Forum Home
Press F1
Thread ID: 121870	2011-11-18 09:58:00	HJT File	Kiwi_NZ (16633)	Press F1

Post ID	Timestamp	Content	User
1244299	2011-11-21 05:48:00	Did you reset the Host file like I suggested earlier ?	wainuitech (129)
1244300	2011-11-21 05:58:00	Did you reset the Host file like I suggested earlier ? As mentioned,I cant open it,It'll only run ... so to answer your question : No :)	Kiwi_NZ (16633)
1244301	2011-11-21 06:17:00	Ok . Lets give this a go . Download Combofix from Bleepingcomputer ( . bleepingcomputer . com/sUBs/ComboFix . exe" target="_blank">download . bleepingcomputer . com) or Geekstogo ( . geekstogo . com/ComboFix . exe" target="_blank">subs . geekstogo . com) and place it on your Desktop * Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix . Combofix may be slow to start and appear to be doing nothing before it starts scanning . Just leave it,it will start . You can get help on disabling your protection programs here : . bleepingcomputer . com/forums/topic114351 . html" target="_blank">www . bleepingcomputer . com Please include the C:\ComboFix . txt in your next reply for further review . Caution . . . . . Never use this program to remove files . Only use it with help from an experienced user . Wrongful use can damage your computer . This tool is not a toy and not for everyday use . ComboFix SHOULD NOT be used unless requested by a qualified helper	Pancake (6359)
1244302	2011-11-21 06:57:00	Ok.Lets give this a go. Download Combofix from Bleepingcomputer (download.bleepingcomputer.com) or Geekstogo (subs.geekstogo.com) and place it on your Desktop * Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.Combofix may be slow to start and appear to be doing nothing before it starts scanning.Just leave it,it will start. You can get help on disabling your protection programs here : www.bleepingcomputer.com Please include the C:\ComboFix.txt in your next reply for further review. Caution..... Never use this program to remove files.Only use it with help from an experienced user.Wrongful use can damage your computer.This tool is not a toy and not for everyday use. ComboFix SHOULD NOT be used unless requested by a qualified helper Slightly hiccup, Combo finds McAfee anti virus and Anti spyware for both Anti Virus/And Anti spyware I've check,cant see any signs of it,but guess it deep in registry somewhere?	Kiwi_NZ (16633)
1244303	2011-11-21 07:20:00	Somethings obviously not right if trojan remover wont run. Normally the PC would have to be so badly infected you couldn't do anything. Combofix will dig out any infections, BUT as Pancake posted, its not a toy or run of the mill software to use willy nilly. To reset the Host file go support.microsoft.com Download it on a clean computer if it redirects, and run it from a USB drive.	wainuitech (129)
1244304	2011-11-21 08:17:00	Slightly hiccup, Combo finds McAfee anti virus and Anti spyware for both Anti Virus/And Anti spyware I've check,cant see any signs of it,but guess it deep in registry somewhere? Try the McAfee uninstaller.. www.softpedia.com	Pancake (6359)
1244305	2011-11-21 09:33:00	Try the McAfee uninstaller . . . softpedia . com/get/Tweak/Uninstallers/McAfee-Consumer-Product-Removal-Tool . shtml" target="_blank">www . softpedia . com Done,rebooted then ran Combo, log file as follows ComboFix 11-11-20 . 02 - Lappy 21/11/2011 22:17:57 . 3 . 2 - x86 Microsoft® Windows Vista™ Home Premium 6 . 0 . 6002 . 2 . 1252 . 64 . 1033 . 18 . 2046 . 777 [GMT 13:00] Running from: c:\users\Lappy\Downloads\ComboFix . exe AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2011-10-21 to 2011-11-21 ))))))))))))))))))))))))))))))) . . 2011-11-21 09:25 . 2011-11-21 09:25 -------- d-----w- c:\users\Lappy\AppData\Local\temp 2011-11-21 09:25 . 2011-11-21 09:25 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2011-11-21 09:25 . 2011-11-21 09:25 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-11-21 04:44 . 2011-11-21 04:54 309320 ----a-w- c:\windows\system32\drivers\TrufosAlt . sys 2011-11-20 09:21 . 2006-06-19 00:01 69632 ----a-w- c:\windows\system32\ztvcabinet . dll 2011-11-20 09:21 . 2006-05-25 02:52 162304 ----a-w- c:\windows\system32\ztvunrar36 . dll 2011-11-20 09:21 . 2005-08-25 12:50 77312 ----a-w- c:\windows\system32\ztvunace26 . dll 2011-11-20 09:21 . 2003-02-02 07:06 153088 ----a-w- c:\windows\system32\UNRAR3 . dll 2011-11-20 09:21 . 2002-03-05 12:00 75264 ----a-w- c:\windows\system32\unacev2 . dll 2011-11-20 09:21 . 2011-11-20 09:23 -------- d-----w- c:\program files\Trojan Remover 2011-11-20 09:21 . 2011-11-20 09:21 -------- d-----w- c:\users\Lappy\AppData\Roaming\Simply Super Software 2011-11-20 09:21 . 2011-11-20 09:21 -------- d-----w- c:\programdata\Simply Super Software 2011-11-20 02:49 . 2011-11-20 02:49 -------- d-----w- c:\users\Lappy\AppData\Roaming\NCH Software 2011-11-20 02:49 . 2011-11-20 02:49 -------- d-----w- c:\programdata\NCH Software 2011-11-20 02:48 . 2011-11-20 02:48 -------- d-----w- c:\program files\NCH Software 2011-11-20 01:40 . 2011-11-20 01:53 -------- d-----w- c:\program files\XECTool 2011-11-19 22:43 . 2011-11-19 22:43 -------- d-----w- c:\users\Lappy\AppData\Roaming\SUPERAntiSpyware . co m 2011-11-19 22:43 . 2011-11-20 00:06 -------- d-----w- c:\program files\SUPERAntiSpyware 2011-11-19 22:43 . 2011-11-19 22:43 -------- d-----w- c:\programdata\SUPERAntiSpyware . com 2011-11-19 09:18 . 2011-11-19 09:18 -------- d-----w- c:\programdata\Malwarebytes 2011-11-19 09:18 . 2011-08-31 04:00 22216 ----a-w- c:\windows\system32\drivers\mbam . sys 2011-11-19 09:18 . 2011-11-19 09:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-11-19 02:38 . 2011-11-19 02:38 -------- d-----w- c:\users\Lappy\AppData\Roaming\SpeedMaxPc 2011-11-19 02:38 . 2011-11-19 02:38 -------- d-----w- c:\users\Lappy\AppData\Roaming\DriverCure 2011-11-19 00:31 . 2011-11-19 00:31 388096 ----a-r- c:\users\Lappy\AppData\Roaming\Microsoft\Installer \{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis . exe 2011-11-19 00:31 . 2011-11-19 00:31 -------- d-----w- c:\program files\Trend Micro 2011-11-08 19:52 . 2011-10-17 11:41 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter . dat 2011-11-08 19:52 . 2011-09-20 21:02 913280 ----a-w- c:\windows\system32\drivers\tcpip . sys 2011-11-08 19:52 . 2011-09-20 13:44 31232 ----a-w- c:\windows\system32\drivers\tcpipreg . sys 2011-11-08 19:52 . 2011-09-30 15:57 707584 ----a-w- c:\program files\Common Files\System\wab32 . dll 2011-10-31 07:11 . 2011-10-31 07:11 7450888 ----a-w- c:\program files\Common Files\Windows Live\ . cache\4697cc271cc979c01\bingbarsetup . exe 2011-10-26 05:14 . 2011-10-26 05:14 -------- d-----w- c:\windows\B9DB4C7601A446D58910F7AA6376DBAF . TMP 2011-10-26 05:14 . 2011-10-26 05:14 -------- d-----w- c:\windows\7F6D7FD9648D4DD9BB6E3990C675ECA4 . TMP 2011-10-26 05:05 . 2011-10-15 08:53 61248 ----a-w- c:\windows\system32\OpenCL . dll 2011-10-26 05:05 . 2011-10-15 08:53 18871616 ----a-w- c:\windows\system32\nvoglv32 . dll 2011-10-26 05:05 . 2011-10-15 08:53 10327360 ----a-w- c:\windows\system32\drivers\nvlddmkm . sys 2011-10-26 05:05 . 2011-10-15 08:53 2401088 ----a-w- c:\windows\system32\nvcuvid . dll 2011-10-26 05:05 . 2011-10-15 08:53 2099520 ----a-w- c:\windows\system32\nvcuvenc . dll 2011-10-26 05:05 . 2011-10-15 08:53 5578560 ----a-w- c:\windows\system32\nvcuda . dll 2011-10-26 05:05 . 2011-10-15 08:53 17248576 ----a-w- c:\windows\system32\nvcompiler . dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )) . 2011-10-15 08:53 . 2011-08-10 01:06 877376 ----a-w- c:\windows\system32\nvgenco32 . dll 2011-10-15 08:53 . 2011-08-10 01:06 919872 ----a-w- c:\windows\system32\nvdispco32 . dll 2011-10-15 08:53 . 2011-01-29 19:51 7041856 ----a-w- c:\windows\system32\nvwgf2um . dll 2011-10-15 08:53 . 2011-01-07 08:06 602432 ----a-w- c:\windows\system32\easyUpdatusAPIU . dll 2011-10-15 08:53 . 2011-01-07 08:06 6350144 ----a-w- c:\windows\system32\nvcpl . dll 2011-10-15 08:53 . 2011-01-07 08:06 3840320 ----a-w- c:\windows\system32\nvsvc . dll 2011-10-15 08:53 . 2011-01-07 08:06 3074368 ----a-w- c:\windows\system32\nvsvcr . dll 2011-10-15 08:53 . 2011-01-07 08:06 203072 ----a-w- c:\windows\system32\nvmctray . dll 2011-10-15 08:53 . 2011-01-07 08:06 123712 ----a-w- c:\windows\system32\nvshext . dll 2011-10-15 08:53 . 2011-01-07 08:06 1136448 ----a-w- c:\windows\system32\nvvsvc . exe 2011-10-15 08:53 . 2007-09-16 03:41 13205312 ----a-w- c:\windows\system32\nvd3dum . dll 2011-10-15 08:53 . 2007-09-16 03:41 2458432 ----a-w- c:\windows\system32\nvapi . dll 2011-10-14 11:54 . 2011-10-14 11:54 321856 ----a-w- c:\windows\system32\nvStreaming . exe 2011-10-06 17:23 . 2011-10-06 17:23 230608 ----a-w- c:\windows\system32\drivers\avgldx86 . sys 2011-10-03 17:21 . 2011-10-03 17:21 16720 ----a-w- c:\windows\system32\drivers\AVGIDSShim . sys 2011-10-02 16:06 . 2010-05-21 00:51 472808 ----a-w- c:\windows\system32\deployJava1 . dll 2011-10-02 07:09 . 2011-10-02 07:09 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp . cpl 2011-09-12 17:30 . 2011-09-12 17:30 32592 ----a-w- c:\windows\system32\drivers\avgrkx86 . sys 2011-09-06 13:30 . 2011-10-13 20:13 2043392 ----a-w- c:\windows\system32\win32k . sys 2011-09-01 02:35 . 2011-10-14 09:28 1798144 ----a-w- c:\windows\system32\jscript9 . dll 2011-09-01 02:28 . 2011-10-14 09:28 1126912 ----a-w- c:\windows\system32\wininet . dll 2011-09-01 02:22 . 2011-10-14 09:28 2382848 ----a-w- c:\windows\system32\mshtml . tlb 2011-08-26 22:21 . 2011-08-26 22:21 42392 ----a-w- c:\windows\system32\xfcodec . dll 2011-08-25 16:15 . 2011-10-13 20:12 555520 ----a-w- c:\windows\system32\UIAutomationCore . dll 2011-08-25 16:14 . 2011-10-13 20:12 238080 ----a-w- c:\windows\system32\oleacc . dll 2011-08-25 16:14 . 2011-10-13 20:12 563712 ----a-w- c:\windows\system32\oleaut32 . dll 2011-08-25 13:31 . 2011-10-13 20:12 4096 ----a-w- c:\windows\system32\oleaccrc . dll 2011-11-10 09:33 . 2011-04-21 21:03 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps . dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}] 2011-04-22 01:56 2495816 ----a-w- c:\program files\AVG\AVG10\Toolbar\IEToolbar . dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG10\Toolbar\IEToolbar . dll" [2011-04-22 2495816] . [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG10\Toolbar\IEToolbar . dll" [2011-04-22 2495816] . [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\UE AFOverlay] @="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}" [HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}] 2006-12-04 00:03 2854912 ----a-w- c:\program files\Protector Suite QL\farchns . dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\UE AFOverlayOpen] @="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}" [HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}] 2006-12-04 00:03 2854912 ----a-w- c:\program files\Protector Suite QL\farchns . dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run] "ehTray . exe"="c:\windows\ehome\ehTray . exe" [2008-01-19 125952] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG . exe" [2008-01-19 202240] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr . exe" [2011-05-13 4283256] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run] "PSQLLauncher"="c:\program files\Protector Suite QL\launcher . exe" [2006-12-03 49168] "SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart . exe" [2007-07-27 204800] "NDSTray . exe"="NDSTray . exe" [BU] "SVPWUTIL"="c:\program files\TOSHIBA\Utilities\SVPWUTIL . exe" [2006-03-23 438272] "KeNotify"="c:\program files\TOSHIBA\Utilities\KeNotify . exe" [2006-11-07 34352] "TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain . EXE" [2007-03-29 411192] "HSON"="c:\program files\TOSHIBA\TBS\HSON . exe" [2006-12-07 55416] "SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView . exe" [2007-06-16 448080] "00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain . exe" [2007-05-22 538744] "RtHDVCpl"="RtHDVCpl . exe" [2007-09-04 4702208] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh . exe" [2009-03-19 1451304] "AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray . exe" [2011-10-24 2415456] "TrojanScanner"="c:\program files\Trojan Remover\Trjscan . exe" [2011-05-18 1233856] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system] "EnableLUA"= 0 (0x0) "DisableCAD"= 1 (0x1) "EnableUIADesktopToggle"= 0 (0x0) . [hkey_local_machine\software\microsoft\windows\curr entversion\explorer\SharedTaskScheduler] "{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files\Stardock\Fences\FencesMenu . dll" [2010-06-22 202088] . [hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH . DLL" [2011-07-19 113024] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO . DLL . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus] 2006-12-03 23:50 90112 ----a-w- c:\windows\System32\psqlpwd . dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3 . dll . [HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx . exe /sync /restart . [HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\lsa] Notification Packages REG_MULTI_SZ scecli psqlpwd . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\!SASCORE] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\MCODS] @="" . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Wind ows^Start Menu^Programs^Startup^Bluetooth Manager . lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager . lnk backup=c:\windows\pss\Bluetooth Manager . lnk . CommonStartup backupExtension= . CommonStartup . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Wind ows^Start Menu^Programs^Startup^HP Digital Imaging Monitor . lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor . lnk backup=c:\windows\pss\HP Digital Imaging Monitor . lnk . CommonStartup backupExtension= . CommonStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HWSetup] \HWSetup . exe hwSetUP [X] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2011-06-06 00:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1 . 0\AdobeARM . exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Camera Assistant Software] 2007-04-10 23:40 413696 ----a-w- c:\program files\Camera Assistant Software for Toshiba\traybar . exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search] 2007-09-13 00:15 1862144 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop . exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] 2006-12-10 08:52 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2 . exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ] 2011-01-05 08:18 133432 ----a-w- c:\program files\ICQ7 . 2\ICQ . exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam] 2010-05-20 02:27 119152 ----a-w- c:\program files\Microsoft LifeCam\LifeExp . exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)] 2011-08-21 12:18 6276408 ----a-w- c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger . exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] 2011-05-13 04:03 4283256 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr . exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2010-09-07 23:17 421888 ----a-w- c:\program files\QuickTime\QTTask . exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snpstd] 2005-10-11 08:54 339968 ----a-w- c:\windows\vsnpstd . exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] 2010-11-17 03:56 1242448 ----a-w- c:\program files\Steam\Steam . exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware] 2011-11-07 18:04 4617600 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware . exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME . exe] 2011-03-09 12:30 247728 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner . exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX1000] 2010-05-20 02:27 762736 ----a-w- c:\windows\vVX1000 . exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] 2011-07-11 21:47 74752 ----a-w- c:\program files\Winamp\winampa . exe . R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent . exe [2011-10-11 4433248] R2 clr_optimization_v4 . 0 . 30319_32;Microsoft . NET Framework NGEN v4 . 0 . 30319_X86;c:\windows\Microsoft . NET\Framework\ v4 . 0 . 30319\mscorsvw . exe [2010-03-18 130384] R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate . exe [2011-01-01 136176] R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker . exe [2011-04-22 984392] R3 ComputerZ;ComputerZ;f:\ludashi1\LuDaShi\ComputerZ . sys [x] R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate . exe [2011-01-01 136176] R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon . des [2010-04-28 3436784] R3 PowerSaveZ;PowerSaveZ;f:\ludashi1\LuDaShi\PowerSav eZ . sys [x] R3 TpChoice;Touch Pad Detection Filter driver;c:\windows\system32\DRIVERS\TpChoice . sys [x] R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4 . 0 . 0 . 0;c:\windows\Microsoft . NET\Framework\v4 . 0 . 30 319\WPF\WPFFontCache_v0400 . exe [2010-03-18 753504] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc . exe [2010-09-22 51040] S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGI DSEH . Sys [2011-07-10 23120] S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86 . sys [2011-09-12 32592] S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86 . sys [2011-10-06 230608] S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix . sys [2011-07-10 295248] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV . SYS [2011-07-22 12880] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL . SYS [2011-07-12 67664] S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE . EXE [2011-08-11 116608] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1 . 0\armsvc . exe [2011-06-06 64952] S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc . exe [2011-08-01 192776] S2 iRacingService;iRacing . com Helper Service;c:\program files\iRacing\iRacingService . exe [2011-08-12 475808] S2 LeverageService;LeverageService;c:\program files\Pragmatic Solutions Inc\LeverageService\LeverageService . exe [2009-11-23 44544] S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu . exe [2011-10-15 2253120] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr . exe [2011-10-14 381248] S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service . exe [2011-04-15 2280312] S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService . exe [2011-03-09 92592] S2 vToolbarUpdater;vToolbarUpdater;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\8 . 0 . 1\ToolbarUpdater . exe [2011-10-15 246600] S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIV ERS\AVGIDSDriver . Sys [2011-07-10 134736] S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIV ERS\AVGIDSFilter . Sys [2011-07-10 24272] S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\ AVGIDSShim . Sys [2011-10-03 16720] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Contents of the 'Scheduled Tasks' folder . 2011-11-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore . job - c:\program files\Google\Update\GoogleUpdate . exe [2011-01-01 01:46] . 2011-11-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA . job - c:\program files\Google\Update\GoogleUpdate . exe [2011-01-01 01:46] . . ------- Supplementary Scan ------- . uStart Page = hxxp://google . com/ IE: Download with GetRight - c:\program files\GetRight\GRdownload . htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL . EXE/3000 IE: Open with GetRight Browser - c:\program files\GetRight\GRbrowse . htm Trusted Zone: internet Trusted Zone: mcafee . com TCP: DhcpNameServer = 202 . 27 . 158 . 40 202 . 27 . 156 . 72 Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG10\Toolbar\IEToolbar . dll Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\8 . 0 . 1\ViProtocol . dll FF - ProfilePath - c:\users\Lappy\AppData\Roaming\Mozilla\Firefox\Pro files\8qsp42il . default\ FF - prefs . js: browser . search . defaulturl - hxxp://search . conduit . com/ResultsExt . aspx?ctid=CT2790392&SearchSource=3&q={searchTerms} FF - prefs . js: browser . search . selectedEngine - ICQ Search FF - prefs . js: browser . startup . homepage - hxxp://www . google . co . nz/firefox?client=firefox-a&rls=org . mozilla:en-GB:official FF - prefs . js: keyword . URL - hxxp://search . icq . com/search/afe_results . php?ch_id=afex&tb_ver=2 . 0 . 1 . 2&q= FF - user . js: yahoo . ytff . general . dontshowhpoffer - true . . ************************************************** ************************ . catchme 0 . 3 . 1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www . gmer . net Rootkit scan 2011-11-21 22:25 Windows 6 . 0 . 6002 Service Pack 2 NTFS . scanning hidden processes . . . . scanning hidden autostart entries . . . . scanning hidden files . . . . scan completed successfully hidden files: 0 . ************************************************** ************************ . [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\n pggsvc] "ImagePath"="c:\windows\system32\GameMon . des -service" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-622562954-3971586782-2963417872-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:e6,84,a8,20,74,82,fb,c0,c6,c3,fa,42,23,4e,b7, 29,35,7f,ea,ec,e4,df,5d, 15,ae,c4,10,8e,c0,bf,b2,26,0f,6c,d6,cf,ac,89,dd,81 ,be,52,e7,45,7e,70,02,f3,\ "??"=hex:7d,30,35,3d,8a,61,d3,0c,66,39,49,ea,49,5d,ba, 42 . [HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . [HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'lsass . exe'(1188) c:\windows\system32\psqlpwd . dll c:\program files\Protector Suite QL\homefus2 . dll c:\program files\Protector Suite QL\infra . dll . - - - - - - - > 'Explorer . exe'(1136) c:\program files\Protector Suite QL\farchns . dll c:\program files\Protector Suite QL\infra . dll c:\program files\Stardock\Fences\FencesMenu . dll c:\program files\stardock\fences\DesktopDock . dll . Completion time: 2011-11-21 22:27:33 ComboFix-quarantined-files . txt 2011-11-21 09:27 ComboFix2 . txt 2011-11-21 08:08 . Pre-Run: 24,214,192,128 bytes free Post-Run: 24,160,686,080 bytes free . - - End Of File - - 20445549C610DFB970CF7DB060D132B4	Kiwi_NZ (16633)
1244306	2011-11-21 10:18:00	======================================== WARNING these fixes are designed for this user only and may cause damage if run on any other machine . Please copy this page to *Notepad* and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions . It's IMPORTANT to carry out the instructions in the sequence listed below . 1 . Close any open browsers . 2 . Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix . Open *notepad* and copy/paste the the text in the quotebox below into it: Driver:: kwdoapow File:: C:\Users\Lappy\AppData\Local\Temp\kwdoapow . sys Save this as CFScript . txt, in the same location as ComboFix . exe which is on the Desktop . . pandora . be/bluepatchy/miekiemoes/images/CFScript . gif" target="_blank">users . pandora . be Refering to the picture above, drag CFScript . txt into ComboFix . exe When finished, it shall produce a log for you at C:\ComboFix . txt Please copy and paste the ComboFix . txt in your next reply please . *Note: Do not mouseclick combofix's window whilst it's running . That may cause it to stall . Altering this script in any way could damage your computer*	Pancake (6359)
1244307	2011-11-21 10:57:00	======================================== WARNING these fixes are designed for this user only and may cause damage if run on any other machine . Please copy this page to *Notepad* and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions . It's IMPORTANT to carry out the instructions in the sequence listed below . 1 . Close any open browsers . 2 . Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix . Open *notepad* and copy/paste the the text in the quotebox below into it: Save this as CFScript . txt, in the same location as ComboFix . exe which is on the Desktop . . pandora . be/bluepatchy/miekiemoes/images/CFScript . gif" target="_blank">users . pandora . be Refering to the picture above, drag CFScript . txt into ComboFix . exe When finished, it shall produce a log for you at C:\ComboFix . txt Please copy and paste the ComboFix . txt in your next reply please . *Note: Do not mouseclick combofix's window whilst it's running . That may cause it to stall . Altering this script in any way could damage your computer* Done Combo rebooted the computer, upon reboot : AVG Identity Protection found C:\COMBOFIX\REGT . 3XE,threat name unknown,the lil box is still open,I waited for combo to complete the log file before doing anythink . . . anyways do I move that to Vault or Allow or what here is the log file for combo ComboFix 11-11-20 . 02 - Lappy 21/11/2011 23:32:00 . 4 . 2 - x86 Microsoft® Windows Vista™ Home Premium 6 . 0 . 600 2 . 2 . 125 2 . 64 . 1033 . 18 . 2046 . 1058 [GMT 13:00] Running from: c:\users\Lappy\Downloads\ComboFix . exe Command switches used :: c:\users\Lappy\Desktop\CFScript . txt AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . FILE :: "c:\users\Lappy\AppData\Local\Temp\kwdoapow . sys" . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_KWDOAPOW . . ((((((((((((((((((((((((( Files Created from 2011-10-21 to 2011-11-21 ))))))))))))))))))))))))))))))) . . 2011-11-21 10:40 . 2011-11-21 10:45 -------- d-----w- c:\users\Lappy\AppData\Local\temp 2011-11-21 10:40 . 2011-11-21 10:40 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2011-11-21 10:40 . 2011-11-21 10:40 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-11-21 04:44 . 2011-11-21 04:54 309320 ----a-w- c:\windows\system32\drivers\TrufosAlt . sys 2011-11-20 09:21 . 2003-02-02 07:06 153088 ----a-w- c:\windows\system32\UNRAR3 . dll 2011-11-20 09:21 . 2002-03-05 12:00 75264 ----a-w- c:\windows\system32\unacev 2 . dll 2011-11-20 09:21 . 2011-11-20 09:23 -------- d-----w- c:\program files\Trojan Remover 2011-11-20 09:21 . 2011-11-20 09:21 -------- d-----w- c:\users\Lappy\AppData\Roaming\Simply Super Software 2011-11-20 09:21 . 2011-11-20 09:21 -------- d-----w- c:\programdata\Simply Super Software 2011-11-20 02:49 . 2011-11-20 02:49 -------- d-----w- c:\users\Lappy\AppData\Roaming\NCH Software 2011-11-20 02:49 . 2011-11-20 02:49 -------- d-----w- c:\programdata\NCH Software 2011-11-20 02:48 . 2011-11-20 02:48 -------- d-----w- c:\program files\NCH Software 2011-11-20 01:40 . 2011-11-20 01:53 -------- d-----w- c:\program files\XECTool 2011-11-19 22:43 . 2011-11-19 22:43 -------- d-----w- c:\users\Lappy\AppData\Roaming\SUPERAntiSpyware . co m 2011-11-19 22:43 . 2011-11-20 00:06 -------- d-----w- c:\program files\SUPERAntiSpyware 2011-11-19 22:43 . 2011-11-19 22:43 -------- d-----w- c:\programdata\SUPERAntiSpyware . com 2011-11-19 09:18 . 2011-11-19 09:18 -------- d-----w- c:\programdata\Malwarebytes 2011-11-19 09:18 . 2011-08-31 04:00 22216 ----a-w- c:\windows\system32\drivers\mbam . sys 2011-11-19 09:18 . 2011-11-19 09:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-11-19 02:38 . 2011-11-19 02:38 -------- d-----w- c:\users\Lappy\AppData\Roaming\SpeedMaxPc 2011-11-19 02:38 . 2011-11-19 02:38 -------- d-----w- c:\users\Lappy\AppData\Roaming\DriverCure 2011-11-19 00:31 . 2011-11-19 00:31 388096 ----a-r- c:\users\Lappy\AppData\Roaming\Microsoft\Installer \{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis . exe 2011-11-19 00:31 . 2011-11-19 00:31 -------- d-----w- c:\program files\Trend Micro 2011-11-08 19:52 . 2011-10-17 11:41 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter . dat 2011-11-08 19:52 . 2011-09-20 21:02 913280 ----a-w- c:\windows\system32\drivers\tcpip . sys 2011-11-08 19:52 . 2011-09-20 13:44 31232 ----a-w- c:\windows\system32\drivers\tcpipreg . sys 2011-11-08 19:52 . 2011-09-30 15:57 707584 ----a-w- c:\program files\Common Files\System\wab3 2 . dll 2011-10-31 07:11 . 2011-10-31 07:11 7450888 ----a-w- c:\program files\Common Files\Windows Live\ . cache\4697cc271cc979c01\bingbarsetup . exe 2011-10-26 05:14 . 2011-10-26 05:14 -------- d-----w- c:\windows\B9DB4C7601A446D58910F7AA6376DBAF . TMP 2011-10-26 05:14 . 2011-10-26 05:14 -------- d-----w- c:\windows\7F6D7FD9648D4DD9BB6E3990C675ECA4 . TMP 2011-10-26 05:05 . 2011-10-15 08:53 61248 ----a-w- c:\windows\system32\OpenCL . dll 2011-10-26 05:05 . 2011-10-15 08:53 18871616 ----a-w- c:\windows\system32\nvoglv3 2 . dll 2011-10-26 05:05 . 2011-10-15 08:53 10327360 ----a-w- c:\windows\system32\drivers\nvlddmkm . sys 2011-10-26 05:05 . 2011-10-15 08:53 2401088 ----a-w- c:\windows\system32\nvcuvid . dll 2011-10-26 05:05 . 2011-10-15 08:53 2099520 ----a-w- c:\windows\system32\nvcuvenc . dll 2011-10-26 05:05 . 2011-10-15 08:53 5578560 ----a-w- c:\windows\system32\nvcuda . dll 2011-10-26 05:05 . 2011-10-15 08:53 17248576 ----a-w- c:\windows\system32\nvcompiler . dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )) . 2011-10-15 08:53 . 2011-08-10 01:06 877376 ----a-w- c:\windows\system32\nvgenco3 2 . dll 2011-10-15 08:53 . 2011-08-10 01:06 919872 ----a-w- c:\windows\system32\nvdispco3 2 . dll 2011-10-15 08:53 . 2011-01-29 19:51 7041856 ----a-w- c:\windows\system32\nvwgf2um . dll 2011-10-15 08:53 . 2011-01-07 08:06 602432 ----a-w- c:\windows\system32\easyUpdatusAPIU . dll 2011-10-15 08:53 . 2011-01-07 08:06 6350144 ----a-w- c:\windows\system32\nvcpl . dll 2011-10-15 08:53 . 2011-01-07 08:06 3840320 ----a-w- c:\windows\system32\nvsvc . dll 2011-10-15 08:53 . 2011-01-07 08:06 3074368 ----a-w- c:\windows\system32\nvsvcr . dll 2011-10-15 08:53 . 2011-01-07 08:06 203072 ----a-w- c:\windows\system32\nvmctray . dll 2011-10-15 08:53 . 2011-01-07 08:06 123712 ----a-w- c:\windows\system32\nvshext . dll 2011-10-15 08:53 . 2011-01-07 08:06 1136448 ----a-w- c:\windows\system32\nvvsvc . exe 2011-10-15 08:53 . 2007-09-16 03:41 13205312 ----a-w- c:\windows\system32\nvd3dum . dll 2011-10-15 08:53 . 2007-09-16 03:41 2458432 ----a-w- c:\windows\system32\nvapi . dll 2011-10-14 11:54 . 2011-10-14 11:54 321856 ----a-w- c:\windows\system32\nvStreaming . exe 2011-10-06 17:23 . 2011-10-06 17:23 230608 ----a-w- c:\windows\system32\drivers\avgldx86 . sys 2011-10-03 17:21 . 2011-10-03 17:21 16720 ----a-w- c:\windows\system32\drivers\AVGIDSShim . sys 2011-10-02 16:06 . 2010-05-21 00:51 472808 ----a-w- c:\windows\system32\deployJava 1 . dll 2011-10-02 07:09 . 2011-10-02 07:09 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp . cpl 2011-09-12 17:30 . 2011-09-12 17:30 32592 ----a-w- c:\windows\system32\drivers\avgrkx86 . sys 2011-09-06 13:30 . 2011-10-13 20:13 2043392 ----a-w- c:\windows\system32\win32k . sys 2011-09-01 02:35 . 2011-10-14 09:28 1798144 ----a-w- c:\windows\system32\jscript9 . dll 2011-09-01 02:28 . 2011-10-14 09:28 1126912 ----a-w- c:\windows\system32\wininet . dll 2011-09-01 02:22 . 2011-10-14 09:28 2382848 ----a-w- c:\windows\system32\mshtml . tlb 2011-08-26 22:21 . 2011-08-26 22:21 42392 ----a-w- c:\windows\system32\xfcodec . dll 2011-08-25 16:15 . 2011-10-13 20:12 555520 ----a-w- c:\windows\system32\UIAutomationCore . dll 2011-08-25 16:14 . 2011-10-13 20:12 238080 ----a-w- c:\windows\system32\oleacc . dll 2011-08-25 16:14 . 2011-10-13 20:12 563712 ----a-w- c:\windows\system32\oleaut3 2 . dll 2011-08-25 13:31 . 2011-10-13 20:12 4096 ----a-w- c:\windows\system32\oleaccrc . dll 2011-11-10 09:33 . 2011-04-21 21:03 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps . dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}] 2011-04-22 01:56 2495816 ----a-w- c:\program files\AVG\AVG10\Toolbar\IEToolbar . dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG10\Toolbar\IEToolbar . dll" [2011-04-22 2495816] . [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG10\Toolbar\IEToolbar . dll" [2011-04-22 2495816] . [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\UE AFOverlay] @="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}" [HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}] 2006-12-04 00:03 2854912 ----a-w- c:\program files\Protector Suite QL\farchns . dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\UE AFOverlayOpen] @="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}" [HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}] 2006-12-04 00:03 2854912 ----a-w- c:\program files\Protector Suite QL\farchns . dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run] "ehTray . exe"="c:\windows\ehome\ehTray . exe" [2008-01-19 125952] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG . exe" [2008-01-19 202240] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr . exe" [2011-05-13 4283256] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run] "PSQLLauncher"="c:\program files\Protector Suite QL\launcher . exe" [2006-12-03 49168] "SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart . exe" [2007-07-27 204800] "NDSTray . exe"="NDSTray . exe" [BU] "SVPWUTIL"="c:\program files\TOSHIBA\Utilities\SVPWUTIL . exe" [2006-03-23 438272] "KeNotify"="c:\program files\TOSHIBA\Utilities\KeNotify . exe" [2006-11-07 34352] "TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain . EXE" [2007-03-29 411192] "HSON"="c:\program files\TOSHIBA\TBS\HSON . exe" [2006-12-07 55416] "SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView . exe" [2007-06-16 448080] "00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain . exe" [2007-05-22 538744] "RtHDVCpl"="RtHDVCpl . exe" [2007-09-04 4702208] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh . exe" [2009-03-19 1451304] "AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray . exe" [2011-10-24 2415456] "TrojanScanner"="c:\program files\Trojan Remover\Trjscan . exe" [2011-05-18 1233856] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system] "EnableLUA"= 0 (0x0) "DisableCAD"= 1 (0x1) "EnableUIADesktopToggle"= 0 (0x0) . [hkey_local_machine\software\microsoft\windows\curr entversion\explorer\SharedTaskScheduler] "{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files\Stardock\Fences\FencesMenu . dll" [2010-06-22 202088] . [hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH . DLL" [2011-07-19 113024] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO . DLL . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus] 2006-12-03 23:50 90112 ----a-w- c:\windows\System32\psqlpwd . dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3 . dll . [HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx . exe /sync /restart . [HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\lsa] Notification Packages REG_MULTI_SZ scecli psqlpwd . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\!SASCORE] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\MCODS] @="" . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Wind ows^Start Menu^Programs^Startup^Bluetooth Manager . lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager . lnk backup=c:\windows\pss\Bluetooth Manager . lnk . CommonStartup backupExtension= . CommonStartup . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Wind ows^Start Menu^Programs^Startup^HP Digital Imaging Monitor . lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor . lnk backup=c:\windows\pss\HP Digital Imaging Monitor . lnk . CommonStartup backupExtension= . CommonStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HWSetup] \HWSetup . exe hwSetUP [X] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2011-06-06 00:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\ 1 . 0\AdobeARM . exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Camera Assistant Software] 2007-04-10 23:40 413696 ----a-w- c:\program files\Camera Assistant Software for Toshiba\traybar . exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search] 2007-09-13 00:15 1862144 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop . exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] 2006-12-10 08:52 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd 2 . exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ] 2011-01-05 08:18 133432 ----a-w- c:\program files\ICQ7 . 2\ICQ . exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam] 2010-05-20 02:27 119152 ----a-w- c:\program files\Microsoft LifeCam\LifeExp . exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)] 2011-08-21 12:18 6276408 ----a-w- c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger . exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] 2011-05-13 04:03 4283256 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr . exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2010-09-07 23:17 421888 ----a-w- c:\program files\QuickTime\QTTask . exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snpstd] 2005-10-11 08:54 339968 ----a-w- c:\windows\vsnpstd . exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] 2010-11-17 03:56 1242448 ----a-w- c:\program files\Steam\Steam . exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware] 2011-11-07 18:04 4617600 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware . exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME . exe] 2011-03-09 12:30 247728 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner . exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX1000] 2010-05-20 02:27 762736 ----a-w- c:\windows\vVX1000 . exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] 2011-07-11 21:47 74752 ----a-w- c:\program files\Winamp\winampa . exe . R2 clr_optimization_v4 . 0 . 30319_32;Microsoft . NET Framework NGEN v4 . 0 . 30319_X86;c:\windows\Microsoft . NET\Framework\ v4 . 0 . 30319\mscorsvw . exe [2010-03-18 130384] R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate . exe [2011-01-01 136176] R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker . exe [2011-04-22 984392] R3 ComputerZ;ComputerZ;f:\ludashi1\LuDaShi\ComputerZ . sys [x] R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate . exe [2011-01-01 136176] R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon . des [2010-04-28 3436784] R3 PowerSaveZ;PowerSaveZ;f:\ludashi1\LuDaShi\PowerSav eZ . sys [x] R3 TpChoice;Touch Pad Detection Filter driver;c:\windows\system32\DRIVERS\TpChoice . sys [x] R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4 . 0 . 0 . 0;c:\windows\Microsoft . NET\Framework\v4 . 0 . 30 319\WPF\WPFFontCache_v0400 . exe [2010-03-18 753504] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc . exe [2010-09-22 51040] S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGI DSEH . Sys [2011-07-10 23120] S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86 . sys [2011-09-12 32592] S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86 . sys [2011-10-06 230608] S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix . sys [2011-07-10 295248] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV . SYS [2011-07-22 12880] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL . SYS [2011-07-12 67664] S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE . EXE [2011-08-11 116608] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\ 1 . 0\armsvc . exe [2011-06-06 64952] S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent . exe [2011-10-11 4433248] S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc . exe [2011-08-01 192776] S2 iRacingService;iRacing . com Helper Service;c:\program files\iRacing\iRacingService . exe [2011-08-12 475808] S2 LeverageService;LeverageService;c:\program files\Pragmatic Solutions Inc\LeverageService\LeverageService . exe [2009-11-23 44544] S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu . exe [2011-10-15 2253120] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr . exe [2011-10-14 381248] S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service . exe [2011-04-15 2280312] S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService . exe [2011-03-09 92592] S2 vToolbarUpdater;vToolbarUpdater;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\8 . 0 . 1\ToolbarUpdater . exe [2011-10-15 246600] S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIV ERS\AVGIDSDriver . Sys [2011-07-10 134736] S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIV ERS\AVGIDSFilter . Sys [2011-07-10 24272] S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\ AVGIDSShim . Sys [2011-10-03 16720] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Contents of the 'Scheduled Tasks' folder . 2011-11-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore . job - c:\program files\Google\Update\GoogleUpdate . exe [2011-01-01 01:46] . 2011-11-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA . job - c:\program files\Google\Update\GoogleUpdate . exe [2011-01-01 01:46] . . ------- Supplementary Scan ------- . uStart Page = hxxp://google . com/ IE: Download with GetRight - c:\program files\GetRight\GRdownload . htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL . EXE/3000 IE: Open with GetRight Browser - c:\program files\GetRight\GRbrowse . htm Trusted Zone: internet Trusted Zone: mcafee . com TCP: DhcpNameServer = 20 2 . 27 . 158 . 40 20 2 . 27 . 156 . 72 Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG10\Toolbar\IEToolbar . dll Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\8 . 0 . 1\ViProtocol . dll FF - ProfilePath - c:\users\Lappy\AppData\Roaming\Mozilla\Firefox\Pro files\8qsp42il . default\ FF - prefs . js: browser . search . defaulturl - hxxp://search . conduit . com/ResultsExt . aspx?ctid=CT2790392&SearchSource=3&q={searchTerms} FF - prefs . js: browser . search . selectedEngine - ICQ Search FF - prefs . js: browser . startup . homepage - hxxp://www . google . co . nz/firefox?client=firefox-a&rls=org . mozilla:en-GB:official FF - prefs . js: keyword . URL - hxxp://search . icq . com/search/afe_results . php?ch_id=afex&tb_ver= 2 . 0 . 1 . 2&q= FF - user . js: yahoo . ytff . general . dontshowhpoffer - true . . ************************************************** ************************ scanning hidden processes . . . . scanning hidden autostart entries . . . . scanning hidden files . . . . scan completed successfully hidden files: . ************************************************** ************************ . [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\n pggsvc] "ImagePath"="c:\windows\system32\GameMon . des -service" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-622562954-3971586782-2963417872-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:e6,84,a8,20,74,82,fb,c0,c6,c3,fa,42,23,4e,b7, 29,35,7f,ea,ec,e4,df,5d, 15,ae,c4,10,8e,c0,bf,b2,26,0f,6c,d6,cf,ac,89,dd,81 ,be,52,e7,45,7e,70,02,f3,\ "??"=hex:7d,30,35,3d,8a,61,d3,0c,66,39,49,ea,49,5d,ba, 42 . [HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . [HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'lsass . exe'(1008) c:\windows\system32\psqlpwd . dll c:\program files\Protector Suite QL\homefus 2 . dll c:\program files\Protector Suite QL\infra . dll . - - - - - - - > 'Explorer . exe'(4176) c:\program files\Protector Suite QL\farchns . dll c:\program files\Protector Suite QL\infra . dll c:\program files\Stardock\Fences\FencesMenu . dll c:\program files\stardock\fences\DesktopDock . dll . ------------------------ Other Running Processes ------------------------ . c:\progra~1\AVG\AVG2012\avgrsx . exe c:\program files\AVG\AVG2012\avgcsrvx . exe c:\windows\system32\nvvsvc . exe c:\windows\Microsoft . Net\Framework\v3 . 0\WPF\Presen tationFontCache . exe c:\program files\NVIDIA Corporation\Display\nvxdsync . exe c:\windows\system32\nvvsvc . exe c:\program files\Protector Suite QL\upeksvr . exe c:\windows\system32\WLANExt . exe c:\windows\system32\agrsmsvc . exe c:\program files\TOSHIBA\ConfigFree\CFSvcs . exe c:\program files\Intel\Wireless\Bin\EvtEng . exe c:\program files\Microsoft LifeCam\MSCamS3 2 . exe c:\toshiba\IVP\ISM\pinger . exe c:\windows\system32\PnkBstrA . exe c:\windows\system32\PnkBstrB . exe c:\program files\Intel\Wireless\Bin\RegSrvc . exe c:\toshiba\IVP\swupdate\swupdtmr . exe c:\program files\AVG\AVG2012\avgnsx . exe c:\program files\AVG\AVG2012\avgemcx . exe c:\program files\Toshiba\TOSHIBA HD DVD PLAYER\TNaviSrv . exe c:\windows\system32\TODDSrv . exe c:\program files\Toshiba\Power Saver\TosCoSrv . exe c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv . exe c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr . exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC . EXE c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM . exe c:\program files\Toshiba\ConfigFree\NDSTray . exe c:\windows\RtHDVCpl . exe c:\program files\NVIDIA Corporation\Display\nvtray . exe c:\windows\ehome\ehmsas . exe c:\program files\Protector Suite QL\psqltray . exe c:\program files\Synaptics\SynTP\SynToshiba . exe c:\program files\Synaptics\SynTP\SynTPHelper . exe c:\program files\Toshiba\ConfigFree\CFWAN . exe c:\program files\Toshiba\ConfigFree\CFSwMgr . exe c:\program files\Windows Media Player\wmpnetwk . exe . ************************************************** ************************ . Completion time: 2011-11-21 23:52:54 - machine was rebooted ComboFix-quarantined-files . txt 2011-11-21 10:52 ComboFix 2 . txt 2011-11-21 09:27 ComboFix3 . txt 2011-11-21 08:08 . Pre-Run: 24,209,047,552 bytes free Post-Run: 23,782,342,656 bytes free . - - End Of File - - DE55A0F20B9122AEC1629FCF84CD2F2B	Kiwi_NZ (16633)
1244308	2011-11-21 11:16:00	That seems to have removed the file so all being well you should now be fine . Ok . All done . Log looks good! All that was detected is now either in quarantine or system restore, both of which we'll be cleaning out in just a minute . Congratulations, well done . Go to : Start > Run then copy and paste the following highlighted (blue) text below into the box and click OK . ComboFix /uninstall Over the course of the fix you've used a variety of special tools to help with the cleaning process - none of these are of any use to you now that you're clean, and it's best not to have them hanging around on your computer . OTC is a small program that removes all the leftover tools and logs from cleanup of malware . Please download OTC ( . geekstogo . com/OTC . exe" target="_blank">oldtimer . geekstogo . com) to your desktop . Double-click OTC to run it . (Vista users, please right click on OTC and select "Run as an Administrator") Click on the CleanUp! button and follow the prompts . You will be asked to reboot the machine to finish the Cleanup process, choose Yes . After the reboot all the tools we used should be gone . Note: Some more recently created tools may not yet be removed by OTC . Feel free to manually delete any tools it leaves behind . Here are some tips to reduce the potential for malware infection in the future; I strongly suggest that you read them and take them to heart so that you don't have to endure the process of cleaning your computer again . Afterwork ( . pchelpforum . com/fixed-hijackthis-logs/59327-now-you-all-clean-afterwork . html" target="_blank">www . pchelpforum . com) Malware Prevention ( . pchelpforum . com/fixed-hijackthis-logs/64964-so-you-want-prevent-happening . html" target="_blank">www . pchelpforum . com) How Did I Get Infected ( . pchelpforum . com/fixed-hijackthis-logs/57400-how-did-i-get-infected . html" target="_blank">www . pchelpforum . com) More Tips on Prevention ( . telenet . be/bluepatchy/miekiemoes/prevention . html" target="_blank">users . telenet . be) =============================	Pancake (6359)
1 2 3 4