Jump to content

Recommended Posts

hi im new this computer stuff but i have a funny feeling that my comp is infected.any help would be appreciated Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 19:32:54, on 27/03/2011

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v9.00 (9.00.8112.16421)

Boot mode: Safe mode with network support

Running processes:

C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.msn.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.msn.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

F2 - REG:system.ini: UserInit=userinit.exe,

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll (file missing)

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll

O2 - BHO: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files (x86)\WOT\WOT.dll

O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)

O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

O3 - Toolbar: WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)

O4 - HKLM\..\Run: [DeskUpdateNotifier] "C:\Program Files (x86)\Fujitsu\DeskUpdate\DeskUpdateNotifier.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O4 - .DEFAULT User Startup: LaunchCenter.lnk = C:\Program Files\Fujitsu\LaunchCenter\LaunchCenter.exe (User 'Default user')

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resource/download/scanner/en-ie/wlscctrl2.cab

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O18 - Protocol: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: Fujitsu Diagnostic Testhandler (TestHandler) - Fujitsu Technology Solutions - C:\Program Files (x86)\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\HaDTMan.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 10194 bytes

this computer stuff but i hav a funny feeking that my comp is infected.any help would be appreciated

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

What symptoms of infection are you currently experiencing?

Please update MBAM, run a Quick Scan, and post its log.

Next, download DDS by sUBs and save it to your Desktop.

Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post DDS.txt directly into your reply.

Link to post
Share on other sites

www.malwarebytes.org

Database version: 6201

Windows 6.1.7601 Service Pack 1

Internet Explorer 9.0.8112.16421

29/03/2011 12:13:56

mbam-log-2011-03-29 (12-13-56).txt

Scan type: Quick scan

Objects scanned: 179582

Time elapsed: 2 minute(s), 43 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Link to post
Share on other sites

here is the dds as requested.the problems started a few weeks ago with microsoft securuty essentials failing to update so i uninstalled it now i have avira which keeps telling me i have over 500 warnings

DDS (Ver_11-03-05.01) - NTFS_AMD64

Run by fox at 12:18:16.04 on 29/03/2011

Internet Explorer: 9.0.8112.16421

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.353.1033.18.2814.1614 [GMT 1:00]

.

AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe

C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE

C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Windows\system32\conhost.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files (x86)\Fujitsu\DeskUpdate\DeskUpdateNotifier.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10n_ActiveX.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Users\fox\Desktop\dds.scr

C:\Windows\system32\conhost.exe

.

============== Pseudo HJT Report ===============

.

mWinlogon: Userinit=userinit.exe,

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll

BHO: WOT Helper: {c920e44a-7f78-4e64-bdd7-a57026e7feb7} - C:\Program Files (x86)\WOT\WOT.dll

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File

TB: WOT: {71576546-354d-41c9-aae8-31f2ec22bf0d} - C:\Program Files (x86)\WOT\WOT.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

uRun: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

mRun: [DeskUpdateNotifier] "C:\Program Files (x86)\Fujitsu\DeskUpdate\DeskUpdateNotifier.exe"

mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html

IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll

DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/en-ie/wlscctrl2.cab

DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll

BHO-X64: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File

BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg64.dll

TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File

TB-X64: {71576546-354D-41C9-AAE8-31F2EC22BF0D} - No File

mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

.

============= SERVICES / DRIVERS ===============

.

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2011-3-18 135336]

R2 AntiVirService;Avira AntiVir Guard;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2011-3-18 269480]

R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2011-3-18 83120]

R3 seehcri;Sony Ericsson seehcri Device Driver;C:\Windows\System32\drivers\seehcri.sys [2010-8-9 34032]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-5-8 135664]

S3 bautpw64;BUFFALO eco manager for HD Filter;C:\Windows\System32\drivers\bautpw64.sys [2011-1-2 16000]

S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-2-28 183560]

S3 btusb64h;BUFFALO TurboUSB for HD Filter;C:\Windows\System32\drivers\btusb64h.sys [2011-3-18 28728]

S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2010-10-22 48488]

S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]

S3 ggflt;SEMC USB Flash Driver Filter;C:\Windows\System32\drivers\ggflt.sys [2010-8-9 13352]

S3 hwusbdev;Huawei DataCard USB PNP Device;C:\Windows\System32\drivers\ewusbdev.sys [2011-1-28 114560]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-2-23 59392]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-5-24 1255736]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== Created Last 30 ================

.

2011-03-27 17:32:47 388096 ----a-r- C:\Users\fox\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-03-27 17:32:47 -------- d-----w- C:\Program Files (x86)\Trend Micro

2011-03-24 19:43:48 -------- d-----w- C:\Users\fox\AppData\Local\Microsoft Help

2011-03-19 13:08:07 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy

2011-03-19 13:08:07 -------- d-----w- C:\PROGRA~3\Spybot - Search & Destroy

2011-03-18 16:49:13 -------- d-----w- C:\Program Files\CCleaner

2011-03-18 14:20:33 28728 ----a-w- C:\Windows\System32\drivers\btusb64h.sys

2011-03-18 12:21:02 -------- d-----w- C:\Users\fox\AppData\Roaming\Avira

2011-03-18 12:17:40 83120 ----a-w- C:\Windows\System32\drivers\avgntflt.sys

2011-03-18 12:17:40 -------- d-----w- C:\Program Files (x86)\Avira

2011-03-18 12:17:40 -------- d-----w- C:\PROGRA~3\Avira

2011-03-17 10:22:10 -------- d-----w- C:\Users\fox\AppData\Roaming\XBMC

2011-03-17 10:21:13 2106216 ----a-w- C:\Windows\SysWow64\D3DCompiler_43.dll

2011-03-17 10:21:12 1998168 ----a-w- C:\Windows\SysWow64\D3DX9_43.dll

2011-03-17 10:20:10 -------- d-----w- C:\Program Files (x86)\XBMC

2011-03-10 14:18:02 -------- d-----w- C:\Program Files (x86)\BUFFALO

.

==================== Find3M ====================

.

2011-02-23 11:29:31 175616 ----a-w- C:\Windows\System32\msclmd.dll

2011-02-23 11:29:31 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll

2011-02-19 12:05:15 1139200 ----a-w- C:\Windows\System32\FntCache.dll

2011-02-19 12:04:37 1544192 ----a-w- C:\Windows\System32\DWrite.dll

2011-02-19 12:04:17 902656 ----a-w- C:\Windows\System32\d2d1.dll

2011-02-19 06:30:51 1076736 ----a-w- C:\Windows\SysWow64\DWrite.dll

2011-02-19 06:30:50 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll

2011-01-28 19:42:09 71262 ----a-w- C:\Windows\Huawei ModemsUninstall.exe

2011-01-17 11:09:14 197120 ----a-w- C:\Windows\System32\d3d10_1.dll

2011-01-17 05:47:13 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll

2011-01-07 12:17:52 475648 ----a-w- C:\Windows\System32\XpsGdiConverter.dll

2011-01-07 12:17:52 1465344 ----a-w- C:\Windows\System32\XpsPrint.dll

2011-01-07 12:14:11 46080 ----a-w- C:\Windows\System32\atmlib.dll

2011-01-07 09:20:44 366592 ----a-w- C:\Windows\System32\atmfd.dll

2011-01-07 07:46:34 870912 ----a-w- C:\Windows\SysWow64\XpsPrint.dll

2011-01-07 07:46:34 288256 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll

2011-01-07 07:45:57 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll

2011-01-07 05:43:36 294400 ----a-w- C:\Windows\SysWow64\atmfd.dll

2011-01-05 06:56:24 3129344 ----a-w- C:\Windows\System32\win32k.sys

2011-01-03 20:16:18 99384 ----a-w- C:\Users\fox\AppData\Roaming\inst.exe

2011-01-03 20:16:18 82816 ----a-w- C:\Users\fox\AppData\Roaming\pcouffin.sys

2011-01-01 17:37:54 593952 ----a-w- C:\Windows\System32\drivers\tdrpman.sys

2010-12-31 21:08:48 81952 ----a-w- C:\Windows\System32\drivers\tifsfilt.sys

2010-12-31 21:08:48 711712 ----a-w- C:\Windows\System32\drivers\timntr.sys

.

============= FINISH: 12:19:07.76 ===============

Link to post
Share on other sites

  • Staff

Hi,

now i have avira which keeps telling me i have over 500 warnings
What kind of warnings??

Please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

-screen317

Link to post
Share on other sites

Hi,

What kind of warnings??

Please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

-screen317

thanks for your help.here is a few of the warnings...C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\0377694b2fda8e4736b8cfaeecf83882_45d46e32-2df1-4719-8f54-e372cc885b5a

[WARNING] The file could not be opened!

C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\0398ecf2bcc6b3f1f80a84a7adf53eba_45d46e32-2df1-4719-8f54-e372cc885b5a

[WARNING] The file could not be opened!

C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\04b2079f58fc09a7199107869beaf2be_45d46e32-2df1-4719-8f54-e372cc885b5a

[WARNING] The file could not be opened!

C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\059078a63b57e153058abd5042653877_45d46e32-2df1-4719-8f54-e372cc885b5a

[WARNING] The file could not be opened!

C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\074411bb13e58c4b83167ee5b949de88_45d46e32-2df1-4719-8f54-e372cc885b5a

[WARNING] The file could not be opened!

C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\079792983aafa4ca933c6dd7576d69ca_45d46e32-2df1-4719-8f54-e372cc885b5a

[WARNING] The file could not be opened!

C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\07c5cef070b6b3b1bb6df1ef103cb389_45d46e32-2df1-4719-8f54-e372cc885b5a

[WARNING] The file could not be opened!

C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\0860ec653a4bdb66429f90f9afbddf1c_45d46e32-2df1-4719-8f54-e372cc885b5a

[WARNING] The file could not be opened! i will post the combo-fix and dds reports shortly for you

Link to post
Share on other sites

thanks for your help.here is a few of the warnings...C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\0377694b2fda8e4736b8cfaeecf83882_45d46e32-2df1-4719-8f54-e372cc885b5a

[WARNING] The file could not be opened!

C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\0398ecf2bcc6b3f1f80a84a7adf53eba_45d46e32-2df1-4719-8f54-e372cc885b5a

[WARNING] The file could not be opened!

C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\04b2079f58fc09a7199107869beaf2be_45d46e32-2df1-4719-8f54-e372cc885b5a

[WARNING] The file could not be opened!

C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\059078a63b57e153058abd5042653877_45d46e32-2df1-4719-8f54-e372cc885b5a

[WARNING] The file could not be opened!

C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\074411bb13e58c4b83167ee5b949de88_45d46e32-2df1-4719-8f54-e372cc885b5a

[WARNING] The file could not be opened!

C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\079792983aafa4ca933c6dd7576d69ca_45d46e32-2df1-4719-8f54-e372cc885b5a

[WARNING] The file could not be opened!

C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\07c5cef070b6b3b1bb6df1ef103cb389_45d46e32-2df1-4719-8f54-e372cc885b5a

[WARNING] The file could not be opened!

C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\0860ec653a4bdb66429f90f9afbddf1c_45d46e32-2df1-4719-8f54-e372cc885b5a

[WARNING] The file could not be opened! i will post the combo-fix and dds reports shortly for you

.

DDS (Ver_11-03-05.01) - NTFS_AMD64

Run by fox at 23:08:22.01 on 30/03/2011

Internet Explorer: 9.0.8112.16421

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.353.1033.18.2814.1261 [GMT 1:00]

.

AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\nvvsvc.exe

C:\Windows\System32\spoolsv.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe

C:\Windows\system32\conhost.exe

C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files (x86)\Fujitsu\DeskUpdate\DeskUpdateNotifier.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\system32\wuauclt.exe

C:\Windows\system32\DllHost.exe

C:\Program Files (x86)\Windows Media Player\wmplayer.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10n_ActiveX.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Users\fox\Desktop\dds.scr

C:\Windows\system32\conhost.exe

.

============== Pseudo HJT Report ===============

.

mWinlogon: Userinit=userinit.exe,

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll

BHO: WOT Helper: {c920e44a-7f78-4e64-bdd7-a57026e7feb7} - C:\Program Files (x86)\WOT\WOT.dll

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File

TB: WOT: {71576546-354d-41c9-aae8-31f2ec22bf0d} - C:\Program Files (x86)\WOT\WOT.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

uRun: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

mRun: [DeskUpdateNotifier] "C:\Program Files (x86)\Fujitsu\DeskUpdate\DeskUpdateNotifier.exe"

mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html

IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll

DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/en-ie/wlscctrl2.cab

DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll

BHO-X64: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File

BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg64.dll

TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File

TB-X64: {71576546-354D-41C9-AAE8-31F2EC22BF0D} - No File

mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

.

============= SERVICES / DRIVERS ===============

.

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2011-3-18 135336]

R2 AntiVirService;Avira AntiVir Guard;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2011-3-18 269480]

R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2011-3-18 83120]

R3 seehcri;Sony Ericsson seehcri Device Driver;C:\Windows\System32\drivers\seehcri.sys [2010-8-9 34032]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-5-8 135664]

S3 bautpw64;BUFFALO eco manager for HD Filter;C:\Windows\System32\drivers\bautpw64.sys [2011-1-2 16000]

S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-2-28 183560]

S3 btusb64h;BUFFALO TurboUSB for HD Filter;C:\Windows\System32\drivers\btusb64h.sys [2011-3-18 28728]

S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2010-10-22 48488]

S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]

S3 ggflt;SEMC USB Flash Driver Filter;C:\Windows\System32\drivers\ggflt.sys [2010-8-9 13352]

S3 hwusbdev;Huawei DataCard USB PNP Device;C:\Windows\System32\drivers\ewusbdev.sys [2011-1-28 114560]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-2-23 59392]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-5-24 1255736]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== Created Last 30 ================

.

2011-03-27 17:32:47 388096 ----a-r- C:\Users\fox\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-03-27 17:32:47 -------- d-----w- C:\Program Files (x86)\Trend Micro

2011-03-24 19:43:48 -------- d-----w- C:\Users\fox\AppData\Local\Microsoft Help

2011-03-19 13:08:07 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy

2011-03-19 13:08:07 -------- d-----w- C:\PROGRA~3\Spybot - Search & Destroy

2011-03-18 16:49:13 -------- d-----w- C:\Program Files\CCleaner

2011-03-18 14:20:33 28728 ----a-w- C:\Windows\System32\drivers\btusb64h.sys

2011-03-18 12:21:02 -------- d-----w- C:\Users\fox\AppData\Roaming\Avira

2011-03-18 12:17:40 83120 ----a-w- C:\Windows\System32\drivers\avgntflt.sys

2011-03-18 12:17:40 -------- d-----w- C:\Program Files (x86)\Avira

2011-03-18 12:17:40 -------- d-----w- C:\PROGRA~3\Avira

2011-03-17 10:22:10 -------- d-----w- C:\Users\fox\AppData\Roaming\XBMC

2011-03-17 10:21:13 2106216 ----a-w- C:\Windows\SysWow64\D3DCompiler_43.dll

2011-03-17 10:21:12 1998168 ----a-w- C:\Windows\SysWow64\D3DX9_43.dll

2011-03-17 10:20:10 -------- d-----w- C:\Program Files (x86)\XBMC

2011-03-10 14:18:02 -------- d-----w- C:\Program Files (x86)\BUFFALO

.

==================== Find3M ====================

.

2011-02-23 11:29:31 175616 ----a-w- C:\Windows\System32\msclmd.dll

2011-02-23 11:29:31 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll

2011-02-19 12:05:15 1139200 ----a-w- C:\Windows\System32\FntCache.dll

2011-02-19 12:04:37 1544192 ----a-w- C:\Windows\System32\DWrite.dll

2011-02-19 12:04:17 902656 ----a-w- C:\Windows\System32\d2d1.dll

2011-02-19 06:30:51 1076736 ----a-w- C:\Windows\SysWow64\DWrite.dll

2011-02-19 06:30:50 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll

2011-01-28 19:42:09 71262 ----a-w- C:\Windows\Huawei ModemsUninstall.exe

2011-01-17 11:09:14 197120 ----a-w- C:\Windows\System32\d3d10_1.dll

2011-01-17 05:47:13 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll

2011-01-07 12:17:52 475648 ----a-w- C:\Windows\System32\XpsGdiConverter.dll

2011-01-07 12:17:52 1465344 ----a-w- C:\Windows\System32\XpsPrint.dll

2011-01-07 12:14:11 46080 ----a-w- C:\Windows\System32\atmlib.dll

2011-01-07 09:20:44 366592 ----a-w- C:\Windows\System32\atmfd.dll

2011-01-07 07:46:34 870912 ----a-w- C:\Windows\SysWow64\XpsPrint.dll

2011-01-07 07:46:34 288256 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll

2011-01-07 07:45:57 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll

2011-01-07 05:43:36 294400 ----a-w- C:\Windows\SysWow64\atmfd.dll

2011-01-05 06:56:24 3129344 ----a-w- C:\Windows\System32\win32k.sys

2011-01-03 20:16:18 99384 ----a-w- C:\Users\fox\AppData\Roaming\inst.exe

2011-01-03 20:16:18 82816 ----a-w- C:\Users\fox\AppData\Roaming\pcouffin.sys

2011-01-01 17:37:54 593952 ----a-w- C:\Windows\System32\drivers\tdrpman.sys

2010-12-31 21:08:48 81952 ----a-w- C:\Windows\System32\drivers\tifsfilt.sys

2010-12-31 21:08:48 711712 ----a-w- C:\Windows\System32\drivers\timntr.sys

.

============= FINISH: 23:09:01.33 ===============

Link to post
Share on other sites

here is the combo-fix as requested..ComboFix 11-03-29.06 - fox 31/03/2011 13:26:26.1.2 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.353.1033.18.2814.1892 [GMT 1:00]

Running from: c:\users\fox\Desktop\ComboFix.exe

AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}

SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\fox\AppData\Roaming\inst.exe

c:\users\fox\AppData\Roaming\Local

c:\users\fox\AppData\Roaming\Local\Temp\DDM\Settings\0.ddi

c:\users\fox\AppData\Roaming\Local\Temp\DDM\Settings\Inception_Trailer_592.divx.ddr

c:\users\fox\AppData\Roaming\Local\Temp\DDM\Settings\settings.ddi

c:\users\fox\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\Inception_Trailer_592.divx.ddp

c:\users\fox\AppData\Roaming\Microsoft\Windows\Recent\Infected Or Not (included Various Scans).url

.

.

((((((((((((((((((((((((( Files Created from 2011-02-28 to 2011-03-31 )))))))))))))))))))))))))))))))

.

.

2011-03-31 12:30 . 2011-03-31 12:30 -------- d-----w- c:\users\fiona\AppData\Local\temp

2011-03-31 12:30 . 2011-03-31 12:30 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-03-27 17:32 . 2011-03-27 17:32 388096 ----a-r- c:\users\fox\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-03-27 17:32 . 2011-03-27 17:32 -------- d-----w- c:\program files (x86)\Trend Micro

2011-03-24 19:43 . 2011-03-24 19:43 -------- d-----w- c:\users\fox\AppData\Local\Microsoft Help

2011-03-19 13:08 . 2011-03-21 10:40 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy

2011-03-19 13:08 . 2011-03-20 12:46 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2011-03-19 09:48 . 2011-03-19 09:48 -------- d-----w- c:\program files (x86)\Common Files\Adobe

2011-03-18 16:49 . 2011-03-18 16:49 -------- d-----w- c:\program files\CCleaner

2011-03-18 14:20 . 2009-06-24 02:31 28728 ----a-w- c:\windows\system32\drivers\btusb64h.sys

2011-03-18 12:21 . 2011-03-18 12:21 -------- d-----w- c:\users\fox\AppData\Roaming\Avira

2011-03-18 12:17 . 2011-03-18 12:17 -------- d-----w- c:\programdata\Avira

2011-03-18 12:17 . 2011-03-18 12:17 -------- d-----w- c:\program files (x86)\Avira

2011-03-18 12:17 . 2011-03-04 14:37 116568 ----a-w- c:\windows\system32\drivers\avipbb.sys

2011-03-18 12:17 . 2011-03-04 14:37 83120 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2011-03-17 10:22 . 2011-03-22 20:57 -------- d-----w- c:\users\fox\AppData\Roaming\XBMC

2011-03-17 10:21 . 2010-05-26 11:41 2106216 ----a-w- c:\windows\SysWow64\D3DCompiler_43.dll

2011-03-17 10:21 . 2010-05-26 11:41 1998168 ----a-w- c:\windows\SysWow64\D3DX9_43.dll

2011-03-17 10:20 . 2011-03-17 10:20 -------- d-----w- c:\program files (x86)\XBMC

2011-03-10 14:18 . 2011-03-18 14:22 -------- d-----w- c:\program files (x86)\BUFFALO

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-03-10 09:52 . 2010-06-24 10:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2011-02-23 11:29 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll

2011-02-23 11:29 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll

2011-02-22 20:17 . 2011-02-22 20:17 29184 ----a-r- c:\users\fox\AppData\Roaming\Microsoft\Installer\{21AE04E8-EBF6-40DB-9AA9-B7A80C5D057D}\Icon21AE04E8.exe

2011-01-28 19:42 . 2010-06-29 10:55 71262 ----a-w- c:\windows\Huawei ModemsUninstall.exe

2011-01-17 11:09 . 2011-02-23 10:32 197120 ----a-w- c:\windows\system32\d3d10_1.dll

2011-01-17 05:47 . 2011-02-23 10:32 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll

2011-01-07 12:17 . 2011-02-23 07:31 475648 ----a-w- c:\windows\system32\XpsGdiConverter.dll

2011-01-07 12:17 . 2011-02-23 07:31 1465344 ----a-w- c:\windows\system32\XpsPrint.dll

2011-01-07 12:14 . 2011-02-09 11:41 46080 ----a-w- c:\windows\system32\atmlib.dll

2011-01-07 09:20 . 2011-02-09 11:41 366592 ----a-w- c:\windows\system32\atmfd.dll

2011-01-07 07:46 . 2011-02-23 07:31 870912 ----a-w- c:\windows\SysWow64\XpsPrint.dll

2011-01-07 07:46 . 2011-02-23 07:31 288256 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll

2011-01-07 07:45 . 2011-02-09 11:41 34304 ----a-w- c:\windows\SysWow64\atmlib.dll

2011-01-07 05:43 . 2011-02-09 11:41 294400 ----a-w- c:\windows\SysWow64\atmfd.dll

2011-01-05 06:56 . 2011-02-09 11:42 3129344 ----a-w- c:\windows\system32\win32k.sys

2011-01-03 20:16 . 2010-11-11 14:09 82816 ----a-w- c:\users\fox\AppData\Roaming\pcouffin.sys

2011-01-01 17:37 . 2010-12-31 21:08 593952 ----a-w- c:\windows\system32\drivers\tdrpman.sys

2010-12-31 21:08 . 2010-12-31 21:08 81952 ----a-w- c:\windows\system32\drivers\tifsfilt.sys

2010-12-31 21:08 . 2010-12-31 21:08 711712 ----a-w- c:\windows\system32\drivers\timntr.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-05-08 39408]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]

"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2010-11-10 4240760]

"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"DeskUpdateNotifier"="c:\program files (x86)\Fujitsu\DeskUpdate\DeskUpdateNotifier.exe" [2010-10-13 97560]

"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-03-04 281768]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]

.

c:\users\fiona\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\startup\

LaunchCenter.lnk - c:\program files (x86)\Fujitsu\LaunchCenter\LaunchCenter.exe [2009-12-18 360448]

.

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

LaunchCenter.lnk - c:\program files (x86)\Fujitsu\LaunchCenter\LaunchCenter.exe [2009-12-18 360448]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-08 135664]

R3 bautpw64;BUFFALO eco manager for HD Filter;c:\windows\system32\drivers\bautpw64.sys [x]

R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]

R3 btusb64h;BUFFALO TurboUSB for HD Filter;c:\windows\system32\drivers\btusb64h.sys [x]

R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [x]

R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-03-04 135336]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [x]

.

.

Contents of the 'Scheduled Tasks' folder

.

2011-03-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-08 12:51]

.

2011-03-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-08 12:51]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-06 8158240]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x1

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

SafeBoot-BsScanner

Toolbar-Locked - (no file)

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2011-03-31 13:31:55

ComboFix-quarantined-files.txt 2011-03-31 12:31

.

Pre-Run: 114,619,686,912 bytes free

Post-Run: 117,032,845,312 bytes free

.

- - End Of File - - E48FD737EE66B433DD1A07EE6DCA3C0B

Link to post
Share on other sites

  • Staff

Hi,

If you run an Avira scan, are any malicious items actually detected??

Those warnings just mean those files are hidden or locked; they're not malicious. Are the warnings popping up automatically??

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

-screen317

Link to post
Share on other sites

no malicious items just the warnings and 10 hidden objects also when i was using avira guard to do a scan friday it scanned to 83% and would'nt scan any further the thing that it froze on was C:\Windows\system32\sysprep\Panther\IE\.also i hav ran the eset scan twice and im getting nothing to post up for you.here is the security check Results of screen317's Security Check version 0.99.7

Windows 7 (UAC is enabled)

Internet Explorer 8

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Enabled!

Avira AntiVir Personal - Free Antivirus

ESET Online Scanner v3

WMI entry may not exist for antivirus; attempting automatic update.

Avira successfully updated!

```````````````````````````````

Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware

Adobe Flash Player

Adobe Reader X (10.0.1)

````````````````````````````````

Process Check:

objlist.exe by Laurent

Avira Antivir avgnt.exe

Avira Antivir avguard.exe

``````````End of Log````````````

Link to post
Share on other sites

no malicious items just the warnings and 10 hidden objects also when i was using avira guard to do a scan friday it scanned to 83% and would'nt scan any further the thing that it froze on was C:\Windows\system32\sysprep\Panther\IE\.also i hav ran the eset scan twice and im getting nothing to post up for you.here is the security check Results of screen317's Security Check version 0.99.7

Windows 7 (UAC is enabled)

Internet Explorer 8

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Enabled!

Avira AntiVir Personal - Free Antivirus

ESET Online Scanner v3

WMI entry may not exist for antivirus; attempting automatic update.

Avira successfully updated!

```````````````````````````````

Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware

Adobe Flash Player

Adobe Reader X (10.0.1)

````````````````````````````````

Process Check:

objlist.exe by Laurent

Avira Antivir avgnt.exe

Avira Antivir avguard.exe

``````````End of Log````````````

i still cant find the eset results file but it didnt find anything twice

Link to post
Share on other sites

  • Staff

Hi,

Navigate to Start --> Run, and type Combofix /uninstall in the box that appears. Click OK afterward. Notice the space between the X and the /uninstall

This uninstalls all of ComboFix's components.

Delete SecurityCheck.

Yes things look good from here. You can try these antiviruses if you don't like Avira:

Microsoft Security Essentials

avast!.

Link to post
Share on other sites

  • Staff

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.