Jump to content

Widgi toolbar


Recommended Posts

As per the previous thread, found here (http://forums.malwarebytes.org/index.php?showtopic=83401) by Googling

I am posting a new thread, as asked by the moderator who terminated the one above.

My problem is similar in nature, I want to remove Widgi toolbar virus from my computer, which I believe was installed when I downloaded a Youtube downloader.

I have already followed the few instructions in the response to that thread, and what follows is the DDS.txt log;

.

DDS (Ver_2011-06-23.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26

Run by ian at 14:18:29 on 2011-08-11

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4095.2620 [GMT 10:00]

.

AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\SysWOW64\PnkBstrA.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\System32\tcpsvcs.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\taskeng.exe

C:\Fraps\fraps.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe

C:\Program Files\Alwil Software\Avast5\AvastUI.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe

C:\Fraps\fraps64.dat

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\system32\taskeng.exe

c:\program files\windows defender\MpCmdRun.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

mWinlogon: Userinit=userinit.exe,

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL

BHO: Ask Toolbar BHO: {d4027c7f-154a-4066-a1ad-4243d8127440} - Foxit PDF Creator Toolbar

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: Foxit PDF Creator Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} -

uRun: [HydraVisionDesktopManager] "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe"

uRun: [Google Update] "C:\Users\ian\AppData\Local\Google\Update\GoogleUpdate.exe" /c

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

TCP: DhcpNameServer = 10.1.1.1

TCP: Interfaces\{051F1476-CAB2-4A2A-A8F2-A86A1648AE05} : DhcpNameServer = 10.1.1.1

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL

BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL

BHO-X64: URLRedirectionBHO - No File

BHO-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - Foxit PDF Creator Toolbar

BHO-X64: Ask Toolbar BHO - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB-X64: Foxit PDF Creator Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} -

mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun-x64: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\ian\AppData\Roaming\Mozilla\Firefox\Profiles\xpg0qpgu.default\

FF - prefs.js: browser.search.selectedEngine - Yahoo

FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/accounts/ServiceLogin?service=mail&passive=true&rm=false&continue=http%3A%2F%2Fmail.google.com%2Fmail%2F%3Fui%3Dhtml%26zy%3Dl&bsv=1eic6yu9oa4y3&scc=1&ltmpl=default&ltmplcache=2

FF - prefs.js: keyword.URL - hxxp://au.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=642886&p=

FF - component: C:\Users\ian\AppData\Roaming\Mozilla\Firefox\Profiles\xpg0qpgu.default\extensions\AeroBuddy@ReduxTeam\components\dwmxpcom.dll

FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: C:\Users\ian\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

FF - Ext: AeroBuddy: AeroBuddy@ReduxTeam - %profile%\extensions\AeroBuddy@ReduxTeam

FF - Ext: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - %profile%\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}

FF - Ext: Net Usage Item: {DA1B0AB5-7DD3-4066-BC2A-64AABBDD0A8B} - %profile%\extensions\{DA1B0AB5-7DD3-4066-BC2A-64AABBDD0A8B}

FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

FF - Ext: Download Scheduler: dlScheduler@ext.net - %profile%\extensions\dlScheduler@ext.net

FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}

.

---- FIREFOX POLICIES ----

FF - user.js: browser.cache.memory.capacity - 65536

FF - user.js: browser.chrome.favicons - false

FF - user.js: browser.display.show_image_placeholders - true

FF - user.js: browser.turbo.enabled - true

FF - user.js: browser.urlbar.autocomplete.enabled - true

FF - user.js: browser.urlbar.autofill - true

FF - user.js: browser.xul.error_pages.enabled - true

FF - user.js: content.interrupt.parsing - true

FF - user.js: content.max.tokenizing.time - 2250000

FF - user.js: content.maxtextrun - 8191

FF - user.js: content.notify.backoffcount - 5

FF - user.js: content.notify.interval - 750000

FF - user.js: content.notify.ontimer - true

FF - user.js: content.switch.threshold - 750000

FF - user.js: network.http.max-connections - 48

FF - user.js: network.http.max-connections-per-server - 16

FF - user.js: network.http.max-persistent-connections-per-proxy - 16

FF - user.js: network.http.max-persistent-connections-per-server - 8

FF - user.js: network.http.pipelining - true

FF - user.js: network.http.pipelining.firstrequest - true

FF - user.js: network.http.pipelining.maxrequests - 8

FF - user.js: network.http.proxy.pipelining - true

FF - user.js: network.http.request.max-start-delay - 0

FF - user.js: nglayout.initialpaint.delay - 0

FF - user.js: plugin.expose_full_path - true

FF - user.js: ui.submenuDelay - 0

.

============= SERVICES / DRIVERS ===============

.

R0 SmartDefragDriver;SmartDefragDriver;C:\Windows\system32\Drivers\SmartDefragDriver.sys --> C:\Windows\system32\Drivers\SmartDefragDriver.sys [?]

R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]

R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]

R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]

R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]

R2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2011-8-11 42184]

R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]

R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]

R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;C:\Windows\system32\DRIVERS\l160x64.sys --> C:\Windows\system32\DRIVERS\l160x64.sys [?]

R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]

R3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);C:\Windows\system32\DRIVERS\vrtaucbl.sys --> C:\Windows\system32\DRIVERS\vrtaucbl.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-4-16 136176]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-4-16 136176]

S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\system32\drivers\LGBusEnum.sys --> C:\Windows\system32\drivers\LGBusEnum.sys [?]

S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\system32\drivers\LGVirHid.sys --> C:\Windows\system32\drivers\LGVirHid.sys [?]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-1-21 30963576]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S4 AdvancedSystemCareService;Advanced SystemCare Service;C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCService.exe [2011-5-17 353168]

S4 Application Updater;Application Updater;C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe [2011-5-6 393112]

.

=============== Created Last 30 ================

.

2011-08-10 23:43:42 8578896 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{EF2D9775-56BA-4161-8797-C5CB20F91F96}\mpengine.dll

2011-08-07 12:15:21 -------- d-----w- C:\Program Files (x86)\YouTube Downloader Toolbar

2011-08-07 12:14:17 -------- d-----w- C:\ProgramData\YouTube Downloader

2011-08-07 12:14:13 -------- d-----w- C:\Program Files (x86)\YouTube Downloader

2011-07-28 02:30:44 -------- d-----w- C:\Users\ian\AppData\Roaming\Malwarebytes

2011-07-28 02:30:39 41272 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

2011-07-28 02:30:39 -------- d-----w- C:\ProgramData\Malwarebytes

2011-07-28 02:30:36 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys

2011-07-28 02:30:36 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2011-07-16 09:58:26 -------- d-----w- C:\Program Files (x86)\Enemy Territory - QUAKE Wars

2011-07-16 05:12:53 -------- d-----w- C:\Program Files (x86)\1C Company

2011-07-16 02:20:33 -------- d-----w- C:\Program Files (x86)\Call of Duty

2011-07-12 04:53:00 -------- d-----w- C:\Program Files (x86)\Windows Installer Clean Up

2011-07-12 04:52:18 -------- d-----w- C:\Program Files (x86)\MSECACHE

.

==================== Find3M ====================

.

2011-08-01 11:56:45 271200 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr

2011-08-01 11:56:45 271200 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe

2011-08-01 11:56:16 219128 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0

2011-07-28 02:22:32 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2011-07-10 04:15:53 75136 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe

2011-07-04 11:43:53 40112 ----a-w- C:\Windows\avastSS.scr

2011-07-04 11:36:56 600920 ----a-w- C:\Windows\System32\drivers\aswSnx.sys

2011-07-04 11:32:24 64856 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys

2011-06-14 09:38:12 2899176 ----a-w- C:\Windows\System32\drivers\RTKVHD64.sys

2011-06-14 03:40:36 1483264 ----a-w- C:\Windows\System32\RCoRes64.dat

2011-06-13 11:24:43 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2011-06-13 09:49:00 86528 ----a-w- C:\Windows\SysWow64\iesysprep.dll

2011-06-13 09:49:00 76800 ----a-w- C:\Windows\SysWow64\SetIEInstalledDate.exe

2011-06-13 09:49:00 74752 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe

2011-06-13 09:49:00 63488 ----a-w- C:\Windows\SysWow64\tdc.ocx

2011-06-13 09:49:00 48640 ----a-w- C:\Windows\SysWow64\mshtmler.dll

2011-06-13 09:49:00 367104 ----a-w- C:\Windows\SysWow64\html.iec

2011-06-13 09:49:00 161792 ----a-w- C:\Windows\SysWow64\msls31.dll

2011-06-13 09:49:00 1126912 ----a-w- C:\Windows\SysWow64\wininet.dll

2011-06-13 09:49:00 110592 ----a-w- C:\Windows\SysWow64\IEAdvpack.dll

2011-06-13 09:09:45 175616 ----a-w- C:\Windows\System32\msclmd.dll

2011-06-13 09:09:45 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll

2011-06-13 09:04:16 1560680 ----a-w- C:\Windows\System32\RTSnMg64.cpl

2011-06-12 11:55:56 121943 ----a-w- C:\Program Files (x86)\Uninstall.exe

2011-06-11 03:07:25 3137536 ----a-w- C:\Windows\System32\win32k.sys

2011-06-10 07:35:30 603472 ----a-w- C:\Windows\System32\KAAPORT64.dll

2011-06-08 12:56:20 11860224 ----a-w- C:\Program Files (x86)\ts3client_win64.exe

2011-06-08 12:56:08 470784 ----a-w- C:\Program Files (x86)\update.exe

2011-06-08 12:56:08 199424 ----a-w- C:\Program Files (x86)\package_inst.exe

2011-06-08 12:56:08 183040 ----a-w- C:\Program Files (x86)\error_report.exe

2011-06-08 12:56:08 113840 ----a-w- C:\Program Files (x86)\createfileassoc.exe

2011-06-07 07:09:32 2405992 ----a-w- C:\Windows\System32\RtPgEx64.dll

2011-06-03 06:57:45 362496 ----a-w- C:\Windows\System32\wow64win.dll

2011-06-03 06:57:45 243200 ----a-w- C:\Windows\System32\wow64.dll

2011-06-03 06:57:45 13312 ----a-w- C:\Windows\System32\wow64cpu.dll

2011-06-03 06:57:44 214528 ----a-w- C:\Windows\System32\winsrv.dll

2011-06-03 06:57:38 16384 ----a-w- C:\Windows\System32\ntvdm64.dll

2011-06-03 06:56:38 421888 ----a-w- C:\Windows\System32\KernelBase.dll

2011-06-03 06:53:33 338944 ----a-w- C:\Windows\System32\conhost.exe

2011-06-03 06:00:53 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll

2011-06-03 05:57:52 44032 ----a-w- C:\Windows\apppatch\acwow64.dll

2011-06-03 05:57:33 25600 ----a-w- C:\Windows\SysWow64\setup16.exe

2011-06-03 05:56:12 5120 ----a-w- C:\Windows\SysWow64\wow32.dll

2011-06-03 05:56:11 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll

2011-06-03 04:11:36 1805928 ----a-w- C:\Windows\System32\RtkApi64.dll

2011-06-03 03:53:31 7680 ----a-w- C:\Windows\SysWow64\instnm.exe

2011-06-03 03:53:31 2048 ----a-w- C:\Windows\SysWow64\user.exe

2011-06-03 03:48:32 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

2011-06-03 03:48:31 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

2011-06-03 03:48:31 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

2011-06-03 03:48:31 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

2011-06-02 07:03:58 92264 ----a-w- C:\Windows\System32\RCoInst64.dll

2011-05-31 00:09:30 3114088 ----a-w- C:\Windows\System32\RtkAPO64.dll

2011-05-30 23:42:06 728680 ----a-w- C:\Windows\System32\DTSBassEnhancementDLL64.dll

2011-05-30 23:42:06 712296 ----a-w- C:\Windows\System32\DTSSymmetryDLL64.dll

2011-05-30 23:42:06 693352 ----a-w- C:\Windows\System32\DTSVoiceClarityDLL64.dll

2011-05-30 23:42:06 491112 ----a-w- C:\Windows\System32\DTSNeoPCDLL64.dll

2011-05-30 23:42:06 432744 ----a-w- C:\Windows\System32\DTSLimiterDLL64.dll

2011-05-30 23:42:06 428648 ----a-w- C:\Windows\System32\DTSGainCompensatorDLL64.dll

2011-05-30 23:42:06 242792 ----a-w- C:\Windows\System32\DTSLFXAPO64.dll

2011-05-30 23:42:06 242792 ----a-w- C:\Windows\System32\DTSGFXAPO64.dll

2011-05-30 23:42:06 241768 ----a-w- C:\Windows\System32\DTSGFXAPONS64.dll

2011-05-30 23:42:06 1756264 ----a-w- C:\Windows\System32\DTSS2SpeakerDLL64.dll

2011-05-30 23:42:06 1568360 ----a-w- C:\Windows\System32\DTSS2HeadphoneDLL64.dll

2011-05-30 23:42:06 1486952 ----a-w- C:\Windows\System32\DTSBoostDLL64.dll

2011-05-27 07:58:00 1284712 ----a-w- C:\Windows\RtlExUpd.dll

2011-05-24 11:42:55 404480 ----a-w- C:\Windows\System32\umpnpmgr.dll

2011-05-24 10:40:05 64512 ----a-w- C:\Windows\SysWow64\devobj.dll

2011-05-24 10:40:05 44544 ----a-w- C:\Windows\SysWow64\devrtl.dll

2011-05-24 10:39:38 145920 ----a-w- C:\Windows\SysWow64\cfgmgr32.dll

2011-05-24 10:37:54 252928 ----a-w- C:\Windows\SysWow64\drvinst.exe

2011-05-24 09:14:10 270720 ----a-w- C:\Windows\System32\MpSigStub.exe

2011-05-23 07:12:36 1245288 ----a-w- C:\Windows\System32\RTCOM64.dll

2011-05-16 14:37:45 142336 ----a-w- C:\Windows\System32\poqexec.exe

2011-05-16 14:37:45 123904 ----a-w- C:\Windows\SysWow64\poqexec.exe

2011-05-16 14:37:02 321024 ----a-w- C:\Windows\System32\d3d10_1core.dll

2011-05-16 14:37:02 219136 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll

2011-05-16 14:37:02 197120 ----a-w- C:\Windows\System32\d3d10_1.dll

2011-05-16 14:37:02 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll

.

============= FINISH: 14:21:11.50 ===============

Also please find attached the Attach.txt

Any help would be most appreciated.

Attach.txt

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

I see the Ask Toolbar in your log.

I strongly recommend you remove Ask Toolbar from your computer because:

  • It promotes its toolbars on sites targeted at kids.
  • It promotes its toolbars through ads that appear to be part of other companies' sites.
  • It promotes its toolbars through other companies' spyware.
  • It is Installed without any disclosure whatsoever and without any consent from the user whatsoever.
  • It Solicits installations via "deceptive door openers" that do not accurately describe the offer; failing to affirmatively show a license agreement; linking to a EULA via an off-screen link.
  • It makes confusing changes to user's browsers -- increasing Ask's revenues while taking users to pages they didn't intend to visit.

You can read more about Ask.com here

To remove it:

Click Start-->Control Panel-->Programs and Features

Click on the program name AskBarDis and/or Ask Toolbar to highlight it

From the menu at the top, select Uninstall or Remove.

Please reboot the computer.

Please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

-screen317

Link to post
Share on other sites

Here's the MBAM log:

Malwarebytes' Anti-Malware 1.51.1.1800

www.malwarebytes.org

Database version: 7430

Windows 6.1.7601 Service Pack 1

Internet Explorer 9.0.8112.16421

8/15/2011 11:44:51 AM

mbam-log-2011-08-15 (11-44-51).txt

Scan type: Quick scan

Objects scanned: 170064

Time elapsed: 2 minute(s), 35 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

---------------------------------

Will run combofix now. Thanks for your help.

Link to post
Share on other sites

Here is the ComboFix log:

ComboFix 11-08-15.06 - ian 08/15/2011 12:19:33.1.4 - x64

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4095.2743 [GMT 10:00]

Running from: c:\users\ian\Desktop\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files (x86)\Uninstall.exe

c:\program files (x86)\update.exe

c:\users\ian\AppData\Roaming\mwll_torrent.dll

.

.

((((((((((((((((((((((((( Files Created from 2011-07-15 to 2011-08-15 )))))))))))))))))))))))))))))))

.

.

2011-08-15 02:34 . 2011-08-15 02:34 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-08-13 05:45 . 2011-08-13 05:45 -------- d-----w- c:\users\ian\AppData\Local\Adobe

2011-08-13 00:57 . 2011-07-19 23:44 8578896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B20AC3E0-BE55-4C25-AC6F-424F899F2B37}\mpengine.dll

2011-08-11 14:26 . 2011-07-22 05:32 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2011-08-11 14:26 . 2011-07-22 02:44 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb

2011-08-07 12:15 . 2011-08-11 17:20 -------- d-----w- c:\program files (x86)\YouTube Downloader Toolbar

2011-08-07 12:14 . 2011-08-07 12:14 -------- d-----w- c:\programdata\YouTube Downloader

2011-08-07 12:14 . 2011-08-11 17:20 -------- d-----w- c:\program files (x86)\YouTube Downloader

2011-07-28 02:30 . 2011-07-28 02:30 -------- d-----w- c:\users\ian\AppData\Roaming\Malwarebytes

2011-07-28 02:30 . 2011-07-28 02:30 -------- d-----w- c:\programdata\Malwarebytes

2011-07-28 02:30 . 2011-07-06 09:52 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys

2011-07-28 02:30 . 2011-07-28 02:30 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2011-07-28 02:30 . 2011-07-06 09:52 25912 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-07-28 02:23 . 2011-07-28 02:23 -------- d-----w- c:\program files (x86)\Common Files\Java

2011-07-28 02:22 . 2011-07-28 02:22 -------- d-----w- c:\program files (x86)\Java

2011-07-16 09:58 . 2011-07-24 10:01 -------- d-----w- c:\program files (x86)\Enemy Territory - QUAKE Wars

2011-07-16 05:12 . 2011-07-16 05:12 -------- d-----w- c:\program files (x86)\1C Company

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-08-14 11:04 . 2010-07-01 03:51 271200 ----a-w- c:\windows\SysWow64\PnkBstrB.exe

2011-08-14 11:04 . 2010-07-01 03:51 271200 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr

2011-08-14 11:03 . 2010-07-01 03:51 219128 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0

2011-07-28 02:22 . 2010-06-10 08:32 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll

2011-07-16 04:26 . 2011-08-11 08:21 44032 ----a-w- c:\windows\apppatch\acwow64.dll

2011-07-10 04:15 . 2010-07-01 03:51 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe

2011-07-04 11:43 . 2010-07-16 13:05 40112 ----a-w- c:\windows\avastSS.scr

2011-07-04 11:43 . 2010-07-16 13:01 199304 ----a-w- c:\windows\SysWow64\aswBoot.exe

2011-07-04 11:43 . 2011-01-29 05:53 253888 ----a-w- c:\windows\system32\aswBoot.exe

2011-07-04 11:36 . 2011-04-24 09:47 600920 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2011-07-04 11:36 . 2010-07-16 13:01 288088 ----a-w- c:\windows\system32\drivers\aswSP.sys

2011-07-04 11:35 . 2010-07-16 13:01 45400 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2011-07-04 11:32 . 2010-07-16 13:01 31064 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2011-07-04 11:32 . 2010-07-16 13:01 64856 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2011-07-04 11:32 . 2010-07-16 13:01 22360 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2011-06-14 09:38 . 2011-07-10 06:48 2899176 ----a-w- c:\windows\system32\drivers\RTKVHD64.sys

2011-06-14 03:40 . 2011-07-10 06:48 1483264 ----a-w- c:\windows\system32\RCoRes64.dat

2011-06-13 11:24 . 2011-06-13 11:24 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-06-13 09:49 . 2011-06-13 09:49 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll

2011-06-13 09:49 . 2011-06-13 09:49 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe

2011-06-13 09:49 . 2011-06-13 09:49 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe

2011-06-13 09:49 . 2011-06-13 09:49 63488 ----a-w- c:\windows\SysWow64\tdc.ocx

2011-06-13 09:49 . 2011-06-13 09:49 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll

2011-06-13 09:49 . 2011-06-13 09:49 367104 ----a-w- c:\windows\SysWow64\html.iec

2011-06-13 09:49 . 2011-06-13 09:49 161792 ----a-w- c:\windows\SysWow64\msls31.dll

2011-06-13 09:49 . 2011-06-13 09:49 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll

2011-06-13 09:48 . 2011-06-13 09:48 74752 ----a-w- c:\windows\SysWow64\iesetup.dll

2011-06-13 09:48 . 2011-06-13 09:48 420864 ----a-w- c:\windows\SysWow64\vbscript.dll

2011-06-13 09:48 . 2011-06-13 09:48 35840 ----a-w- c:\windows\SysWow64\imgutil.dll

2011-06-13 09:48 . 2011-06-13 09:48 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll

2011-06-13 09:48 . 2011-06-13 09:48 152064 ----a-w- c:\windows\SysWow64\wextract.exe

2011-06-13 09:48 . 2011-06-13 09:48 150528 ----a-w- c:\windows\SysWow64\iexpress.exe

2011-06-13 09:48 . 2011-06-13 09:48 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe

2011-06-13 09:48 . 2011-06-13 09:48 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl

2011-06-13 09:48 . 2011-06-13 09:48 11776 ----a-w- c:\windows\SysWow64\mshta.exe

2011-06-13 09:48 . 2011-06-13 09:48 101888 ----a-w- c:\windows\SysWow64\admparse.dll

2011-06-13 09:48 . 2011-06-13 09:48 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe

2011-06-13 09:48 . 2011-06-13 09:48 49664 ----a-w- c:\windows\system32\imgutil.dll

2011-06-13 09:48 . 2011-06-13 09:48 222208 ----a-w- c:\windows\system32\msls31.dll

2011-06-13 09:48 . 2011-06-13 09:48 173056 ----a-w- c:\windows\system32\ieUnatt.exe

2011-06-13 09:48 . 2011-06-13 09:48 12288 ----a-w- c:\windows\system32\mshta.exe

2011-06-13 09:48 . 2011-06-13 09:48 114176 ----a-w- c:\windows\system32\admparse.dll

2011-06-13 09:48 . 2011-06-13 09:48 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

2011-06-13 09:48 . 2011-06-13 09:48 85504 ----a-w- c:\windows\system32\iesetup.dll

2011-06-13 09:48 . 2011-06-13 09:48 76800 ----a-w- c:\windows\system32\tdc.ocx

2011-06-13 09:48 . 2011-06-13 09:48 603648 ----a-w- c:\windows\system32\vbscript.dll

2011-06-13 09:48 . 2011-06-13 09:48 48640 ----a-w- c:\windows\system32\mshtmler.dll

2011-06-13 09:48 . 2011-06-13 09:48 448512 ----a-w- c:\windows\system32\html.iec

2011-06-13 09:48 . 2011-06-13 09:48 30720 ----a-w- c:\windows\system32\licmgr10.dll

2011-06-13 09:48 . 2011-06-13 09:48 165888 ----a-w- c:\windows\system32\iexpress.exe

2011-06-13 09:48 . 2011-06-13 09:48 160256 ----a-w- c:\windows\system32\wextract.exe

2011-06-13 09:48 . 2011-06-13 09:48 1492992 ----a-w- c:\windows\system32\inetcpl.cpl

2011-06-13 09:48 . 2011-06-13 09:48 135168 ----a-w- c:\windows\system32\IEAdvpack.dll

2011-06-13 09:48 . 2011-06-13 09:48 111616 ----a-w- c:\windows\system32\iesysprep.dll

2011-06-13 09:09 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll

2011-06-13 09:09 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll

2011-06-13 09:04 . 2011-07-10 06:48 1560680 ----a-w- c:\windows\system32\RTSnMg64.cpl

2011-06-11 03:07 . 2011-07-13 01:46 3137536 ----a-w- c:\windows\system32\win32k.sys

2011-06-10 07:35 . 2011-07-10 06:48 603472 ----a-w- c:\windows\system32\KAAPORT64.dll

2011-06-08 12:56 . 2011-06-08 12:56 11860224 ----a-w- c:\program files (x86)\ts3client_win64.exe

2011-06-08 12:56 . 2011-06-08 12:56 199424 ----a-w- c:\program files (x86)\package_inst.exe

2011-06-08 12:56 . 2011-06-08 12:56 183040 ----a-w- c:\program files (x86)\error_report.exe

2011-06-08 12:56 . 2011-06-08 12:56 113840 ----a-w- c:\program files (x86)\createfileassoc.exe

2011-06-07 07:09 . 2011-07-10 06:48 2405992 ----a-w- c:\windows\system32\RtPgEx64.dll

2011-06-03 04:11 . 2011-07-10 06:48 1805928 ----a-w- c:\windows\system32\RtkApi64.dll

2011-06-02 07:03 . 2011-07-10 06:48 92264 ----a-w- c:\windows\system32\RCoInst64.dll

2011-05-31 00:09 . 2011-07-10 06:48 3114088 ----a-w- c:\windows\system32\RtkAPO64.dll

2011-05-30 23:42 . 2011-07-10 06:47 728680 ----a-w- c:\windows\system32\DTSBassEnhancementDLL64.dll

2011-05-30 23:42 . 2011-07-10 06:47 712296 ----a-w- c:\windows\system32\DTSSymmetryDLL64.dll

2011-05-30 23:42 . 2011-07-10 06:47 693352 ----a-w- c:\windows\system32\DTSVoiceClarityDLL64.dll

2011-05-30 23:42 . 2011-07-10 06:47 491112 ----a-w- c:\windows\system32\DTSNeoPCDLL64.dll

2011-05-30 23:42 . 2011-07-10 06:47 432744 ----a-w- c:\windows\system32\DTSLimiterDLL64.dll

2011-05-30 23:42 . 2011-07-10 06:47 428648 ----a-w- c:\windows\system32\DTSGainCompensatorDLL64.dll

2011-05-30 23:42 . 2011-07-10 06:47 242792 ----a-w- c:\windows\system32\DTSLFXAPO64.dll

2011-05-30 23:42 . 2011-07-10 06:47 242792 ----a-w- c:\windows\system32\DTSGFXAPO64.dll

2011-05-30 23:42 . 2011-07-10 06:47 241768 ----a-w- c:\windows\system32\DTSGFXAPONS64.dll

2011-05-30 23:42 . 2011-07-10 06:47 1756264 ----a-w- c:\windows\system32\DTSS2SpeakerDLL64.dll

2011-05-30 23:42 . 2011-07-10 06:47 1568360 ----a-w- c:\windows\system32\DTSS2HeadphoneDLL64.dll

2011-05-30 23:42 . 2011-07-10 06:47 1486952 ----a-w- c:\windows\system32\DTSBoostDLL64.dll

2011-05-27 07:58 . 2011-07-10 06:47 1284712 ----a-w- c:\windows\RtlExUpd.dll

2011-05-24 11:42 . 2011-06-29 01:52 404480 ----a-w- c:\windows\system32\umpnpmgr.dll

2011-05-24 10:40 . 2011-06-29 01:52 64512 ----a-w- c:\windows\SysWow64\devobj.dll

2011-05-24 10:40 . 2011-06-29 01:52 44544 ----a-w- c:\windows\SysWow64\devrtl.dll

2011-05-24 10:39 . 2011-06-29 01:52 145920 ----a-w- c:\windows\SysWow64\cfgmgr32.dll

2011-05-24 10:37 . 2011-06-29 01:52 252928 ----a-w- c:\windows\SysWow64\drvinst.exe

2011-05-24 09:14 . 2010-06-05 11:19 270720 ------w- c:\windows\system32\MpSigStub.exe

2011-05-23 07:12 . 2011-07-10 06:48 1245288 ----a-w- c:\windows\system32\RTCOM64.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"HydraVisionDesktopManager"="c:\program files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [2010-04-06 385024]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-11-25 336384]

"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-07-04 3493720]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-15 136176]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-15 136176]

R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [x]

R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [x]

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 30963576]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R4 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files (x86)\IObit\Advanced SystemCare 4\ASCService.exe [2011-05-28 353168]

S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]

S1 aswSnx;aswSnx; [x]

S1 aswSP;aswSP; [x]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]

S3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\DRIVERS\l160x64.sys [x]

S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]

.

.

Contents of the 'Scheduled Tasks' folder

.

2011-08-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-15 15:38]

.

2011-08-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-15 15:38]

.

2011-08-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2536767329-3981145121-1470609063-1001Core.job

- c:\users\ian\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-04 12:48]

.

2011-08-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2536767329-3981145121-1470609063-1001UA.job

- c:\users\ian\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-04 12:48]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2011-07-04 11:43 134384 ----a-w- c:\program files\Alwil Software\Avast5\ashShA64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-06-09 11860072]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~2\MICROS~4\Office14\ONBttnIE.dll/105

TCP: DhcpNameServer = 10.1.1.1

FF - ProfilePath - c:\users\ian\AppData\Roaming\Mozilla\Firefox\Profiles\xpg0qpgu.default\

FF - prefs.js: browser.search.selectedEngine - Yahoo

FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/accounts/ServiceLogin?service=mail&passive=true&rm=false&continue=http%3A%2F%2Fmail.google.com%2Fmail%2F%3Fui%3Dhtml%26zy%3Dl&bsv=1eic6yu9oa4y3&scc=1&ltmpl=default&ltmplcache=2

FF - prefs.js: keyword.URL - hxxp://au.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=642886&p=

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

FF - Ext: AeroBuddy: AeroBuddy@ReduxTeam - %profile%\extensions\AeroBuddy@ReduxTeam

FF - Ext: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - %profile%\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}

FF - Ext: Net Usage Item: {DA1B0AB5-7DD3-4066-BC2A-64AABBDD0A8B} - %profile%\extensions\{DA1B0AB5-7DD3-4066-BC2A-64AABBDD0A8B}

FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

FF - Ext: Download Scheduler: dlScheduler@ext.net - %profile%\extensions\dlScheduler@ext.net

FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}

FF - user.js: browser.cache.memory.capacity - 65536

FF - user.js: browser.chrome.favicons - false

FF - user.js: browser.display.show_image_placeholders - true

FF - user.js: browser.turbo.enabled - true

FF - user.js: browser.urlbar.autocomplete.enabled - true

FF - user.js: browser.urlbar.autofill - true

FF - user.js: browser.xul.error_pages.enabled - true

FF - user.js: content.interrupt.parsing - true

FF - user.js: content.max.tokenizing.time - 2250000

FF - user.js: content.maxtextrun - 8191

FF - user.js: content.notify.backoffcount - 5

FF - user.js: content.notify.interval - 750000

FF - user.js: content.notify.ontimer - true

FF - user.js: content.switch.threshold - 750000

FF - user.js: network.http.max-connections - 48

FF - user.js: network.http.max-connections-per-server - 16

FF - user.js: network.http.max-persistent-connections-per-proxy - 16

FF - user.js: network.http.max-persistent-connections-per-server - 8

FF - user.js: network.http.pipelining - true

FF - user.js: network.http.pipelining.firstrequest - true

FF - user.js: network.http.pipelining.maxrequests - 8

FF - user.js: network.http.proxy.pipelining - true

FF - user.js: network.http.request.max-start-delay - 0

FF - user.js: nglayout.initialpaint.delay - 0

FF - user.js: plugin.expose_full_path - true

FF - user.js: ui.submenuDelay - 0

.

- - - - ORPHANS REMOVED - - - -

.

BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe

AddRemove-AUI Gold Edition 1.20 - c:\users\ian\Desktop\AUI_Gold_Uninstal.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (LocalSystem)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c7,dc,3b,c6,61,e0,cd,42,a4,42,4a,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c7,dc,3b,c6,61,e0,cd,42,a4,42,4a,\

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]

@Denied: (A 2) (Everyone)

@="IFlashBroker3"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Alwil Software\Avast5\AvastSvc.exe

c:\windows\SysWOW64\PnkBstrA.exe

.

**************************************************************************

.

Completion time: 2011-08-15 12:40:58 - machine was rebooted

ComboFix-quarantined-files.txt 2011-08-15 02:40

.

Pre-Run: 8,125,042,688 bytes free

Post-Run: 7,852,445,696 bytes free

.

- - End Of File - - 4B85FBABAD096B98D5979E591704EA7B

Will post the DDS next.

Link to post
Share on other sites

.

DDS (Ver_2011-06-23.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26

Run by ian at 12:51:56 on 2011-08-15

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4095.2627 [GMT 10:00]

.

AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\atieclxx.exe

C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\SysWOW64\PnkBstrA.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\System32\tcpsvcs.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe

C:\Program Files\Alwil Software\Avast5\AvastUI.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Users\ian\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\ian\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\ian\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\ian\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\ian\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL

BHO: Ask Toolbar BHO: {d4027c7f-154a-4066-a1ad-4243d8127440} - Foxit PDF Creator Toolbar

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: Foxit PDF Creator Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} -

uRun: [HydraVisionDesktopManager] "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe"

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

TCP: DhcpNameServer = 10.1.1.1

TCP: Interfaces\{051F1476-CAB2-4A2A-A8F2-A86A1648AE05} : DhcpNameServer = 10.1.1.1

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL

BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL

BHO-X64: URLRedirectionBHO - No File

BHO-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - Foxit PDF Creator Toolbar

BHO-X64: Ask Toolbar BHO - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB-X64: Foxit PDF Creator Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} -

mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun-x64: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\ian\AppData\Roaming\Mozilla\Firefox\Profiles\xpg0qpgu.default\

FF - prefs.js: browser.search.selectedEngine - Yahoo

FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/accounts/ServiceLogin?service=mail&passive=true&rm=false&continue=http%3A%2F%2Fmail.google.com%2Fmail%2F%3Fui%3Dhtml%26zy%3Dl&bsv=1eic6yu9oa4y3&scc=1&ltmpl=default&ltmplcache=2

FF - prefs.js: keyword.URL - hxxp://au.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=642886&p=

FF - component: C:\Users\ian\AppData\Roaming\Mozilla\Firefox\Profiles\xpg0qpgu.default\extensions\AeroBuddy@ReduxTeam\components\dwmxpcom.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

FF - Ext: AeroBuddy: AeroBuddy@ReduxTeam - %profile%\extensions\AeroBuddy@ReduxTeam

FF - Ext: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - %profile%\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}

FF - Ext: Net Usage Item: {DA1B0AB5-7DD3-4066-BC2A-64AABBDD0A8B} - %profile%\extensions\{DA1B0AB5-7DD3-4066-BC2A-64AABBDD0A8B}

FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

FF - Ext: Download Scheduler: dlScheduler@ext.net - %profile%\extensions\dlScheduler@ext.net

FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}

.

---- FIREFOX POLICIES ----

FF - user.js: browser.cache.memory.capacity - 65536

FF - user.js: browser.chrome.favicons - false

FF - user.js: browser.display.show_image_placeholders - true

FF - user.js: browser.turbo.enabled - true

FF - user.js: browser.urlbar.autocomplete.enabled - true

FF - user.js: browser.urlbar.autofill - true

FF - user.js: browser.xul.error_pages.enabled - true

FF - user.js: content.interrupt.parsing - true

FF - user.js: content.max.tokenizing.time - 2250000

FF - user.js: content.maxtextrun - 8191

FF - user.js: content.notify.backoffcount - 5

FF - user.js: content.notify.interval - 750000

FF - user.js: content.notify.ontimer - true

FF - user.js: content.switch.threshold - 750000

FF - user.js: network.http.max-connections - 48

FF - user.js: network.http.max-connections-per-server - 16

FF - user.js: network.http.max-persistent-connections-per-proxy - 16

FF - user.js: network.http.max-persistent-connections-per-server - 8

FF - user.js: network.http.pipelining - true

FF - user.js: network.http.pipelining.firstrequest - true

FF - user.js: network.http.pipelining.maxrequests - 8

FF - user.js: network.http.proxy.pipelining - true

FF - user.js: network.http.request.max-start-delay - 0

FF - user.js: nglayout.initialpaint.delay - 0

FF - user.js: plugin.expose_full_path - true

FF - user.js: ui.submenuDelay - 0

.

============= SERVICES / DRIVERS ===============

.

R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]

R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]

R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]

R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]

R2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2011-8-11 42184]

R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]

R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]

R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;C:\Windows\system32\DRIVERS\l160x64.sys --> C:\Windows\system32\DRIVERS\l160x64.sys [?]

R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-4-16 136176]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-4-16 136176]

S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\system32\drivers\LGBusEnum.sys --> C:\Windows\system32\drivers\LGBusEnum.sys [?]

S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\system32\drivers\LGVirHid.sys --> C:\Windows\system32\drivers\LGVirHid.sys [?]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-1-21 30963576]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S4 AdvancedSystemCareService;Advanced SystemCare Service;C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCService.exe [2011-5-17 353168]

.

=============== Created Last 30 ================

.

2011-08-15 02:36:12 -------- d-----w- C:\$RECYCLE.BIN

2011-08-15 02:17:40 98816 ----a-w- C:\Windows\sed.exe

2011-08-15 02:17:40 518144 ----a-w- C:\Windows\SWREG.exe

2011-08-15 02:17:40 256000 ----a-w- C:\Windows\PEV.exe

2011-08-15 02:17:40 208896 ----a-w- C:\Windows\MBR.exe

2011-08-13 05:45:15 -------- d-----w- C:\Users\ian\AppData\Local\Adobe

2011-08-13 00:57:22 8578896 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B20AC3E0-BE55-4C25-AC6F-424F899F2B37}\mpengine.dll

2011-08-11 14:26:01 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2011-08-11 14:26:00 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2011-08-11 08:21:53 338432 ----a-w- C:\Windows\System32\conhost.exe

2011-08-07 12:15:21 -------- d-----w- C:\Program Files (x86)\YouTube Downloader Toolbar

2011-08-07 12:14:17 -------- d-----w- C:\ProgramData\YouTube Downloader

2011-08-07 12:14:13 -------- d-----w- C:\Program Files (x86)\YouTube Downloader

2011-07-28 02:30:44 -------- d-----w- C:\Users\ian\AppData\Roaming\Malwarebytes

2011-07-28 02:30:39 41272 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

2011-07-28 02:30:39 -------- d-----w- C:\ProgramData\Malwarebytes

2011-07-28 02:30:36 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys

2011-07-28 02:30:36 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2011-07-16 09:58:26 -------- d-----w- C:\Program Files (x86)\Enemy Territory - QUAKE Wars

2011-07-16 05:12:53 -------- d-----w- C:\Program Files (x86)\1C Company

.

==================== Find3M ====================

.

2011-08-14 11:04:02 271200 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr

2011-08-14 11:04:02 271200 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe

2011-08-14 11:03:34 219128 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0

2011-07-28 02:22:32 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2011-07-22 05:42:23 2303488 ----a-w- C:\Windows\System32\jscript9.dll

2011-07-22 05:36:16 1389056 ----a-w- C:\Windows\System32\wininet.dll

2011-07-22 02:54:43 1797632 ----a-w- C:\Windows\SysWow64\jscript9.dll

2011-07-22 02:48:26 1126912 ----a-w- C:\Windows\SysWow64\wininet.dll

2011-07-16 05:41:50 362496 ----a-w- C:\Windows\System32\wow64win.dll

2011-07-16 05:41:49 243200 ----a-w- C:\Windows\System32\wow64.dll

2011-07-16 05:41:49 13312 ----a-w- C:\Windows\System32\wow64cpu.dll

2011-07-16 05:39:10 16384 ----a-w- C:\Windows\System32\ntvdm64.dll

2011-07-16 05:37:12 421888 ----a-w- C:\Windows\System32\KernelBase.dll

2011-07-16 04:29:19 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll

2011-07-16 04:26:00 44032 ----a-w- C:\Windows\apppatch\acwow64.dll

2011-07-16 04:25:37 25600 ----a-w- C:\Windows\SysWow64\setup16.exe

2011-07-16 04:24:23 5120 ----a-w- C:\Windows\SysWow64\wow32.dll

2011-07-16 04:24:22 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll

2011-07-16 02:21:44 7680 ----a-w- C:\Windows\SysWow64\instnm.exe

2011-07-16 02:21:41 2048 ----a-w- C:\Windows\SysWow64\user.exe

2011-07-16 02:17:19 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

2011-07-16 02:17:19 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

2011-07-16 02:17:19 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

2011-07-16 02:17:19 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

2011-07-10 04:15:53 75136 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe

2011-07-09 02:46:28 288768 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys

2011-07-04 11:43:53 40112 ----a-w- C:\Windows\avastSS.scr

2011-07-04 11:36:56 600920 ----a-w- C:\Windows\System32\drivers\aswSnx.sys

2011-07-04 11:32:24 64856 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys

2011-06-24 05:34:53 214528 ----a-w- C:\Windows\System32\winsrv.dll

2011-06-23 05:43:12 5561216 ----a-w- C:\Windows\System32\ntoskrnl.exe

2011-06-23 04:33:57 3967872 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2011-06-23 04:33:57 3912576 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2011-06-21 06:34:00 1923968 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2011-06-15 10:02:23 212992 ----a-w- C:\Windows\System32\odbctrac.dll

2011-06-15 10:02:23 163840 ----a-w- C:\Windows\System32\odbccp32.dll

2011-06-15 10:02:23 106496 ----a-w- C:\Windows\System32\odbccu32.dll

2011-06-15 10:02:23 106496 ----a-w- C:\Windows\System32\odbccr32.dll

2011-06-15 08:55:19 86016 ----a-w- C:\Windows\SysWow64\odbccu32.dll

2011-06-15 08:55:19 81920 ----a-w- C:\Windows\SysWow64\odbccr32.dll

2011-06-15 08:55:19 319488 ----a-w- C:\Windows\SysWow64\odbcjt32.dll

2011-06-15 08:55:19 163840 ----a-w- C:\Windows\SysWow64\odbctrac.dll

2011-06-15 08:55:19 122880 ----a-w- C:\Windows\SysWow64\odbccp32.dll

2011-06-14 09:38:12 2899176 ----a-w- C:\Windows\System32\drivers\RTKVHD64.sys

2011-06-14 03:40:36 1483264 ----a-w- C:\Windows\System32\RCoRes64.dat

2011-06-13 11:24:43 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2011-06-13 09:49:00 86528 ----a-w- C:\Windows\SysWow64\iesysprep.dll

2011-06-13 09:49:00 76800 ----a-w- C:\Windows\SysWow64\SetIEInstalledDate.exe

2011-06-13 09:49:00 74752 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe

2011-06-13 09:49:00 63488 ----a-w- C:\Windows\SysWow64\tdc.ocx

2011-06-13 09:49:00 48640 ----a-w- C:\Windows\SysWow64\mshtmler.dll

2011-06-13 09:49:00 367104 ----a-w- C:\Windows\SysWow64\html.iec

2011-06-13 09:49:00 161792 ----a-w- C:\Windows\SysWow64\msls31.dll

2011-06-13 09:49:00 110592 ----a-w- C:\Windows\SysWow64\IEAdvpack.dll

2011-06-13 09:09:45 175616 ----a-w- C:\Windows\System32\msclmd.dll

2011-06-13 09:09:45 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll

2011-06-13 09:04:16 1560680 ----a-w- C:\Windows\System32\RTSnMg64.cpl

2011-06-11 03:07:25 3137536 ----a-w- C:\Windows\System32\win32k.sys

2011-06-10 07:35:30 603472 ----a-w- C:\Windows\System32\KAAPORT64.dll

2011-06-08 12:56:20 11860224 ----a-w- C:\Program Files (x86)\ts3client_win64.exe

2011-06-08 12:56:08 199424 ----a-w- C:\Program Files (x86)\package_inst.exe

2011-06-08 12:56:08 183040 ----a-w- C:\Program Files (x86)\error_report.exe

2011-06-08 12:56:08 113840 ----a-w- C:\Program Files (x86)\createfileassoc.exe

2011-06-07 07:09:32 2405992 ----a-w- C:\Windows\System32\RtPgEx64.dll

2011-06-03 04:11:36 1805928 ----a-w- C:\Windows\System32\RtkApi64.dll

2011-06-02 07:03:58 92264 ----a-w- C:\Windows\System32\RCoInst64.dll

2011-05-31 00:09:30 3114088 ----a-w- C:\Windows\System32\RtkAPO64.dll

2011-05-30 23:42:06 728680 ----a-w- C:\Windows\System32\DTSBassEnhancementDLL64.dll

2011-05-30 23:42:06 712296 ----a-w- C:\Windows\System32\DTSSymmetryDLL64.dll

2011-05-30 23:42:06 693352 ----a-w- C:\Windows\System32\DTSVoiceClarityDLL64.dll

2011-05-30 23:42:06 491112 ----a-w- C:\Windows\System32\DTSNeoPCDLL64.dll

2011-05-30 23:42:06 432744 ----a-w- C:\Windows\System32\DTSLimiterDLL64.dll

2011-05-30 23:42:06 428648 ----a-w- C:\Windows\System32\DTSGainCompensatorDLL64.dll

2011-05-30 23:42:06 242792 ----a-w- C:\Windows\System32\DTSLFXAPO64.dll

2011-05-30 23:42:06 242792 ----a-w- C:\Windows\System32\DTSGFXAPO64.dll

2011-05-30 23:42:06 241768 ----a-w- C:\Windows\System32\DTSGFXAPONS64.dll

2011-05-30 23:42:06 1756264 ----a-w- C:\Windows\System32\DTSS2SpeakerDLL64.dll

2011-05-30 23:42:06 1568360 ----a-w- C:\Windows\System32\DTSS2HeadphoneDLL64.dll

2011-05-30 23:42:06 1486952 ----a-w- C:\Windows\System32\DTSBoostDLL64.dll

2011-05-27 07:58:00 1284712 ----a-w- C:\Windows\RtlExUpd.dll

2011-05-24 11:42:55 404480 ----a-w- C:\Windows\System32\umpnpmgr.dll

2011-05-24 10:40:05 64512 ----a-w- C:\Windows\SysWow64\devobj.dll

2011-05-24 10:40:05 44544 ----a-w- C:\Windows\SysWow64\devrtl.dll

2011-05-24 10:39:38 145920 ----a-w- C:\Windows\SysWow64\cfgmgr32.dll

2011-05-24 10:37:54 252928 ----a-w- C:\Windows\SysWow64\drvinst.exe

2011-05-24 09:14:10 270720 ------w- C:\Windows\System32\MpSigStub.exe

2011-05-23 07:12:36 1245288 ----a-w- C:\Windows\System32\RTCOM64.dll

.

============= FINISH: 12:52:31.47 ===============

Attach.txt

Link to post
Share on other sites

  • Staff

Hi,

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

-screen317

Link to post
Share on other sites

ESETSmartInstaller@High as CAB hook log:

OnlineScanner64.ocx - registred OK

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)

# OnlineScanner.ocx=1.0.0.6528

# api_version=3.0.2

# EOSSerial=

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2011-08-19 10:08:09

# local_time=2011-08-19 08:08:09 (+1000, AUS Eastern Standard Time)

# country="United States"

# lang=9

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=768 16777215 100 0 38006205 38006205 0 0

# compatibility_mode=5893 16776573 100 94 0 65374187 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=376688

# found=0

# cleaned=0

# scan_time=7752

Link to post
Share on other sites

Results of screen317's Security Check version 0.99.18

Windows 7 (UAC is disabled!)

Internet Explorer 8

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Enabled!

avast! Free Antivirus

ESET Online Scanner v3

WMI entry may not exist for antivirus; attempting automatic update.

```````````````````````````````

Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware

Java 6 Update 26

Adobe Flash Player 10.3.181.22

Mozilla Firefox (3.6.6) Firefox Out of Date!

````````````````````````````````

Process Check:

objlist.exe by Laurent

Alwil Software Avast5 AvastSvc.exe

Alwil Software Avast5 AvastUI.exe

``````````End of Log````````````

Link to post
Share on other sites

  • Staff

Hi,

Navigate to Start --> Run, and type Combofix /uninstall in the box that appears. Click OK afterward. Notice the space between the X and the /uninstall

This uninstalls all of ComboFix's components.

Delete SecurityCheck.

After that, navigate to Start --> Control Panel --> Add or Remove Programs, and uninstall the following program (if present):

Adobe Reader 9.0

ESET Online Scanner v3

Restart your computer.

Get the latest version of Java, Adobe Reader, and Adobe Flash Player.

Also update Firefox-- ensure that you are using version 6.

Let me know what issues remain.

-screen317

Link to post
Share on other sites

Hi,

Navigate to Start --> Run, and type Combofix /uninstall in the box that appears. Click OK afterward. Notice the space between the X and the /uninstall

This uninstalls all of ComboFix's components.

Delete SecurityCheck.

After that, navigate to Start --> Control Panel --> Add or Remove Programs, and uninstall the following program (if present):

Adobe Reader 9.0

ESET Online Scanner v3

Restart your computer.

Get the latest version of Java, Adobe Reader, and Adobe Flash Player.

Also update Firefox-- ensure that you are using version 6.

Let me know what issues remain.

-screen317

Thanks for your help. No issues remain. I think uninstalling some of the Iobit bloatware got rid of the widgitoolbar.

Link to post
Share on other sites

  • Staff

Great!

I highly recommend the PRO version of MBAM; with it, it's likely that this issue would have been prevented in the first place.

Now that your computer seems to be in proper working order, please take the following steps to help prevent reinfection:

1) Download and install Javacool's SpywareBlaster, which will prevent malware from being installed on your computer. A tutorial on it can be found here.

2) Go to Windows Update frequently to get all of the latest updates (security or otherwise) for Windows.

3) Make sure your programs are up to date! Older versions may contain security risks. To find out what programs need to be updated, please run Secunia's Software Inspector.

4) WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:

  • Green to go
  • Yellow for caution
  • Red to stop

WOT has an addon available for both Firefox and IE.

5) Be sure to update your Antivirus and Antispyware programs often!

Finally, please also take the time to read Tony Klein's excellent article on: So How Did I Get Infected in the First Place?

Safe surfing,

-screen317

Link to post
Share on other sites

  • 3 weeks later...
  • Staff

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.