reddog Posted March 27, 2011 ID:405911 Share Posted March 27, 2011 hi im new this computer stuff but i have a funny feeling that my comp is infected.any help would be appreciated Logfile of Trend Micro HijackThis v2.0.4Scan saved at 19:32:54, on 27/03/2011Platform: Windows 7 SP1 (WinNT 6.00.3505)MSIE: Internet Explorer v9.00 (9.00.8112.16421)Boot mode: Safe mode with network supportRunning processes:C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.msn.com/R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.msn.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htmR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe,O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllO2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll (file missing)O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dllO2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dllO2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dllO2 - BHO: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files (x86)\WOT\WOT.dllO2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)O3 - Toolbar: WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dllO3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dllO3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)O4 - HKLM\..\Run: [DeskUpdateNotifier] "C:\Program Files (x86)\Fujitsu\DeskUpdate\DeskUpdateNotifier.exe"O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /minO4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRunO4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /backgroundO4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exeO4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')O4 - .DEFAULT User Startup: LaunchCenter.lnk = C:\Program Files\Fujitsu\LaunchCenter\LaunchCenter.exe (User 'Default user')O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.htmlO9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dllO9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dllO9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLLO9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dllO9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dllO10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dllO10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dllO11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphicsO16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resource/download/scanner/en-ie/wlscctrl2.cabO16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cabO16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabO18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dllO18 - Protocol: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dllO23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exeO23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exeO23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exeO23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exeO23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)O23 - Service: Fujitsu Diagnostic Testhandler (TestHandler) - Fujitsu Technology Solutions - C:\Program Files (x86)\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\HaDTMan.exeO23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)--End of file - 10194 bytes this computer stuff but i hav a funny feeking that my comp is infected.any help would be appreciated Link to post Share on other sites More sharing options...
Staff screen317 Posted March 28, 2011 Staff ID:406431 Share Posted March 28, 2011 Hi and welcome to Malwarebytes.What symptoms of infection are you currently experiencing?Please update MBAM, run a Quick Scan, and post its log.Next, download DDS by sUBs and save it to your Desktop.Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post DDS.txt directly into your reply. Link to post Share on other sites More sharing options...
reddog Posted March 29, 2011 Author ID:406716 Share Posted March 29, 2011 www.malwarebytes.orgDatabase version: 6201Windows 6.1.7601 Service Pack 1Internet Explorer 9.0.8112.1642129/03/2011 12:13:56mbam-log-2011-03-29 (12-13-56).txtScan type: Quick scanObjects scanned: 179582Time elapsed: 2 minute(s), 43 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected) Link to post Share on other sites More sharing options...
reddog Posted March 29, 2011 Author ID:406717 Share Posted March 29, 2011 here is the dds as requested.the problems started a few weeks ago with microsoft securuty essentials failing to update so i uninstalled it now i have avira which keeps telling me i have over 500 warningsDDS (Ver_11-03-05.01) - NTFS_AMD64 Run by fox at 12:18:16.04 on 29/03/2011Internet Explorer: 9.0.8112.16421Microsoft Windows 7 Home Premium 6.1.7601.1.1252.353.1033.18.2814.1614 [GMT 1:00].AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}.============== Running Processes ===============.C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\nvvsvc.exeC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\nvvsvc.exeC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\System32\spoolsv.exeC:\Program Files (x86)\Avira\AntiVir Desktop\sched.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exeC:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXEC:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exeC:\Windows\system32\svchost.exe -k imgsvcC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXEC:\Windows\system32\conhost.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeC:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\Program Files\Windows Sidebar\sidebar.exeC:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exeC:\Program Files (x86)\Fujitsu\DeskUpdate\DeskUpdateNotifier.exeC:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exeC:\Windows\system32\SearchIndexer.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Windows\System32\svchost.exe -k LocalServicePeerNetC:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exeC:\Windows\system32\DllHost.exeC:\Windows\SysWOW64\Macromed\Flash\FlashUtil10n_ActiveX.exeC:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Windows\system32\SearchProtocolHost.exeC:\Windows\system32\SearchFilterHost.exeC:\Windows\system32\SearchProtocolHost.exeC:\Windows\system32\DllHost.exeC:\Windows\system32\DllHost.exeC:\Users\fox\Desktop\dds.scrC:\Windows\system32\conhost.exe.============== Pseudo HJT Report ===============.mWinlogon: Userinit=userinit.exe,BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllBHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dllBHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dllBHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllBHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dllBHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dllBHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dllBHO: WOT Helper: {c920e44a-7f78-4e64-bdd7-a57026e7feb7} - C:\Program Files (x86)\WOT\WOT.dllBHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No FileTB: WOT: {71576546-354d-41c9-aae8-31f2ec22bf0d} - C:\Program Files (x86)\WOT\WOT.dllTB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dllTB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No FileTB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No FileuRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRunuRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /backgrounduRun: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exemRun: [DeskUpdateNotifier] "C:\Program Files (x86)\Fujitsu\DeskUpdate\DeskUpdateNotifier.exe"mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /minmRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"mPolicies-explorer: NoActiveDesktop = 1 (0x1)mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)mPolicies-system: EnableUIADesktopToggle = 0 (0x0)IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.htmlIE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dllIE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dllIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLLIE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dllDPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/en-ie/wlscctrl2.cabDPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cabDPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabHandler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dllHandler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dllBHO-X64: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No FileBHO-X64: WormRadar.com IESiteBlocker.NavFilter - No FileBHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllBHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dllBHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg64.dllTB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dllTB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No FileTB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No FileTB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No FileTB-X64: {71576546-354D-41C9-AAE8-31F2EC22BF0D} - No FilemRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s.============= SERVICES / DRIVERS ===============.R2 AntiVirSchedulerService;Avira AntiVir Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2011-3-18 135336]R2 AntiVirService;Avira AntiVir Guard;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2011-3-18 269480]R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2011-3-18 83120]R3 seehcri;Sony Ericsson seehcri Device Driver;C:\Windows\System32\drivers\seehcri.sys [2010-8-9 34032]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-5-8 135664]S3 bautpw64;BUFFALO eco manager for HD Filter;C:\Windows\System32\drivers\bautpw64.sys [2011-1-2 16000]S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-2-28 183560]S3 btusb64h;BUFFALO TurboUSB for HD Filter;C:\Windows\System32\drivers\btusb64h.sys [2011-3-18 28728]S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2010-10-22 48488]S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]S3 ggflt;SEMC USB Flash Driver Filter;C:\Windows\System32\drivers\ggflt.sys [2010-8-9 13352]S3 hwusbdev;Huawei DataCard USB PNP Device;C:\Windows\System32\drivers\ewusbdev.sys [2011-1-28 114560]S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-2-23 59392]S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-5-24 1255736]S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184].=============== Created Last 30 ================.2011-03-27 17:32:47 388096 ----a-r- C:\Users\fox\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe2011-03-27 17:32:47 -------- d-----w- C:\Program Files (x86)\Trend Micro2011-03-24 19:43:48 -------- d-----w- C:\Users\fox\AppData\Local\Microsoft Help2011-03-19 13:08:07 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy2011-03-19 13:08:07 -------- d-----w- C:\PROGRA~3\Spybot - Search & Destroy2011-03-18 16:49:13 -------- d-----w- C:\Program Files\CCleaner2011-03-18 14:20:33 28728 ----a-w- C:\Windows\System32\drivers\btusb64h.sys2011-03-18 12:21:02 -------- d-----w- C:\Users\fox\AppData\Roaming\Avira2011-03-18 12:17:40 83120 ----a-w- C:\Windows\System32\drivers\avgntflt.sys2011-03-18 12:17:40 -------- d-----w- C:\Program Files (x86)\Avira2011-03-18 12:17:40 -------- d-----w- C:\PROGRA~3\Avira2011-03-17 10:22:10 -------- d-----w- C:\Users\fox\AppData\Roaming\XBMC2011-03-17 10:21:13 2106216 ----a-w- C:\Windows\SysWow64\D3DCompiler_43.dll2011-03-17 10:21:12 1998168 ----a-w- C:\Windows\SysWow64\D3DX9_43.dll2011-03-17 10:20:10 -------- d-----w- C:\Program Files (x86)\XBMC2011-03-10 14:18:02 -------- d-----w- C:\Program Files (x86)\BUFFALO.==================== Find3M ====================.2011-02-23 11:29:31 175616 ----a-w- C:\Windows\System32\msclmd.dll2011-02-23 11:29:31 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll2011-02-19 12:05:15 1139200 ----a-w- C:\Windows\System32\FntCache.dll2011-02-19 12:04:37 1544192 ----a-w- C:\Windows\System32\DWrite.dll2011-02-19 12:04:17 902656 ----a-w- C:\Windows\System32\d2d1.dll2011-02-19 06:30:51 1076736 ----a-w- C:\Windows\SysWow64\DWrite.dll2011-02-19 06:30:50 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll2011-01-28 19:42:09 71262 ----a-w- C:\Windows\Huawei ModemsUninstall.exe2011-01-17 11:09:14 197120 ----a-w- C:\Windows\System32\d3d10_1.dll2011-01-17 05:47:13 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll2011-01-07 12:17:52 475648 ----a-w- C:\Windows\System32\XpsGdiConverter.dll2011-01-07 12:17:52 1465344 ----a-w- C:\Windows\System32\XpsPrint.dll2011-01-07 12:14:11 46080 ----a-w- C:\Windows\System32\atmlib.dll2011-01-07 09:20:44 366592 ----a-w- C:\Windows\System32\atmfd.dll2011-01-07 07:46:34 870912 ----a-w- C:\Windows\SysWow64\XpsPrint.dll2011-01-07 07:46:34 288256 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll2011-01-07 07:45:57 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll2011-01-07 05:43:36 294400 ----a-w- C:\Windows\SysWow64\atmfd.dll2011-01-05 06:56:24 3129344 ----a-w- C:\Windows\System32\win32k.sys2011-01-03 20:16:18 99384 ----a-w- C:\Users\fox\AppData\Roaming\inst.exe2011-01-03 20:16:18 82816 ----a-w- C:\Users\fox\AppData\Roaming\pcouffin.sys2011-01-01 17:37:54 593952 ----a-w- C:\Windows\System32\drivers\tdrpman.sys2010-12-31 21:08:48 81952 ----a-w- C:\Windows\System32\drivers\tifsfilt.sys2010-12-31 21:08:48 711712 ----a-w- C:\Windows\System32\drivers\timntr.sys.============= FINISH: 12:19:07.76 =============== Link to post Share on other sites More sharing options...
Staff screen317 Posted March 30, 2011 Staff ID:407794 Share Posted March 30, 2011 Hi,now i have avira which keeps telling me i have over 500 warningsWhat kind of warnings??Please visit this webpage for instructions for running ComboFix: http://www.bleepingcomputer.com/combofix/how-to-use-combofixWhen the tool is finished, it will produce a report for you.Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.-screen317 Link to post Share on other sites More sharing options...
reddog Posted March 30, 2011 Author ID:407869 Share Posted March 30, 2011 Hi,What kind of warnings??Please visit this webpage for instructions for running ComboFix: http://www.bleepingcomputer.com/combofix/how-to-use-combofixWhen the tool is finished, it will produce a report for you.Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.-screen317thanks for your help.here is a few of the warnings...C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\0377694b2fda8e4736b8cfaeecf83882_45d46e32-2df1-4719-8f54-e372cc885b5a [WARNING] The file could not be opened!C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\0398ecf2bcc6b3f1f80a84a7adf53eba_45d46e32-2df1-4719-8f54-e372cc885b5a [WARNING] The file could not be opened!C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\04b2079f58fc09a7199107869beaf2be_45d46e32-2df1-4719-8f54-e372cc885b5a [WARNING] The file could not be opened!C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\059078a63b57e153058abd5042653877_45d46e32-2df1-4719-8f54-e372cc885b5a [WARNING] The file could not be opened!C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\074411bb13e58c4b83167ee5b949de88_45d46e32-2df1-4719-8f54-e372cc885b5a [WARNING] The file could not be opened!C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\079792983aafa4ca933c6dd7576d69ca_45d46e32-2df1-4719-8f54-e372cc885b5a [WARNING] The file could not be opened!C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\07c5cef070b6b3b1bb6df1ef103cb389_45d46e32-2df1-4719-8f54-e372cc885b5a [WARNING] The file could not be opened!C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\0860ec653a4bdb66429f90f9afbddf1c_45d46e32-2df1-4719-8f54-e372cc885b5a [WARNING] The file could not be opened! i will post the combo-fix and dds reports shortly for you Link to post Share on other sites More sharing options...
reddog Posted March 30, 2011 Author ID:407882 Share Posted March 30, 2011 thanks for your help.here is a few of the warnings...C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\0377694b2fda8e4736b8cfaeecf83882_45d46e32-2df1-4719-8f54-e372cc885b5a [WARNING] The file could not be opened!C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\0398ecf2bcc6b3f1f80a84a7adf53eba_45d46e32-2df1-4719-8f54-e372cc885b5a [WARNING] The file could not be opened!C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\04b2079f58fc09a7199107869beaf2be_45d46e32-2df1-4719-8f54-e372cc885b5a [WARNING] The file could not be opened!C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\059078a63b57e153058abd5042653877_45d46e32-2df1-4719-8f54-e372cc885b5a [WARNING] The file could not be opened!C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\074411bb13e58c4b83167ee5b949de88_45d46e32-2df1-4719-8f54-e372cc885b5a [WARNING] The file could not be opened!C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\079792983aafa4ca933c6dd7576d69ca_45d46e32-2df1-4719-8f54-e372cc885b5a [WARNING] The file could not be opened!C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\07c5cef070b6b3b1bb6df1ef103cb389_45d46e32-2df1-4719-8f54-e372cc885b5a [WARNING] The file could not be opened!C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\0860ec653a4bdb66429f90f9afbddf1c_45d46e32-2df1-4719-8f54-e372cc885b5a [WARNING] The file could not be opened! i will post the combo-fix and dds reports shortly for you.DDS (Ver_11-03-05.01) - NTFS_AMD64 Run by fox at 23:08:22.01 on 30/03/2011Internet Explorer: 9.0.8112.16421Microsoft Windows 7 Home Premium 6.1.7601.1.1252.353.1033.18.2814.1261 [GMT 1:00].AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}.============== Running Processes ===============.C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\nvvsvc.exeC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\system32\nvvsvc.exeC:\Windows\System32\spoolsv.exeC:\Program Files (x86)\Avira\AntiVir Desktop\sched.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exeC:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exeC:\Windows\system32\conhost.exeC:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXEC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXEC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exeC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Windows\system32\SearchIndexer.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeC:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\Program Files\Windows Sidebar\sidebar.exeC:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exeC:\Program Files (x86)\Fujitsu\DeskUpdate\DeskUpdateNotifier.exeC:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\System32\svchost.exe -k LocalServicePeerNetC:\Windows\system32\wuauclt.exeC:\Windows\system32\DllHost.exeC:\Program Files (x86)\Windows Media Player\wmplayer.exeC:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exeC:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exeC:\Windows\SysWOW64\Macromed\Flash\FlashUtil10n_ActiveX.exeC:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Windows\system32\DllHost.exeC:\Windows\system32\DllHost.exeC:\Users\fox\Desktop\dds.scrC:\Windows\system32\conhost.exe.============== Pseudo HJT Report ===============.mWinlogon: Userinit=userinit.exe,BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllBHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dllBHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dllBHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllBHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dllBHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dllBHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dllBHO: WOT Helper: {c920e44a-7f78-4e64-bdd7-a57026e7feb7} - C:\Program Files (x86)\WOT\WOT.dllBHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No FileTB: WOT: {71576546-354d-41c9-aae8-31f2ec22bf0d} - C:\Program Files (x86)\WOT\WOT.dllTB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dllTB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No FileTB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No FileuRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRunuRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /backgrounduRun: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exemRun: [DeskUpdateNotifier] "C:\Program Files (x86)\Fujitsu\DeskUpdate\DeskUpdateNotifier.exe"mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /minmRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"mPolicies-explorer: NoActiveDesktop = 1 (0x1)mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)mPolicies-system: EnableUIADesktopToggle = 0 (0x0)IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.htmlIE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dllIE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dllIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLLIE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dllDPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/en-ie/wlscctrl2.cabDPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cabDPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabHandler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dllHandler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dllBHO-X64: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No FileBHO-X64: WormRadar.com IESiteBlocker.NavFilter - No FileBHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllBHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dllBHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg64.dllTB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dllTB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No FileTB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No FileTB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No FileTB-X64: {71576546-354D-41C9-AAE8-31F2EC22BF0D} - No FilemRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s.============= SERVICES / DRIVERS ===============.R2 AntiVirSchedulerService;Avira AntiVir Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2011-3-18 135336]R2 AntiVirService;Avira AntiVir Guard;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2011-3-18 269480]R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2011-3-18 83120]R3 seehcri;Sony Ericsson seehcri Device Driver;C:\Windows\System32\drivers\seehcri.sys [2010-8-9 34032]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-5-8 135664]S3 bautpw64;BUFFALO eco manager for HD Filter;C:\Windows\System32\drivers\bautpw64.sys [2011-1-2 16000]S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-2-28 183560]S3 btusb64h;BUFFALO TurboUSB for HD Filter;C:\Windows\System32\drivers\btusb64h.sys [2011-3-18 28728]S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2010-10-22 48488]S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]S3 ggflt;SEMC USB Flash Driver Filter;C:\Windows\System32\drivers\ggflt.sys [2010-8-9 13352]S3 hwusbdev;Huawei DataCard USB PNP Device;C:\Windows\System32\drivers\ewusbdev.sys [2011-1-28 114560]S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-2-23 59392]S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-5-24 1255736]S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184].=============== Created Last 30 ================.2011-03-27 17:32:47 388096 ----a-r- C:\Users\fox\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe2011-03-27 17:32:47 -------- d-----w- C:\Program Files (x86)\Trend Micro2011-03-24 19:43:48 -------- d-----w- C:\Users\fox\AppData\Local\Microsoft Help2011-03-19 13:08:07 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy2011-03-19 13:08:07 -------- d-----w- C:\PROGRA~3\Spybot - Search & Destroy2011-03-18 16:49:13 -------- d-----w- C:\Program Files\CCleaner2011-03-18 14:20:33 28728 ----a-w- C:\Windows\System32\drivers\btusb64h.sys2011-03-18 12:21:02 -------- d-----w- C:\Users\fox\AppData\Roaming\Avira2011-03-18 12:17:40 83120 ----a-w- C:\Windows\System32\drivers\avgntflt.sys2011-03-18 12:17:40 -------- d-----w- C:\Program Files (x86)\Avira2011-03-18 12:17:40 -------- d-----w- C:\PROGRA~3\Avira2011-03-17 10:22:10 -------- d-----w- C:\Users\fox\AppData\Roaming\XBMC2011-03-17 10:21:13 2106216 ----a-w- C:\Windows\SysWow64\D3DCompiler_43.dll2011-03-17 10:21:12 1998168 ----a-w- C:\Windows\SysWow64\D3DX9_43.dll2011-03-17 10:20:10 -------- d-----w- C:\Program Files (x86)\XBMC2011-03-10 14:18:02 -------- d-----w- C:\Program Files (x86)\BUFFALO.==================== Find3M ====================.2011-02-23 11:29:31 175616 ----a-w- C:\Windows\System32\msclmd.dll2011-02-23 11:29:31 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll2011-02-19 12:05:15 1139200 ----a-w- C:\Windows\System32\FntCache.dll2011-02-19 12:04:37 1544192 ----a-w- C:\Windows\System32\DWrite.dll2011-02-19 12:04:17 902656 ----a-w- C:\Windows\System32\d2d1.dll2011-02-19 06:30:51 1076736 ----a-w- C:\Windows\SysWow64\DWrite.dll2011-02-19 06:30:50 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll2011-01-28 19:42:09 71262 ----a-w- C:\Windows\Huawei ModemsUninstall.exe2011-01-17 11:09:14 197120 ----a-w- C:\Windows\System32\d3d10_1.dll2011-01-17 05:47:13 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll2011-01-07 12:17:52 475648 ----a-w- C:\Windows\System32\XpsGdiConverter.dll2011-01-07 12:17:52 1465344 ----a-w- C:\Windows\System32\XpsPrint.dll2011-01-07 12:14:11 46080 ----a-w- C:\Windows\System32\atmlib.dll2011-01-07 09:20:44 366592 ----a-w- C:\Windows\System32\atmfd.dll2011-01-07 07:46:34 870912 ----a-w- C:\Windows\SysWow64\XpsPrint.dll2011-01-07 07:46:34 288256 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll2011-01-07 07:45:57 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll2011-01-07 05:43:36 294400 ----a-w- C:\Windows\SysWow64\atmfd.dll2011-01-05 06:56:24 3129344 ----a-w- C:\Windows\System32\win32k.sys2011-01-03 20:16:18 99384 ----a-w- C:\Users\fox\AppData\Roaming\inst.exe2011-01-03 20:16:18 82816 ----a-w- C:\Users\fox\AppData\Roaming\pcouffin.sys2011-01-01 17:37:54 593952 ----a-w- C:\Windows\System32\drivers\tdrpman.sys2010-12-31 21:08:48 81952 ----a-w- C:\Windows\System32\drivers\tifsfilt.sys2010-12-31 21:08:48 711712 ----a-w- C:\Windows\System32\drivers\timntr.sys.============= FINISH: 23:09:01.33 =============== Link to post Share on other sites More sharing options...
reddog Posted March 31, 2011 Author ID:408308 Share Posted March 31, 2011 here is the combo-fix as requested..ComboFix 11-03-29.06 - fox 31/03/2011 13:26:26.1.2 - x64Microsoft Windows 7 Home Premium 6.1.7601.1.1252.353.1033.18.2814.1892 [GMT 1:00]Running from: c:\users\fox\Desktop\ComboFix.exeAV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\users\fox\AppData\Roaming\inst.exec:\users\fox\AppData\Roaming\Localc:\users\fox\AppData\Roaming\Local\Temp\DDM\Settings\0.ddic:\users\fox\AppData\Roaming\Local\Temp\DDM\Settings\Inception_Trailer_592.divx.ddrc:\users\fox\AppData\Roaming\Local\Temp\DDM\Settings\settings.ddic:\users\fox\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\Inception_Trailer_592.divx.ddpc:\users\fox\AppData\Roaming\Microsoft\Windows\Recent\Infected Or Not (included Various Scans).url..((((((((((((((((((((((((( Files Created from 2011-02-28 to 2011-03-31 )))))))))))))))))))))))))))))))..2011-03-31 12:30 . 2011-03-31 12:30 -------- d-----w- c:\users\fiona\AppData\Local\temp2011-03-31 12:30 . 2011-03-31 12:30 -------- d-----w- c:\users\Default\AppData\Local\temp2011-03-27 17:32 . 2011-03-27 17:32 388096 ----a-r- c:\users\fox\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe2011-03-27 17:32 . 2011-03-27 17:32 -------- d-----w- c:\program files (x86)\Trend Micro2011-03-24 19:43 . 2011-03-24 19:43 -------- d-----w- c:\users\fox\AppData\Local\Microsoft Help2011-03-19 13:08 . 2011-03-21 10:40 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy2011-03-19 13:08 . 2011-03-20 12:46 -------- d-----w- c:\programdata\Spybot - Search & Destroy2011-03-19 09:48 . 2011-03-19 09:48 -------- d-----w- c:\program files (x86)\Common Files\Adobe2011-03-18 16:49 . 2011-03-18 16:49 -------- d-----w- c:\program files\CCleaner2011-03-18 14:20 . 2009-06-24 02:31 28728 ----a-w- c:\windows\system32\drivers\btusb64h.sys2011-03-18 12:21 . 2011-03-18 12:21 -------- d-----w- c:\users\fox\AppData\Roaming\Avira2011-03-18 12:17 . 2011-03-18 12:17 -------- d-----w- c:\programdata\Avira2011-03-18 12:17 . 2011-03-18 12:17 -------- d-----w- c:\program files (x86)\Avira2011-03-18 12:17 . 2011-03-04 14:37 116568 ----a-w- c:\windows\system32\drivers\avipbb.sys2011-03-18 12:17 . 2011-03-04 14:37 83120 ----a-w- c:\windows\system32\drivers\avgntflt.sys2011-03-17 10:22 . 2011-03-22 20:57 -------- d-----w- c:\users\fox\AppData\Roaming\XBMC2011-03-17 10:21 . 2010-05-26 11:41 2106216 ----a-w- c:\windows\SysWow64\D3DCompiler_43.dll2011-03-17 10:21 . 2010-05-26 11:41 1998168 ----a-w- c:\windows\SysWow64\D3DX9_43.dll2011-03-17 10:20 . 2011-03-17 10:20 -------- d-----w- c:\program files (x86)\XBMC2011-03-10 14:18 . 2011-03-18 14:22 -------- d-----w- c:\program files (x86)\BUFFALO..(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2011-03-10 09:52 . 2010-06-24 10:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll2011-02-23 11:29 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll2011-02-23 11:29 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll2011-02-22 20:17 . 2011-02-22 20:17 29184 ----a-r- c:\users\fox\AppData\Roaming\Microsoft\Installer\{21AE04E8-EBF6-40DB-9AA9-B7A80C5D057D}\Icon21AE04E8.exe2011-01-28 19:42 . 2010-06-29 10:55 71262 ----a-w- c:\windows\Huawei ModemsUninstall.exe2011-01-17 11:09 . 2011-02-23 10:32 197120 ----a-w- c:\windows\system32\d3d10_1.dll2011-01-17 05:47 . 2011-02-23 10:32 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll2011-01-07 12:17 . 2011-02-23 07:31 475648 ----a-w- c:\windows\system32\XpsGdiConverter.dll2011-01-07 12:17 . 2011-02-23 07:31 1465344 ----a-w- c:\windows\system32\XpsPrint.dll2011-01-07 12:14 . 2011-02-09 11:41 46080 ----a-w- c:\windows\system32\atmlib.dll2011-01-07 09:20 . 2011-02-09 11:41 366592 ----a-w- c:\windows\system32\atmfd.dll2011-01-07 07:46 . 2011-02-23 07:31 870912 ----a-w- c:\windows\SysWow64\XpsPrint.dll2011-01-07 07:46 . 2011-02-23 07:31 288256 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll2011-01-07 07:45 . 2011-02-09 11:41 34304 ----a-w- c:\windows\SysWow64\atmlib.dll2011-01-07 05:43 . 2011-02-09 11:41 294400 ----a-w- c:\windows\SysWow64\atmfd.dll2011-01-05 06:56 . 2011-02-09 11:42 3129344 ----a-w- c:\windows\system32\win32k.sys2011-01-03 20:16 . 2010-11-11 14:09 82816 ----a-w- c:\users\fox\AppData\Roaming\pcouffin.sys2011-01-01 17:37 . 2010-12-31 21:08 593952 ----a-w- c:\windows\system32\drivers\tdrpman.sys2010-12-31 21:08 . 2010-12-31 21:08 81952 ----a-w- c:\windows\system32\drivers\tifsfilt.sys2010-12-31 21:08 . 2010-12-31 21:08 711712 ----a-w- c:\windows\system32\drivers\timntr.sys..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-05-08 39408]"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2010-11-10 4240760]"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"DeskUpdateNotifier"="c:\program files (x86)\Fujitsu\DeskUpdate\DeskUpdateNotifier.exe" [2010-10-13 97560]"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-03-04 281768]"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288].c:\users\fiona\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\startup\LaunchCenter.lnk - c:\program files (x86)\Fujitsu\LaunchCenter\LaunchCenter.exe [2009-12-18 360448].c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LaunchCenter.lnk - c:\program files (x86)\Fujitsu\LaunchCenter\LaunchCenter.exe [2009-12-18 360448].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0).[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]"aux"=wdmaud.drv.[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp.R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-08 135664]R3 bautpw64;BUFFALO eco manager for HD Filter;c:\windows\system32\drivers\bautpw64.sys [x]R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]R3 btusb64h;BUFFALO TurboUSB for HD Filter;c:\windows\system32\drivers\btusb64h.sys [x]R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [x]R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [x]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-03-04 135336]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [x]..Contents of the 'Scheduled Tasks' folder.2011-03-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-08 12:51].2011-03-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-08 12:51]..--------- x86-64 -----------..[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-06 8158240].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]"LoadAppInit_DLLs"=0x1.------- Supplementary Scan -------.uLocal Page = c:\windows\system32\blank.htmmLocal Page = c:\windows\SysWOW64\blank.htmIE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html.- - - - ORPHANS REMOVED - - - -.Toolbar-Locked - (no file)Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)SafeBoot-BsScannerToolbar-Locked - (no file)WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)...--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]@="0".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]@="ShockwaveFlash.ShockwaveFlash.10".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx, 1".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx, 1".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]@Denied: (A 2) (Everyone)@="IFlashBroker4".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]@Denied: (Full) (Everyone).Completion time: 2011-03-31 13:31:55ComboFix-quarantined-files.txt 2011-03-31 12:31.Pre-Run: 114,619,686,912 bytes freePost-Run: 117,032,845,312 bytes free.- - End Of File - - E48FD737EE66B433DD1A07EE6DCA3C0B Link to post Share on other sites More sharing options...
Staff screen317 Posted April 1, 2011 Staff ID:409354 Share Posted April 1, 2011 Hi,If you run an Avira scan, are any malicious items actually detected??Those warnings just mean those files are hidden or locked; they're not malicious. Are the warnings popping up automatically??Next, please run a free online scan with the ESET Online ScannerNote: You will need to use Internet Explorer for this scan.Tick the box next to YES, I accept the Terms of Use.Click StartWhen asked, allow the ActiveX control to installClick StartMake sure that the options Remove found threats and the option Scan unwanted applications is checkedClick ScanWait for the scan to finishUse Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txtCopy and paste that log as a reply to this topicNext, download my Security Check from here or here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad document should open automatically called checkup.txt; please post the contents of that document.Let me know how things are running now and what issues remain.-screen317 Link to post Share on other sites More sharing options...
reddog Posted April 4, 2011 Author ID:410941 Share Posted April 4, 2011 no malicious items just the warnings and 10 hidden objects also when i was using avira guard to do a scan friday it scanned to 83% and would'nt scan any further the thing that it froze on was C:\Windows\system32\sysprep\Panther\IE\.also i hav ran the eset scan twice and im getting nothing to post up for you.here is the security check Results of screen317's Security Check version 0.99.7 Windows 7 (UAC is enabled) Internet Explorer 8 `````````````````````````````` Antivirus/Firewall Check: Windows Firewall Enabled! Avira AntiVir Personal - Free Antivirus ESET Online Scanner v3 WMI entry may not exist for antivirus; attempting automatic update. Avira successfully updated! ``````````````````````````````` Anti-malware/Other Utilities Check: Malwarebytes' Anti-Malware Adobe Flash Player Adobe Reader X (10.0.1) ```````````````````````````````` Process Check: objlist.exe by Laurent Avira Antivir avgnt.exe Avira Antivir avguard.exe ``````````End of Log```````````` Link to post Share on other sites More sharing options...
reddog Posted April 6, 2011 Author ID:412262 Share Posted April 6, 2011 no malicious items just the warnings and 10 hidden objects also when i was using avira guard to do a scan friday it scanned to 83% and would'nt scan any further the thing that it froze on was C:\Windows\system32\sysprep\Panther\IE\.also i hav ran the eset scan twice and im getting nothing to post up for you.here is the security check Results of screen317's Security Check version 0.99.7 Windows 7 (UAC is enabled) Internet Explorer 8 `````````````````````````````` Antivirus/Firewall Check: Windows Firewall Enabled! Avira AntiVir Personal - Free Antivirus ESET Online Scanner v3 WMI entry may not exist for antivirus; attempting automatic update. Avira successfully updated! ``````````````````````````````` Anti-malware/Other Utilities Check: Malwarebytes' Anti-Malware Adobe Flash Player Adobe Reader X (10.0.1) ```````````````````````````````` Process Check: objlist.exe by Laurent Avira Antivir avgnt.exe Avira Antivir avguard.exe ``````````End of Log````````````i still cant find the eset results file but it didnt find anything twice Link to post Share on other sites More sharing options...
Staff screen317 Posted April 6, 2011 Staff ID:412285 Share Posted April 6, 2011 Hi,That's fine about ESET. Does the Avira scan still not complete? Link to post Share on other sites More sharing options...
reddog Posted April 7, 2011 Author ID:412700 Share Posted April 7, 2011 Hi,That's fine about ESET. Does the Avira scan still not complete?it completes fully now.it was just the once that that it didnt complete.i think il take out avira anyway.do you think im finshed? Link to post Share on other sites More sharing options...
Staff screen317 Posted April 7, 2011 Staff ID:412760 Share Posted April 7, 2011 Hi,Navigate to Start --> Run, and type Combofix /uninstall in the box that appears. Click OK afterward. Notice the space between the X and the /uninstallThis uninstalls all of ComboFix's components.Delete SecurityCheck.Yes things look good from here. You can try these antiviruses if you don't like Avira:Microsoft Security Essentialsavast!. Link to post Share on other sites More sharing options...
reddog Posted April 8, 2011 Author ID:413155 Share Posted April 8, 2011 thanks for your help Link to post Share on other sites More sharing options...
Staff screen317 Posted April 11, 2011 Staff ID:414581 Share Posted April 11, 2011 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts