Why did IObit not stop this Malware

[Keta]

I am running IObit Security 360 Professional. I am also running Avast Internet Security and the free version of CCleaner.

 

However, I was not protected against a program by the name of ClickPotato.

Why did IObit not stop this Malware?

 

Can I use my IObit Security to uninstall ClickPotato? If so, could you please give me step by step instructions. I am not good at this. I have tried everything I know to do to uninstall ClickPotato without any results.

 

Operating System is Windows 32bit. All updates of the programs mentioned are installed and up to date.

 

Your help would be very much appreciated.

[Superdave]

Hello and welcome to IOBit Forums. My name is Dave. I will be helping you out with your particular problem on your computer.

 

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.

2. The fixes are specific to your problem and should only be used for this issue on this machine.

3. If you don't know or understand something, please don't hesitate to ask.

4. Please DO NOT run any other tools or scans while I am helping you.

5. It is important that you reply to this thread. Do not start a new topic.

6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

7. Absence of symptoms does not mean that everything is clear.

 

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.

*****************************************************

No one security program will stop all the malware. That's why it's best to have a layered approach to prevent malware. I will give you a list after we're finished cleaning your computer.

 

SUPERAntiSpyware

 

If you already have SUPERAntiSpyware be sure to check for updates before scanning!

 

Download SuperAntispyware Free Edition (SAS)

* Double-click the icon on your desktop to run the installer.

* When asked to Update the program definitions, click Yes

* If you encounter any problems while downloading the updates, manually download and unzip them from here

* Next click the Preferences button.

 

•Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts

* Click the Scanning Control tab.

* Under Scanner Options make sure only the following are checked:

 

•Close browsers before scanning

•Scan for tracking cookies

•Terminate memory threats before quarantining

•Please leave the others unchecked

 

•Click the Close button to leave the control center screen.

 

* On the main screen click Scan your computer

* On the left check the box for the drive you are scanning.

* On the right choose Perform Complete Scan

* Click Next to start the scan. Please be patient while it scans your computer.

* After the scan is complete a summary box will appear. Click OK

* Make sure everything in the white box has a check next to it, then click Next

* It will quarantine what it found and if it asks if you want to reboot, click Yes

 

•To retrieve the removal information please do the following:

•After reboot, double-click the SUPERAntiSpyware icon on your desktop.

•Click Preferences. Click the Statistics/Logs tab.

 

•Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.

 

•It will open in your default text editor (preferably Notepad).

•Save the notepad file to your desktop by clicking (in notepad) File > Save As...

 

* Save the log somewhere you can easily find it. (normally the desktop)

* Click close and close again to exit the program.

*Copy and Paste the log in your post.

**************************************

 

Please download Malwarebytes Anti-Malware from here.

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Full Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  
• Please save the log to a location you will remember.
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  
• Copy and paste the entire report in your next reply.

Extra Note:

 

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

**********************************************

Download DDS from HERE or HERE and save it to your desktop.

 

Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)

 

* XP users Double click on dds to run it.

* If your antivirus or firewall try to block DDS then please allow it to run.

* When finished DDS will open two (2) logs.

 

1) DDS.txt

2) Attach.txt

 

* Save both logs to your desktop.

* Please copy and paste the entire contents of both logs in your next reply.

 

Note: DDS will instruct you to post the Attach.txt log as an attachment.

Please just post it as you would any other log by copy and pasting it into the reply.

[Keta]

Malwarebytes' Anti-Malware 1.50.1.1100

http://www.malwarebytes.org

 

Database version: 6093

 

Windows 6.0.6002 Service Pack 2

Internet Explorer 8.0.6001.19019

 

3/18/2011 8:40:00 AM

mbam-log-2011-03-18 (08-40-00).txt

 

Scan type: Full scan (C:\|N:\|)

Objects scanned: 1025964

Time elapsed: 3 hour(s), 23 minute(s), 18 second(s)

 

Memory Processes Infected: 3

Memory Modules Infected: 3

Registry Keys Infected: 43

Registry Values Infected: 6

Registry Data Items Infected: 1

Folders Infected: 24

Files Infected: 43

 

Memory Processes Infected:

c:\programdata\questbrwsearch\questbrowse127.exe (Adware.QuestBrowse) -> 3008 -> Unloaded process successfully.

c:\program files\questbrwsearch\questbrwsearch.exe (Adware.QuestBrowse) -> 3656 -> Unloaded process successfully.

c:\program files\clickpotatolite\bin\10.0.666.0\clickpotatolitesa.exe (Adware.ClickPotato) -> 4396 -> Unloaded process successfully.

 

Memory Modules Infected:

c:\program files\questbrwsearch\questbrwsearch.dll (Adware.Agent.Gen) -> Delete on reboot.

c:\program files\clickpotatolite\bin\10.0.666.0\clickpotatolitesahook.dll (Adware.ClickPotato) -> Delete on reboot.

c:\program files\shopperreports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions\components\BRNstFF.dll (Adware.ShopperReports) -> Delete on reboot.

 

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\QuestBrowse Service (Adware.QuestBrowse) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\AppID\{8258B35C-05B8-4c0e-9525-9BCCC70F8F2D} (Adware.ClickPotato) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{1602F07D-8BF3-4c08-BDD6-DDDB1C48AEDC} (Adware.ClickPotato) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\TypeLib\{C55CA95C-324B-451C-B2D2-6E895AA75FEC} (Adware.ClickPotato) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{30B15818-E110-4527-9C05-46ACE5A3460D} (Adware.ClickPotato) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\ClickPotatoLiteAX.info.1 (Adware.ClickPotato) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\ClickPotatoLiteAX.info (Adware.ClickPotato) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1602F07D-8BF3-4C08-BDD6-DDDB1C48AEDC} (Adware.ClickPotato) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{7A3D6D17-9DD5-4C60-8076-D1784DABAF8C} (Adware.ClickPotato) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\TypeLib\{814BAA91-DC22-4350-87D6-0C86E93F7F08} (Adware.ClickPotato) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{419EDA30-6DFF-432C-B534-E15D899ABEE4} (Adware.ClickPotato) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\MenuButtonIE.ButtonIE.1 (Adware.ClickPotato) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\MenuButtonIE.ButtonIE (Adware.ClickPotato) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{AC6D819E-AA8F-4418-A3BB-D165C1B18BB5} (Adware.ClickPotato) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\ClickPotatoLiteAX.UserProfiles.1 (Adware.ClickPotato) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\ClickPotatoLiteAX.UserProfiles (Adware.ClickPotato) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{AC6D819E-AA8F-4418-A3BB-D165C1B18BB5} (Adware.ClickPotato) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{CC7BD6F1-565C-47ce-A5BB-9C935E77B59D} (Adware.ShopperReports) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\TypeLib\{02AED140-2B62-4B49-8B3B-179020CC39B9} (Adware.ShopperReports) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{17BF1E05-C0E8-413C-BD1F-A481EEA3B8E9} (Adware.ShopperReports) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\ShopperReports.CntntDic.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\ShopperReports.CntntDic (Adware.ShopperReports) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{CFC16189-8A92-4a29-A940-60248385F426} (Adware.ShopperReports) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\ShopperReports.CntntDisp.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\ShopperReports.CntntDisp (Adware.ShopperReports) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{DEE758B4-C3FB-4a5b-9939-848B9C77A2FB} (Adware.ShopperReports) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\ShopperReports.Stock.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\ShopperReports.Stock (Adware.ShopperReports) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE} (Adware.ClickPotato) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE} (Adware.ClickPotato) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE} (Adware.ClickPotato) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{89F88394-3828-4d03-A0CF-8203604C3DA6} (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D4233F04-1789-483c-A137-731E8F113DD5} (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ClickPotatoLiteSA (Adware.ClickPotato) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\QuestBrowse (Adware.QuestBrowse) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShopperReportsSA (Adware.ShopperReports) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\AppID\BRNstIE.DLL (Adware.ClickPotato) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\AppID\MenuButtonIE.DLL (Adware.ClickPotato) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\ShopperReports3 (Adware.ShopperReports) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\clickpotatolitesa (Adware.ClickPotato) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\ClickPotatoLite (Adware.ClickPotato) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\QuestBrowse (Adware.QuestBrowse) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\ShopperReports3 (Adware.ShopperReports) -> Quarantined and deleted successfully.

 

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ClickPotatoLiteSA (Adware.ClickPotato) -> Value: ClickPotatoLiteSA -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\bak_Application (Hijacker.Application) -> Value: bak_Application -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\ShopperReports 3.0.517.0 (Adware.HotBar) -> Value: ShopperReports 3.0.517.0 -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\SRS_IT_E8790776BD76595130AA97 (Malware.Trace) -> Value: SRS_IT_E8790776BD76595130AA97 -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions\ShopperReports@ShopperReports.com (ShopperReports) -> Value: ShopperReports@ShopperReports.com -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions\ClickPotatoLite@ClickPotatoLite.com (Adware.ClickPotato) -> Value: ClickPotatoLite@ClickPotatoLite.com -> Quarantined and deleted successfully.

 

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\Application (Hijacker.Application) -> Bad: (http://www.helpmeopen.com/?n=app&ext=%s) Good: (http://shell.windows.com/fileassoc/%04x/xml/redir.asp?Ext=%s) -> Quarantined and deleted successfully.

 

Folders Infected:

c:\programdata\clickpotatolitesa (Adware.ClickPotato) -> Quarantined and deleted successfully.

c:\Users\Inge\AppData\Roaming\shopperreports3 (Adware.ShopperReports) -> Delete on reboot.

c:\program files\clickpotatolite (Adware.ClickPotato) -> Delete on reboot.

c:\program files\clickpotatolite\bin (Adware.ClickPotato) -> Delete on reboot.

c:\program files\clickpotatolite\bin\10.0.666.0 (Adware.ClickPotato) -> Delete on reboot.

c:\program files\clickpotatolite\bin\10.0.666.0\firefox (Adware.ClickPotato) -> Quarantined and deleted successfully.

c:\program files\clickpotatolite\bin\10.0.666.0\firefox\extensions (Adware.ClickPotato) -> Quarantined and deleted successfully.

c:\program files\clickpotatolite\bin\10.0.666.0\firefox\extensions\plugins (Adware.ClickPotato) -> Quarantined and deleted successfully.

c:\program files\shopperreports3 (Adware.ShopperReports) -> Delete on reboot.

c:\program files\shopperreports3\bin (Adware.ShopperReports) -> Delete on reboot.

c:\program files\shopperreports3\bin\3.0.517.0 (Adware.ShopperReports) -> Delete on reboot.

c:\program files\shopperreports3\bin\3.0.517.0\firefox (Adware.ShopperReports) -> Delete on reboot.

c:\program files\shopperreports3\bin\3.0.517.0\firefox\firefoxtoolbar (Adware.ShopperReports) -> Delete on reboot.

c:\program files\shopperreports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions (Adware.ShopperReports) -> Delete on reboot.

c:\program files\shopperreports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions\chrome (Adware.ShopperReports) -> Quarantined and deleted successfully.

c:\program files\shopperreports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions\components (Adware.ShopperReports) -> Delete on reboot.

c:\programdata\microsoft\Windows\start menu\Programs\clickpotato (Adware.ClickPotato) -> Quarantined and deleted successfully.

c:\programdata\microsoft\Windows\start menu\Programs\shopperreports (Adware.ShopperReports) -> Quarantined and deleted successfully.

c:\program files\mozilla firefox\extensions\{d9adb0a8-7bfb-498d-9880-ee78a81ccfa0} (Adware.QuestBrowse) -> Delete on reboot.

c:\program files\mozilla firefox\extensions\{d9adb0a8-7bfb-498d-9880-ee78a81ccfa0}\chrome (Adware.QuestBrowse) -> Delete on reboot.

c:\program files\mozilla firefox\extensions\{d9adb0a8-7bfb-498d-9880-ee78a81ccfa0}\defaults (Adware.QuestBrowse) -> Quarantined and deleted successfully.

c:\program files\mozilla firefox\extensions\{d9adb0a8-7bfb-498d-9880-ee78a81ccfa0}\defaults\preferences (Adware.QuestBrowse) -> Quarantined and deleted successfully.

c:\program files\questbrwsearch (Adware.QuestBrowse) -> Delete on reboot.

c:\programdata\questbrwsearch (Adware.QuestBrowse) -> Quarantined and deleted successfully.

 

Files Infected:

c:\programdata\questbrwsearch\questbrowse127.exe (Adware.QuestBrowse) -> Quarantined and deleted successfully.

c:\program files\questbrwsearch\questbrwsearch.dll (Adware.Agent.Gen) -> Delete on reboot.

c:\program files\questbrwsearch\questbrwsearch.exe (Adware.QuestBrowse) -> Quarantined and deleted successfully.

c:\program files\clickpotatolite\bin\10.0.666.0\clickpotatolitesa.exe (Adware.ClickPotato) -> Quarantined and deleted successfully.

c:\program files\clickpotatolite\bin\10.0.666.0\clickpotatolitesahook.dll (Adware.ClickPotato) -> Delete on reboot.

c:\program files\shopperreports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions\components\BRNstFF.dll (Adware.ShopperReports) -> Delete on reboot.

c:\program files\clickpotatolite\bin\10.0.666.0\clickpotatolitesaax.dll (Adware.ClickPotato) -> Quarantined and deleted successfully.

c:\program files\clickpotatolite\bin\10.0.666.0\clickpotatolitesabho.dll (Adware.ClickPotato) -> Quarantined and deleted successfully.

c:\program files\shopperreports3\bin\3.0.517.0\cntntcntr.dll (Adware.ShopperReports) -> Quarantined and deleted successfully.

c:\program files\shopperreports3\bin\3.0.517.0\BRNstIE.dll (Adware.ShopperReports) -> Quarantined and deleted successfully.

c:\program files\clickpotatolite\bin\10.0.666.0\clickpotatoliteuninstaller.exe (Adware.ClickPotato) -> Quarantined and deleted successfully.

c:\program files\clickpotatolite\bin\10.0.666.0\firefox\extensions\plugins\npclntax_clickpotatolitesa.dll (Adware.ClickPotato) -> Quarantined and deleted successfully.

c:\program files\mozilla firefox\plugins\npclntax_clickpotatolitesa.dll (Adware.ClickPotato) -> Quarantined and deleted successfully.

c:\program files\questbrwsearch\uninstall.exe (Adware.QuestBrowse) -> Quarantined and deleted successfully.

c:\program files\shopperreports3\bin\3.0.517.0\CmndFF.dll (Adware.ShopperReports) -> Quarantined and deleted successfully.

c:\program files\shopperreports3\bin\3.0.517.0\mozillaps.dll (Adware.ShopperReports) -> Quarantined and deleted successfully.

c:\program files\shopperreports3\bin\3.0.517.0\shopperreportsuninstaller.exe (Adware.ShopperReports) -> Quarantined and deleted successfully.

c:\Users\Inge\AppData\Local\Temp\nsbDB2B.tmp\Install.dll (Adware.Seekmo) -> Quarantined and deleted successfully.

c:\Users\Inge\AppData\Local\Temp\nse2E08.tmp\Install.dll (Adware.Seekmo) -> Quarantined and deleted successfully.

c:\Users\Inge\AppData\Local\Temp\nsjC7AD.tmp\Install.dll (Adware.Seekmo) -> Quarantined and deleted successfully.

c:\Users\Inge\AppData\Local\Temp\~nsu.tmp\Au_.exe (Adware.ClickPotato) -> Quarantined and deleted successfully.

c:\programdata\clickpotatolitesa\clickpotatolitesa.dat (Adware.ClickPotato) -> Quarantined and deleted successfully.

c:\programdata\clickpotatolitesa\clickpotatolitesaabout.mht (Adware.ClickPotato) -> Quarantined and deleted successfully.

c:\programdata\clickpotatolitesa\clickpotatolitesaau.dat (Adware.ClickPotato) -> Quarantined and deleted successfully.

c:\programdata\clickpotatolitesa\clickpotatolitesaeula.mht (Adware.ClickPotato) -> Quarantined and deleted successfully.

c:\programdata\clickpotatolitesa\clickpotatolitesa_kyf.dat (Adware.ClickPotato) -> Quarantined and deleted successfully.

c:\program files\clickpotatolite\bin\10.0.666.0\firefox\extensions\install.rdf (Adware.ClickPotato) -> Quarantined and deleted successfully.

c:\program files\shopperreports3\bin\3.0.517.0\launchhelp.dll (Adware.ShopperReports) -> Quarantined and deleted successfully.

c:\program files\shopperreports3\bin\3.0.517.0\link.ico (Adware.ShopperReports) -> Quarantined and deleted successfully.

c:\program files\shopperreports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions\chrome.manifest (Adware.ShopperReports) -> Quarantined and deleted successfully.

c:\program files\shopperreports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions\install.rdf (Adware.ShopperReports) -> Quarantined and deleted successfully.

c:\program files\shopperreports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions\chrome\firefoxtoolbar.jar (Adware.ShopperReports) -> Quarantined and deleted successfully.

c:\program files\shopperreports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions\components\BRNstFF.xpt (Adware.ShopperReports) -> Quarantined and deleted successfully.

c:\programdata\microsoft\Windows\start menu\Programs\clickpotato\About Us.lnk (Adware.ClickPotato) -> Quarantined and deleted successfully.

c:\programdata\microsoft\Windows\start menu\Programs\clickpotato\clickpotato customer support.lnk (Adware.ClickPotato) -> Quarantined and deleted successfully.

c:\programdata\microsoft\Windows\start menu\Programs\clickpotato\clickpotato uninstall instructions.lnk (Adware.ClickPotato) -> Quarantined and deleted successfully.

c:\programdata\microsoft\Windows\start menu\Programs\shopperreports\About Us.lnk (Adware.ShopperReports) -> Quarantined and deleted successfully.

c:\programdata\microsoft\Windows\start menu\Programs\shopperreports\customer support.lnk (Adware.ShopperReports) -> Quarantined and deleted successfully.

c:\programdata\microsoft\Windows\start menu\Programs\shopperreports\shopperreports uninstall instructions.lnk (Adware.ShopperReports) -> Quarantined and deleted successfully.

c:\program files\mozilla firefox\extensions\{d9adb0a8-7bfb-498d-9880-ee78a81ccfa0}\chrome.manifest (Adware.QuestBrowse) -> Quarantined and deleted successfully.

c:\program files\mozilla firefox\extensions\{d9adb0a8-7bfb-498d-9880-ee78a81ccfa0}\install.rdf (Adware.QuestBrowse) -> Quarantined and deleted successfully.

c:\program files\mozilla firefox\extensions\{d9adb0a8-7bfb-498d-9880-ee78a81ccfa0}\chrome\questbrowse.jar (Adware.QuestBrowse) -> Delete on reboot.

c:\program files\mozilla firefox\extensions\{d9adb0a8-7bfb-498d-9880-ee78a81ccfa0}\defaults\preferences\prefs.js (Adware.QuestBrowse) -> Quarantined and deleted successfully.

[Keta]

Thank you Dave for helping me.

 

Clickpotato seems to be gone. clickpotato installed itself when I was trying to watch a video on youtube, I thought it was part of youtube.

 

I am amazed how many infected items were found. I regularly run scans and update my programs.

 

I do hope I followed your instructions correctly, all sorts of things happened on the computer that were new to me.

 

Thank you!

 

Keta

[Superdave]

I still would like to see the SAS and DDS logs.

[Keta]

DDS (Ver_11-03-05.01) - NTFSx86

Run by Inge at 14:48:24.53 on Fri 03/18/2011

Internet Explorer: 8.0.6001.19019 BrowserJavaVersion: 1.6.0_24

.

============== Running Processes ===============

.

.

============== Pseudo HJT Report ===============

.

uStart Page = about:blank

uInternet Settings,ProxyOverride = *.local

uURLSearchHooks: MapQuest Toolbar Search Class: {2558d83c-097c-4cf1-9163-ce5ecc36ace2} - c:\program files\mapquest toolbar\mapquesttb.dll

uURLSearchHooks: IAOLTBSearch Class: {ea756889-2338-43db-8f07-d1ca6fb9c90d} - c:\program files\aol toolbar\aoltb.dll

mURLSearchHooks: MapQuest Toolbar Search Class: {2558d83c-097c-4cf1-9163-ce5ecc36ace2} - c:\program files\mapquest toolbar\mapquesttb.dll

mURLSearchHooks: IAOLTBSearch Class: {ea756889-2338-43db-8f07-d1ca6fb9c90d} - c:\program files\aol toolbar\aoltb.dll

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File

BHO: CDelHotkeys Object: {78875f5c-a685-4405-8dc5-d48dc65452b0} - c:\program files\delicious add-on for internet explorer\DeliciousExtension.dll

BHO: AOL Toolbar Loader: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol toolbar\aoltb.dll

BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\alwil software\avast5\aswWebRepIE.dll

BHO: BrowserHelper Class: {9a065c65-4ee7-4ddd-9918-f129089a894a} - c:\program files\windows home server\WHSDeskBands.dll

BHO: MapQuest Toolbar Loader: {bd3fd433-147a-482e-a192-614f26e2310c} - c:\program files\mapquest toolbar\mapquesttb.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: Gigabyte Toolkit: {b681b554-3c5c-491c-b08e-35aebfd5b3bd} - mscoree.dll

TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol toolbar\aoltb.dll

TB: Delicious Toolbar: {61d1c847-df80-423a-8c6d-dc03b97e6ebe} - c:\program files\delicious add-on for internet explorer\DeliciousExtension.dll

TB: Home Server Banner: {d73e76a3-f902-45bd-8fc8-95ae8e014671} - c:\program files\windows home server\WHSDeskBands.dll

TB: MapQuest Toolbar: {9302e698-7e00-43ab-b867-c6e759bc2ada} - c:\program files\mapquest toolbar\mapquesttb.dll

TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\alwil software\avast5\aswWebRepIE.dll

TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File

EB: {85E0B171-04FA-11D1-B7DA-00A0C90348D6} - No File

EB: Delicious Sidebar: {9d19c405-ba93-461b-871f-97992cc45972} - c:\program files\delicious add-on for internet explorer\DeliciousExtension.dll

uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe

uRun: [AdobeBridge]

uRun: [skype] "c:\program files\skype\\phone\Skype.exe" /nosplash /minimized

uRun: [Logitech Vid] "c:\program files\logitech\logitech vid\vid.exe" -bootmode

uRun: [Aim] "c:\program files\aim\aim.exe" /d locale=en-US

uRun: [iSUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup

uRun: [DW6] "c:\program files\the weather channel fw\desktop\DesktopWeather.exe"

uRun: [AOL Fast Start] "c:\program files\aol 9.1a\AOL.EXE" -b

mRun: [RtHDVCpl] RtHDVCpl.exe

mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"

mRun: [intelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"

mRun: [WDCBG] c:\windows\WDCBG.EXE

mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\logitech webcam software\LWS.exe" /hide

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [<NO NAME>]

mRun: [iObit Security 360] "c:\program files\iobit\iobit security 360\IS360tray.exe" /autostart

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui

mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin

mRun: [QuickTime Task] "c:\program files\quicktime alternative\QTTask.exe" -atboottime

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: &AOL Toolbar Search - c:\programdata\aol\ietoolbar\resources\en-us\local\search.html

IE: {2C887991-08F0-11DC-A9B2-0012F0B227DD} - {B8D8B1D0-83AF-451B-8CD9-8F1BF4ED8FEA} - c:\program files\delicious add-on for internet explorer\DeliciousExtension.dll

IE: {2C887992-08F0-11DC-A9B2-0012F0B227DD} - {9D19C405-BA93-461b-871F-97992CC45972} - c:\program files\delicious add-on for internet explorer\DeliciousExtension.dll

IE: {2C887993-08F0-11DC-A9B2-0012F0B227DD} - {4D3D441F-9543-4941-B664-2EDCF9FC1B56} - c:\program files\delicious add-on for internet explorer\DeliciousExtension.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\inge\appdata\roaming\mozilla\firefox\profiles\0wb6acj3.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/aolcom/search?invocationType=tb50-ff-mapquest-chromesbox-en-us&query=

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - component: c:\users\inge\appdata\roaming\mozilla\firefox\profiles\0wb6acj3.default\extensions\{4d1e692f-d179-413b-a987-eeeaad85ddb3}\components\MailUtil.dll

FF - component: c:\users\inge\appdata\roaming\mozilla\firefox\profiles\0wb6acj3.default\extensions\browserhighlighter@ebay.com\components\Shim.dll

FF - plugin: c:\progra~1\sonyon~1\npsoe.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\np32asw.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npclntax_ClickPotatoLiteSA.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll

FF - plugin: c:\program files\quicktime alternative\plugins\npqtplugin.dll

FF - plugin: c:\program files\quicktime alternative\plugins\npqtplugin2.dll

FF - plugin: c:\program files\quicktime alternative\plugins\npqtplugin3.dll

FF - plugin: c:\program files\quicktime alternative\plugins\npqtplugin4.dll

FF - plugin: c:\program files\quicktime alternative\plugins\npqtplugin5.dll

FF - plugin: c:\program files\quicktime alternative\plugins\npqtplugin6.dll

FF - plugin: c:\program files\quicktime alternative\plugins\npqtplugin7.dll

FF - plugin: c:\program files\skyhook wireless\loki browser plugin\nploki.dll

FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll

FF - plugin: c:\users\inge\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll

FF - plugin: c:\users\inge\appdata\roaming\move networks\plugins\npqmp071503000010.dll

FF - plugin: c:\users\inge\appdata\roaming\move networks\plugins\npqmp071701000002.dll

FF - Ext: The Browser Highlighter: browserhighlighter@ebay.com - c:\program files\mozilla firefox\extensions\browserhighlighter@ebay.com

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\alwil software\avast5\webrep\FF

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: Delicious Bookmarks: {2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9} - %profile%\extensions\{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}

FF - Ext: Amazon Toolbar: amznUWL@amazon.com - %profile%\extensions\amznUWL@amazon.com

FF - Ext: MapQuest Toolbar: {4D1E692F-D179-413b-A987-EEEAAD85DDB3} - %profile%\extensions\{4D1E692F-D179-413b-A987-EEEAAD85DDB3}

FF - Ext: ReminderFox: {ada4b710-8346-4b82-8199-5de2b400a6ae} - %profile%\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}

FF - Ext: BetterPrivacy: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3} - %profile%\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}

FF - Ext: Flagfox: {1018e4d6-728f-4b20-ad56-37578a4de76b} - %profile%\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}

FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

FF - Ext: The Browser Highlighter: browserhighlighter@ebay.com - %profile%\extensions\browserhighlighter@ebay.com

FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\users\inge\appdata\roaming\Move Networks

.

---- FIREFOX POLICIES ----

FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(yahoo.homepage.dontask, true);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false

============= SERVICES / DRIVERS ===============

.

R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86

R? cpuz131;cpuz131

R? gupdate;Google Update Service (gupdate)

R? ivusb;Initio Driver for USB Default Controller

R? WDC_SAM;WD SCSI Pass Thru driver

R? WDCFX_AT;USB Storage Adapter FX_AT (WDC)

R? WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0

S? AMD External Events Utility;AMD External Events Utility

S? amdkmdag;amdkmdag

S? amdkmdap;amdkmdap

S? arXfrSvc;Windows Media Center TV Archive Transfer Service

S? aswFsBlk;aswFsBlk

S? aswFW;avast! TDI Firewall driver

S? aswMonFlt;aswMonFlt

S? aswNdis;avast! Firewall NDIS Filter Service

S? aswNdis2;avast! Firewall Core Firewall Service

S? aswSnx;aswSnx

S? aswSP;aswSP

S? avast! Antivirus;avast! Antivirus

S? avast! Firewall;avast! Firewall

S? BackupReader;BackupReader

S? esClient;Windows Media Center Client Service

S? FontCache;Windows Font Cache Service

S? GEST Service;GEST Service for program management.

S? IS360service;IS360service

S? nlsX86cc;Nalpeiron Licensing Service

S? TabletServicePen;TabletServicePen

S? WHSConnector;Windows Home Server Connector Service

.

=============== File Associations ===============

.

vbefile\shell\open2\command="%SystemRoot%\System32\CScript.exe" "%1" %*

vbsfile\shell\open2\command="%SystemRoot%\System32\CScript.exe" "%1" %*

jsefile\shell\open2\command=c:\windows\system32\CScript.exe "%1" %*

.

=============== Created Last 30 ================

.

2011-03-18 00:57:31 -------- d-----w- c:\users\inge\appdata\roaming\Malwarebytes

2011-03-18 00:57:25 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-03-18 00:57:24 -------- d-----w- c:\progra~2\Malwarebytes

2011-03-18 00:57:21 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-03-18 00:57:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-03-15 14:03:42 5943120 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{37a96ae4-0234-4442-a37f-85123c2ba049}\mpengine.dll

2011-03-09 01:45:31 429056 ----a-w- c:\windows\system32\EncDec.dll

2011-03-09 01:45:31 322560 ----a-w- c:\windows\system32\sbe.dll

2011-03-09 01:45:31 177664 ----a-w- c:\windows\system32\mpg2splt.ax

2011-03-09 01:45:31 153088 ----a-w- c:\windows\system32\sbeio.dll

2011-03-09 01:45:30 677888 ----a-w- c:\windows\system32\mstsc.exe

2011-03-09 01:45:30 2067968 ----a-w- c:\windows\system32\mstscax.dll

2011-03-07 21:13:17 66560 ----a-w- c:\windows\system32\nlssrv32.exe

2011-03-07 20:50:29 227840 ----a-w- c:\windows\system32\Deco_32.dll

2011-03-07 20:50:13 -------- d-----w- c:\program files\onOne Software

2011-03-07 20:49:53 -------- d-----w- c:\progra~2\onOne Software

2011-02-17 14:24:39 -------- d-----w- c:\program files\iPod

2011-02-17 14:24:38 -------- d-----w- c:\program files\iTunes

.

==================== Find3M ====================

.

2011-03-18 13:44:53 16608 ----a-w- c:\windows\gdrv.sys

2011-03-03 15:30:22 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-02-23 14:04:21 40648 ----a-w- c:\windows\avastSS.scr

2011-02-02 23:11:20 222080 ------w- c:\windows\system32\MpSigStub.exe

2011-01-30 20:23:35 2560 ----a-w- c:\windows\_MSRSTRT.EXE

2011-01-20 16:08:16 478720 ----a-w- c:\windows\system32\dxgi.dll

2011-01-20 16:08:06 219648 ----a-w- c:\windows\system32\d3d10_1core.dll

2011-01-20 16:08:06 189952 ----a-w- c:\windows\system32\d3d10core.dll

2011-01-20 16:08:06 160768 ----a-w- c:\windows\system32\d3d10_1.dll

2011-01-20 16:08:06 1029120 ----a-w- c:\windows\system32\d3d10.dll

2011-01-20 16:07:58 37376 ----a-w- c:\windows\system32\cdd.dll

2011-01-20 16:07:42 258048 ----a-w- c:\windows\system32\winspool.drv

2011-01-20 16:07:16 586240 ----a-w- c:\windows\system32\stobject.dll

2011-01-20 16:06:38 2873344 ----a-w- c:\windows\system32\mf.dll

2011-01-20 16:06:35 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll

2011-01-20 16:04:54 98816 ----a-w- c:\windows\system32\mfps.dll

2011-01-20 16:04:54 209920 ----a-w- c:\windows\system32\mfplat.dll

2011-01-20 14:28:38 1554432 ----a-w- c:\windows\system32\xpsservices.dll

2011-01-20 14:27:50 876032 ----a-w- c:\windows\system32\XpsPrint.dll

2011-01-20 14:26:30 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe

2011-01-20 14:25:25 847360 ----a-w- c:\windows\system32\OpcServices.dll

2011-01-20 14:24:32 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll

2011-01-20 14:24:26 135680 ----a-w- c:\windows\system32\XpsRasterService.dll

2011-01-20 14:15:10 979456 ----a-w- c:\windows\system32\MFH264Dec.dll

2011-01-20 14:14:39 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll

2011-01-20 14:14:03 302592 ----a-w- c:\windows\system32\mfmp4src.dll

2011-01-20 14:14:03 261632 ----a-w- c:\windows\system32\mfreadwrite.dll

2011-01-20 14:12:46 1172480 ----a-w- c:\windows\system32\d3d10warp.dll

2011-01-20 14:11:34 486400 ----a-w- c:\windows\system32\d3d10level9.dll

2011-01-20 13:47:51 683008 ----a-w- c:\windows\system32\d2d1.dll

2011-01-20 13:44:05 1068544 ----a-w- c:\windows\system32\DWrite.dll

2011-01-20 13:44:03 797184 ----a-w- c:\windows\system32\FntCache.dll

2011-01-08 08:47:50 34304 ----a-w- c:\windows\system32\atmlib.dll

2011-01-08 06:28:49 292352 ----a-w- c:\windows\system32\atmfd.dll

2010-12-31 13:57:01 2039808 ----a-w- c:\windows\system32\win32k.sys

2010-12-28 15:55:03 413696 ----a-w- c:\windows\system32\odbc32.dll

2006-05-03 09:06:54 163328 --sh--r- c:\windows\system32\flvDX.dll

2007-02-21 10:47:16 31232 --sh--r- c:\windows\system32\msfDX.dll

2008-03-16 12:30:52 216064 --sh--r- c:\windows\system32\nbDX.dll

.

============= FINISH: 14:50:00.86 ===============

[Keta]

==== Installed Programs ======================

.

@BIOS Ver.2.0

3DMark06

3DVIA Shape for Maps

Adobe AIR

Adobe Anchor Service CS4

Adobe Bridge CS4

Adobe CMaps CS4

Adobe Color - Photoshop Specific CS4

Adobe Color Common Settings

Adobe Color EU Extra Settings CS4

Adobe Color JA Extra Settings CS4

Adobe Color NA Recommended Settings CS4

Adobe Color Video Profiles CS CS4

Adobe CSI CS4

Adobe Default Language CS4

Adobe Device Central CS4

Adobe Drive CS4

Adobe ExtendScript Toolkit 2

Adobe ExtendScript Toolkit CS4

Adobe Extension Manager CS4

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Fonts All

Adobe Linguistics CS4

Adobe Media Player

Adobe Output Module

Adobe PDF Library Files CS4

Adobe Photoshop CS4

Adobe Photoshop CS4 Support

Adobe Photoshop Lightroom 2.7

Adobe Reader 8.2.6

Adobe Search for Help

Adobe Service Manager Extension

Adobe Setup

Adobe Type Support CS4

Adobe Update Manager CS4

Adobe WinSoft Linguistics Plugin

Adobe XMP Panels CS4

AdobeColorCommonSetCMYK

AdobeColorCommonSetRGB

AIM 7

AOL Mail and AIM Gadget

AOL Toolbar

AOL Uninstaller (Choose which Products to Remove)

APC PowerChute Personal Edition

Apple Application Support

Apple Mobile Device Support

Apple Software Update

ASUS Utilities

ASUS VGA Driver

ATI AVIVO Codecs

ATI Catalyst Install Manager

avast! Internet Security

AVS Update Manager 1.0

AVS Video Editor 4

AVS Video Recorder 2.4

AVS YouTube Uploader version 2.1

AVS4YOU Software Navigator 1.3

Bonjour

CardRecovery

Catalyst Control Center - Branding

Catalyst Control Center Core Implementation

Catalyst Control Center Graphics Full Existing

Catalyst Control Center Graphics Full New

Catalyst Control Center Graphics Light

Catalyst Control Center Graphics Previews Common

Catalyst Control Center Graphics Previews Vista

Catalyst Control Center HydraVision Full

ccc-core-static

ccc-utility

CCC Help English

CCleaner

CD/DVD Diagnostic 3.0

Connect

Corel Painter X

Coupon Printer for Windows

Creative Vado Central muvee Plugin

Creative Vado HD Codec

Dassault Systemes Software Prerequisites x86

Delicious Add-on for Internet Explorer

Download Updater (AOL LLC)

Easy Tune 6 B08.0516.2

Energy Saver Advance B8.0520.1

EPSON TWAIN 5

ffdshow v1.1.3439 [2010-05-14]

Final Media Player 2010

Fotki Desktop

FoxyTunes for Firefox

Free Realms Installer

Google Chrome

Google Earth

Google Update Helper

GoToMeeting 4.5.0.457

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

HP MediaSmart Server 2.5 Patch 2

HP MediaSmart Server 2.5 Patch 3

HP Update

Instant JPEG From RAW

IObit Security 360

iTunes

Java Auto Updater

Java 6 Update 24

kuler

LightScribe 1.4.136.1

Logitech Vid

Logitech Webcam Software

Logitech Webcam Software Driver Package

Loki ActiveX Control

Loki Browser Plugin

Malwarebytes' Anti-Malware

MapQuest Toolbar

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft Application Error Reporting

Microsoft IntelliPoint 6.2

Microsoft IntelliType Pro 6.2

Microsoft Office 2007 Service Pack 2 (SP2)

Microsoft Office Excel MUI (English) 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Standard 2007

Microsoft Office Word MUI (English) 2007

Microsoft Silverlight

Microsoft VC9 runtime libraries

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

Microsoft XML Parser

MobileMe Control Panel

Move Media Player

Mozilla Firefox (3.6.15)

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB941833)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

neroxml

Noise Ninja 2 (Standalone Version)

OGA Notifier 2.0.0048.0

Opanda IExif 2.3

Opanda PowerExif 1.2 Professional Trial

OpenAL

OpenOffice.org Installer 1.0

PDF Settings CS4

Pen Tablet

Perfect Photo Suite 5.5.1

Philips Intelligent Agent

Photomatix Pro version 3.0.3RC2

PhotoME

Photoshop Camera Raw

QuickTime

QuickTime Alternative 1.81

Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista

Realtek High Definition Audio Driver

RTC Client API v1.2

Security Update for 2007 Microsoft Office System (KB2288621)

Security Update for 2007 Microsoft Office System (KB2288931)

Security Update for 2007 Microsoft Office System (KB2289158)

Security Update for 2007 Microsoft Office System (KB2344875)

Security Update for 2007 Microsoft Office System (KB2345043)

Security Update for 2007 Microsoft Office System (KB969559)

Security Update for 2007 Microsoft Office System (KB976321)

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)

Security Update for Microsoft Office Excel 2007 (KB2345035)

Security Update for Microsoft Office InfoPath 2007 (KB979441)

Security Update for Microsoft Office PowerPoint 2007 (KB982158)

Security Update for Microsoft Office PowerPoint Viewer (KB2413381)

Security Update for Microsoft Office system 2007 (972581)

Security Update for Microsoft Office system 2007 (KB974234)

Security Update for Microsoft Office Visio Viewer 2007 (KB973709)

Security Update for Microsoft Office Word 2007 (KB2344993)

Shipping Assistant 3.7

Skins

Skype™ 4.2

Suite Shared Configuration CS4

SUPER © Version 2009.bld.36 (June 10, 2009)

The Lord of the Rings FREE Trial

Time Repair 1.0 B01.0520.2 (x86)

Unity Web Player

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office Outlook 2007 (KB2412171)

Update for Microsoft Office Outlook 2007 Help (KB963677)

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

Update for Outlook 2007 Junk Email Filter (KB2508979)

USB Storage Adapter FX/AT (WDC)

Viewpoint Media Player

Western Digital USB Mass Storage Driver Installation

Windows Home Server Connector

Windows Home Server Toolkit 1.1

Windows Media Player Firefox Plugin

WinRAR archiver

World of Warcraft FREE Trial

.

==== End Of File ===========================

[Superdave]

You have Viewpoint installed.

 

Viewpoint Media Player/Manager/Toolbar is considered as Foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad".

 

More information:

 

* ViewMgr.exe - Useless

* Viewpoint to Plunge Into Adware

 

It is suggested to remove the program now. Go to Start > Control Panel > Add/Remove Programs - (Vista & Win7 is Programs and Features) and remove the following programs if present.

* Viewpoint

* Viewpoint Manager

* Viewpoint Media Player

* Viewpoint Toolbar

* Viewpoint Experience Technology

**********************************************

Download ComboFix by sUBs from one of the below links. Be sure to save it to the Desktop.

 

link # 1

Link # 2

If you are using Firefox, make sure that your download settings are as follows:

 

* Tools->Options->Main tab

* Set to "Always ask me where to Save the files".

 

Close any open web browsers (Firefox, Internet Explorer, etc) before starting ComboFix.

 

Temporarily disable your anti-virus, and any anti-spyware real-time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

 

Right-click combofix.exe and select Run as Administrator and follow the prompts.

When finished, ComboFix will produce a log for you.

Post the ComboFix log and a new HijackThis log in your next reply.

 

NOTE: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

 

Remember to re-enable your anti-virus and anti-spyware protection when ComboFix is complete.

[Keta]

Dave, after scanning 777150 files and 06:42:05, ASA is still scanning. I will send the report tomorrow.

[Keta]

SUPERAntiSpyware Scan Log

http://www.superantispyware.com

 

Generated 03/19/2011 at 01:43 AM

 

Application Version : 4.50.1002

 

Core Rules Database Version : 6628

Trace Rules Database Version: 4440

 

Scan type : Complete Scan

Total Scan Time : 10:06:03

 

Memory items scanned : 842

Memory threats detected : 0

Registry items scanned : 13073

Registry threats detected : 15

File items scanned : 860132

File threats detected : 91

 

Adware.Tracking Cookie

C:\Users\Inge\AppData\Roaming\Microsoft\Windows\Cookies\inge@yieldmanager[1].txt

C:\Users\Inge\AppData\Roaming\Microsoft\Windows\Cookies\inge@content.yieldmanager[4].txt

C:\Users\Inge\AppData\Roaming\Microsoft\Windows\Cookies\inge@electronicarts.112.2o7[2].txt

C:\Users\Inge\AppData\Roaming\Microsoft\Windows\Cookies\inge@invitemedia[2].txt

C:\Users\Inge\AppData\Roaming\Microsoft\Windows\Cookies\inge@adservr21[2].txt

C:\Users\Inge\AppData\Roaming\Microsoft\Windows\Cookies\inge@ad.wsod[2].txt

C:\Users\Inge\AppData\Roaming\Microsoft\Windows\Cookies\inge@ad.yieldmanager[3].txt

C:\Users\Inge\AppData\Roaming\Microsoft\Windows\Cookies\inge@cts.zroitracker[2].txt

C:\Users\Inge\AppData\Roaming\Microsoft\Windows\Cookies\inge@content.yieldmanager[2].txt

C:\Users\Inge\AppData\Roaming\Microsoft\Windows\Cookies\inge@cts.metricsdirect[2].txt

C:\Users\Inge\AppData\Roaming\Microsoft\Windows\Cookies\inge@adservr21[1].txt

.http://www.clickpotato.com [ C:\Users\Inge\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.clickpotato.com [ C:\Users\Inge\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

http://www.clickpotato.com [ C:\Users\Inge\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

http://www.clickpotato.com [ C:\Users\Inge\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

ad.yieldmanager.com [ C:\Users\Inge\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.clickpotato.com [ C:\Users\Inge\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.clickpotato.com [ C:\Users\Inge\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.content.yieldmanager.com [ C:\Users\Inge\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.content.yieldmanager.com [ C:\Users\Inge\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

ad.yieldmanager.com [ C:\Users\Inge\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

ad.yieldmanager.com [ C:\Users\Inge\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

ad.yieldmanager.com [ C:\Users\Inge\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

ad.yieldmanager.com [ C:\Users\Inge\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.atdmt.com [ C:\Users\Inge\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.imrworldwide.com [ C:\Users\Inge\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.imrworldwide.com [ C:\Users\Inge\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.revsci.net [ C:\Users\Inge\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.atdmt.com [ C:\Users\Inge\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.revsci.net [ C:\Users\Inge\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.serving-sys.com [ C:\Users\Inge\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.serving-sys.com [ C:\Users\Inge\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.serving-sys.com [ C:\Users\Inge\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.serving-sys.com [ C:\Users\Inge\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.revsci.net [ C:\Users\Inge\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.revsci.net [ C:\Users\Inge\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.revsci.net [ C:\Users\Inge\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

C:\Users\Inge\AppData\Roaming\Microsoft\Windows\Cookies\inge@2o7[2].txt

C:\Users\Inge\AppData\Roaming\Microsoft\Windows\Cookies\inge@ad.yieldmanager[1].txt

C:\Users\Inge\AppData\Roaming\Microsoft\Windows\Cookies\inge@ads.addynamix[1].txt

C:\Users\Inge\AppData\Roaming\Microsoft\Windows\Cookies\inge@advertising[2].txt

C:\Users\Inge\AppData\Roaming\Microsoft\Windows\Cookies\inge@ar.atwola[1].txt

C:\Users\Inge\AppData\Roaming\Microsoft\Windows\Cookies\inge@ar.atwola[3].txt

C:\Users\Inge\AppData\Roaming\Microsoft\Windows\Cookies\inge@at.atwola[1].txt

C:\Users\Inge\AppData\Roaming\Microsoft\Windows\Cookies\inge@atwola[1].txt

C:\Users\Inge\AppData\Roaming\Microsoft\Windows\Cookies\inge@cdn.at.atwola[1].txt

C:\Users\Inge\AppData\Roaming\Microsoft\Windows\Cookies\inge@collective-media[1].txt

C:\Users\Inge\AppData\Roaming\Microsoft\Windows\Cookies\inge@content.yieldmanager[1].txt

C:\Users\Inge\AppData\Roaming\Microsoft\Windows\Cookies\inge@cts.metricsdirect[1].txt

C:\Users\Inge\AppData\Roaming\Microsoft\Windows\Cookies\inge@cts.zroitracker[1].txt

C:\Users\Inge\AppData\Roaming\Microsoft\Windows\Cookies\inge@electronicarts.112.2o7[1].txt

C:\Users\Inge\AppData\Roaming\Microsoft\Windows\Cookies\inge@interclick[2].txt

C:\Users\Inge\AppData\Roaming\Microsoft\Windows\Cookies\inge@lfstmedia[1].txt

C:\Users\Inge\AppData\Roaming\Microsoft\Windows\Cookies\inge@media.adfrontiers[1].txt

C:\Users\Inge\AppData\Roaming\Microsoft\Windows\Cookies\inge@mediaplex[2].txt

C:\Users\Inge\AppData\Roaming\Microsoft\Windows\Cookies\inge@realmedia[1].txt

C:\Users\Inge\AppData\Roaming\Microsoft\Windows\Cookies\inge@trafficmp[1].txt

C:\Users\Inge\AppData\Roaming\Microsoft\Windows\Cookies\inge@trafficregenerator[2].txt

C:\Users\Inge\AppData\Roaming\Microsoft\Windows\Cookies\inge@www.burstnet[1].txt

.electronicarts.112.2o7.net [ C:\Users\Inge\AppData\Roaming\Mozilla\Firefox\Profiles\0wb6acj3.default\cookies.sqlite ]

.casalemedia.com [ C:\Users\Inge\AppData\Roaming\Mozilla\Firefox\Profiles\0wb6acj3.default\cookies.sqlite ]

.casalemedia.com [ C:\Users\Inge\AppData\Roaming\Mozilla\Firefox\Profiles\0wb6acj3.default\cookies.sqlite ]

.casalemedia.com [ C:\Users\Inge\AppData\Roaming\Mozilla\Firefox\Profiles\0wb6acj3.default\cookies.sqlite ]

.casalemedia.com [ C:\Users\Inge\AppData\Roaming\Mozilla\Firefox\Profiles\0wb6acj3.default\cookies.sqlite ]

user.lucidmedia.com [ C:\Users\Inge\AppData\Roaming\Mozilla\Firefox\Profiles\0wb6acj3.default\cookies.sqlite ]

.content.yieldmanager.com [ C:\Users\Inge\AppData\Roaming\Mozilla\Firefox\Profiles\0wb6acj3.default\cookies.sqlite ]

.realmedia.com [ C:\Users\Inge\AppData\Roaming\Mozilla\Firefox\Profiles\0wb6acj3.default\cookies.sqlite ]

.2o7.net [ C:\Users\Inge\AppData\Roaming\Mozilla\Firefox\Profiles\0wb6acj3.default\cookies.sqlite ]

ad.yieldmanager.com [ C:\Users\Inge\AppData\Roaming\Mozilla\Firefox\Profiles\0wb6acj3.default\cookies.sqlite ]

ad.yieldmanager.com [ C:\Users\Inge\AppData\Roaming\Mozilla\Firefox\Profiles\0wb6acj3.default\cookies.sqlite ]

.interclick.com [ C:\Users\Inge\AppData\Roaming\Mozilla\Firefox\Profiles\0wb6acj3.default\cookies.sqlite ]

.interclick.com [ C:\Users\Inge\AppData\Roaming\Mozilla\Firefox\Profiles\0wb6acj3.default\cookies.sqlite ]

.interclick.com [ C:\Users\Inge\AppData\Roaming\Mozilla\Firefox\Profiles\0wb6acj3.default\cookies.sqlite ]

.media.adfrontiers.com [ C:\Users\Inge\AppData\Roaming\Mozilla\Firefox\Profiles\0wb6acj3.default\cookies.sqlite ]

.media.adfrontiers.com [ C:\Users\Inge\AppData\Roaming\Mozilla\Firefox\Profiles\0wb6acj3.default\cookies.sqlite ]

.collective-media.net [ C:\Users\Inge\AppData\Roaming\Mozilla\Firefox\Profiles\0wb6acj3.default\cookies.sqlite ]

.lfstmedia.com [ C:\Users\Inge\AppData\Roaming\Mozilla\Firefox\Profiles\0wb6acj3.default\cookies.sqlite ]

.http://www.burstnet.com [ C:\Users\Inge\AppData\Roaming\Mozilla\Firefox\Profiles\0wb6acj3.default\cookies.sqlite ]

http://www.googleadservices.com [ C:\Users\Inge\AppData\Roaming\Mozilla\Firefox\Profiles\0wb6acj3.default\cookies.sqlite ]

.collective-media.net [ C:\Users\Inge\AppData\Roaming\Mozilla\Firefox\Profiles\0wb6acj3.default\cookies.sqlite ]

.collective-media.net [ C:\Users\Inge\AppData\Roaming\Mozilla\Firefox\Profiles\0wb6acj3.default\cookies.sqlite ]

.collective-media.net [ C:\Users\Inge\AppData\Roaming\Mozilla\Firefox\Profiles\0wb6acj3.default\cookies.sqlite ]

.collective-media.net [ C:\Users\Inge\AppData\Roaming\Mozilla\Firefox\Profiles\0wb6acj3.default\cookies.sqlite ]

.collective-media.net [ C:\Users\Inge\AppData\Roaming\Mozilla\Firefox\Profiles\0wb6acj3.default\cookies.sqlite ]

.adxpose.com [ C:\Users\Inge\AppData\Roaming\Mozilla\Firefox\Profiles\0wb6acj3.default\cookies.sqlite ]

.invitemedia.com [ C:\Users\Inge\AppData\Roaming\Mozilla\Firefox\Profiles\0wb6acj3.default\cookies.sqlite ]

.invitemedia.com [ C:\Users\Inge\AppData\Roaming\Mozilla\Firefox\Profiles\0wb6acj3.default\cookies.sqlite ]

.invitemedia.com [ C:\Users\Inge\AppData\Roaming\Mozilla\Firefox\Profiles\0wb6acj3.default\cookies.sqlite ]

.mm.chitika.net [ C:\Users\Inge\AppData\Roaming\Mozilla\Firefox\Profiles\0wb6acj3.default\cookies.sqlite ]

 

Adware.Zango/ShoppingReport

HKCR\Interface\{618AAD04-921F-44C2-BE38-C0818AF69861}

HKCR\Interface\{618AAD04-921F-44C2-BE38-C0818AF69861}\ProxyStubClsid

HKCR\Interface\{618AAD04-921F-44C2-BE38-C0818AF69861}\ProxyStubClsid32

HKCR\Interface\{618AAD04-921F-44C2-BE38-C0818AF69861}\TypeLib

HKCR\Interface\{618AAD04-921F-44C2-BE38-C0818AF69861}\TypeLib#Version

HKCR\Interface\{B5D2ED96-62F9-4C2C-956D-E425B1F67337}

HKCR\Interface\{B5D2ED96-62F9-4C2C-956D-E425B1F67337}\ProxyStubClsid

HKCR\Interface\{B5D2ED96-62F9-4C2C-956D-E425B1F67337}\ProxyStubClsid32

HKCR\Interface\{B5D2ED96-62F9-4C2C-956D-E425B1F67337}\TypeLib

HKCR\Interface\{B5D2ED96-62F9-4C2C-956D-E425B1F67337}\TypeLib#Version

HKCR\Interface\{D3A412E8-1E4B-47D2-9B12-F88291F5AFBB}

HKCR\Interface\{D3A412E8-1E4B-47D2-9B12-F88291F5AFBB}\ProxyStubClsid

HKCR\Interface\{D3A412E8-1E4B-47D2-9B12-F88291F5AFBB}\ProxyStubClsid32

HKCR\Interface\{D3A412E8-1E4B-47D2-9B12-F88291F5AFBB}\TypeLib

HKCR\Interface\{D3A412E8-1E4B-47D2-9B12-F88291F5AFBB}\TypeLib#Version

 

Adware.Agent/Gen-Pinball

C:\AVENGER\CLICKPOTATOLITESAHOOK.DLL

 

Adware.Agent/Gen-Zango

C:\USERS\INGE\DOWNLOADS\CLICKPOTATOINSTALLER.EXE

[Keta]

ComboFix 11-03-18.04 - Inge 03/19/2011 10:31:03.1.4 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3325.1287 [GMT -5:00]

Running from: c:\users\Inge\Downloads\ComboFix.exe

AV: avast! Internet Security *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

FW: avast! Internet Security *Disabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47}

SP: avast! Internet Security *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: IObit Security 360 *Disabled/Updated* {FAE2835A-B90A-9E7A-85DA-82DBDA7C1E3A}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Inge\AppData\Roaming\Microsoft\Windows\Recent\DSC_0119.JPG (JPEG Image, 3008x2000 pixels) - Scaled (32%).URL

c:\users\Inge\AppData\Roaming\Microsoft\Windows\Recent\Video.url

c:\users\Inge\g2mdlhlpx.exe

c:\users\Inge\videos\Vado Central.exe

c:\windows\TEMP\logishrd\LVPrcInj01.dll

N:\Autorun.inf

.

.

((((((((((((((((((((((((( Files Created from 2011-02-19 to 2011-03-19 )))))))))))))))))))))))))))))))

.

.

No new files created in this timespan

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-03-19 15:48 . 2008-07-24 22:27 16608 ----a-w- c:\windows\gdrv.sys

2011-03-03 15:30 . 2010-11-01 22:53 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-02-23 14:04 . 2010-10-28 20:57 40648 ----a-w- c:\windows\avastSS.scr

2011-02-23 14:04 . 2010-10-28 20:41 190016 ----a-w- c:\windows\system32\aswBoot.exe

2011-02-23 13:57 . 2010-10-28 20:43 101976 ----a-w- c:\windows\system32\drivers\aswFW.sys

2011-02-23 13:56 . 2010-10-28 20:43 371544 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2011-02-23 13:56 . 2010-10-28 20:43 301528 ----a-w- c:\windows\system32\drivers\aswSP.sys

2011-02-23 13:56 . 2010-10-28 20:42 192728 ----a-w- c:\windows\system32\drivers\aswNdis2.sys

2011-02-23 13:55 . 2010-10-28 20:41 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2011-02-23 13:55 . 2010-10-28 20:42 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2011-02-23 13:55 . 2010-10-28 20:41 53592 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2011-02-23 13:54 . 2010-10-28 20:43 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2011-02-02 23:11 . 2009-10-03 02:26 222080 ------w- c:\windows\system32\MpSigStub.exe

2011-01-30 20:23 . 2011-01-30 20:23 2560 ----a-w- c:\windows\_MSRSTRT.EXE

2011-01-20 16:37 . 2011-02-09 21:24 638336 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys

2011-01-20 16:08 . 2011-02-09 21:24 478720 ----a-w- c:\windows\system32\dxgi.dll

2011-01-20 16:08 . 2011-02-09 21:24 219648 ----a-w- c:\windows\system32\d3d10_1core.dll

2011-01-20 16:08 . 2011-02-09 21:24 189952 ----a-w- c:\windows\system32\d3d10core.dll

2011-01-20 16:08 . 2011-02-09 21:24 160768 ----a-w- c:\windows\system32\d3d10_1.dll

2011-01-20 16:08 . 2011-02-09 21:24 1029120 ----a-w- c:\windows\system32\d3d10.dll

2011-01-20 16:07 . 2011-02-09 21:24 37376 ----a-w- c:\windows\system32\cdd.dll

2011-01-20 16:07 . 2011-02-09 21:24 258048 ----a-w- c:\windows\system32\winspool.drv

2011-01-20 16:07 . 2011-02-09 21:24 586240 ----a-w- c:\windows\system32\stobject.dll

2011-01-20 16:06 . 2011-02-09 21:24 2873344 ----a-w- c:\windows\system32\mf.dll

2011-01-20 16:06 . 2011-02-09 21:24 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll

2011-01-20 16:04 . 2011-02-09 21:24 98816 ----a-w- c:\windows\system32\mfps.dll

2011-01-20 16:04 . 2011-02-09 21:24 209920 ----a-w- c:\windows\system32\mfplat.dll

2011-01-20 14:28 . 2011-02-09 21:24 1554432 ----a-w- c:\windows\system32\xpsservices.dll

2011-01-20 14:27 . 2011-02-09 21:24 876032 ----a-w- c:\windows\system32\XpsPrint.dll

2011-01-20 14:26 . 2011-02-09 21:24 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe

2011-01-20 14:25 . 2011-02-09 21:24 847360 ----a-w- c:\windows\system32\OpcServices.dll

2011-01-20 14:24 . 2011-02-09 21:24 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll

2011-01-20 14:24 . 2011-02-09 21:24 135680 ----a-w- c:\windows\system32\XpsRasterService.dll

2011-01-20 14:15 . 2011-02-09 21:24 979456 ----a-w- c:\windows\system32\MFH264Dec.dll

2011-01-20 14:14 . 2011-02-09 21:24 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll

2011-01-20 14:14 . 2011-02-09 21:24 302592 ----a-w- c:\windows\system32\mfmp4src.dll

2011-01-20 14:14 . 2011-02-09 21:24 261632 ----a-w- c:\windows\system32\mfreadwrite.dll

2011-01-20 14:12 . 2011-02-09 21:24 1172480 ----a-w- c:\windows\system32\d3d10warp.dll

2011-01-20 14:11 . 2011-02-09 21:24 486400 ----a-w- c:\windows\system32\d3d10level9.dll

2011-01-20 13:47 . 2011-02-09 21:24 683008 ----a-w- c:\windows\system32\d2d1.dll

2011-01-20 13:44 . 2011-02-09 21:24 1068544 ----a-w- c:\windows\system32\DWrite.dll

2011-01-20 13:44 . 2011-02-09 21:24 797184 ----a-w- c:\windows\system32\FntCache.dll

2011-01-08 08:47 . 2011-02-09 21:24 34304 ----a-w- c:\windows\system32\atmlib.dll

2011-01-08 06:28 . 2011-02-09 21:24 292352 ----a-w- c:\windows\system32\atmfd.dll

2010-12-31 13:57 . 2011-02-09 21:24 2039808 ----a-w- c:\windows\system32\win32k.sys

2010-12-28 15:55 . 2011-01-12 18:24 413696 ----a-w- c:\windows\system32\odbc32.dll

2006-05-03 09:06 163328 --sh--r- c:\windows\System32\flvDX.dll

2007-02-21 10:47 31232 --sh--r- c:\windows\System32\msfDX.dll

2008-03-16 12:30 216064 --sh--r- c:\windows\System32\nbDX.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{2558d83c-097c-4cf1-9163-ce5ecc36ace2}"= "c:\program files\MapQuest Toolbar\mapquesttb.dll" [2010-08-02 1348936]

.

[HKEY_CLASSES_ROOT\clsid\{2558d83c-097c-4cf1-9163-ce5ecc36ace2}]

[HKEY_CLASSES_ROOT\mapquestTb.AOLTBSearch.1]

[HKEY_CLASSES_ROOT\TypeLib\{e3a72ce3-87ab-41bc-a506-d0c507d265f3}]

[HKEY_CLASSES_ROOT\mapquestTb.AOLTBSearch]

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bd3fd433-147a-482e-a192-614f26e2310c}]

2010-08-02 22:26 1348936 ----a-w- c:\program files\MapQuest Toolbar\mapquesttb.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{9302e698-7e00-43ab-b867-c6e759bc2ada}"= "c:\program files\MapQuest Toolbar\mapquesttb.dll" [2010-08-02 1348936]

.

[HKEY_CLASSES_ROOT\clsid\{9302e698-7e00-43ab-b867-c6e759bc2ada}]

[HKEY_CLASSES_ROOT\mapquestTb.AOLToolBand.1]

[HKEY_CLASSES_ROOT\TypeLib\{e3a72ce3-87ab-41bc-a506-d0c507d265f3}]

[HKEY_CLASSES_ROOT\mapquestTb.AOLToolBand]

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{9302E698-7E00-43AB-B867-C6E759BC2ADA}"= "c:\program files\MapQuest Toolbar\mapquesttb.dll" [2010-08-02 1348936]

.

[HKEY_CLASSES_ROOT\clsid\{9302e698-7e00-43ab-b867-c6e759bc2ada}]

[HKEY_CLASSES_ROOT\mapquestTb.AOLToolBand.1]

[HKEY_CLASSES_ROOT\TypeLib\{e3a72ce3-87ab-41bc-a506-d0c507d265f3}]

[HKEY_CLASSES_ROOT\mapquestTb.AOLToolBand]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2011-02-23 14:04 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-05-13 26192168]

"Logitech Vid"="c:\program files\Logitech\Logitech Vid\vid.exe" [2009-06-02 5451536]

"Aim"="c:\program files\AIM\aim.exe" [2011-01-05 4321112]

"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184]

"AOL Fast Start"="c:\program files\AOL 9.1a\AOL.EXE" [2008-11-06 50472]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="RtHDVCpl.exe" [2008-05-07 6139904]

"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2007-08-31 988584]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 1037736]

"WDCBG"="c:\windows\WDCBG.EXE" [2004-08-02 118784]

"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-05-08 2780432]

"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]

"IObit Security 360"="c:\program files\IObit\IObit Security 360\IS360tray.exe" [2010-06-11 1280344]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2011-02-23 3451496]

"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]

"QuickTime Task"="c:\program files\QuickTime Alternative\QTTask.exe" [2010-11-29 421888]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-01-22 40368]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-01-25 421160]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

APC UPS Status.lnk - c:\program files\APC\APC PowerChute Personal Edition\Display.exe [2008-9-20 221295]

MediaManager.lnk - c:\program files\Hewlett-Packard\HP MediaSmart Server\MediaManager.exe [N/A]

Windows Home Server.lnk - c:\windows\Installer\{21E49794-7C13-4E84-8659-55BD378267D5}\WHSTrayApp.exe [2009-10-22 604008]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^NovaBACKUP Tray Control.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\NovaBACKUP Tray Control.lnk

backup=c:\windows\pss\NovaBACKUP Tray Control.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WDDMStatus.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\WDDMStatus.lnk

backup=c:\windows\pss\WDDMStatus.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WDSmartWare.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\WDSmartWare.lnk

backup=c:\windows\pss\WDSmartWare.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKLM\~\startupfolder\C:^Users^Inge^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Fotki Desktop.lnk]

path=c:\users\Inge\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Fotki Desktop.lnk

backup=c:\windows\pss\Fotki Desktop.lnk.Startup

backupExtension=.Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]

%ProgramFiles%\Windows Defender\MSASCui.exe -hide [X]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2010-09-21 18:37 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2011-01-22 05:05 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeBridge]

2008-08-29 01:34 13145448 ----a-w- c:\program files\Adobe\Adobe Bridge CS4\Bridge.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]

2008-08-14 13:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start]

2008-11-06 11:42 50472 ----a-w- c:\program files\AOL 9.1a\aol.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]

2010-03-17 02:58 47392 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EasyTuneVI]

2007-07-26 20:05 20480 ----a-w- c:\program files\GIGABYTE\ET6\ETcall.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]

2008-06-24 18:34 41824 ----a-w- c:\program files\Common Files\aol\1218931278\ee\aolsoftware.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]

2005-02-16 21:15 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]

2005-02-16 21:15 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2011-01-25 21:08 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]

2008-07-16 21:57 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]

2008-01-21 02:25 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3472338283-169046834-3415148994-1000]

"EnableNotificationsRef"=dword:00000001

.

R2 avast! Firewall;avast! Firewall;c:\program files\Alwil Software\Avast5\afwServ.exe [2011-02-23 121000]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-07-07 133104]

R3 cpuz131;cpuz131;c:\users\Inge\AppData\Local\Temp\cpuz131\cpuz_x32.sys [x]

R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [2010-03-10 24216]

R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2008-05-06 11520]

R3 WDCFX_AT;USB Storage Adapter FX_AT (WDC);c:\windows\system32\DRIVERS\WDCFX_AT.SYS [2004-08-02 33536]

R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

S0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\aswNdis.sys [2010-01-09 12112]

S0 aswNdis2;avast! Firewall Core Firewall Service; [x]

S1 aswFW;avast! TDI Firewall driver; [x]

S1 aswSnx;aswSnx; [x]

S1 aswSP;aswSP; [x]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-10-27 176128]

S2 arXfrSvc;Windows Media Center TV Archive Transfer Service;c:\program files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe [2009-10-07 239464]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-02-23 53592]

S2 esClient;Windows Media Center Client Service;c:\program files\Windows Home Server\esClient.exe [2009-10-07 97128]

S2 GEST Service;GEST Service for program management.;c:\program files\GIGABYTE\EnergySaver\GSvr.exe [2008-05-13 80392]

S2 IS360service;IS360service;c:\program files\IObit\IObit Security 360\IS360srv.exe [2010-06-11 312152]

S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\system32\nlssrv32.exe [2011-02-03 66560]

S2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2007-09-07 1373480]

S2 WHSConnector;Windows Home Server Connector Service;c:\program files\Windows Home Server\WHSConnector.exe [2009-10-07 376680]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-10-27 6573568]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-10-27 229888]

S3 BackupReader;BackupReader;c:\windows\system32\DRIVERS\BackupReader.sys [2009-04-21 44784]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

.

Contents of the 'Scheduled Tasks' folder

.

2011-03-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-07 15:55]

.

2011-03-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-07 15:55]

.

2011-03-19 c:\windows\Tasks\User_Feed_Synchronization-{3AFF53F7-F119-49D7-82DC-71EB8C493369}.job

- c:\windows\system32\msfeedssync.exe [2011-02-09 04:47]

.

.

------- Supplementary Scan -------

.

uStart Page = about:blank

uInternet Settings,ProxyOverride = *.local

IE: &AOL Toolbar Search - c:\programdata\AOL\ieToolbar\resources\en-US\local\search.html

FF - ProfilePath - c:\users\Inge\AppData\Roaming\Mozilla\Firefox\Profiles\0wb6acj3.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/aolcom/search?invocationType=tb50-ff-mapquest-chromesbox-en-us&query=

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - Ext: The Browser Highlighter: browserhighlighter@ebay.com - c:\program files\Mozilla Firefox\extensions\browserhighlighter@ebay.com

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\Alwil Software\Avast5\WebRep\FF

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: Delicious Bookmarks: {2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9} - %profile%\extensions\{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}

FF - Ext: Amazon Toolbar: amznUWL@amazon.com - %profile%\extensions\amznUWL@amazon.com

FF - Ext: MapQuest Toolbar: {4D1E692F-D179-413b-A987-EEEAAD85DDB3} - %profile%\extensions\{4D1E692F-D179-413b-A987-EEEAAD85DDB3}

FF - Ext: ReminderFox: {ada4b710-8346-4b82-8199-5de2b400a6ae} - %profile%\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}

FF - Ext: BetterPrivacy: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3} - %profile%\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}

FF - Ext: Flagfox: {1018e4d6-728f-4b20-ad56-37578a4de76b} - %profile%\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}

FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

FF - Ext: The Browser Highlighter: browserhighlighter@ebay.com - %profile%\extensions\browserhighlighter@ebay.com

FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\users\Inge\AppData\Roaming\Move Networks

FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(yahoo.homepage.dontask, true);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false

.

.

------- File Associations -------

.

vbefile\shell\open2\command="%SystemRoot%\System32\CScript.exe" "%1" %*

vbsfile\shell\open2\command="%SystemRoot%\System32\CScript.exe" "%1" %*

jsefile\shell\open2\command=c:\windows\System32\CScript.exe "%1" %*

.

- - - - ORPHANS REMOVED - - - -

.

HKCU-Run-AdobeBridge - (no file)

HKCU-Run-DW6 - c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe

MSConfigStartUp-Aim6 - c:\program files\AIM6\aim6.exe

MSConfigStartUp-Livestation - c:\program files\Livestation\Livestation.exe

MSConfigStartUp-LogitechCommunicationsManager - c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

MSConfigStartUp-LogitechQuickCamRibbon - c:\program files\Logitech\QuickCam\Quickcam.exe

MSConfigStartUp-LVCOMSX - c:\program files\Common Files\LogiShrd\LComMgr\LVComSX.exe

MSConfigStartUp-QuickTime Task - c:\program files\QuickTime\QTTask.exe

MSConfigStartUp-RestartNeroSetup - c:\users\Inge\AppData\Local\Temp\Nero Web\SetupXu.exe

MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe

AddRemove-Creative Vado HD Codec - c:\programdata\{907A85CA-E023-4161-8F5C-E72C340031D2}\VadoHDCodec.exe

AddRemove-_{91CABF8F-A81C-4CB0-A1B0-D55B25F1B150} - c:\program files\Corel\Corel Painter X\MSILauncher {91CABF8F-A81C-4CB0-A1B0-D55B25F1B150}

AddRemove-{12365698-8042-4774-8CAF-35BE91DC657B} - c:\programdata\{907A85CA-E023-4161-8F5C-E72C340031D2}\VadoHDCodec.exe

AddRemove-UnityWebPlayer - c:\users\Inge\AppData\Local\Unity\WebPlayer\Uninstall.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-03-19 10:56

Windows 6.0.6002 Service Pack 2 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

.

c:\windows\TEMP\_avast_\unp13723385.tmp 827956 bytes executable

C:\## aswSnx private storage

.

scan completed successfully

hidden files: 2

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (LocalSystem)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,86,f0,aa,10,b6,17,50,4d,a7,95,fa,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,86,f0,aa,10,b6,17,50,4d,a7,95,fa,\

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'Explorer.exe'(11152)

c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Alwil Software\Avast5\AvastSvc.exe

c:\windows\system32\atieclxx.exe

c:\windows\SYSTEM32\WISPTIS.EXE

c:\program files\Common Files\microsoft shared\ink\TabTip.exe

c:\program files\Common Files\AOL\ACS\AOLAcsd.exe

c:\program files\APC\APC PowerChute Personal Edition\mainserv.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\windows\ehome\ehRecvr.exe

c:\windows\ehome\ehsched.exe

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

c:\windows\servicing\TrustedInstaller.exe

c:\windows\SYSTEM32\WISPTIS.EXE

c:\program files\Common Files\microsoft shared\ink\TabTip.exe

c:\windows\system32\WTablet\Pen_TabletUser.exe

c:\windows\system32\conime.exe

c:\windows\RtHDVCpl.exe

c:\program files\Alwil Software\Avast5\AvastUI.exe

c:\program files\Windows Home Server\WHSTrayApp.exe

c:\program files\AOL 9.1a\waol.exe

c:\windows\ehome\ehmsas.exe

c:\program files\Microsoft IntelliType Pro\dpupdchk.exe

c:\windows\system32\rundll32.exe

c:\program files\iPod\bin\iPodService.exe

c:\program files\Common Files\microsoft shared\ink\TabTip.exe

c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe

c:\program files\APC\APC PowerChute Personal Edition\apcsystray.exe

c:\program files\AOL 9.1a\shellmon.exe

c:\program files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe

c:\windows\system32\DllHost.exe

c:\windows\system32\vssvc.exe

.

**************************************************************************

.

Completion time: 2011-03-19 11:00:49 - machine was rebooted

ComboFix-quarantined-files.txt 2011-03-19 16:00

.

Pre-Run: 83,312,472,064 bytes free

Post-Run: 83,170,762,752 bytes free

.

Current=1 Default=1 Failed=0 LastKnownGood=10 Sets=1,2,3,4,5,6,7,8,9,10

- - End Of File - - BB5F029B920D4B1E063B0EF186CB3CD5

[Keta]

ComboFix 11-03-18.04 - Inge 03/19/2011 10:31:03.1.4 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3325.1287 [GMT -5:00]

Running from: c:\users\Inge\Downloads\ComboFix.exe

AV: avast! Internet Security *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

FW: avast! Internet Security *Disabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47}

SP: avast! Internet Security *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: IObit Security 360 *Disabled/Updated* {FAE2835A-B90A-9E7A-85DA-82DBDA7C1E3A}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Inge\AppData\Roaming\Microsoft\Windows\Recent\DSC_0119.JPG (JPEG Image, 3008x2000 pixels) - Scaled (32%).URL

c:\users\Inge\AppData\Roaming\Microsoft\Windows\Recent\Video.url

c:\users\Inge\g2mdlhlpx.exe

c:\users\Inge\videos\Vado Central.exe

c:\windows\TEMP\logishrd\LVPrcInj01.dll

N:\Autorun.inf

.

.

((((((((((((((((((((((((( Files Created from 2011-02-19 to 2011-03-19 )))))))))))))))))))))))))))))))

.

.

No new files created in this timespan

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-03-19 15:48 . 2008-07-24 22:27 16608 ----a-w- c:\windows\gdrv.sys

2011-03-03 15:30 . 2010-11-01 22:53 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-02-23 14:04 . 2010-10-28 20:57 40648 ----a-w- c:\windows\avastSS.scr

2011-02-23 14:04 . 2010-10-28 20:41 190016 ----a-w- c:\windows\system32\aswBoot.exe

2011-02-23 13:57 . 2010-10-28 20:43 101976 ----a-w- c:\windows\system32\drivers\aswFW.sys

2011-02-23 13:56 . 2010-10-28 20:43 371544 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2011-02-23 13:56 . 2010-10-28 20:43 301528 ----a-w- c:\windows\system32\drivers\aswSP.sys

2011-02-23 13:56 . 2010-10-28 20:42 192728 ----a-w- c:\windows\system32\drivers\aswNdis2.sys

2011-02-23 13:55 . 2010-10-28 20:41 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2011-02-23 13:55 . 2010-10-28 20:42 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2011-02-23 13:55 . 2010-10-28 20:41 53592 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2011-02-23 13:54 . 2010-10-28 20:43 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2011-02-02 23:11 . 2009-10-03 02:26 222080 ------w- c:\windows\system32\MpSigStub.exe

2011-01-30 20:23 . 2011-01-30 20:23 2560 ----a-w- c:\windows\_MSRSTRT.EXE

2011-01-20 16:37 . 2011-02-09 21:24 638336 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys

2011-01-20 16:08 . 2011-02-09 21:24 478720 ----a-w- c:\windows\system32\dxgi.dll

2011-01-20 16:08 . 2011-02-09 21:24 219648 ----a-w- c:\windows\system32\d3d10_1core.dll

2011-01-20 16:08 . 2011-02-09 21:24 189952 ----a-w- c:\windows\system32\d3d10core.dll

2011-01-20 16:08 . 2011-02-09 21:24 160768 ----a-w- c:\windows\system32\d3d10_1.dll

2011-01-20 16:08 . 2011-02-09 21:24 1029120 ----a-w- c:\windows\system32\d3d10.dll

2011-01-20 16:07 . 2011-02-09 21:24 37376 ----a-w- c:\windows\system32\cdd.dll

2011-01-20 16:07 . 2011-02-09 21:24 258048 ----a-w- c:\windows\system32\winspool.drv

2011-01-20 16:07 . 2011-02-09 21:24 586240 ----a-w- c:\windows\system32\stobject.dll

2011-01-20 16:06 . 2011-02-09 21:24 2873344 ----a-w- c:\windows\system32\mf.dll

2011-01-20 16:06 . 2011-02-09 21:24 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll

2011-01-20 16:04 . 2011-02-09 21:24 98816 ----a-w- c:\windows\system32\mfps.dll

2011-01-20 16:04 . 2011-02-09 21:24 209920 ----a-w- c:\windows\system32\mfplat.dll

2011-01-20 14:28 . 2011-02-09 21:24 1554432 ----a-w- c:\windows\system32\xpsservices.dll

2011-01-20 14:27 . 2011-02-09 21:24 876032 ----a-w- c:\windows\system32\XpsPrint.dll

2011-01-20 14:26 . 2011-02-09 21:24 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe

2011-01-20 14:25 . 2011-02-09 21:24 847360 ----a-w- c:\windows\system32\OpcServices.dll

2011-01-20 14:24 . 2011-02-09 21:24 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll

2011-01-20 14:24 . 2011-02-09 21:24 135680 ----a-w- c:\windows\system32\XpsRasterService.dll

2011-01-20 14:15 . 2011-02-09 21:24 979456 ----a-w- c:\windows\system32\MFH264Dec.dll

2011-01-20 14:14 . 2011-02-09 21:24 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll

2011-01-20 14:14 . 2011-02-09 21:24 302592 ----a-w- c:\windows\system32\mfmp4src.dll

2011-01-20 14:14 . 2011-02-09 21:24 261632 ----a-w- c:\windows\system32\mfreadwrite.dll

2011-01-20 14:12 . 2011-02-09 21:24 1172480 ----a-w- c:\windows\system32\d3d10warp.dll

2011-01-20 14:11 . 2011-02-09 21:24 486400 ----a-w- c:\windows\system32\d3d10level9.dll

2011-01-20 13:47 . 2011-02-09 21:24 683008 ----a-w- c:\windows\system32\d2d1.dll

2011-01-20 13:44 . 2011-02-09 21:24 1068544 ----a-w- c:\windows\system32\DWrite.dll

2011-01-20 13:44 . 2011-02-09 21:24 797184 ----a-w- c:\windows\system32\FntCache.dll

2011-01-08 08:47 . 2011-02-09 21:24 34304 ----a-w- c:\windows\system32\atmlib.dll

2011-01-08 06:28 . 2011-02-09 21:24 292352 ----a-w- c:\windows\system32\atmfd.dll

2010-12-31 13:57 . 2011-02-09 21:24 2039808 ----a-w- c:\windows\system32\win32k.sys

2010-12-28 15:55 . 2011-01-12 18:24 413696 ----a-w- c:\windows\system32\odbc32.dll

2006-05-03 09:06 163328 --sh--r- c:\windows\System32\flvDX.dll

2007-02-21 10:47 31232 --sh--r- c:\windows\System32\msfDX.dll

2008-03-16 12:30 216064 --sh--r- c:\windows\System32\nbDX.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{2558d83c-097c-4cf1-9163-ce5ecc36ace2}"= "c:\program files\MapQuest Toolbar\mapquesttb.dll" [2010-08-02 1348936]

.

[HKEY_CLASSES_ROOT\clsid\{2558d83c-097c-4cf1-9163-ce5ecc36ace2}]

[HKEY_CLASSES_ROOT\mapquestTb.AOLTBSearch.1]

[HKEY_CLASSES_ROOT\TypeLib\{e3a72ce3-87ab-41bc-a506-d0c507d265f3}]

[HKEY_CLASSES_ROOT\mapquestTb.AOLTBSearch]

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bd3fd433-147a-482e-a192-614f26e2310c}]

2010-08-02 22:26 1348936 ----a-w- c:\program files\MapQuest Toolbar\mapquesttb.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{9302e698-7e00-43ab-b867-c6e759bc2ada}"= "c:\program files\MapQuest Toolbar\mapquesttb.dll" [2010-08-02 1348936]

.

[HKEY_CLASSES_ROOT\clsid\{9302e698-7e00-43ab-b867-c6e759bc2ada}]

[HKEY_CLASSES_ROOT\mapquestTb.AOLToolBand.1]

[HKEY_CLASSES_ROOT\TypeLib\{e3a72ce3-87ab-41bc-a506-d0c507d265f3}]

[HKEY_CLASSES_ROOT\mapquestTb.AOLToolBand]

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{9302E698-7E00-43AB-B867-C6E759BC2ADA}"= "c:\program files\MapQuest Toolbar\mapquesttb.dll" [2010-08-02 1348936]

.

[HKEY_CLASSES_ROOT\clsid\{9302e698-7e00-43ab-b867-c6e759bc2ada}]

[HKEY_CLASSES_ROOT\mapquestTb.AOLToolBand.1]

[HKEY_CLASSES_ROOT\TypeLib\{e3a72ce3-87ab-41bc-a506-d0c507d265f3}]

[HKEY_CLASSES_ROOT\mapquestTb.AOLToolBand]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2011-02-23 14:04 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-05-13 26192168]

"Logitech Vid"="c:\program files\Logitech\Logitech Vid\vid.exe" [2009-06-02 5451536]

"Aim"="c:\program files\AIM\aim.exe" [2011-01-05 4321112]

"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184]

"AOL Fast Start"="c:\program files\AOL 9.1a\AOL.EXE" [2008-11-06 50472]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="RtHDVCpl.exe" [2008-05-07 6139904]

"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2007-08-31 988584]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 1037736]

"WDCBG"="c:\windows\WDCBG.EXE" [2004-08-02 118784]

"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-05-08 2780432]

"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]

"IObit Security 360"="c:\program files\IObit\IObit Security 360\IS360tray.exe" [2010-06-11 1280344]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2011-02-23 3451496]

"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]

"QuickTime Task"="c:\program files\QuickTime Alternative\QTTask.exe" [2010-11-29 421888]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-01-22 40368]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-01-25 421160]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

APC UPS Status.lnk - c:\program files\APC\APC PowerChute Personal Edition\Display.exe [2008-9-20 221295]

MediaManager.lnk - c:\program files\Hewlett-Packard\HP MediaSmart Server\MediaManager.exe [N/A]

Windows Home Server.lnk - c:\windows\Installer\{21E49794-7C13-4E84-8659-55BD378267D5}\WHSTrayApp.exe [2009-10-22 604008]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^NovaBACKUP Tray Control.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\NovaBACKUP Tray Control.lnk

backup=c:\windows\pss\NovaBACKUP Tray Control.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WDDMStatus.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\WDDMStatus.lnk

backup=c:\windows\pss\WDDMStatus.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WDSmartWare.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\WDSmartWare.lnk

backup=c:\windows\pss\WDSmartWare.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKLM\~\startupfolder\C:^Users^Inge^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Fotki Desktop.lnk]

path=c:\users\Inge\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Fotki Desktop.lnk

backup=c:\windows\pss\Fotki Desktop.lnk.Startup

backupExtension=.Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]

%ProgramFiles%\Windows Defender\MSASCui.exe -hide [X]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2010-09-21 18:37 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2011-01-22 05:05 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeBridge]

2008-08-29 01:34 13145448 ----a-w- c:\program files\Adobe\Adobe Bridge CS4\Bridge.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]

2008-08-14 13:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start]

2008-11-06 11:42 50472 ----a-w- c:\program files\AOL 9.1a\aol.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]

2010-03-17 02:58 47392 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EasyTuneVI]

2007-07-26 20:05 20480 ----a-w- c:\program files\GIGABYTE\ET6\ETcall.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]

2008-06-24 18:34 41824 ----a-w- c:\program files\Common Files\aol\1218931278\ee\aolsoftware.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]

2005-02-16 21:15 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]

2005-02-16 21:15 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2011-01-25 21:08 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]

2008-07-16 21:57 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]

2008-01-21 02:25 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3472338283-169046834-3415148994-1000]

"EnableNotificationsRef"=dword:00000001

.

R2 avast! Firewall;avast! Firewall;c:\program files\Alwil Software\Avast5\afwServ.exe [2011-02-23 121000]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-07-07 133104]

R3 cpuz131;cpuz131;c:\users\Inge\AppData\Local\Temp\cpuz131\cpuz_x32.sys [x]

R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [2010-03-10 24216]

R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2008-05-06 11520]

R3 WDCFX_AT;USB Storage Adapter FX_AT (WDC);c:\windows\system32\DRIVERS\WDCFX_AT.SYS [2004-08-02 33536]

R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

S0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\aswNdis.sys [2010-01-09 12112]

S0 aswNdis2;avast! Firewall Core Firewall Service; [x]

S1 aswFW;avast! TDI Firewall driver; [x]

S1 aswSnx;aswSnx; [x]

S1 aswSP;aswSP; [x]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-10-27 176128]

S2 arXfrSvc;Windows Media Center TV Archive Transfer Service;c:\program files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe [2009-10-07 239464]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-02-23 53592]

S2 esClient;Windows Media Center Client Service;c:\program files\Windows Home Server\esClient.exe [2009-10-07 97128]

S2 GEST Service;GEST Service for program management.;c:\program files\GIGABYTE\EnergySaver\GSvr.exe [2008-05-13 80392]

S2 IS360service;IS360service;c:\program files\IObit\IObit Security 360\IS360srv.exe [2010-06-11 312152]

S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\system32\nlssrv32.exe [2011-02-03 66560]

S2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2007-09-07 1373480]

S2 WHSConnector;Windows Home Server Connector Service;c:\program files\Windows Home Server\WHSConnector.exe [2009-10-07 376680]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-10-27 6573568]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-10-27 229888]

S3 BackupReader;BackupReader;c:\windows\system32\DRIVERS\BackupReader.sys [2009-04-21 44784]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

.

Contents of the 'Scheduled Tasks' folder

.

2011-03-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-07 15:55]

.

2011-03-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-07 15:55]

.

2011-03-19 c:\windows\Tasks\User_Feed_Synchronization-{3AFF53F7-F119-49D7-82DC-71EB8C493369}.job

- c:\windows\system32\msfeedssync.exe [2011-02-09 04:47]

.

.

------- Supplementary Scan -------

.

uStart Page = about:blank

uInternet Settings,ProxyOverride = *.local

IE: &AOL Toolbar Search - c:\programdata\AOL\ieToolbar\resources\en-US\local\search.html

FF - ProfilePath - c:\users\Inge\AppData\Roaming\Mozilla\Firefox\Profiles\0wb6acj3.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/aolcom/search?invocationType=tb50-ff-mapquest-chromesbox-en-us&query=

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - Ext: The Browser Highlighter: browserhighlighter@ebay.com - c:\program files\Mozilla Firefox\extensions\browserhighlighter@ebay.com

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\Alwil Software\Avast5\WebRep\FF

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: Delicious Bookmarks: {2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9} - %profile%\extensions\{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}

FF - Ext: Amazon Toolbar: amznUWL@amazon.com - %profile%\extensions\amznUWL@amazon.com

FF - Ext: MapQuest Toolbar: {4D1E692F-D179-413b-A987-EEEAAD85DDB3} - %profile%\extensions\{4D1E692F-D179-413b-A987-EEEAAD85DDB3}

FF - Ext: ReminderFox: {ada4b710-8346-4b82-8199-5de2b400a6ae} - %profile%\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}

FF - Ext: BetterPrivacy: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3} - %profile%\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}

FF - Ext: Flagfox: {1018e4d6-728f-4b20-ad56-37578a4de76b} - %profile%\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}

FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

FF - Ext: The Browser Highlighter: browserhighlighter@ebay.com - %profile%\extensions\browserhighlighter@ebay.com

FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\users\Inge\AppData\Roaming\Move Networks

FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(yahoo.homepage.dontask, true);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false

.

.

------- File Associations -------

.

vbefile\shell\open2\command="%SystemRoot%\System32\CScript.exe" "%1" %*

vbsfile\shell\open2\command="%SystemRoot%\System32\CScript.exe" "%1" %*

jsefile\shell\open2\command=c:\windows\System32\CScript.exe "%1" %*

.

- - - - ORPHANS REMOVED - - - -

.

HKCU-Run-AdobeBridge - (no file)

HKCU-Run-DW6 - c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe

MSConfigStartUp-Aim6 - c:\program files\AIM6\aim6.exe

MSConfigStartUp-Livestation - c:\program files\Livestation\Livestation.exe

MSConfigStartUp-LogitechCommunicationsManager - c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

MSConfigStartUp-LogitechQuickCamRibbon - c:\program files\Logitech\QuickCam\Quickcam.exe

MSConfigStartUp-LVCOMSX - c:\program files\Common Files\LogiShrd\LComMgr\LVComSX.exe

MSConfigStartUp-QuickTime Task - c:\program files\QuickTime\QTTask.exe

MSConfigStartUp-RestartNeroSetup - c:\users\Inge\AppData\Local\Temp\Nero Web\SetupXu.exe

MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe

AddRemove-Creative Vado HD Codec - c:\programdata\{907A85CA-E023-4161-8F5C-E72C340031D2}\VadoHDCodec.exe

AddRemove-_{91CABF8F-A81C-4CB0-A1B0-D55B25F1B150} - c:\program files\Corel\Corel Painter X\MSILauncher {91CABF8F-A81C-4CB0-A1B0-D55B25F1B150}

AddRemove-{12365698-8042-4774-8CAF-35BE91DC657B} - c:\programdata\{907A85CA-E023-4161-8F5C-E72C340031D2}\VadoHDCodec.exe

AddRemove-UnityWebPlayer - c:\users\Inge\AppData\Local\Unity\WebPlayer\Uninstall.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-03-19 10:56

Windows 6.0.6002 Service Pack 2 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

.

c:\windows\TEMP\_avast_\unp13723385.tmp 827956 bytes executable

C:\## aswSnx private storage

.

scan completed successfully

hidden files: 2

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (LocalSystem)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,86,f0,aa,10,b6,17,50,4d,a7,95,fa,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,86,f0,aa,10,b6,17,50,4d,a7,95,fa,\

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'Explorer.exe'(11152)

c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Alwil Software\Avast5\AvastSvc.exe

c:\windows\system32\atieclxx.exe

c:\windows\SYSTEM32\WISPTIS.EXE

c:\program files\Common Files\microsoft shared\ink\TabTip.exe

c:\program files\Common Files\AOL\ACS\AOLAcsd.exe

c:\program files\APC\APC PowerChute Personal Edition\mainserv.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\windows\ehome\ehRecvr.exe

c:\windows\ehome\ehsched.exe

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

c:\windows\servicing\TrustedInstaller.exe

c:\windows\SYSTEM32\WISPTIS.EXE

c:\program files\Common Files\microsoft shared\ink\TabTip.exe

c:\windows\system32\WTablet\Pen_TabletUser.exe

c:\windows\system32\conime.exe

c:\windows\RtHDVCpl.exe

c:\program files\Alwil Software\Avast5\AvastUI.exe

c:\program files\Windows Home Server\WHSTrayApp.exe

c:\program files\AOL 9.1a\waol.exe

c:\windows\ehome\ehmsas.exe

c:\program files\Microsoft IntelliType Pro\dpupdchk.exe

c:\windows\system32\rundll32.exe

c:\program files\iPod\bin\iPodService.exe

c:\program files\Common Files\microsoft shared\ink\TabTip.exe

c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe

c:\program files\APC\APC PowerChute Personal Edition\apcsystray.exe

c:\program files\AOL 9.1a\shellmon.exe

c:\program files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe

c:\windows\system32\DllHost.exe

c:\windows\system32\vssvc.exe

.

**************************************************************************

.

Completion time: 2011-03-19 11:00:49 - machine was rebooted

ComboFix-quarantined-files.txt 2011-03-19 16:00

.

Pre-Run: 83,312,472,064 bytes free

Post-Run: 83,170,762,752 bytes free

.

Current=1 Default=1 Failed=0 LastKnownGood=10 Sets=1,2,3,4,5,6,7,8,9,10

- - End Of File - - BB5F029B920D4B1E063B0EF186CB3CD5

[Keta]

Dave, I think I lost the.... HijackThis log...when the computer rebooted. The log had several entries that revered to ClickPotato.

[Keta]

Dave, I think I lost the .....HijackThis log.....report when the computer rebooted.

 

ClickPotato was still present.

[Superdave]

Dave, I think I lost the.... HijackThis log...when the computer rebooted

Not a big deal. We're just about finished with HJT.

 

* Download the following tool: RootRepeal - Rootkit Detector

* Direct download link is here: RootRepeal.zip

 

* Close all programs and temporarily disable your anti-virus, Firewall and any anti-malware real-time protection before performing a scan.

* Click this link to see a list of such programs and how to disable them.

 

* Extract the program file to a new folder such as C:\RootRepeal

* Run the program RootRepeal.exe and go to the REPORT tab and click on the Scan button.

* Select ALL of the checkboxes and then click OK and it will start scanning your system.

* If you have multiple drives you only need to check the C: drive or the one Windows is installed on.

* When done, click on Save Report

* Save it to the same location where you ran it from, such as C:RootRepeal

* Save it as rootrepeal.txt

* Then open that log and select all and copy/paste it back on your next reply please.

* Close RootRepeal.

[Keta]

Dave, RootRepeal is not working. There is a white box on my desktop.... wait while initionalizing.... that went on for 30 or more minutes. I clicked on it. Result a white box without writing. I tried to open the file again. This is what comes up.

 

FOPS DeviceIO Control Error! Error Code = Oxc 0000001

Extended Info (OX 000000d8)

 

White box is still on my desktop and looks like trying to load.

I am writing this from my LapTop

[Superdave]

Ok. Get rid of RootRepeal and try this one.

 

SysProt Antirootkit

 

Download

SysProt Antirootkit from the link below (you will find it at the bottom

of the page under attachments, or you can get it from one of the

mirrors).

 

http://sites.google.com/site/sysprotantirootkit/

 

Unzip it into a folder on your desktop.

• Double click Sysprot.exe to start the program.
  
• Click on the Log tab.
  
• In the Write to log box select the following items.
  
  • Process << Selected
    
  • Kernel Modules << Selected
    
  • SSDT << Selected
    
  • Kernel Hooks << Selected
    
  • IRP Hooks << NOT Selected
    
  • Ports << NOT Selected
    
  • Hidden Files << Selected
    

  [*]At the bottom of the page

  • Hidden Objects Only << Selected
    

  [*]Click on the Create Log button on the bottom right.

  [*]After a few seconds a new window should appear.

  [*]Select Scan Root Drive. Click on the Start button.

  [*]When it is complete a new window will appear to indicate that the scan is finished.

  [*]The log will be saved automatically in the same folder Sysprot.exe was extracted to. Open the text file and copy/paste the log here.

[Keta]

SysProt AntiRootkit v1.0.1.0

by swatkat

 

******************************************************************************************

******************************************************************************************

 

No Hidden Processes found

 

******************************************************************************************

******************************************************************************************

Kernel Modules:

Module Name: \SystemRoot\System32\Drivers\dump_dumpata.sys

Service Name: ---

Module Base: 91766000

Module End: 91771000

Hidden: Yes

 

Module Name: \SystemRoot\System32\Drivers\dump_atapi.sys

Service Name: ---

Module Base: 91A8B000

Module End: 91A93000

Hidden: Yes

 

******************************************************************************************

******************************************************************************************

SSDT:

Function Name: ZwAddBootEntry

Address: 91A1E9CA

Driver Base: 91A0C000

Driver End: 91A6A000

Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

 

Function Name: ZwCreateEvent

Address: 91A20EAC

Driver Base: 91A0C000

Driver End: 91A6A000

Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

 

Function Name: ZwCreateEventPair

Address: 91A20F04

Driver Base: 91A0C000

Driver End: 91A6A000

Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

 

Function Name: ZwCreateIoCompletion

Address: 91A2101A

Driver Base: 91A0C000

Driver End: 91A6A000

Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

 

Function Name: ZwCreateMutant

Address: 91A20E02

Driver Base: 91A0C000

Driver End: 91A6A000

Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

 

Function Name: ZwCreateSection

Address: 91A20F54

Driver Base: 91A0C000

Driver End: 91A6A000

Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

 

Function Name: ZwCreateSemaphore

Address: 91A20E56

Driver Base: 91A0C000

Driver End: 91A6A000

Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

 

Function Name: ZwCreateTimer

Address: 91A20FC8

Driver Base: 91A0C000

Driver End: 91A6A000

Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

 

Function Name: ZwDeleteBootEntry

Address: 91A1E9EE

Driver Base: 91A0C000

Driver End: 91A6A000

Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

 

Function Name: ZwLoadDriver

Address: 91A1E7B8

Driver Base: 91A0C000

Driver End: 91A6A000

Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

 

Function Name: ZwModifyBootEntry

Address: 91A1EA12

Driver Base: 91A0C000

Driver End: 91A6A000

Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

 

Function Name: ZwNotifyChangeKey

Address: 91A21412

Driver Base: 91A0C000

Driver End: 91A6A000

Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

 

Function Name: ZwNotifyChangeMultipleKeys

Address: 91A1F4AA

Driver Base: 91A0C000

Driver End: 91A6A000

Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

 

Function Name: ZwOpenEvent

Address: 91A20EDC

Driver Base: 91A0C000

Driver End: 91A6A000

Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

 

Function Name: ZwOpenEventPair

Address: 91A20F2C

Driver Base: 91A0C000

Driver End: 91A6A000

Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

 

Function Name: ZwOpenIoCompletion

Address: 91A21044

Driver Base: 91A0C000

Driver End: 91A6A000

Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

 

Function Name: ZwOpenMutant

Address: 91A20E2E

Driver Base: 91A0C000

Driver End: 91A6A000

Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

 

Function Name: ZwOpenSection

Address: 91A20F94

Driver Base: 91A0C000

Driver End: 91A6A000

Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

 

Function Name: ZwOpenSemaphore

Address: 91A20E84

Driver Base: 91A0C000

Driver End: 91A6A000

Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

 

Function Name: ZwOpenTimer

Address: 91A20FF2

Driver Base: 91A0C000

Driver End: 91A6A000

Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

 

Function Name: ZwQueryObject

Address: 91A1F370

Driver Base: 91A0C000

Driver End: 91A6A000

Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

 

Function Name: ZwSetBootEntryOrder

Address: 91A1EA36

Driver Base: 91A0C000

Driver End: 91A6A000

Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

 

Function Name: ZwSetBootOptions

Address: 91A1EA5A

Driver Base: 91A0C000

Driver End: 91A6A000

Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

 

Function Name: ZwSetSystemInformation

Address: 91A1E812

Driver Base: 91A0C000

Driver End: 91A6A000

Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

 

Function Name: ZwSetSystemPowerState

Address: 91A1E94E

Driver Base: 91A0C000

Driver End: 91A6A000

Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

 

Function Name: ZwShutdownSystem

Address: 91A1E92A

Driver Base: 91A0C000

Driver End: 91A6A000

Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

 

Function Name: ZwSystemDebugControl

Address: 91A1E972

Driver Base: 91A0C000

Driver End: 91A6A000

Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

 

Function Name: ZwVdmControl

Address: 91A1EA7E

Driver Base: 91A0C000

Driver End: 91A6A000

Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

 

******************************************************************************************

******************************************************************************************

Kernel Hooks:

Hooked Function: ZwCreateProcessEx

At Address: 83693DAE

Jump To: 9172F8E2

Module Name: C:\Windows\System32\Drivers\aswSP.SYS

 

Hooked Function: ObMakeTemporaryObject

At Address: 835D95C7

Jump To: 9172B29E

Module Name: C:\Windows\System32\Drivers\aswSP.SYS

 

Hooked Function: ObInsertObject

At Address: 836324F3

Jump To: 9172CD38

Module Name: C:\Windows\System32\Drivers\aswSP.SYS

 

******************************************************************************************

******************************************************************************************

Hidden files/folders:

Object: C:\Qoobox\BackEnv\AppData.folder.dat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\Cache.folder.dat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\Cookies.folder.dat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\Desktop.folder.dat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\Favorites.folder.dat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\History.folder.dat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\LocalAppData.folder.dat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\LocalSettings.folder.dat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\Music.folder.dat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\NetHood.folder.dat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\Personal.folder.dat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\Pictures.folder.dat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\PrintHood.folder.dat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\Profiles.Folder.dat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\Profiles.Folder.folder.dat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\Programs.folder.dat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\Recent.folder.dat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\SendTo.folder.dat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\SetPath.bat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\StartMenu.folder.dat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\StartUp.folder.dat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\SysPath.dat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\Templates.folder.dat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\VikPev00

Status: Access denied

 

Object: C:\Users\Inge\Favorites\old Favs\Sharplaninec\Can Kruhov.url

Status: Hidden

 

Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl

Status: Access denied

 

Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl

Status: Access denied

 

Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl

Status: Access denied

 

Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl

Status: Access denied

 

Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTMsMpPsSession.etl

Status: Access denied

[Superdave]

ESET Online Scan

 

Scan your computer with the ESET FREE Online Virus Scan

 

* Click the ESET Online Scanner button.

 

* For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

* Click on the esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop

* Double click on the esetsmartinstaller_enu.exe icon on your desktop.

* Place a check mark next to YES, I accept the Terms of Use.

 

* Click the Start button.

* Accept any security warnings from your browser.

* Leave the check mark next to Remove found threats and place a check next to Scan archives.

* Click the Start button.

* ESET will then download updates, install, and begin scanning your computer. Please be patient as this can take some time.

* When the scan completes, click List of found threats.

* Next click Export to text file and save the file to your desktop using a name such as ESETScan. Include the contents of this report in your next reply.

* Click the Back button then click Finish.

 

In your next reply please include the ESET Online Scan Log

[Keta]

C:\Users\Inge\Downloads\ClickPotatoInstaller.exe a variant of Win32/Adware.HotBar.H application cleaned by deleting - quarantined

[Keta]

Dave, I am speechless!

[Superdave]

Can you find enough words to tell me how your computer is working now?:lol:

[Keta]

Dave, thank you, thank you, thank you! You are my hero! Everything is working so much faster. I did not think I had anything wrong with my computer except ClickPotato. I pride myself on running and updating my Virus program and Spyware. Judging by the way the computer is preforming now, I must have had some major things wrong. Could you please give me a little overview and education on what was wrong?

I think by looking at the reports you had me send you, you can tell that my time spent on the computer is mostly photography and related activities and browsing the internet.

I have very limited knowledge when it comes to doing anything else. Therefore when you told me;

"Ok. Get rid of RootRepeal and try this one."

I had some major reading to do before I knew what to do. I did it by trial and error and with my fingers crossed. All you had me do was new to me.

 

Dave do you have some recommendations as to what I could do in addition to what I am doing to protect my computer?

Are you absolutely sure ClickPotato is gone?

 

Thank you Dave,

Inge

[Superdave]

I must have had some major things wrong. Could you please give me a little overview and education on what was wrong?

There was nothing major on your computer. Just a bit of malware.

Ok. Get rid of RootRepeal and try this one.

Sorry, I should have said uninstall it.

 

Dave do you have some recommendations as to what I could do in addition to what I am doing to protect my computer?

Are you absolutely sure ClickPotato is gone?

Yes, I'm sure it's gone. If you wish you can keep SAS and MBAM on your computer. Update them and run them about once per week to keep the bugs out. I have some other recommendations below.

 

I'm not sure if this will work because ComboFix is not on your desktop. If it doesn't work, please let me know and we'll do something else.

 

To uninstall ComboFix

 

• Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
  
• In the field, type in ComboFix /uninstall
  

 

http://i582.photobucket.com/albums/ss269/Cat_Byte/Combofix_uninstall_image.jpg

 

(Note: Make sure there's a space between the word ComboFix and the forward-slash.)

 

• Then, press Enter, or click OK.
  
• This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.
  

**************************************************

Clean out your temporary internet files and temp files.

Download TFC by OldTimer to your desktop.

 

Double-click TFC.exe to run it.

 

Note: If you are running on Vista, right-click on the file and choose Run As Administrator

 

TFC will close all programs when run, so make sure you have saved all your work before you begin.

 

* Click the Start button to begin the cleaning process.

* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.

* Please let TFC run uninterrupted until it is finished.

 

Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.

************************************************

Looking over your log it seems you don't have any evidence of a third party firewall.

 

Firewalls protect against hackers and malicious intruders. You need to download a free firewall from one of these reliable vendors.

 

Remember only install ONE firewall

 

1) Comodo Personal Firewall (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" and uncheck any HopSurf and/or Ask.com options if you choose this one)

2) Online Armor

3) Agnitum Outpost

4) PC Tools Firewall Plus

 

If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time.

**************************************************

Use the Secunia Software Inspector to check for out of date software.

 

•Click Start Now

 

•Check the box next to Enable thorough system inspection.

 

•Click Start

 

•Allow the scan to finish and scroll down to see if any updates are needed.

•Update anything listed.

.

----------

 

Go to Microsoft Windows Update and get all critical updates.

 

----------

 

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

 

SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.

* Using SpywareBlaster to protect your computer from Spyware and Malware

* If you don't know what ActiveX controls are, see here

 

Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

 

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

 

Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.

Safe Surfing!

[Keta]

Dave, I have tried to uninstall ComboFix for two days now.

ComboFix is on my desktop in a folder. This folder contains all the programs you had me install.

 

If I click the start button and type in run .... lots of things come up in the results pane. The only Program with run in its name is ATi Restart Runtime.

 

There is a ComboFix file in the results pane.

 

Please advise.