Jump to content

Recommended Posts

Just to explain ...ive just had my netbook fixed on here....but last night my wife said she was getting security pop us on our main PC...i immediately turned off...on reboot i scanned with malwarebytes which picked up some nasties...aslo i used 2 online scanners...with nothing showing.

I also did a system restore (which these days is unusual as that usually is disabled with malware in my experience).

Anyway it seems to be running ok but im a bit paranoid as we do our online banking on this PC ....can anyone have a quick look to give me a possible all clear???

Link to post
Share on other sites

  • Staff

Hi,

Sure we can take a look. :)

Please update MBAM, run a Quick Scan, and post its log.

Next, download DDS by sUBs and save it to your Desktop.

Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post only DDS.txt directly into your reply.

Link to post
Share on other sites

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 5044

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

09/05/2011 09:16:12

mbam-log-2011-05-09 (09-16-12).txt

Scan type: Quick scan

Objects scanned: 186570

Time elapsed: 12 minute(s), 45 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 18

Registry Values Infected: 2

Registry Data Items Infected: 0

Folders Infected: 7

Files Infected: 9

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CLASSES_ROOT\hbliteax.info (Adware.Hotbar) -> No action taken.

HKEY_CLASSES_ROOT\TypeLib\{6f098504-cdb1-420f-a2e6-ddc0b835fedf} (Adware.Hotbar) -> No action taken.

HKEY_CLASSES_ROOT\Interface\{30b15818-e110-4527-9c05-46ace5a3460d} (Adware.Hotbar) -> No action taken.

HKEY_CLASSES_ROOT\Interface\{618aad04-921f-44c2-be38-c0818af69861} (Adware.Hotbar) -> No action taken.

HKEY_CLASSES_ROOT\Interface\{b5d2ed96-62f9-4c2c-956d-e425b1f67337} (Adware.Hotbar) -> No action taken.

HKEY_CLASSES_ROOT\Interface\{d3a412e8-1e4b-47d2-9b12-f88291f5afbb} (Adware.Hotbar) -> No action taken.

HKEY_CLASSES_ROOT\CLSID\{4d1ec4ca-4b92-4324-b8f8-c9a6ed06a8ae} (Adware.Hotbar) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4d1ec4ca-4b92-4324-b8f8-c9a6ed06a8ae} (Adware.Hotbar) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4d1ec4ca-4b92-4324-b8f8-c9a6ed06a8ae} (Adware.Hotbar) -> No action taken.

HKEY_CLASSES_ROOT\CLSID\{4e674574-3f0b-491d-8ae3-f90b43a34fd6} (Adware.Hotbar) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4e674574-3f0b-491d-8ae3-f90b43a34fd6} (Adware.Hotbar) -> No action taken.

HKEY_CLASSES_ROOT\hbliteax.info.1 (Adware.Hotbar) -> No action taken.

HKEY_CLASSES_ROOT\hbliteax.userprofiles (Adware.Hotbar) -> No action taken.

HKEY_CLASSES_ROOT\hbliteax.userprofiles.1 (Adware.Hotbar) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{a078f691-9c07-4af2-bf43-35e79eecf8b7} (Adware.Softomate) -> No action taken.

HKEY_CURRENT_USER\Software\hblitesa (Adware.HotBar) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\HBLite (Adware.HotBar) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HBLiteSA (Adware.HotBar) -> No action taken.

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hblitesa (Adware.Hotbar) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions\hblite@hblite.com (Adware.HotBar) -> No action taken.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

C:\Program Files\HBLite (Adware.Hotbar) -> No action taken.

C:\Program Files\HBLite\bin (Adware.Hotbar) -> No action taken.

C:\Program Files\HBLite\bin\11.0.345.0 (Adware.Hotbar) -> No action taken.

C:\Program Files\HBLite\bin\11.0.345.0\firefox (Adware.Hotbar) -> No action taken.

C:\Program Files\HBLite\bin\11.0.345.0\firefox\extensions (Adware.Hotbar) -> No action taken.

C:\Program Files\HBLite\bin\11.0.345.0\firefox\extensions\plugins (Adware.Hotbar) -> No action taken.

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotbar (Adware.Hotbar) -> No action taken.

Files Infected:

C:\Program Files\HBLite\bin\11.0.345.0\HBLiteSA.exe (Adware.Hotbar) -> No action taken.

C:\Program Files\HBLite\bin\11.0.345.0\HBLiteSAAX.dll (Adware.Hotbar) -> No action taken.

C:\Program Files\Mozilla Firefox\plugins\npclntax_HBLiteSA.dll (Adware.Hotbar) -> No action taken.

C:\Program Files\HBLite\bin\11.0.345.0\HBLiteSAHook.dll (Adware.Hotbar) -> No action taken.

C:\Program Files\HBLite\bin\11.0.345.0\HBLiteUninstaller.exe (Adware.Hotbar) -> No action taken.

C:\Program Files\HBLite\bin\11.0.345.0\firefox\extensions\plugins\npclntax_HBLiteSA.dll (Adware.Hotbar) -> No action taken.

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotbar\About Hotbar.lnk (Adware.Hotbar) -> No action taken.

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotbar\Hotbar Customer Support Center.lnk (Adware.Hotbar) -> No action taken.

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotbar\Hotbar Uninstall Instructions.lnk (Adware.Hotbar) -> No action taken.

Link to post
Share on other sites

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 5044

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

09/05/2011 09:16:12

mbam-log-2011-05-09 (09-16-12).txt

Scan type: Quick scan

Objects scanned: 186570

Time elapsed: 12 minute(s), 45 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 18

Registry Values Infected: 2

Registry Data Items Infected: 0

Folders Infected: 7

Files Infected: 9

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CLASSES_ROOT\hbliteax.info (Adware.Hotbar) -> No action taken.

HKEY_CLASSES_ROOT\TypeLib\{6f098504-cdb1-420f-a2e6-ddc0b835fedf} (Adware.Hotbar) -> No action taken.

HKEY_CLASSES_ROOT\Interface\{30b15818-e110-4527-9c05-46ace5a3460d} (Adware.Hotbar) -> No action taken.

HKEY_CLASSES_ROOT\Interface\{618aad04-921f-44c2-be38-c0818af69861} (Adware.Hotbar) -> No action taken.

HKEY_CLASSES_ROOT\Interface\{b5d2ed96-62f9-4c2c-956d-e425b1f67337} (Adware.Hotbar) -> No action taken.

HKEY_CLASSES_ROOT\Interface\{d3a412e8-1e4b-47d2-9b12-f88291f5afbb} (Adware.Hotbar) -> No action taken.

HKEY_CLASSES_ROOT\CLSID\{4d1ec4ca-4b92-4324-b8f8-c9a6ed06a8ae} (Adware.Hotbar) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4d1ec4ca-4b92-4324-b8f8-c9a6ed06a8ae} (Adware.Hotbar) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4d1ec4ca-4b92-4324-b8f8-c9a6ed06a8ae} (Adware.Hotbar) -> No action taken.

HKEY_CLASSES_ROOT\CLSID\{4e674574-3f0b-491d-8ae3-f90b43a34fd6} (Adware.Hotbar) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4e674574-3f0b-491d-8ae3-f90b43a34fd6} (Adware.Hotbar) -> No action taken.

HKEY_CLASSES_ROOT\hbliteax.info.1 (Adware.Hotbar) -> No action taken.

HKEY_CLASSES_ROOT\hbliteax.userprofiles (Adware.Hotbar) -> No action taken.

HKEY_CLASSES_ROOT\hbliteax.userprofiles.1 (Adware.Hotbar) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{a078f691-9c07-4af2-bf43-35e79eecf8b7} (Adware.Softomate) -> No action taken.

HKEY_CURRENT_USER\Software\hblitesa (Adware.HotBar) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\HBLite (Adware.HotBar) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HBLiteSA (Adware.HotBar) -> No action taken.

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hblitesa (Adware.Hotbar) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions\hblite@hblite.com (Adware.HotBar) -> No action taken.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

C:\Program Files\HBLite (Adware.Hotbar) -> No action taken.

C:\Program Files\HBLite\bin (Adware.Hotbar) -> No action taken.

C:\Program Files\HBLite\bin\11.0.345.0 (Adware.Hotbar) -> No action taken.

C:\Program Files\HBLite\bin\11.0.345.0\firefox (Adware.Hotbar) -> No action taken.

C:\Program Files\HBLite\bin\11.0.345.0\firefox\extensions (Adware.Hotbar) -> No action taken.

C:\Program Files\HBLite\bin\11.0.345.0\firefox\extensions\plugins (Adware.Hotbar) -> No action taken.

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotbar (Adware.Hotbar) -> No action taken.

Files Infected:

C:\Program Files\HBLite\bin\11.0.345.0\HBLiteSA.exe (Adware.Hotbar) -> No action taken.

C:\Program Files\HBLite\bin\11.0.345.0\HBLiteSAAX.dll (Adware.Hotbar) -> No action taken.

C:\Program Files\Mozilla Firefox\plugins\npclntax_HBLiteSA.dll (Adware.Hotbar) -> No action taken.

C:\Program Files\HBLite\bin\11.0.345.0\HBLiteSAHook.dll (Adware.Hotbar) -> No action taken.

C:\Program Files\HBLite\bin\11.0.345.0\HBLiteUninstaller.exe (Adware.Hotbar) -> No action taken.

C:\Program Files\HBLite\bin\11.0.345.0\firefox\extensions\plugins\npclntax_HBLiteSA.dll (Adware.Hotbar) -> No action taken.

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotbar\About Hotbar.lnk (Adware.Hotbar) -> No action taken.

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotbar\Hotbar Customer Support Center.lnk (Adware.Hotbar) -> No action taken.

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotbar\Hotbar Uninstall Instructions.lnk (Adware.Hotbar) -> No action taken.

Link to post
Share on other sites

DDS (Ver_11-03-05.01) - NTFSx86

Run by Clive at 10:23:00.02 on 09/05/2011

Internet Explorer: 8.0.7600.16385

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.44.1033.18.3327.2294 [GMT 1:00]

.

AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\PROGRA~1\AVG\AVG10\avgchsvx.exe

C:\PROGRA~1\AVG\AVG10\avgrsx.exe

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\AVG\AVG10\avgwdsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Webroot\Washer\WasherSvc.exe

C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe

C:\Windows\system32\nvvsvc.exe

C:\Program Files\AVG\AVG10\avgnsx.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\AVG\AVG10\avgtray.exe

C:\Program Files\DivX\DivX Update\DivXUpdate.exe

C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe

C:\Users\Clive\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Program Files\Google\Update\GoogleUpdate.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Users\Clive\Desktop\dds.scr

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.sky.com/

uInternet Settings,ProxyOverride = *.local

uURLSearchHooks: Online Games Bar Toolbar: {5bd40c9f-1248-4a8f-8b23-e7861c1ad7a1} - c:\program files\online_games_bar\tbOnli.dll

mURLSearchHooks: Online Games Bar Toolbar: {5bd40c9f-1248-4a8f-8b23-e7861c1ad7a1} - c:\program files\online_games_bar\tbOnli.dll

BHO: vShare Plugin: {043c5167-00bb-4324-af7e-62013faedacf} - c:\program files\vshare\vshare_toolbar.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: PlaySushi: {21608b66-026f-4dcb-9244-0daca328dced} - c:\program files\playsushi\PSText.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll

BHO: Online Games Bar Toolbar: {5bd40c9f-1248-4a8f-8b23-e7861c1ad7a1} - c:\program files\online_games_bar\tbOnli.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.6209.1142\swg.dll

BHO: GOM Player + Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: Online Games Bar Toolbar: {5bd40c9f-1248-4a8f-8b23-e7861c1ad7a1} - c:\program files\online_games_bar\tbOnli.dll

TB: GOM Player + Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll

TB: vShare Plugin: {043c5167-00bb-4324-af7e-62013faedacf} - c:\program files\vshare\vshare_toolbar.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [sansaDispatch] c:\users\clive\appdata\roaming\sandisk\sansa updater\SansaDispatch.exe

uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun

uRun: [EPSON S21 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatifae.exe /fu "c:\windows\temp\E_SF69.tmp" /EF "HKCU"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe

mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html

IE: {95B3F550-91C4-4627-BCC4-521288C52977} - c:\program files\pplive\pptv\PPLive.exe

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL

IE: {EBD24BD3-E272-4FA3-A8BA-C5D709757CAB} - {EBD24BD3-E272-4FA3-A8BA-C5D709757CAB} - c:\program files\playsushi\PSText.dll

DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab

DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab

DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-29-0.cab

DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} - hxxp://www.vexcast.com/download/vexcast.cab

DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} - hxxp://imikimi.com/download/imikimi_plugin_0.5.1.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll

Handler: vsharechrome - {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - c:\program files\vshare\vshare_toolbar.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\clive\appdata\roaming\mozilla\firefox\profiles\t58w0cq6.default\

FF - prefs.js: browser.search.selectedEngine - AVG Secure Search

FF - prefs.js: keyword.URL - hxxp://search.avg.com/?d=4dc3bb72&i=23&tp=ab&nt=1&q=

FF - prefs.js: keyword.enabled - trueFF - prefs.js: network.proxy.type - 0

FF - component: c:\program files\avg\avg10\firefox\components\avgssff.dll

FF - component: c:\users\clive\appdata\roaming\mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@playsushi.com\components\PlaySushiFF.dll

FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll

FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\veetle\player\npvlc.dll

FF - plugin: c:\program files\veetle\plugins\npVeetle.dll

FF - plugin: c:\program files\veetle\vlcbroadcast\npvbp.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-2-22 22992]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-1-19 32464]

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2010-4-28 28552]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-1-7 248656]

R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-3-1 34896]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-2-10 296400]

R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-2-15 7421280]

R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-4-30 304464]

R2 wwEngineSvc;Window Washer Engine;c:\program files\webroot\washer\WasherSvc.exe [2010-5-10 615312]

R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-3-30 134480]

R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-2-10 24144]

R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-2-10 21968]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-3-22 20952]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-12-20 135664]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 F-Secure Standalone Minifilter;F-Secure Standalone Minifilter;c:\users\clive\appdata\local\temp\onlinescanner\anti-virus\fsgk.sys [2011-5-2 70144]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-12-20 135664]

S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-6-9 1343400]

.

=============== Created Last 30 ================

.

2011-05-02 20:53:14 -------- d-----w- c:\users\clive\appdata\roaming\f-secure

2011-05-02 20:43:51 2331136 ----a-w- c:\windows\system32\win32k.sys

2011-05-02 20:43:46 191488 ----a-w- c:\windows\system32\FXSCOVER.exe

2011-05-02 20:43:43 740864 ----a-w- c:\windows\system32\inetcomm.dll

2011-05-02 20:43:38 1164288 ----a-w- c:\windows\system32\mfc42u.dll

2011-05-02 20:43:38 1137664 ----a-w- c:\windows\system32\mfc42.dll

2011-05-02 20:37:31 95744 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys

2011-05-02 20:37:31 69632 ----a-w- c:\windows\system32\drivers\bowser.sys

2011-05-02 20:37:31 221696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

2011-05-02 20:37:31 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-05-02 20:10:07 -------- d-----w- c:\program files\MALWAREBYTES ANTI-MALWARE

2011-04-09 14:56:07 -------- d-----w- c:\program files\SmartDraw VP

.

==================== Find3M ====================

.

2011-03-03 05:29:23 132608 ----a-w- c:\windows\system32\dnsrslvr.dll

2011-03-03 05:27:30 28672 ----a-w- c:\windows\system32\dnscacheugc.exe

2011-02-24 05:32:44 981504 ----a-w- c:\windows\system32\wininet.dll

2011-02-24 05:30:16 44544 ----a-w- c:\windows\system32\licmgr10.dll

2011-02-24 04:23:48 386048 ----a-w- c:\windows\system32\html.iec

2011-02-24 03:50:26 1638912 ----a-w- c:\windows\system32\mshtml.tlb

2011-02-19 05:32:08 34304 ----a-w- c:\windows\system32\atmlib.dll

2011-02-19 03:37:02 294912 ----a-w- c:\windows\system32\atmfd.dll

2011-02-18 05:36:26 428032 ----a-w- c:\windows\system32\vbscript.dll

.

============= FINISH: 10:24:19.08 ===============

Link to post
Share on other sites

  • Staff

Hi,

Please update MBAM, run a Quick Scan, and post its log. Remove everything found.

Please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

-screen317

Link to post
Share on other sites

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 6559

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

12/05/2011 06:54:19

mbam-log-2011-05-12 (06-54-19).txt

Scan type: Quick scan

Objects scanned: 208205

Time elapsed: 12 minute(s), 34 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 1

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

C:\Users\Clive\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@playsushi.com (PUP.PlaySushi) -> Quarantined and deleted successfully.

Files Infected:

C:\Users\Clive\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@playsushi.com\chrome.manifest (PUP.PlaySushi) -> Quarantined and deleted successfully.

combofix to follow

Link to post
Share on other sites

ComboFix 11-05-11.02 - Clive 12/05/2011 8:51.1.4 - x86

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.44.1033.18.3327.2438 [GMT 1:00]

Running from: c:\users\Clive\Desktop\ComboFix.exe

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\favoritevideo\InvisibleFolder

c:\favoritevideo\InvisibleFolder\_db_big20101021.zip

c:\favoritevideo\InvisibleFolder\_db_big20101026.zip

c:\favoritevideo\InvisibleFolder\_db_big20101031.zip

c:\favoritevideo\InvisibleFolder\_db_big20101125.zip

c:\favoritevideo\InvisibleFolder\_db_big20101130.zip

c:\favoritevideo\InvisibleFolder\_db_big20101205.zip

c:\favoritevideo\InvisibleFolder\_db_big20101210.zip

c:\favoritevideo\InvisibleFolder\_db_big20110114.zip

c:\favoritevideo\InvisibleFolder\_db_big20110119.zip.tpp

c:\favoritevideo\InvisibleFolder\_db_big20110120.zip

c:\favoritevideo\InvisibleFolder\_db_big20110125.zip.tpp

c:\favoritevideo\InvisibleFolder\_db_big20110204.zip.tpp

c:\favoritevideo\InvisibleFolder\_db_big20110207.zip

c:\favoritevideo\InvisibleFolder\_db_big20110212.zip

c:\favoritevideo\InvisibleFolder\_db_big20110218.zip

c:\favoritevideo\InvisibleFolder\_db_big20110305.zip

c:\favoritevideo\InvisibleFolder\_db_big20110315.zip

c:\favoritevideo\InvisibleFolder\_db_big20110320.zip

c:\favoritevideo\InvisibleFolder\_db_big20110321.zip

c:\favoritevideo\InvisibleFolder\_db_big20110324.zip

c:\favoritevideo\InvisibleFolder\_db_big20110403.zip

c:\favoritevideo\InvisibleFolder\_db_big20110406.zip

c:\favoritevideo\InvisibleFolder\ckdll.dll

c:\favoritevideo\InvisibleFolder\mir.dll

c:\favoritevideo\InvisibleFolder\peer(0).dll

c:\favoritevideo\InvisibleFolder\peer(1).dll

c:\favoritevideo\InvisibleFolder\peer(2).dll

c:\favoritevideo\InvisibleFolder\peer(3).dll

c:\favoritevideo\InvisibleFolder\peer.dll

c:\favoritevideo\InvisibleFolder\pptvsetup_2.6.1.0008_s.exe

c:\favoritevideo\InvisibleFolder\pptvsetup_2.6.3.0007_s2.exe

c:\favoritevideo\InvisibleFolder\pptvsetup_2.7.0.0031_s.exe

c:\favoritevideo\InvisibleFolder\pptvsetup_2.7.0.0036_s.exe.tpp

c:\favoritevideo\InvisibleFolder\pptvsetup_2.7.0.0038_s.exe

c:\favoritevideo\InvisibleFolder\TipsClient.dll

c:\program files\PlaySushi\PSTExt.dll

c:\users\Clive\AppData\Roaming\inst.exe

c:\windows\7Loader.TAG

c:\windows\system32\Nagasoft

c:\windows\system32\Nagasoft\Codecs\asyncflt.ax

c:\windows\system32\Nagasoft\Codecs\atrc.dll

c:\windows\system32\Nagasoft\Codecs\cook.dll

c:\windows\system32\Nagasoft\Codecs\drvc.dll

c:\windows\system32\Nagasoft\Codecs\raac.dll

c:\windows\system32\Nagasoft\Codecs\RealMediaSplitter.ax

c:\windows\system32\Nagasoft\Codecs\WMFDemux.dll

c:\windows\system32\Nagasoft\GifShower.dll

c:\windows\system32\Nagasoft\vjocx.dll

c:\windows\system32\system

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Service_vvdsvc

-------\Service_vvdsvc

.

.

((((((((((((((((((((((((( Files Created from 2011-04-12 to 2011-05-12 )))))))))))))))))))))))))))))))

.

.

2011-05-12 07:56 . 2011-05-12 07:56 -------- d-----w- c:\users\Simone\AppData\Local\temp

2011-05-12 07:56 . 2011-05-12 07:56 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-05-12 07:56 . 2011-05-12 07:56 -------- d-----w- c:\users\Elise\AppData\Local\temp

2011-05-12 07:56 . 2011-05-12 07:56 -------- d-----w- c:\users\Alanda\AppData\Local\temp

2011-05-02 20:53 . 2011-05-02 20:53 -------- d-----w- c:\users\Clive\AppData\Roaming\f-secure

2011-05-02 20:43 . 2011-03-03 03:31 2331136 ----a-w- c:\windows\system32\win32k.sys

2011-05-02 20:43 . 2011-02-12 05:30 191488 ----a-w- c:\windows\system32\FXSCOVER.exe

2011-05-02 20:43 . 2011-03-08 05:38 740864 ----a-w- c:\windows\system32\inetcomm.dll

2011-05-02 20:43 . 2011-03-11 05:40 1164288 ----a-w- c:\windows\system32\mfc42u.dll

2011-05-02 20:43 . 2011-03-11 05:40 1137664 ----a-w- c:\windows\system32\mfc42.dll

2011-05-02 20:37 . 2011-02-23 05:05 221696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

2011-05-02 20:37 . 2011-02-23 05:05 95744 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys

2011-05-02 20:37 . 2011-02-23 05:05 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-05-02 20:37 . 2011-02-23 05:05 69632 ----a-w- c:\windows\system32\drivers\bowser.sys

2011-05-02 20:10 . 2011-05-02 20:10 -------- d-----w- c:\program files\MALWAREBYTES ANTI-MALWARE

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

.

------- Sigcheck -------

.

[-] 2010-06-12 . 7BD7F45FF37FA0669CD32CA0EF46E22C . 811520 . . [6.1.7600.16385] . . c:\windows\System32\user32.dll

[7] 2009-07-14 . 34B7E222E81FAFA885F0C5F2CFA56861 . 811520 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{5bd40c9f-1248-4a8f-8b23-e7861c1ad7a1}"= "c:\program files\Online_Games_Bar\tbOnli.dll" [2009-12-31 2349080]

.

[HKEY_CLASSES_ROOT\clsid\{5bd40c9f-1248-4a8f-8b23-e7861c1ad7a1}]

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5bd40c9f-1248-4a8f-8b23-e7861c1ad7a1}]

2009-12-31 11:53 2349080 ----a-w- c:\program files\Online_Games_Bar\tbOnli.dll

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]

2010-05-26 14:23 1385864 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{5bd40c9f-1248-4a8f-8b23-e7861c1ad7a1}"= "c:\program files\Online_Games_Bar\tbOnli.dll" [2009-12-31 2349080]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]

.

[HKEY_CLASSES_ROOT\clsid\{5bd40c9f-1248-4a8f-8b23-e7861c1ad7a1}]

.

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]

"{5BD40C9F-1248-4A8F-8B23-E7861C1AD7A1}"= "c:\program files\Online_Games_Bar\tbOnli.dll" [2009-12-31 2349080]

.

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

.

[HKEY_CLASSES_ROOT\clsid\{5bd40c9f-1248-4a8f-8b23-e7861c1ad7a1}]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-03-31 39408]

"SansaDispatch"="c:\users\Clive\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe" [2010-07-04 79872]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux2"=wdmaud.drv

.

[HKLM\~\startupfolder\C:^Users^Clive^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]

path=c:\users\Clive\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk

backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup

backupExtension=.Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

2007-06-27 19:03 152872 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]

2008-10-25 10:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2010-07-21 14:53 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]

2010-04-29 14:39 437584 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2007-03-01 15:57 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PPAP]

2010-02-04 05:37 173512 ----a-w- c:\program files\Common Files\PPLiveNetwork\ppap.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-03-18 21:16 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-12-20 135664]

R3 F-Secure Standalone Minifilter;F-Secure Standalone Minifilter;c:\users\Clive\AppData\Local\Temp\OnlineScanner\Anti-Virus\fsgk.sys [x]

R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2009-12-20 135664]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-09 1343400]

S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-06-30 28552]

S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2010-04-29 304464]

S2 wwEngineSvc;Window Washer Engine;c:\program files\Webroot\Washer\WasherSvc.exe [2010-10-14 615312]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-04-29 20952]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

vvdsvc REG_MULTI_SZ vvdsvc

.

Contents of the 'Scheduled Tasks' folder

.

2011-05-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-20 12:40]

.

2011-05-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-20 12:40]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.sky.com/

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html

DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} - hxxp://imikimi.com/download/imikimi_plugin_0.5.1.cab

FF - ProfilePath - c:\users\Clive\AppData\Roaming\Mozilla\Firefox\Profiles\t58w0cq6.default\

FF - prefs.js: browser.search.selectedEngine - AVG Secure Search

FF - prefs.js: keyword.URL - hxxp://search.avg.com/?d=4dc3bb72&i=23&tp=ab&nt=1&q=

FF - prefs.js: keyword.enabled - true

FF - prefs.js: network.proxy.type - 0

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

.

- - - - ORPHANS REMOVED - - - -

.

Notify-WgaLogon - (no file)

MSConfigStartUp-J8RPLTROBQ - c:\users\Clive\AppData\Local\Temp\c.exe

MSConfigStartUp-LosAlamos - c:\windows\system32\sshnas.dll

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-269602781-4124218411-4152644682-1001\Software\SecuROM\License information*]

"datasecu"=hex:51,5d,b2,de,87,cb,5e,21,a2,38,88,99,1e,00,59,f5,47,b5,28,cd,b0,

5e,d4,a9,69,e5,2b,e3,81,64,bb,c4,dc,3b,10,aa,e4,93,9f,2d,05,d8,aa,0e,aa,cd,\

"rkeysecu"=hex:48,9d,86,85,06,f4,0a,99,28,af,b0,61,e7,79,87,7c

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\nvvsvc.exe

c:\windows\system32\AUDIODG.EXE

c:\windows\system32\nvvsvc.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\windows\system32\taskhost.exe

c:\windows\system32\conhost.exe

c:\program files\Windows Media Player\wmpnetwk.exe

.

**************************************************************************

.

Completion time: 2011-05-12 09:06:53 - machine was rebooted

ComboFix-quarantined-files.txt 2011-05-12 08:06

.

Pre-Run: 342,765,256,704 bytes free

Post-Run: 345,876,303,872 bytes free

.

- - End Of File - - 1DBE3B2686A472225F576832F3262F86

Link to post
Share on other sites

.

DDS (Ver_11-03-05.01) - NTFSx86

Run by Clive at 11:03:30.66 on 12/05/2011

Internet Explorer: 8.0.7600.16385

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.44.1033.18.3327.2571 [GMT 1:00]

.

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Webroot\Washer\WasherSvc.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\DivX\DivX Update\DivXUpdate.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Users\Clive\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Common Files\Java\Java Update\jucheck.exe

C:\Users\Clive\Desktop\dds.scr

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.sky.com/

uInternet Settings,ProxyOverride = *.local

uURLSearchHooks: Online Games Bar Toolbar: {5bd40c9f-1248-4a8f-8b23-e7861c1ad7a1} - c:\program files\online_games_bar\tbOnli.dll

mURLSearchHooks: Online Games Bar Toolbar: {5bd40c9f-1248-4a8f-8b23-e7861c1ad7a1} - c:\program files\online_games_bar\tbOnli.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File

BHO: Online Games Bar Toolbar: {5bd40c9f-1248-4a8f-8b23-e7861c1ad7a1} - c:\program files\online_games_bar\tbOnli.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.6209.1142\swg.dll

BHO: GOM Player + Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: Online Games Bar Toolbar: {5bd40c9f-1248-4a8f-8b23-e7861c1ad7a1} - c:\program files\online_games_bar\tbOnli.dll

TB: GOM Player + Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [sansaDispatch] c:\users\clive\appdata\roaming\sandisk\sansa updater\SansaDispatch.exe

uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"

mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html

IE: {95B3F550-91C4-4627-BCC4-521288C52977} - c:\program files\pplive\pptv\PPLive.exe

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL

DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab

DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab

DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-29-0.cab

DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} - hxxp://www.vexcast.com/download/vexcast.cab

DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} - hxxp://imikimi.com/download/imikimi_plugin_0.5.1.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\clive\appdata\roaming\mozilla\firefox\profiles\t58w0cq6.default\

FF - prefs.js: browser.search.selectedEngine - AVG Secure Search

FF - prefs.js: keyword.URL - hxxp://search.avg.com/?d=4dc3bb72&i=23&tp=ab&nt=1&q=

FF - prefs.js: network.proxy.type - 0

FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll

FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll

FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\veetle\player\npvlc.dll

FF - plugin: c:\program files\veetle\plugins\npVeetle.dll

FF - plugin: c:\program files\veetle\vlcbroadcast\npvbp.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

.

============= SERVICES / DRIVERS ===============

.

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2010-4-28 28552]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-4-30 304464]

R2 wwEngineSvc;Window Washer Engine;c:\program files\webroot\washer\WasherSvc.exe [2010-5-10 615312]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-3-22 20952]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-12-20 135664]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-12-20 135664]

S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-6-9 1343400]

.

=============== Created Last 30 ================

.

2011-05-12 08:02:30 -------- d-----w- C:\$RECYCLE.BIN

2011-05-12 07:47:49 98816 ----a-w- c:\windows\sed.exe

2011-05-12 07:47:49 89088 ----a-w- c:\windows\MBR.exe

2011-05-12 07:47:49 256512 ----a-w- c:\windows\PEV.exe

2011-05-12 07:47:49 161792 ----a-w- c:\windows\SWREG.exe

2011-05-12 05:39:13 3957632 ----a-w- c:\windows\system32\ntkrnlpa.exe

2011-05-12 05:39:12 3901824 ----a-w- c:\windows\system32\ntoskrnl.exe

2011-05-02 20:53:14 -------- d-----w- c:\users\clive\appdata\roaming\f-secure

2011-05-02 20:43:51 2331136 ----a-w- c:\windows\system32\win32k.sys

2011-05-02 20:43:46 191488 ----a-w- c:\windows\system32\FXSCOVER.exe

2011-05-02 20:43:43 740864 ----a-w- c:\windows\system32\inetcomm.dll

2011-05-02 20:43:38 1164288 ----a-w- c:\windows\system32\mfc42u.dll

2011-05-02 20:43:38 1137664 ----a-w- c:\windows\system32\mfc42.dll

2011-05-02 20:37:31 95744 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys

2011-05-02 20:37:31 69632 ----a-w- c:\windows\system32\drivers\bowser.sys

2011-05-02 20:37:31 221696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

2011-05-02 20:37:31 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-05-02 20:10:07 -------- d-----w- c:\program files\MALWAREBYTES ANTI-MALWARE

.

==================== Find3M ====================

.

2011-03-03 05:29:23 132608 ----a-w- c:\windows\system32\dnsrslvr.dll

2011-03-03 05:27:30 28672 ----a-w- c:\windows\system32\dnscacheugc.exe

2011-02-24 05:32:44 981504 ----a-w- c:\windows\system32\wininet.dll

2011-02-24 05:30:16 44544 ----a-w- c:\windows\system32\licmgr10.dll

2011-02-24 04:23:48 386048 ----a-w- c:\windows\system32\html.iec

2011-02-24 03:50:26 1638912 ----a-w- c:\windows\system32\mshtml.tlb

2011-02-19 05:32:08 34304 ----a-w- c:\windows\system32\atmlib.dll

2011-02-19 03:37:02 294912 ----a-w- c:\windows\system32\atmfd.dll

2011-02-18 05:36:26 428032 ----a-w- c:\windows\system32\vbscript.dll

.

============= FINISH: 11:04:07.99 ===============

Link to post
Share on other sites

  • Staff

Hi,

I see the Ask Toolbar in your log.

I strongly recommend you remove Ask Toolbar from your computer because:

  • It promotes its toolbars on sites targeted at kids.
  • It promotes its toolbars through ads that appear to be part of other companies' sites.
  • It promotes its toolbars through other companies' spyware.
  • It is Installed without any disclosure whatsoever and without any consent from the user whatsoever.
  • It Solicits installations via "deceptive door openers" that do not accurately describe the offer; failing to affirmatively show a license agreement; linking to a EULA via an off-screen link.
  • It makes confusing changes to user's browsers -- increasing Ask's revenues while taking users to pages they didn't intend to visit.

You can read more about Ask.com here

To remove it:

Click Start-->Control Panel-->Programs and Features

Click on the program name AskBarDis to highlight it

From the menu at the top, select Uninstall or Remove.

Same goes for Online Games Toolbar.

Please reboot the computer.

Next, please delete your copy of ComboFix, download the latest version from here, and save it to your Desktop. Do not run it yet.

Next, please open Notepad - don't use any other text editor than notepad or the script will fail.

Copy/paste the text in the box below into Notepad:

FCOPY::
c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll | c:\windows\System32\user32.dll

Save this as CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

CFScriptB-4.gif

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new DDS log.

-screen317

Link to post
Share on other sites

ComboFix 11-05-14.03 - Clive 15/05/2011 19:13:11.2.4 - x86

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.44.1033.18.3327.2354 [GMT 1:00]

Running from: c:\users\Clive\Desktop\ComboFix.exe

Command switches used :: c:\users\Clive\Desktop\CFScript.txt

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\favoritevideo\InvisibleFolder

c:\favoritevideo\InvisibleFolder\peer.dll

.

.

((((((((((((((((((((((((( Files Created from 2011-04-15 to 2011-05-15 )))))))))))))))))))))))))))))))

.

.

2011-05-15 18:18 . 2011-05-15 18:18 -------- d-----w- c:\users\Simone\AppData\Local\temp

2011-05-15 18:18 . 2011-05-15 18:18 -------- d-----w- c:\users\Elise\AppData\Local\temp

2011-05-15 18:18 . 2011-05-15 18:18 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-05-15 18:18 . 2011-05-15 18:18 -------- d-----w- c:\users\Alanda\AppData\Local\temp

2011-05-13 09:31 . 2011-05-13 09:31 -------- d-----w- c:\program files\Common Files\Java

2011-05-13 09:04 . 2011-05-13 09:28 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll

2011-05-13 08:32 . 2011-05-10 11:59 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2011-05-13 08:32 . 2011-05-10 12:03 307928 ----a-w- c:\windows\system32\drivers\aswSP.sys

2011-05-13 08:32 . 2011-05-10 12:02 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2011-05-13 08:32 . 2011-05-10 11:59 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2011-05-13 08:32 . 2011-05-10 12:03 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2011-05-13 08:30 . 2011-05-10 11:59 53592 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2011-05-13 08:30 . 2011-05-10 12:10 40112 ----a-w- c:\windows\avastSS.scr

2011-05-13 08:30 . 2011-05-10 12:10 199304 ----a-w- c:\windows\system32\aswBoot.exe

2011-05-13 08:30 . 2011-05-13 08:30 -------- d-----w- c:\programdata\AVAST Software

2011-05-13 08:30 . 2011-05-13 08:30 -------- d-----w- c:\program files\AVAST Software

2011-05-12 05:39 . 2011-04-09 06:13 3957632 ----a-w- c:\windows\system32\ntkrnlpa.exe

2011-05-12 05:39 . 2011-04-09 06:13 3901824 ----a-w- c:\windows\system32\ntoskrnl.exe

2011-05-02 20:53 . 2011-05-02 20:53 -------- d-----w- c:\users\Clive\AppData\Roaming\f-secure

2011-05-02 20:44 . 2011-02-23 05:06 311296 ----a-w- c:\windows\system32\drivers\srv.sys

2011-05-02 20:44 . 2011-02-23 05:05 309760 ----a-w- c:\windows\system32\drivers\srv2.sys

2011-05-02 20:44 . 2011-02-23 05:05 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys

2011-05-02 20:44 . 2011-03-03 05:29 132608 ----a-w- c:\windows\system32\dnsrslvr.dll

2011-05-02 20:44 . 2011-03-03 05:27 28672 ----a-w- c:\windows\system32\dnscacheugc.exe

2011-05-02 20:44 . 2011-02-19 05:32 34304 ----a-w- c:\windows\system32\atmlib.dll

2011-05-02 20:44 . 2011-02-19 03:37 294912 ----a-w- c:\windows\system32\atmfd.dll

2011-05-02 20:43 . 2011-03-03 03:31 2331136 ----a-w- c:\windows\system32\win32k.sys

2011-05-02 20:43 . 2011-02-12 05:30 191488 ----a-w- c:\windows\system32\FXSCOVER.exe

2011-05-02 20:43 . 2011-03-08 05:38 740864 ----a-w- c:\windows\system32\inetcomm.dll

2011-05-02 20:43 . 2011-03-11 05:40 1164288 ----a-w- c:\windows\system32\mfc42u.dll

2011-05-02 20:43 . 2011-03-11 05:40 1137664 ----a-w- c:\windows\system32\mfc42.dll

2011-05-02 20:37 . 2011-02-23 05:05 221696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

2011-05-02 20:37 . 2011-02-23 05:05 95744 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys

2011-05-02 20:37 . 2011-02-23 05:05 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-05-02 20:37 . 2011-02-23 05:05 69632 ----a-w- c:\windows\system32\drivers\bowser.sys

2011-05-02 20:10 . 2011-05-02 20:10 -------- d-----w- c:\program files\MALWAREBYTES ANTI-MALWARE

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-05-13 09:28 . 2010-05-02 14:59 472808 ----a-w- c:\windows\system32\deployJava1.dll

.

.

------- Sigcheck -------

.

[-] 2010-06-12 . 7BD7F45FF37FA0669CD32CA0EF46E22C . 811520 . . [6.1.7600.16385] . . c:\windows\System32\user32.dll

[7] 2009-07-14 . 34B7E222E81FAFA885F0C5F2CFA56861 . 811520 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{5bd40c9f-1248-4a8f-8b23-e7861c1ad7a1}"= "c:\program files\Online_Games_Bar\tbOnli.dll" [2009-12-31 2349080]

.

[HKEY_CLASSES_ROOT\clsid\{5bd40c9f-1248-4a8f-8b23-e7861c1ad7a1}]

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5bd40c9f-1248-4a8f-8b23-e7861c1ad7a1}]

2009-12-31 11:53 2349080 ----a-w- c:\program files\Online_Games_Bar\tbOnli.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{5bd40c9f-1248-4a8f-8b23-e7861c1ad7a1}"= "c:\program files\Online_Games_Bar\tbOnli.dll" [2009-12-31 2349080]

.

[HKEY_CLASSES_ROOT\clsid\{5bd40c9f-1248-4a8f-8b23-e7861c1ad7a1}]

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{5BD40C9F-1248-4A8F-8B23-E7861C1AD7A1}"= "c:\program files\Online_Games_Bar\tbOnli.dll" [2009-12-31 2349080]

.

[HKEY_CLASSES_ROOT\clsid\{5bd40c9f-1248-4a8f-8b23-e7861c1ad7a1}]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2011-05-10 12:10 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-03-31 39408]

"SansaDispatch"="c:\users\Clive\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe" [2010-07-04 79872]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-05-10 3459712]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-04-29 437584]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux2"=wdmaud.drv

.

[HKLM\~\startupfolder\C:^Users^Clive^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]

path=c:\users\Clive\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk

backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup

backupExtension=.Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

2007-06-27 19:03 152872 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]

2008-10-25 10:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2010-07-21 14:53 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]

2010-04-29 14:39 437584 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2007-03-01 15:57 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PPAP]

2010-02-04 05:37 173512 ----a-w- c:\program files\Common Files\PPLiveNetwork\ppap.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-03-18 21:16 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-12-20 135664]

R3 F-Secure Standalone Minifilter;F-Secure Standalone Minifilter;c:\users\Clive\AppData\Local\Temp\OnlineScanner\Anti-Virus\fsgk.sys [x]

R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2009-12-20 135664]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-09 1343400]

S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-06-30 28552]

S1 aswSnx;aswSnx; [x]

S1 aswSP;aswSP; [x]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-05-10 53592]

S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2010-04-29 304464]

S2 wwEngineSvc;Window Washer Engine;c:\program files\Webroot\Washer\WasherSvc.exe [2010-10-14 615312]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-04-29 20952]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

vvdsvc REG_MULTI_SZ vvdsvc

.

Contents of the 'Scheduled Tasks' folder

.

2011-05-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-20 12:40]

.

2011-05-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-20 12:40]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.sky.com/

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html

DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} - hxxp://imikimi.com/download/imikimi_plugin_0.5.1.cab

FF - ProfilePath - c:\users\Clive\AppData\Roaming\Mozilla\Firefox\Profiles\t58w0cq6.default\

FF - prefs.js: browser.search.selectedEngine - AVG Secure Search

FF - prefs.js: keyword.URL - hxxp://search.avg.com/?d=4dc3bb72&i=23&tp=ab&nt=1&q=

FF - prefs.js: network.proxy.type - 0

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

.

- - - - ORPHANS REMOVED - - - -

.

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-269602781-4124218411-4152644682-1001\Software\SecuROM\License information*]

"datasecu"=hex:51,5d,b2,de,87,cb,5e,21,a2,38,88,99,1e,00,59,f5,47,b5,28,cd,b0,

5e,d4,a9,69,e5,2b,e3,81,64,bb,c4,dc,3b,10,aa,e4,93,9f,2d,05,d8,aa,0e,aa,cd,\

"rkeysecu"=hex:48,9d,86,85,06,f4,0a,99,28,af,b0,61,e7,79,87,7c

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2011-05-15 19:20:43

ComboFix-quarantined-files.txt 2011-05-15 18:20

ComboFix2.txt 2011-05-12 08:06

.

Pre-Run: 341,106,634,752 bytes free

Post-Run: 341,033,193,472 bytes free

.

- - End Of File - - 89AFF9B20BBFF65CB2A59C633ED4AFF2

Link to post
Share on other sites

.

DDS (Ver_11-03-05.01) - NTFSx86

Run by Clive at 19:23:29.91 on 15/05/2011

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_25

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.44.1033.18.3327.2000 [GMT 1:00]

.

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\Windows\system32\Dwm.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Webroot\Washer\WasherSvc.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\DivX\DivX Update\DivXUpdate.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Users\Clive\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Windows\explorer.exe

C:\Users\Clive\Desktop\iexplore.exe

C:\Users\Clive\Desktop\iexplore.exe

C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Users\Clive\Desktop\dds.scr

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.sky.com/

uInternet Settings,ProxyOverride = *.local

uURLSearchHooks: Online Games Bar Toolbar: {5bd40c9f-1248-4a8f-8b23-e7861c1ad7a1} - c:\program files\online_games_bar\tbOnli.dll

mURLSearchHooks: Online Games Bar Toolbar: {5bd40c9f-1248-4a8f-8b23-e7861c1ad7a1} - c:\program files\online_games_bar\tbOnli.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File

BHO: Online Games Bar Toolbar: {5bd40c9f-1248-4a8f-8b23-e7861c1ad7a1} - c:\program files\online_games_bar\tbOnli.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.6209.1142\swg.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: Online Games Bar Toolbar: {5bd40c9f-1248-4a8f-8b23-e7861c1ad7a1} - c:\program files\online_games_bar\tbOnli.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [sansaDispatch] c:\users\clive\appdata\roaming\sandisk\sansa updater\SansaDispatch.exe

uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"

mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW

mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html

IE: {95B3F550-91C4-4627-BCC4-521288C52977} - c:\program files\pplive\pptv\PPLive.exe

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL

DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab

DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab

DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab

DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-29-0.cab

DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab

DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} - hxxp://www.vexcast.com/download/vexcast.cab

DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} - hxxp://imikimi.com/download/imikimi_plugin_0.5.1.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\clive\appdata\roaming\mozilla\firefox\profiles\t58w0cq6.default\

FF - prefs.js: browser.search.selectedEngine - AVG Secure Search

FF - prefs.js: keyword.URL - hxxp://search.avg.com/?d=4dc3bb72&i=23&tp=ab&nt=1&q=

FF - prefs.js: network.proxy.type - 0

FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll

FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll

FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\veetle\player\npvlc.dll

FF - plugin: c:\program files\veetle\plugins\npVeetle.dll

FF - plugin: c:\program files\veetle\vlcbroadcast\npvbp.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

.

============= SERVICES / DRIVERS ===============

.

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2010-4-28 28552]

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-5-13 441176]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-5-13 307928]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-5-13 19544]

R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-5-13 53592]

R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-5-13 42184]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-4-30 304464]

R2 wwEngineSvc;Window Washer Engine;c:\program files\webroot\washer\WasherSvc.exe [2010-5-10 615312]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-3-22 20952]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-12-20 135664]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-12-20 135664]

S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-6-9 1343400]

.

=============== Created Last 30 ================

.

2011-05-15 18:20:47 -------- d-sh--w- C:\$RECYCLE.BIN

2011-05-15 18:11:00 -------- d-----w- C:\ComboFix

2011-05-13 09:04:40 472808 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll

2011-05-13 08:32:51 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2011-05-13 08:30:49 53592 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2011-05-13 08:30:35 40112 ----a-w- c:\windows\avastSS.scr

2011-05-13 08:30:30 -------- d-----w- c:\program files\AVAST Software

2011-05-13 08:30:30 -------- d-----w- c:\progra~2\AVAST Software

2011-05-12 07:47:49 98816 ----a-w- c:\windows\sed.exe

2011-05-12 07:47:49 89088 ----a-w- c:\windows\MBR.exe

2011-05-12 07:47:49 256512 ----a-w- c:\windows\PEV.exe

2011-05-12 07:47:49 161792 ----a-w- c:\windows\SWREG.exe

2011-05-12 05:39:13 3957632 ----a-w- c:\windows\system32\ntkrnlpa.exe

2011-05-12 05:39:12 3901824 ----a-w- c:\windows\system32\ntoskrnl.exe

2011-05-02 20:53:14 -------- d-----w- c:\users\clive\appdata\roaming\f-secure

2011-05-02 20:44:49 311296 ----a-w- c:\windows\system32\drivers\srv.sys

2011-05-02 20:44:49 309760 ----a-w- c:\windows\system32\drivers\srv2.sys

2011-05-02 20:44:48 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys

2011-05-02 20:44:41 28672 ----a-w- c:\windows\system32\dnscacheugc.exe

2011-05-02 20:44:41 132608 ----a-w- c:\windows\system32\dnsrslvr.dll

2011-05-02 20:44:38 34304 ----a-w- c:\windows\system32\atmlib.dll

2011-05-02 20:44:38 294912 ----a-w- c:\windows\system32\atmfd.dll

2011-05-02 20:43:51 2331136 ----a-w- c:\windows\system32\win32k.sys

2011-05-02 20:43:46 191488 ----a-w- c:\windows\system32\FXSCOVER.exe

2011-05-02 20:43:43 740864 ----a-w- c:\windows\system32\inetcomm.dll

2011-05-02 20:43:38 1164288 ----a-w- c:\windows\system32\mfc42u.dll

2011-05-02 20:43:38 1137664 ----a-w- c:\windows\system32\mfc42.dll

2011-05-02 20:37:31 95744 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys

2011-05-02 20:37:31 69632 ----a-w- c:\windows\system32\drivers\bowser.sys

2011-05-02 20:37:31 221696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

2011-05-02 20:37:31 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-05-02 20:10:07 -------- d-----w- c:\program files\MALWAREBYTES ANTI-MALWARE

.

==================== Find3M ====================

.

2011-05-13 09:28:54 472808 ----a-w- c:\windows\system32\deployJava1.dll

.

============= FINISH: 19:23:50.12 ===============

Link to post
Share on other sites

.

DDS (Ver_11-03-05.01) - NTFSx86

Run by Clive at 17:11:56.63 on 20/05/2011

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_25

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.44.1033.18.3327.2266 [GMT 1:00]

.

AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Webroot\Washer\WasherSvc.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskhost.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\DivX\DivX Update\DivXUpdate.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Users\Clive\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\uTorrent\uTorrent.exe

C:\Users\Clive\Desktop\iexplore.exe

C:\Users\Clive\Desktop\iexplore.exe

C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\taskhost.exe

C:\Users\Clive\Desktop\dds.scr

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.sky.com/

uInternet Settings,ProxyOverride = *.local

uURLSearchHooks: Online Games Bar Toolbar: {5bd40c9f-1248-4a8f-8b23-e7861c1ad7a1} - c:\program files\online_games_bar\tbOnli.dll

mURLSearchHooks: Online Games Bar Toolbar: {5bd40c9f-1248-4a8f-8b23-e7861c1ad7a1} - c:\program files\online_games_bar\tbOnli.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File

BHO: Online Games Bar Toolbar: {5bd40c9f-1248-4a8f-8b23-e7861c1ad7a1} - c:\program files\online_games_bar\tbOnli.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.6209.1142\swg.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: Online Games Bar Toolbar: {5bd40c9f-1248-4a8f-8b23-e7861c1ad7a1} - c:\program files\online_games_bar\tbOnli.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [sansaDispatch] c:\users\clive\appdata\roaming\sandisk\sansa updater\SansaDispatch.exe

uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun

uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10p_ActiveX.exe -update activex

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"

mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW

mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html

IE: {95B3F550-91C4-4627-BCC4-521288C52977} - c:\program files\pplive\pptv\PPLive.exe

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL

DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab

DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab

DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab

DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-29-0.cab

DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab

DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} - hxxp://www.vexcast.com/download/vexcast.cab

DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} - hxxp://imikimi.com/download/imikimi_plugin_0.5.1.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\clive\appdata\roaming\mozilla\firefox\profiles\t58w0cq6.default\

FF - prefs.js: browser.search.selectedEngine - AVG Secure Search

FF - prefs.js: keyword.URL - hxxp://search.avg.com/?d=4dc3bb72&i=23&tp=ab&nt=1&q=

FF - prefs.js: network.proxy.type - 0

FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll

FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll

FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\veetle\player\npvlc.dll

FF - plugin: c:\program files\veetle\plugins\npVeetle.dll

FF - plugin: c:\program files\veetle\vlcbroadcast\npvbp.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

.

============= SERVICES / DRIVERS ===============

.

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2010-4-28 28552]

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-5-13 441176]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-5-13 307928]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-5-13 19544]

R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-5-13 53592]

R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-5-13 42184]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-4-30 304464]

R2 wwEngineSvc;Window Washer Engine;c:\program files\webroot\washer\WasherSvc.exe [2010-5-10 615312]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-3-22 20952]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-12-20 135664]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-12-20 135664]

S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-6-9 1343400]

.

=============== Created Last 30 ================

.

2011-05-15 18:20:47 -------- d-sh--w- C:\$RECYCLE.BIN

2011-05-15 18:11:00 -------- d-----w- C:\ComboFix

2011-05-13 09:04:40 472808 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll

2011-05-13 08:32:51 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2011-05-13 08:30:49 53592 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2011-05-13 08:30:35 40112 ----a-w- c:\windows\avastSS.scr

2011-05-13 08:30:30 -------- d-----w- c:\program files\AVAST Software

2011-05-13 08:30:30 -------- d-----w- c:\progra~2\AVAST Software

2011-05-12 07:47:49 98816 ----a-w- c:\windows\sed.exe

2011-05-12 07:47:49 89088 ----a-w- c:\windows\MBR.exe

2011-05-12 07:47:49 256512 ----a-w- c:\windows\PEV.exe

2011-05-12 07:47:49 161792 ----a-w- c:\windows\SWREG.exe

2011-05-12 05:39:13 3957632 ----a-w- c:\windows\system32\ntkrnlpa.exe

2011-05-12 05:39:12 3901824 ----a-w- c:\windows\system32\ntoskrnl.exe

2011-05-02 20:53:14 -------- d-----w- c:\users\clive\appdata\roaming\f-secure

2011-05-02 20:44:49 311296 ----a-w- c:\windows\system32\drivers\srv.sys

2011-05-02 20:44:49 309760 ----a-w- c:\windows\system32\drivers\srv2.sys

2011-05-02 20:44:48 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys

2011-05-02 20:44:41 28672 ----a-w- c:\windows\system32\dnscacheugc.exe

2011-05-02 20:44:41 132608 ----a-w- c:\windows\system32\dnsrslvr.dll

2011-05-02 20:44:38 34304 ----a-w- c:\windows\system32\atmlib.dll

2011-05-02 20:44:38 294912 ----a-w- c:\windows\system32\atmfd.dll

2011-05-02 20:43:51 2331136 ----a-w- c:\windows\system32\win32k.sys

2011-05-02 20:43:46 191488 ----a-w- c:\windows\system32\FXSCOVER.exe

2011-05-02 20:43:43 740864 ----a-w- c:\windows\system32\inetcomm.dll

2011-05-02 20:43:38 1164288 ----a-w- c:\windows\system32\mfc42u.dll

2011-05-02 20:43:38 1137664 ----a-w- c:\windows\system32\mfc42.dll

2011-05-02 20:37:31 95744 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys

2011-05-02 20:37:31 69632 ----a-w- c:\windows\system32\drivers\bowser.sys

2011-05-02 20:37:31 221696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

2011-05-02 20:37:31 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-05-02 20:10:07 -------- d-----w- c:\program files\MALWAREBYTES ANTI-MALWARE

.

==================== Find3M ====================

.

2011-05-13 09:28:54 472808 ----a-w- c:\windows\system32\deployJava1.dll

.

============= FINISH: 17:49:12.90 ===============

Link to post
Share on other sites

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_11-03-05.01)

.

Microsoft Windows 7 Ultimate

Boot Device: \Device\HarddiskVolume1

Install Date: 20/12/2009 11:40:48

System Uptime: 20/05/2011 14:53:34 (3 hours ago)

.

Motherboard: ASRock | | K10N78FullHD-hSLI..

Processor: AMD Athlon II X4 620 Processor | CPUSocket | 2600/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 466 GiB total, 312.064 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID:

Description: Coprocessor

Device ID: PCI\VEN_10DE&DEV_0753&SUBSYS_07531849&REV_A2\3&267A616A&0&0B

Manufacturer:

Name: Coprocessor

PNP Device ID: PCI\VEN_10DE&DEV_0753&SUBSYS_07531849&REV_A2\3&267A616A&0&0B

Service:

.

==== System Restore Points ===================

.

RP194: 12/05/2011 06:56:14 - Windows Update

RP195: 12/05/2011 08:34:26 - Removed AVG 2011

RP196: 12/05/2011 08:44:00 - Removed GOM Player + Ask Toolbar.

RP197: 13/05/2011 09:14:00 - Windows Modules Installer

RP198: 13/05/2011 09:21:53 - Removed GOM Player + Ask Toolbar.

RP199: 13/05/2011 09:30:16 - avast! Free Antivirus Setup

RP200: 13/05/2011 10:00:24 - Installed Java 6 Update 24

RP201: 13/05/2011 10:08:01 - Installed Java 6 Update 25

RP202: 13/05/2011 10:24:23 - Removed Java 6 Update 25

RP203: 13/05/2011 10:28:16 - Installed Java 6 Update 25

RP204: 15/05/2011 19:11:16 - ComboFix created restore point

.

==== Installed Programs ======================

.

Update for Microsoft Office 2007 (KB2508958)

Acrobat.com

Adobe AIR

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Reader 9.4.1

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Link to post
Share on other sites

  • Staff

Hi,

Your version of MBAM is out of date.

Please do the following:

  • Download and run mbam-clean.exe from here
  • It will ask to restart your computer, please allow it to do so very important
  • After the computer restarts, temporarily disable your Anti-Virus and install the latest version of Malwarebytes' Anti-Malware from here
    • Note: You will need to reactivate the program using the license you were sent via email if using the Pro version
    • Launch the program and set the Protection and Registration. Then go to the UPDATE tab if not done during installation and check for updates.
      Restart the computer again and verify that MBAM is in the task tray if using the Pro version. Now setup any file exclusions as may be required in your Anti-Virus/Internet-Security/Firewall applications and restart your Anti-Virus/Internet-Security applications. You may use the guides posted in the FAQ's here or ask and we'll explain how to do it.

Next, (after updating) run a Quick Scan, and post its log.

Link to post
Share on other sites

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 6653

Windows 6.1.7600

Internet Explorer 9.0.8112.16421

23/05/2011 17:14:15

mbam-log-2011-05-23 (17-14-15).txt

Scan type: Quick scan

Objects scanned: 214946

Time elapsed: 10 minute(s), 13 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

  • Staff

Hi,

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

-screen317

Link to post
Share on other sites

eset found nothing

security check below

Results of screen317's Security Check version 0.99.7

Windows 7 (UAC is disabled!)

Internet Explorer 8

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Enabled!

avast! Free Antivirus

ESET Online Scanner v3

WMI entry may not exist for antivirus; attempting automatic update.

```````````````````````````````

Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware

CCleaner

Java 6 Update 25

Out of date Java installed!

Adobe Flash Player 10.1.85.3

Adobe Reader 9.4.1

Out of date Adobe Reader installed!

Mozilla Firefox (3.6.11) Firefox Out of Date!

Mozilla Thunderbird (3.1.6) Thunderbird Out of Date!

````````````````````````````````

Process Check:

objlist.exe by Laurent

Malwarebytes' Anti-Malware mbamservice.exe

Malwarebytes' Anti-Malware mbamgui.exe

AVAST Software Avast AvastSvc.exe

AVAST Software Avast AvastUI.exe

``````````End of Log````````````

Link to post
Share on other sites

  • Staff

Hi,

Navigate to Start --> Run, and type Combofix /uninstall in the box that appears. Click OK afterward. Notice the space between the X and the /uninstall

This uninstalls all of ComboFix's components.

Delete SecurityCheck.

After that, navigate to Start --> Control Panel --> Add or Remove Programs, and uninstall the following program (if present):

ESET Online Scanner v3

Adobe Flash Player 10.1.85.3

Adobe Reader 9.4.1

Restart your computer.

Get the latest version of Java, Adobe Reader, and Adobe Flash Player.

Also update Firefox and Thunderbird.

Let me know what issues remain.

-screen317

Link to post
Share on other sites

  • 2 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.