 15:58:27 -------- d-----w- C:\Program Files (x86)\HP SimplePass

2013-01-01 15:56:36 -------- d-----w- C:\Program Files\Common Files\AuthenTec

2013-01-01 15:56:36 -------- d-----w- C:\Program Files (x86)\Common Files\AuthenTec

2013-01-01 15:56:30 -------- d-----w- C:\ProgramData\HP SimplePass 2011

2013-01-01 15:33:20 -------- d-----w- C:\Users\Callum\AppData\Roaming\Symantec

2013-01-01 15:25:24 -------- d-----w- C:\Users\Callum\AppData\Roaming\LavasoftStatistics

2013-01-01 15:24:47 -------- d-----w- C:\Users\Callum\AppData\Local\Downloaded Installations

2013-01-01 15:24:40 14456 ----a-w- C:\Windows\System32\drivers\gfibto.sys

2013-01-01 15:24:26 -------- d-----w- C:\ProgramData\blekko toolbars

2013-01-01 15:24:25 -------- d-----w- C:\Users\Callum\AppData\Local\adawarebp

2013-01-01 15:24:24 -------- d-----w- C:\ProgramData\Ad-Aware Browsing Protection

2013-01-01 15:24:19 -------- d-----w- C:\Program Files (x86)\adawaretb

2013-01-01 15:24:18 -------- d-----w- C:\Program Files (x86)\Toolbar Cleaner

2013-01-01 15:23:12 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy

2013-01-01 15:23:12 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy

2013-01-01 15:21:30 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys

2013-01-01 15:21:30 -------- d-----w- C:\ProgramData\Malwarebytes

2013-01-01 15:21:30 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-01-01 15:21:20 -------- d-----w- C:\Users\Callum\AppData\Local\Programs

2013-01-01 15:19:32 -------- d-----w- C:\Users\Callum\AppData\Local\Avg2013

2012-12-25 23:33:14 -------- d-----w- C:\Program Files\CCleaner

2012-12-25 19:12:16 -------- d-----w- C:\Users\Callum\AppData\Roaming\Panda Security

2012-12-25 19:10:23 -------- d-----w- C:\ProgramData\Panda Security

2012-12-25 19:10:23 -------- d-----w- C:\Program Files (x86)\Panda Security

2012-12-25 19:08:55 -------- d-----w- C:\ProgramData\AVAST Software

2012-12-25 19:08:55 -------- d-----w- C:\Program Files\AVAST Software

2012-12-24 22:25:14 -------- d-----w- C:\Program Files (x86)\Rob Papen

2012-12-24 21:44:17 -------- d-----w- C:\Users\Callum\AppData\Roaming\KORG

2012-12-24 21:40:58 -------- d-----w- C:\Program Files (x86)\Common Files\KORG

2012-12-24 21:40:54 -------- d-----w- C:\Users\Callum\AppData\Roaming\FXpansion

2012-12-24 21:40:51 -------- d-----w- C:\ProgramData\KORG

2012-12-24 21:40:51 -------- d-----w- C:\Program Files (x86)\KORG Legacy

2012-12-24 21:39:49 -------- d-----w- C:\Program Files (x86)\FXpansion

2012-12-23 18:23:29 -------- d-----w- C:\Program Files\iPod

2012-12-23 18:23:28 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

2012-12-23 18:23:28 -------- d-----w- C:\Program Files\iTunes

2012-12-23 18:23:28 -------- d-----w- C:\Program Files (x86)\iTunes

2012-12-22 03:00:28 46080 ----a-w- C:\Windows\System32\atmlib.dll

2012-12-22 03:00:28 367616 ----a-w- C:\Windows\System32\atmfd.dll

2012-12-22 03:00:28 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll

2012-12-22 03:00:27 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll

2012-12-19 09:24:28 -------- d-----r- C:\Program Files (x86)\Skype

2012-12-18 12:31:03 -------- d-----w- C:\Users\Callum\AppData\Local\Microsoft Games

2012-12-15 18:28:15 -------- d-----w- C:\Users\Callum\AppData\Roaming\TuneUp Software

2012-12-15 17:19:17 -------- d-----w- C:\Users\Callum\AppData\Local\MFAData

2012-12-12 19:10:06 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2012-12-12 19:10:06 2048 ----a-w- C:\Windows\System32\tzres.dll

2012-12-12 19:10:03 3149824 ----a-w- C:\Windows\System32\win32k.sys

2012-12-11 16:18:53 -------- d-----w- C:\Users\Callum\AppData\Roaming\Research In Motion

2012-12-11 16:18:13 -------- d-----w- C:\ProgramData\Research In Motion

2012-12-11 15:28:08 53248 ----a-r- C:\Users\Callum\AppData\Roaming\Microsoft\Installer\{38676C9C-270F-43D1-926A-E45DE8820A6B}\ARPPRODUCTICON.exe

2012-12-11 14:20:33 -------- d-----w- C:\ProgramData\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF}

2012-12-10 15:51:03 -------- d-----w- C:\Users\Callum\AppData\Roaming\Trine2

2012-12-10 15:47:57 -------- d-----w- C:\Users\Callum\AppData\Local\SKIDROW

2012-12-10 15:38:52 -------- d-----w- C:\Program Files (x86)\Frozenbyte

2012-12-10 15:11:03 -------- d-----w- C:\Program Files (x86)\Common Files\Steam

2012-12-10 15:11:02 -------- d-----w- C:\Program Files (x86)\Steam

2012-12-02 20:41:23 -------- d-----w- C:\ProgramData\Cakewalk

2012-12-02 20:41:23 -------- d-----w- C:\Program Files\Cakewalk

.

==================== Find3M ====================

.

2012-11-14 06:11:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll

2012-11-14 06:04:11 1392128 ----a-w- C:\Windows\System32\wininet.dll

2012-11-14 06:02:49 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-11-14 05:57:46 599040 ----a-w- C:\Windows\System32\vbscript.dll

2012-11-14 05:57:35 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2012-11-14 05:52:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-11-14 02:09:22 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-11-14 01:58:15 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-11-14 01:57:37 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-11-14 01:49:25 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-11-14 01:48:27 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll

2012-11-14 01:44:42 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-11-02 05:59:11 478208 ----a-w- C:\Windows\System32\dpnet.dll

2012-11-02 05:11:31 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll

2012-10-16 08:38:37 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll

2012-10-16 08:38:34 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll

2012-10-16 07:39:52 561664 ----a-w- C:\Windows\apppatch\AcLayers.dll

2012-10-10 17:35:58 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

2012-10-10 17:35:58 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll

2012-10-10 17:35:58 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2012-10-09 18:17:13 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll

2012-10-09 18:17:13 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll

2012-10-09 17:40:31 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll

2012-10-09 17:40:31 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll

2012-10-04 17:46:16 362496 ----a-w- C:\Windows\System32\wow64win.dll

2012-10-04 17:46:15 243200 ----a-w- C:\Windows\System32\wow64.dll

2012-10-04 17:46:15 13312 ----a-w- C:\Windows\System32\wow64cpu.dll

2012-10-04 17:45:55 215040 ----a-w- C:\Windows\System32\winsrv.dll

2012-10-04 17:43:28 16384 ----a-w- C:\Windows\System32\ntvdm64.dll

2012-10-04 17:41:16 424960 ----a-w- C:\Windows\System32\KernelBase.dll

2012-10-04 16:47:41 5120 ----a-w- C:\Windows\SysWow64\wow32.dll

2012-10-04 16:47:41 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll

2012-10-04 15:21:55 338432 ----a-w- C:\Windows\System32\conhost.exe

2012-10-04 14:46:46 7680 ----a-w- C:\Windows\SysWow64\instnm.exe

2012-10-04 14:46:46 25600 ----a-w- C:\Windows\SysWow64\setup16.exe

2012-10-04 14:46:44 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll

2012-10-04 14:46:43 2048 ----a-w- C:\Windows\SysWow64\user.exe

2012-10-04 14:41:50 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

2012-10-04 14:41:50 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

2012-10-04 14:41:50 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

2012-10-04 14:41:50 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

.

============= FINISH: 19:45:29.69 ===============

Link to post
Share on other sites

  • Staff

Hi,

Run TFC by OldTimer to clear temporary files:

  • Please download TFC from here and save it to your desktop.
  • Close any open programs and Internet browsers.
  • Double click TFC.exe to run it and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
  • Please be patient as clearing out temp files may take a while.
  • Once it completes you may be prompted to restart your computer, please do so.
  • Once it's finished you may delete TFC.exe from your Desktop or save it for later use for the cleaning of temporary files.

  • Download the file TDSSKiller.zip and extract it into a folder on the infected PC.
  • Execute the file TDSSKiller.exe by double-clicking on it.
  • Wait for the scan and disinfection process to be over.
  • When its work is over, the utility prompts for a reboot to complete the disinfection.

By default, the utility outputs runtime log into the system disk root directory (the disk where the operating system is installed, C:\ as a rule).

The log is like UtilityName.Version_Date_Time_log.txt.

for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt.

Please post that log here.

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Export the threats found (if any), and post them here.

Next, please download AdwCleaner by Xplode onto your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A logfile will automatically open after the scan has finished.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.

Next, download my Security Check from here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

-screen317

Link to post
Share on other sites

  • 3 weeks later...

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.