Jump to content

Fake Alert


Recommended Posts

Hi Guys,

Can you please help, ervaytime i open thundebird mail client i get messages images attached post-96147-0-22853900-1317639665.jpg post-96147-0-48063400-1317639690.jpg

post-96147-0-51162000-1317639715.jpg

I have tried rkill the only way i could get it to work was in safe mode, i have ran everything i could to remove it but cant get rid of it

I have added hijackthis file for you to look at.

hijackthis.log

Regards

Dave

Hi,

I have also tested with combofix this is the log.

ComboFix.txt

ComboFix 11-09-26.02 - user 04/10/2011 9:51.1.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.1783.530 [GMT 10:00]

Running from: c:\users\user\Downloads\tools\ComboFix.exe

AV: AVG Internet Security 2011 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

FW: AVG Firewall *Enabled* {621CC794-9486-F902-D092-0484E8EA828B}

SP: AVG Internet Security 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: STOPzilla Anti-Spyware *Enabled/Updated* {B2E69928-50DC-94CA-6A80-AAB054008761}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

- REDUCED FUNCTIONALITY MODE -

.

.

((((((((((((((((((((((((( Files Created from 2011-09-03 to 2011-10-03 )))))))))))))))))))))))))))))))

.

.

2011-10-03 23:56 . 2011-10-03 23:56 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BD4F940A-478F-4734-AAA2-D6BE838C125A}\offreg.dll

2011-10-03 23:53 . 2011-10-03 23:53 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-10-02 21:27 . 2011-09-13 00:26 9049936 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BD4F940A-478F-4734-AAA2-D6BE838C125A}\mpengine.dll

2011-10-01 21:12 . 2011-10-01 21:12 -------- d-----w- c:\program files (x86)\STOPzilla!

2011-10-01 21:12 . 2011-10-01 21:12 -------- d-----w- c:\program files (x86)\Common Files\iS3

2011-10-01 21:01 . 2011-10-01 21:01 -------- d-----w- c:\programdata\PC Tools

2011-10-01 10:34 . 2011-10-03 10:23 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2011-10-01 10:34 . 2011-10-01 10:43 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy

2011-09-30 22:16 . 2011-10-03 23:58 -------- d-----w- c:\programdata\STOPzilla!

2011-09-30 22:07 . 2011-09-30 22:07 -------- d-----w- c:\program files (x86)\Trend Micro

2011-09-30 21:09 . 2011-09-30 21:09 -------- d-----w- c:\program files (x86)\CCleaner

2011-09-30 11:00 . 2011-09-30 11:00 -------- d-----w- c:\users\user\AppData\Roaming\Malwarebytes

2011-09-30 11:00 . 2011-10-03 21:16 -------- d-----w- c:\program files (x86)\MALWAREBYTES ANTI-MALWARE

2011-09-30 10:59 . 2011-09-30 10:59 -------- d-----w- c:\programdata\Malwarebytes

2011-09-30 10:59 . 2011-08-31 07:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-09-30 10:59 . 2011-09-30 11:00 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2011-09-28 07:58 . 2011-09-28 07:58 132560 ----a-r- c:\windows\SysWow64\IS3HTUI5.dll

2011-09-28 07:58 . 2011-09-28 07:58 398800 ----a-r- c:\windows\SysWow64\IS3DBA5.dll

2011-09-28 07:58 . 2011-09-28 07:58 28624 ----a-r- c:\windows\SysWow64\IS3XDat5.dll

2011-09-28 07:57 . 2011-09-28 07:57 99792 ----a-r- c:\windows\SysWow64\IS3Svc5.dll

2011-09-28 07:57 . 2011-09-28 07:57 99792 ----a-r- c:\windows\SysWow64\IS3Inet5.dll

2011-09-28 07:57 . 2011-09-28 07:57 67024 ----a-r- c:\windows\SysWow64\IS3Hks5.dll

2011-09-28 07:57 . 2011-09-28 07:57 390608 ----a-r- c:\windows\SysWow64\IS3UI5.dll

2011-09-28 07:57 . 2011-09-28 07:57 738768 ----a-r- c:\windows\SysWow64\IS3Base5.dll

2011-09-28 07:57 . 2011-09-28 07:57 230864 ----a-r- c:\windows\SysWow64\IS3Win325.dll

2011-09-27 06:57 . 2011-10-03 23:57 -------- d-----w- c:\users\user\AppData\Roaming\Skype

2011-09-27 06:55 . 2011-09-27 06:55 -------- d-----r- c:\program files (x86)\Skype

2011-09-27 06:54 . 2011-09-27 06:55 -------- d-----w- c:\programdata\Skype

2011-09-27 06:51 . 2011-09-27 06:51 -------- d-----w- c:\program files (x86)\Mozilla Sunbird

2011-09-24 06:58 . 2011-09-24 06:58 -------- d-----w- c:\windows\en

2011-09-24 06:54 . 2011-09-24 06:54 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2011-09-24 06:50 . 2011-09-24 06:50 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\45705d401cc7a8601\MeshBetaRemover.exe

2011-09-21 10:48 . 1998-06-25 14:00 644400 ----a-w- c:\windows\SysWow64\Mscomct2.ocx

2011-09-21 10:48 . 1998-06-25 14:00 1062704 ----a-w- c:\windows\SysWow64\Mscomctl.ocx

2011-09-21 10:48 . 1998-11-18 01:40 89600 ----a-w- c:\windows\SysWow64\Leocx32.ocx

2011-09-21 10:48 . 1998-11-22 04:23 84992 ----a-w- c:\windows\SysWow64\Ledit32.dll

2011-09-21 10:48 . 1998-06-23 14:00 140096 ----a-w- c:\windows\SysWow64\Comdlg32.ocx

2011-09-21 10:48 . 1998-06-23 14:00 369696 ----a-w- c:\windows\SysWow64\Comct332.ocx

2011-09-21 10:48 . 2005-01-24 02:39 503808 ----a-w- c:\windows\SysWow64\ChilkatFTPx.dll

2011-09-21 10:48 . 2011-10-01 20:38 -------- d-----w- c:\program files (x86)\PageBreeze

2011-09-21 09:30 . 2011-09-21 09:33 -------- d--h--w- c:\users\user\AppData\Roaming\GetRightToGo

2011-09-21 07:11 . 2011-09-21 07:11 -------- d-----w- c:\users\user\AppData\Roaming\CoffeeCup Software

2011-09-21 07:10 . 1998-06-16 18:00 18944 ----a-w- c:\windows\SysWow64\BORLNDMM.DLL

2011-09-21 07:10 . 2011-09-21 07:10 -------- d-----w- c:\program files (x86)\CoffeeCup Software

2011-09-21 05:52 . 2011-09-21 05:52 -------- d--h--w- c:\users\user\AppData\Roaming\JGsoft

2011-09-21 05:52 . 2011-09-21 05:52 -------- d-----w- c:\program files (x86)\Just Great Software

2011-09-21 05:52 . 2011-07-13 17:34 67312 ----a-w- c:\windows\UnDeployV.exe

2011-09-08 04:11 . 2011-08-03 20:33 601424 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5C40CC28-7401-40D9-B96F-F6A00AF4927F}\gapaengine.dll

2011-09-04 07:56 . 2011-09-04 07:56 -------- d--h--w- c:\users\user\AppData\Local\ElevatedDiagnostics

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-09-28 07:58 . 2011-09-28 07:58 22992 ----a-r- c:\windows\SysWow64\SZIO5.dll

2011-09-28 07:58 . 2011-09-28 07:58 546256 ----a-r- c:\windows\SysWow64\SZComp5.dll

2011-09-28 07:58 . 2011-09-28 07:58 480720 ----a-r- c:\windows\SysWow64\SZBase5.dll

2011-09-13 00:26 . 2011-08-04 20:47 9049936 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2011-08-30 03:07 . 2011-08-30 03:07 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe

2011-08-30 03:07 . 2011-08-30 03:07 161792 ----a-w- c:\windows\SysWow64\msls31.dll

2011-08-30 03:07 . 2011-08-30 03:07 1126912 ----a-w- c:\windows\SysWow64\wininet.dll

2011-08-30 03:07 . 2011-08-30 03:07 1797632 ----a-w- c:\windows\SysWow64\jscript9.dll

2011-08-30 03:07 . 2011-08-30 03:07 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll

2011-08-30 03:07 . 2011-08-30 03:07 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll

2011-08-30 03:07 . 2011-08-30 03:07 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe

2011-08-30 03:07 . 2011-08-30 03:07 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll

2011-08-30 03:07 . 2011-08-30 03:07 63488 ----a-w- c:\windows\SysWow64\tdc.ocx

2011-08-30 03:07 . 2011-08-30 03:07 367104 ----a-w- c:\windows\SysWow64\html.iec

2011-08-30 03:07 . 2011-08-30 03:07 74752 ----a-w- c:\windows\SysWow64\iesetup.dll

2011-08-30 03:07 . 2011-08-30 03:07 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl

2011-08-30 03:07 . 2011-08-30 03:07 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll

2011-08-30 03:07 . 2011-08-30 03:07 152064 ----a-w- c:\windows\SysWow64\wextract.exe

2011-08-30 03:07 . 2011-08-30 03:07 150528 ----a-w- c:\windows\SysWow64\iexpress.exe

2011-08-30 03:07 . 2011-08-30 03:07 420864 ----a-w- c:\windows\SysWow64\vbscript.dll

2011-08-30 03:07 . 2011-08-30 03:07 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb

2011-08-30 03:07 . 2011-08-30 03:07 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe

2011-08-30 03:07 . 2011-08-30 03:07 11776 ----a-w- c:\windows\SysWow64\mshta.exe

2011-08-30 03:07 . 2011-08-30 03:07 35840 ----a-w- c:\windows\SysWow64\imgutil.dll

2011-08-30 03:07 . 2011-08-30 03:07 101888 ----a-w- c:\windows\SysWow64\admparse.dll

2011-08-30 03:07 . 2011-08-30 03:07 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe

2011-08-30 03:07 . 2011-08-30 03:07 222208 ----a-w- c:\windows\system32\msls31.dll

2011-08-30 03:07 . 2011-08-30 03:07 1389056 ----a-w- c:\windows\system32\wininet.dll

2011-08-30 03:07 . 2011-08-30 03:07 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2011-08-30 03:07 . 2011-08-30 03:07 173056 ----a-w- c:\windows\system32\ieUnatt.exe

2011-08-30 03:07 . 2011-08-30 03:07 12288 ----a-w- c:\windows\system32\mshta.exe

2011-08-30 03:07 . 2011-08-30 03:07 114176 ----a-w- c:\windows\system32\admparse.dll

2011-08-30 03:07 . 2011-08-30 03:07 2303488 ----a-w- c:\windows\system32\jscript9.dll

2011-08-30 03:07 . 2011-08-30 03:07 49664 ----a-w- c:\windows\system32\imgutil.dll

2011-08-30 03:07 . 2011-08-30 03:07 135168 ----a-w- c:\windows\system32\IEAdvpack.dll

2011-08-30 03:07 . 2011-08-30 03:07 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

2011-08-30 03:07 . 2011-08-30 03:07 48640 ----a-w- c:\windows\system32\mshtmler.dll

2011-08-30 03:07 . 2011-08-30 03:07 111616 ----a-w- c:\windows\system32\iesysprep.dll

2011-08-30 03:07 . 2011-08-30 03:07 76800 ----a-w- c:\windows\system32\tdc.ocx

2011-08-30 03:07 . 2011-08-30 03:07 448512 ----a-w- c:\windows\system32\html.iec

2011-08-30 03:07 . 2011-08-30 03:07 85504 ----a-w- c:\windows\system32\iesetup.dll

2011-08-30 03:07 . 2011-08-30 03:07 30720 ----a-w- c:\windows\system32\licmgr10.dll

2011-08-30 03:07 . 2011-08-30 03:07 1492992 ----a-w- c:\windows\system32\inetcpl.cpl

2011-08-30 03:06 . 2011-08-30 03:06 160256 ----a-w- c:\windows\system32\wextract.exe

2011-08-30 03:06 . 2011-08-30 03:06 165888 ----a-w- c:\windows\system32\iexpress.exe

2011-08-30 03:06 . 2011-08-30 03:06 603648 ----a-w- c:\windows\system32\vbscript.dll

2011-08-08 21:06 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll

2011-08-08 21:06 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll

2011-08-05 23:37 . 2011-08-05 23:37 0 ----a-w- c:\windows\SysWow64\ConduitEngine.tmp

2011-08-05 23:14 . 2011-08-03 07:45 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-08-03 20:33 . 2011-08-12 22:33 601424 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll

2011-08-03 10:29 . 2011-08-03 10:29 159080 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10138.bin

2011-07-16 05:41 . 2011-08-11 07:22 362496 ----a-w- c:\windows\system32\wow64win.dll

2011-07-16 05:41 . 2011-08-11 07:22 243200 ----a-w- c:\windows\system32\wow64.dll

2011-07-16 05:41 . 2011-08-11 07:22 13312 ----a-w- c:\windows\system32\wow64cpu.dll

2011-07-16 05:39 . 2011-08-11 07:22 16384 ----a-w- c:\windows\system32\ntvdm64.dll

2011-07-16 05:37 . 2011-08-11 07:22 421888 ----a-w- c:\windows\system32\KernelBase.dll

2011-07-16 05:21 . 2011-08-11 07:22 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll

2011-07-16 05:21 . 2011-08-11 07:22 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll

2011-07-16 05:21 . 2011-08-11 07:22 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll

2011-07-16 05:21 . 2011-08-11 07:22 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll

2011-07-16 05:21 . 2011-08-11 07:22 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll

2011-07-16 05:21 . 2011-08-11 07:22 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll

2011-07-16 05:21 . 2011-08-11 07:22 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll

2011-07-16 05:21 . 2011-08-11 07:22 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll

2011-07-16 05:21 . 2011-08-11 07:22 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll

2011-07-16 05:21 . 2011-08-11 07:22 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll

2011-07-16 05:21 . 2011-08-11 07:22 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll

2011-07-16 05:21 . 2011-08-11 07:22 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll

2011-07-16 05:21 . 2011-08-11 07:22 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll

2011-07-16 05:21 . 2011-08-11 07:22 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll

2011-07-16 05:21 . 2011-08-11 07:22 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll

2011-07-16 05:21 . 2011-08-11 07:22 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll

2011-07-16 05:21 . 2011-08-11 07:22 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll

2011-07-16 05:21 . 2011-08-11 07:22 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll

2011-07-16 05:21 . 2011-08-11 07:22 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll

2011-07-16 05:21 . 2011-08-11 07:22 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll

2011-07-16 05:21 . 2011-08-11 07:22 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll

2011-07-16 05:21 . 2011-08-11 07:22 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll

2011-07-16 05:21 . 2011-08-11 07:22 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll

2011-07-16 05:21 . 2011-08-11 07:22 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll

2011-07-16 05:21 . 2011-08-11 07:22 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll

2011-07-16 05:21 . 2011-08-11 07:22 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll

2011-07-16 05:21 . 2011-08-11 07:22 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll

2011-07-16 05:21 . 2011-08-11 07:22 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll

2011-07-16 04:29 . 2011-08-11 07:22 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll

2011-07-16 04:26 . 2011-08-11 07:22 44032 ----a-w- c:\windows\apppatch\acwow64.dll

2011-07-16 04:25 . 2011-08-11 07:22 25600 ----a-w- c:\windows\SysWow64\setup16.exe

2011-07-16 04:24 . 2011-08-11 07:22 5120 ----a-w- c:\windows\SysWow64\wow32.dll

2011-07-16 04:24 . 2011-08-11 07:22 272384 ----a-w- c:\windows\SysWow64\KernelBase.dll

2011-07-16 04:15 . 2011-08-11 07:22 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll

2011-07-16 04:15 . 2011-08-11 07:22 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll

2011-07-16 04:15 . 2011-08-11 07:22 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll

2011-07-16 04:15 . 2011-08-11 07:22 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll

2011-07-16 04:15 . 2011-08-11 07:22 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll

2011-07-16 04:15 . 2011-08-11 07:22 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll

2011-07-16 04:15 . 2011-08-11 07:22 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll

2011-07-16 04:15 . 2011-08-11 07:22 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll

2011-07-16 04:15 . 2011-08-11 07:22 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll

2011-07-16 04:15 . 2011-08-11 07:22 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll" [2011-07-26 2532680]

"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files (x86)\uTorrentBar\prxtbuTor.dll" [2011-03-28 176936]

.

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

.

[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]

2011-03-28 16:22 176936 ----a-w- c:\program files (x86)\ConduitEngine\prxConduitEngin.dll

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]

2011-07-26 00:15 2532680 ----a-w- c:\program files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]

2011-03-28 16:22 176936 ----a-w- c:\program files (x86)\uTorrentBar\prxtbuTor.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll" [2011-07-26 2532680]

"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files (x86)\uTorrentBar\prxtbuTor.dll" [2011-03-28 176936]

"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\prxConduitEngin.dll" [2011-03-28 176936]

.

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

.

[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]

.

[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]

@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"

[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]

2010-05-27 03:40 120176 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x86\PSDProtect.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]

"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2011-08-05 399224]

"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2009-10-09 25623336]

"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

"Spyware Doctor with AntiVirus"="c:\users\user\Desktop\fasterpc.exe" [2011-10-01 512992]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-04-13 284696]

"SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2010-05-27 337264]

"EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2010-03-11 201584]

"EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2010-03-11 407920]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]

"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2010-06-28 265984]

"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-08-10 975952]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]

"AVG_TRAY"="c:\program files (x86)\AVG\AVG10\avgtray.exe" [2011-09-09 2338656]

"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-21 406992]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-08-18 421736]

.

c:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Adobe Gamma Loader.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2011-8-5 113664]

WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2009-11-13 2119488]

WDSmartWare.lnk - c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe [2009-11-13 9117504]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG10\avgchsva.exe /sync\0c:\progra~2\AVG\AVG10\avgrsa.exe /sync /restart

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R0 is3srv;is3srv;c:\windows\SySWOW64\drivers\is3srv64.sys [2011-06-02 74768]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-05 136176]

R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-07-26 1025352]

R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [x]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-05 136176]

R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]

R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [2010-05-27 305520]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]

S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]

S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]

S0 szkg5;szkg5;c:\windows\SySWOW64\drivers\szkg64.sys [2011-06-02 74768]

S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys [x]

S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]

S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]

S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]

S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [x]

S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [x]

S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 avgfws;AVG Firewall;c:\program files (x86)\AVG\AVG10\avgfws.exe [2011-03-09 2708024]

S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2011-08-17 7390560]

S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG10\avgwdsvc.exe [2011-02-07 269520]

S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-08-10 321104]

S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2010-06-11 868896]

S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2010-01-08 23584]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-04-13 13336]

S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [x]

S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-06-28 255744]

S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]

S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-03-18 2320920]

S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2010-01-29 243232]

S2 WDDMService;WD SmartWare Drive Manager Service;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2009-11-13 129536]

S2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [2009-06-15 20480]

S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x]

S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x]

S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]

S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]

S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]

S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]

.

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]

\shell\AutoRun\command - E:\AutoRun.exe

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{44309d49-be29-11e0-a0bd-1c7508bcda1b}]

\shell\AutoRun\command - "E:\WD SmartWare.exe" autoplay=true

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5e9ae735-d147-11e0-bf8a-1c7508bcda1b}]

\shell\AutoRun\command - E:\AutoRun.exe

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5e9ae745-d147-11e0-bf8a-1c7508bcda1b}]

\shell\AutoRun\command - E:\AutoRun.exe

.

Contents of the 'Scheduled Tasks' folder

.

2011-10-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-05 23:16]

.

2011-10-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-05 23:16]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]

@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"

[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]

2010-05-27 03:42 137584 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x64\PSDProtect.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"mwlDaemon"="c:\program files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe" [2010-05-27 349552]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-07-23 161304]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-07-23 386584]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-07-23 415256]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-06-22 10920552]

"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2010-06-11 861216]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]

"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-02-22 500208]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uStart Page = about:blank

uLocal Page = c:\windows\system32\blank.htm

mStart Page = hxxp://acer.msn.com

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

TCP: Interfaces\{3C7157AD-5E1E-464A-AA37-032DB5B7359E}: NameServer = 202.136.43.208 202.136.42.208

Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll

FF - ProfilePath - c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\yb38260g.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.sunshinecoastwebdesign.com.au/

FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4e3b40e9&v=7.008.031.001&i=26&tp=ab&iy=&ychte=au&lng=en-GB&q=

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

Toolbar-Locked - (no file)

WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)

HKLM-Run-ETDWare - c:\program files (x86)\Elantech\ETDCtrl.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\Bonjour\mDNSResponder.exe

c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

c:\program files (x86)\AVG\AVG10\avgam.exe

c:\program files (x86)\Launch Manager\LMworker.exe

c:\program files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe

c:\program files (x86)\Dodo Wireless Broadband\Dodo Wireless Broadband.exe

.

**************************************************************************

.

Completion time: 2011-10-04 19:33:47 - machine was rebooted

ComboFix-quarantined-files.txt 2011-10-04 09:33

.

Pre-Run: 409,224,622,080 bytes free

Post-Run: 408,431,529,984 bytes free

.

- - End Of File - - D2172AE143D4E97ECFC6CE29D3474509

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

I notice that you are using more than one antivirus program (Microsoft and AVG). This is very dangerous, as multiple AVs can interfere with one another and actually allow MORE viruses to get through. I strongly suggest you go to Start -> Control Panel -> Add or Remove Programs and uninstall all but one antivirus program.

Please update MBAM, run a Quick Scan, and post its log.

Next, download DDS by sUBs and save it to your Desktop.

Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post only DDS.txt directly into your reply.

Grab a fresh copy of ComboFix, run it, and post its log.

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.