Jump to content
IObit Forum
Top Free Driver Updater Tools Best 25 PC Optimization Software Best 22 Antimalware Best 22 Uninstaller Software IObit Coupons & Discount Offers PC Optimizer Mac Boost Advice IObit Coupons A Good Utility Program From IObit IObit Promo Codes IObit Coupon Codes IObit Coupons and Deals FAQs Driver Booster Pro Review

Please help with searchqu.com


Recommended Posts

Posted

Hi,

I have a problem with searchqu.com it has hijacked my browser and i cant seem to get rid of it any help would be appreciated. Here are the logs as requested.

 

Thanks Rob

 

 

 

Advanced SystemCare Log

====================================

Application Version: 4.0.1

Database Version: 53692

Scan Mode: Manual

Windows 7

2011-06-28(18-04-30)

====================================

[Privacy Fix]: 15 Problem(s) Fixed

------Details------

Deleted C:\Users\rob\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

Deleted C:\Users\rob\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012011062820110629\index.dat

Deleted http://oldtimer.geekstogo.com/TFC.exe

Deleted http://forums.iobit.com/showthread.php?t=6216

Deleted http://cap1.conduit-apps.com/uTorrent/20110207/maincomp.html

Deleted http://socialgrowthtechnologies.com/couponbuddy_v002/index.php?ctid=CT2786678

Deleted http://cap1.conduit-apps.com/uTorrent/20110207/maincomp.php

Deleted C:\Users\rob\AppData\Roaming\Mozilla\Firefox\Profiles\8c05a9jo.default\downloads.sqlite

Deleted C:\Users\rob\AppData\Roaming\Mozilla\Firefox\Profiles\8c05a9jo.default\sessionstore.js

Deleted C:\Users\rob\AppData\Roaming\Mozilla\Firefox\Profiles\8c05a9jo.default\sessionstore.bak

Deleted C:\ProgramData\Avira\AntiVir Desktop\TEMP\avguard.tmp

Deleted C:\ProgramData\Avira\AntiVir Desktop\LOGFILES\avguard.log

Deleted C:\ProgramData\Avira\AntiVir Desktop\LOGFILES\sched.log

Deleted C:\Users\rob\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\1eb796d87c32eff9.customDestinations-ms

Deleted C:\Users\rob\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ec3e36af0cdcb3e1.customDestinations-ms

 

[Junkfiles Fix]: 25 Problem(s) Fixed

------Details------

Deleted C:\Users\rob\AppData\Local\Temp\FXSAPIDebugLogFile.txt

Deleted C:\Windows\temp\logishrd\LVPrcInj01.dll

Deleted C:\Windows\temp\logishrd\LVPrcInj02.dll

Deleted C:\Users\rob\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JNGV7TUL\ga[1].js

Deleted C:\Users\rob\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NDDOFXZW\index[1].php

Deleted C:\Users\rob\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QNFOJ6OR\iPad-ad-xlite-4-ver-Final[1].gif

Deleted C:\Users\rob\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W4CQ6OIF\style[1].css

Deleted C:\Users\rob\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QNFOJ6OR\iPad-ad-xlite-4-ver-Final[1].gif

Deleted http://advertising.counterpath.com/advertising/index.php

Deleted http://advertising.counterpath.com/advertising/style.css

Deleted http://www.google-analytics.com/ga.js

Deleted Visited: rob@file:///C:/Program%20Files%20(x86)/IObit/Advanced%20SystemCare%204/UI/Default/main.html

Deleted Visited: rob@http://advertising.counterpath.com/advertising/index.php

Deleted HKEY_CURRENT_USER\Software\Microsoft\Direct3D\MostRecentApplication\Name

Deleted HKEY_LOCAL_MACHINE\Software\Microsoft\DirectDraw\MostRecentApplication\Name

Deleted C:\Windows\PFRO.log

Deleted C:\Windows\setupact.log

Deleted C:\Windows\setuperr.log

Deleted C:\Windows\WindowsUpdate.log

Deleted C:\Windows\Debug\PASSWD.LOG

Deleted C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_lsm.exe_16a122b93a7f974dffd61a69e111beb58bfde2_cab_05698b7d\Report.wer

Deleted C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_lsm.exe_16a122b93a7f974dffd61a69e111beb58bfde2_cab_05698b7d\WER894B.tmp.appcompat.txt

Deleted C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_lsm.exe_16a122b93a7f974dffd61a69e111beb58bfde2_cab_05698b7d\WER898A.tmp.WERInternalMetadata.xml

Deleted C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_lsm.exe_16a122b93a7f974dffd61a69e111beb58bfde2_cab_05698b7d\WER898B.tmp.hdmp

Deleted C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_lsm.exe_16a122b93a7f974dffd61a69e111beb58bfde2_cab_05698b7d\WER8B70.tmp.mdmp

Posted

.

DDS (Ver_2011-06-23.01) - NTFSAMD64

Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_26

Run by rob at 18:06:08 on 2011-06-28

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.61.1033.18.4079.2443 [GMT 10:00]

.

AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\ATKFUSService.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe

C:\Windows\system32\nvvsvc.exe

C:\Program Files\ASUS\GamerOSD\ATKFastUserSwitching.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\IObit\Advanced SystemCare 4\PMonitor.exe

C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCService.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe

C:\Windows\system32\conhost.exe

C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe

C:\Windows\SysWOW64\ASDR.exe

C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe

C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe

C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe

C:\Program Files (x86)\Splashtop\Splashtop Connect\BackService.exe

C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

C:\Program Files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\alg.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\GIGABYTE\SMART6\Recovery\RPMDaemon.exe

C:\Windows\System32\svchost.exe -k swprv

C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\Logitech\Gaming Software\LWEMon.exe

C:\Program Files\WinFast\WFDTV\WFWIZ.exe

C:\Program Files (x86)\Steam\steam.exe

C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCTray.exe

C:\Program Files (x86)\CounterPath\X-Lite 4\X-Lite4.exe

C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe

C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files (x86)\ASUS\GamerOSD\GamerOSD.exe

C:\Program Files (x86)\CyberLink\InstantBurn\Win2K\IBurn.exe

C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe

C:\Program Files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe

C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\WinFast\WFDTV\DTVSchdl.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe

C:\Program Files (x86)\CyberLink\Shared files\brs.exe

C:\Program Files (x86)\Ask.com\Updater\Updater.exe

C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Windows\sysWOW64\wbem\wmiprvse.exe

C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe

C:\Program Files (x86)\Common Files\Steam\SteamService.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\AlarmClock.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Windows\system32\sppsvc.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASC.exe

\\?\C:\Windows\system32\wbem\WMIADAP.EXE

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = about:blank

uURLSearchHooks: IObit Toolbar: {0bda0769-fd72-49f4-9266-e1fb004f4d8f} - C:\Program Files (x86)\IObit Toolbar\IE\4.4\iobitToolbarIE.dll

uURLSearchHooks: Splashtop Connect SearchHook: {0f3dc9e0-c459-4a40-bcf8-747bd9322e10} - C:\Program Files (x86)\Splashtop\Splashtop Connect IE\AddressBarSearch.dll

uURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} -

mURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} -

mWinlogon: Userinit=userinit.exe,

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: IObit Toolbar: {0bda0769-fd72-49f4-9266-e1fb004f4d8f} - C:\Program Files (x86)\IObit Toolbar\IE\4.4\iobitToolbarIE.dll

BHO: Splashtop Connect VisualBookmark: {0e5680d1-bf44-4929-94af-fd30d784ad1d} - C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STC.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: {30f9b915-b755-4826-820b-08fba6bd249d} - Conduit Engine

BHO: PhotoPos Toolbar: {5d0ec45b-d2e4-4dd0-a5b2-69ddefe852a8} - PhotoPos Toolbar

BHO: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - Searchqu Toolbar

BHO: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - uTorrentBar Toolbar

BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll

BHO: Ask Toolbar BHO: {d4027c7f-154a-4066-a1ad-4243d8127440} - FrostWire Toolbar

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: IObit Toolbar: {0bda0769-fd72-49f4-9266-e1fb004f4d8f} - C:\Program Files (x86)\IObit Toolbar\IE\4.4\iobitToolbarIE.dll

TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} -

TB: FrostWire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} -

uRun: [iSUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup

uRun: [WinFast Schedule] C:\Program Files\WinFast\WFDTV\WFWIZ.exe

uRun: [Google Update] "C:\Users\rob\AppData\Local\Google\Update\GoogleUpdate.exe" /c

uRun: [steam] "C:\Program Files (x86)\Steam\steam.exe" -silent

uRun: [Advanced SystemCare 4] C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCTray.exe

uRun: [X-Lite 4] "C:\Program Files (x86)\CounterPath\X-Lite 4\X-Lite4.exe"

mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"

mRun: [iSUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start

mRun: [ASUSGamerOSD] C:\Program Files (x86)\ASUS\GamerOSD\GamerOSD.exe

mRun: [instantBurn] C:\PROGRA~2\CYBERL~1\INSTAN~1\Win2K\IBurn.exe

mRun: [MDS_Menu] "C:\Program Files (x86)\CyberLink\MediaShow4\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\MediaShow4" UpdateWithCreateOnce "Software\CyberLink\MediaShow\4.1"

mRun: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"

mRun: [updateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"

mRun: [updatePPShortCut] "C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerProducer" UpdateWithCreateOnce "Software\CyberLink\PowerProducer\5.0"

mRun: [updatePSTShortCut] "C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"

mRun: [sTCAgent] "C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STCAgent.exe"

mRun: [ZyngaGamesAgent] "C:\Program Files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe"

mRun: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide

mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [WinFastDTV] C:\Program Files\WinFast\WFDTV\DTVSchdl.exe

mRun: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [RemoteControl8] "C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe"

mRun: [PDVD8LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe"

mRun: [bDRegion] C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe

mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"

mRun: [searchSettings] "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRunOnce: [EasyTuneVI] C:\Program Files (x86)\GIGABYTE\ET6\ETCall.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Download all with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlall.htm

IE: Download selected with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlselected.htm

IE: Download video with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlfvideo.htm

IE: Download with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dllink.htm

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {99FE5072-78AA-4FEE-89BA-69A5FA55343F} - hxxp://download.microsoft.com/download/B/3/A/B3A2EA73-793D-4ABE-992D-C81140384044/igdtoolx.cab

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{EF9E83FB-C0A0-4130-9A2C-24FAA5642A8C} : DhcpNameServer = 192.168.1.1

BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO-X64: 0x1 - No File

BHO-X64: IObit Toolbar: {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files (x86)\IObit Toolbar\IE\4.4\iobitToolbarIE.dll

BHO-X64: Splashtop Connect VisualBookmark: {0E5680D1-BF44-4929-94AF-FD30D784AD1D} - C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STC.dll

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: {30F9B915-B755-4826-820B-08FBA6BD249D} - Conduit Engine

BHO-X64: {5D0EC45B-D2E4-4DD0-A5B2-69DDEFE852A8} - PhotoPos Toolbar

BHO-X64: PhotoPos Toolbar - No File

BHO-X64: {99079a25-328f-4bd4-be04-00955acaa0a7} - Searchqu Toolbar

BHO-X64: Searchqu Toolbar - No File

BHO-X64: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - uTorrentBar Toolbar

BHO-X64: FDMIECookiesBHO Class: {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll

BHO-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - FrostWire Toolbar

BHO-X64: Ask Toolbar BHO - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB-X64: IObit Toolbar: {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files (x86)\IObit Toolbar\IE\4.4\iobitToolbarIE.dll

TB-X64: uTorrentBar Toolbar: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} -

TB-X64: FrostWire Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} -

mRun-x64: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"

mRun-x64: [iSUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start

mRun-x64: [ASUSGamerOSD] C:\Program Files (x86)\ASUS\GamerOSD\GamerOSD.exe

mRun-x64: [instantBurn] C:\PROGRA~2\CYBERL~1\INSTAN~1\Win2K\IBurn.exe

mRun-x64: [MDS_Menu] "C:\Program Files (x86)\CyberLink\MediaShow4\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\MediaShow4" UpdateWithCreateOnce "Software\CyberLink\MediaShow\4.1"

mRun-x64: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"

mRun-x64: [updateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"

mRun-x64: [updatePPShortCut] "C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerProducer" UpdateWithCreateOnce "Software\CyberLink\PowerProducer\5.0"

mRun-x64: [updatePSTShortCut] "C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"

mRun-x64: [sTCAgent] "C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STCAgent.exe"

mRun-x64: [ZyngaGamesAgent] "C:\Program Files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe"

mRun-x64: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide

mRun-x64: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min

mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [WinFastDTV] C:\Program Files\WinFast\WFDTV\DTVSchdl.exe

mRun-x64: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [RemoteControl8] "C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe"

mRun-x64: [PDVD8LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe"

mRun-x64: [bDRegion] C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe

mRun-x64: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"

mRun-x64: [searchSettings] "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRunOnce-x64: [EasyTuneVI] C:\Program Files (x86)\GIGABYTE\ET6\ETCall.exe

IE-X64: { C:\Microgaming\Casino\MummysGoldCasino\casinogame.exe

IE-X64: {1B1801DE-8A16-4623-BF7E-FFB201546028} - C:\Microgaming\Casino\SpinPalace\casinogame.exe

IE-X64: {F87D8B85-122D-468A-9B75-DAAF5B95474C}

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\rob\AppData\Roaming\Mozilla\Firefox\Profiles\8c05a9jo.default\

FF - prefs.js: browser.search.selectedEngine - Search Results

FF - prefs.js: browser.startup.homepage - hxxp://www.searchqu.com/406

FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties

FF - component: C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll

FF - component: C:\Program Files (x86)\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll

FF - component: C:\Users\rob\AppData\Roaming\Mozilla\Firefox\Profiles\8c05a9jo.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko19.dll

FF - component: C:\Users\rob\AppData\Roaming\Mozilla\Firefox\Profiles\8c05a9jo.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll

FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.53\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

FF - plugin: C:\Users\rob\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

.

---- FIREFOX POLICIES ----

FF - user.js: browser.cache.memory.capacity - 65536

FF - user.js: browser.chrome.favicons - false

FF - user.js: browser.display.show_image_placeholders - true

FF - user.js: browser.turbo.enabled - true

FF - user.js: browser.urlbar.autocomplete.enabled - true

FF - user.js: browser.urlbar.autofill - false

FF - user.js: browser.xul.error_pages.enabled - false

FF - user.js: content.interrupt.parsing - true

FF - user.js: content.max.tokenizing.time - 3000000

FF - user.js: content.maxtextrun - 8191

FF - user.js: content.notify.backoffcount - 5

FF - user.js: content.notify.interval - 750000

FF - user.js: content.notify.ontimer - true

FF - user.js: content.switch.threshold - 750000

FF - user.js: network.http.max-connections - 32

FF - user.js: network.http.max-connections-per-server - 8

FF - user.js: network.http.max-persistent-connections-per-proxy - 8

FF - user.js: network.http.max-persistent-connections-per-server - 4

FF - user.js: network.http.pipelining - true

FF - user.js: network.http.pipelining.firstrequest - true

FF - user.js: network.http.pipelining.maxrequests - 8

FF - user.js: network.http.proxy.pipelining - true

FF - user.js: network.http.request.max-start-delay - 0

FF - user.js: nglayout.initialpaint.delay - 0

FF - user.js: plugin.expose_full_path - true

FF - user.js: ui.submenuDelay - 0

FF - user.js: yahoo.ytff.general.dontshowhpoffer - true

FF - user.js: browser.urlbar.hideGoButton -

FF - user.js: dom.disable_window_open_feature.minimizable - True

FF - user.js: dom.disable_window_open_feature.menubar - True

FF - user.js: dom.disable_window_open_feature.scrollbars - True

.

============= SERVICES / DRIVERS ===============

.

R1 AppleCharger;AppleCharger;C:\Windows\system32\DRIVERS\AppleCharger.sys --> C:\Windows\system32\DRIVERS\AppleCharger.sys [?]

R1 CLBStor;InstantBurn Storage Helper Driver;C:\Windows\system32\DRIVERS\CLBStor.sys --> C:\Windows\system32\DRIVERS\CLBStor.sys [?]

R1 EIO64;EIO Driver;C:\Windows\system32\DRIVERS\EIO64.sys --> C:\Windows\system32\DRIVERS\EIO64.sys [?]

R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};Power Control [2011/04/07 10:13:26];C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl [2009-8-28 146928]

R2 AdvancedSystemCareService;Advanced SystemCare Service;C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCService.exe [2011-4-28 353168]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2011-2-1 136360]

R2 AntiVirService;Avira AntiVir Guard;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2011-2-1 269480]

R2 Application Updater;Application Updater;C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe [2011-5-6 393112]

R2 avgntflt;avgntflt;C:\Windows\system32\DRIVERS\avgntflt.sys --> C:\Windows\system32\DRIVERS\avgntflt.sys [?]

R2 CLBUDF;CyberLink InstantBurn UDF Filesystem;C:\Windows\system32\drivers\CLBUDF.sys --> C:\Windows\system32\drivers\CLBUDF.sys [?]

R2 DES2 Service;DES2 Service for Energy Saving.;C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe [2011-1-31 68136]

R2 LVPrcS64;Process Monitor;C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2009-10-7 191000]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-6-27 366640]

R2 SCBackService;Splashtop Connect Service;C:\Program Files (x86)\Splashtop\Splashtop Connect\BackService.exe [2010-11-15 477000]

R2 Smart TimeLock;Smart TimeLock Service;C:\Program Files (x86)\GIGABYTE\smart6\timelock\TimeMgmtDaemon.exe [2011-1-31 114688]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-3-23 378472]

R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-1-31 2655768]

R2 WCUService_STC_IE;Splashtop Connect IE Software Updater Service;C:\Program Files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe [2011-3-22 497480]

R3 GVTDrv64;GVTDrv64;C:\Windows\GVTDrv64.sys [2011-1-31 30528]

R3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\system32\DRIVERS\LVPr2M64.sys --> C:\Windows\system32\DRIVERS\LVPr2M64.sys [?]

R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]

R3 LVUVC64;QuickCam Communicate Deluxe(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]

R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]

R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

R3 WFSONORA;WinFast PxDVR3200 H (XC4000);C:\Windows\system32\drivers\wfsonora.sys --> C:\Windows\system32\drivers\wfsonora.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-3-23 136176]

S2 SmartViewService;Smart View Service;C:\Program Files (x86)\DeviceVM\SmartView\SmartViewService.exe --> C:\Program Files (x86)\DeviceVM\SmartView\SmartViewService.exe [?]

S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]

S3 etdrv;etdrv;C:\Windows\etdrv.sys [2011-1-31 25640]

S3 ewusbnet;HUAWEI USB-NDIS miniport;C:\Windows\system32\DRIVERS\ewusbnet.sys --> C:\Windows\system32\DRIVERS\ewusbnet.sys [?]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-3-23 136176]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

.

=============== Created Last 30 ================

.

2011-06-27 23:32:26 -------- d-----w- C:\Program Files (x86)\Free Offers from Freeze.com

2011-06-26 14:56:44 -------- d-----w- C:\Users\rob\AppData\Roaming\Malwarebytes

2011-06-26 14:56:39 39984 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

2011-06-26 14:56:38 -------- d-----w- C:\ProgramData\Malwarebytes

2011-06-26 14:56:35 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys

2011-06-26 14:56:35 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2011-06-26 14:33:02 -------- d-----w- C:\ProgramData\boost_interprocess

2011-06-26 14:32:46 -------- d-----w- C:\Users\rob\AppData\Local\PackageAware

2011-06-24 02:20:33 2106216 ----a-w- C:\Program Files (x86)\Mozilla Firefox\D3DCompiler_43.dll

2011-06-24 02:20:33 1998168 ----a-w- C:\Program Files (x86)\Mozilla Firefox\d3dx9_43.dll

2011-06-22 03:15:07 96 --sh--w- C:\Windows\WSYS049.SYS

2011-06-22 03:14:23 -------- d-----w- C:\Users\rob\AppData\Roaming\Photopos

2011-06-22 03:14:23 -------- d-----w- C:\ProgramData\EmailNotifier

2011-06-22 03:14:22 -------- d-----w- C:\Program Files (x86)\PhotoposComTbr

2011-06-22 03:14:17 208017 ----a-w- C:\Windows\Photo Pos Pro Uninstaller.exe

2011-06-22 03:14:13 -------- d-----w- C:\Program Files (x86)\Photo Pos Pro

2011-06-22 03:14:13 -------- d-----w- C:\Program Files (x86)\Common Files\Thraex Software

2011-06-15 12:25:07 461312 ----a-w- C:\Windows\System32\drivers\srv.sys

2011-06-15 12:25:07 399872 ----a-w- C:\Windows\System32\drivers\srv2.sys

2011-06-15 12:25:07 161792 ----a-w- C:\Windows\System32\drivers\srvnet.sys

2011-06-15 12:17:10 861184 ----a-w- C:\Windows\System32\oleaut32.dll

2011-06-15 12:17:10 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll

2011-06-15 12:12:56 976896 ----a-w- C:\Windows\System32\inetcomm.dll

2011-06-15 12:12:56 740864 ----a-w- C:\Windows\SysWow64\inetcomm.dll

2011-06-15 09:41:08 -------- d-----w- C:\Users\rob\AppData\Local\CounterPath Corporation

2011-06-15 09:41:04 -------- d-----w- C:\Users\rob\AppData\Local\CounterPath

2011-06-15 09:40:37 -------- d-----w- C:\Program Files (x86)\CounterPath

2011-06-12 07:38:31 476904 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

2011-06-10 12:50:27 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2011-06-08 14:42:35 -------- d-----w- C:\Program Files (x86)\GoldWave

2011-06-07 02:35:34 103864 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll

2011-06-07 02:35:34 103864 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll

2011-06-06 08:25:08 -------- d-----w- C:\Program Files (x86)\IObit Toolbar

2011-06-06 08:25:08 -------- d-----w- C:\Program Files (x86)\Application Updater

2011-05-30 09:11:20 -------- d-----w- C:\MGS

.

==================== Find3M ====================

.

2011-06-28 08:00:23 30528 ----a-w- C:\Windows\GVTDrv64.sys

2011-06-28 08:00:17 25640 ----a-w- C:\Windows\gdrv.sys

2011-05-28 03:25:16 1638912 ----a-w- C:\Windows\System32\mshtml.tlb

2011-05-28 03:07:01 3133952 ----a-w- C:\Windows\System32\win32k.sys

2011-05-28 03:00:02 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2011-05-04 02:51:08 287744 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys

2011-05-04 02:51:08 157696 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys

2011-05-04 02:51:05 126464 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys

2011-05-03 18:52:22 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2011-04-28 00:49:01 197120 ----a-w- C:\Windows\System32\d3d10_1.dll

2011-04-28 00:49:01 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll

2011-04-28 00:48:45 14336 ----a-w- C:\Windows\System32\drivers\sffp_sd.sys

2011-04-27 02:57:40 102400 ----a-w- C:\Windows\System32\drivers\dfsc.sys

2011-04-25 05:32:22 1896832 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2011-04-25 02:44:02 499712 ----a-w- C:\Windows\System32\drivers\afd.sys

2011-04-22 20:18:47 27008 ----a-w- C:\Windows\System32\drivers\Diskdump.sys

2011-04-22 20:18:28 1197056 ----a-w- C:\Windows\System32\wininet.dll

2011-04-22 20:14:08 57856 ----a-w- C:\Windows\System32\licmgr10.dll

2011-04-22 19:31:50 981504 ----a-w- C:\Windows\SysWow64\wininet.dll

2011-04-22 19:31:26 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll

2011-04-22 18:49:57 482816 ----a-w- C:\Windows\System32\html.iec

2011-04-22 18:23:59 386048 ----a-w- C:\Windows\SysWow64\html.iec

2011-04-09 06:58:56 142336 ----a-w- C:\Windows\System32\poqexec.exe

2011-04-09 06:45:48 5509504 ----a-w- C:\Windows\System32\ntoskrnl.exe

2011-04-09 06:13:06 3957632 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2011-04-09 06:13:06 3901824 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2011-04-09 05:56:38 123904 ----a-w- C:\Windows\SysWow64\poqexec.exe

2011-04-07 00:12:56 505128 ----a-w- C:\Windows\SysWow64\msvcp71.dll

2011-04-07 00:12:56 353576 ----a-w- C:\Windows\SysWow64\msvcr71.dll

2011-04-07 00:12:56 29480 ----a-w- C:\Windows\SysWow64\msxml3a.dll

2011-04-03 01:30:04 25640 ----a-w- C:\Windows\etdrv.sys

.

============= FINISH: 18:06:32.34 ===============

Posted

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-06-23.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 31/01/2011 8:53:49 PM

System Uptime: 28/06/2011 5:59:34 PM (1 hours ago)

.

Motherboard: Gigabyte Technology Co., Ltd. | | H67MA-D2H

Processor: Intel® Core i5-2400 CPU @ 3.10GHz | Socket 1155 | 3267/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 931 GiB total, 810.679 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP110: 15/06/2011 7:40:17 PM - Installed X-Lite 4

RP111: 16/06/2011 3:00:12 AM - Windows Update

RP112: 23/06/2011 4:30:39 PM - Windows Update

RP113: 27/06/2011 11:56:57 PM - OTL Restore Point

.

==== Installed Programs ======================

.

@BIOS

3D-Album Creative Center

Adobe AIR

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Reader 9.4.5

Advanced SystemCare 4

Apple Application Support

Apple Software Update

Ask Toolbar

ASUS Gamer OSD

ASUS Smart Doctor

ASUS VideoSecurity Online

AutoGreen B10.1021.1

Avira AntiVir Personal - Free Antivirus

Codec-TS SDK

Conduit Engine

CyberLink BD Advisor 2.0

CyberLink Blu-ray Disc Suite

CyberLink InstantBurn

CyberLink MediaShow

CyberLink Power2Go

CyberLink PowerDVD 8

CyberLink PowerProducer

De-interlace SDK

DES 2.0

DivX Web Player

Easy Tune 6 B10.1024.1

Empire: Total War Demo

eMule

File Type Assistant

Free Download Manager 3.0

Free File Opener version 2011.6.0

Free File Viewer 2011

GameSpy Arcade

GoldWave v5.58

Google Chrome

Google Earth

Google Update Helper

HTC Driver Installer

Human Head demo by NVIDIA (remove only)

Intel® Control Center

Intel® Management Engine Components

IObit Toolbar v4.4

Java Auto Updater

Java 6 Update 26

jZip

Logitech Gaming Software 64

Mafia II - Demo

Malwarebytes' Anti-Malware version 1.51.0.1200

Metro 2033

Microsoft Silverlight

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft XML Parser

Mozilla Firefox 5.0 (x86 en-US)

Mummys Gold Casino

Need for Speed: SHIFT

Need for Speed™ SHIFT Demo

Now Playing

NVIDIA PhysX

NVIDIA Stereoscopic 3D Driver

NVIDIA StereoUSB Driver

ON_OFF Charge B10.0427.1

Optus Wireless Broadband

Photo Pos Pro

Photopos Toolbar (Remove Toolbar Only)

PKR

PKRCasino

QuickTime

Race Driver 3

Realtek Ethernet Controller Driver

Realtek High Definition Audio Driver

Renesas Electronics USB 3.0 Host Controller Driver

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Smart 6 B10.1023.1

Spin Palace Casino

Splashtop Connect IE

Steam

TMPGEnc 4.0 XPress Special Trial Version

Tom Clancy's Splinter Cell Chaos Theory

Tom Clancy's Splinter Cell Conviction

TT-SB SDK

Ubisoft Game Launcher

Update for Microsoft .NET Framework 4 Client Profile (KB2473228)

Utility

uTorrentBar Toolbar

Visviva Animation Player

WinFast Multimedia Driver Installation

WinFast PVR2

X-Lite 4

XviD MPEG-4 Video Codec

.

==== Event Viewer Messages From Past Week ========

.

28/06/2011 5:59:46 PM, Error: volmgr [46] - Crash dump initialization failed!

27/06/2011 12:30:11 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.

27/06/2011 12:30:11 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

27/06/2011 12:30:11 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

27/06/2011 12:30:11 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}

27/06/2011 12:30:11 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

27/06/2011 12:30:10 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

27/06/2011 12:30:04 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

27/06/2011 12:29:59 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AppleCharger avipbb DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx Wanarpv6 WfpLwf

27/06/2011 12:29:58 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

27/06/2011 12:29:58 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

27/06/2011 12:29:58 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.

27/06/2011 12:29:58 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

27/06/2011 12:29:58 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

27/06/2011 12:29:58 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.

27/06/2011 12:29:58 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

27/06/2011 12:29:58 PM, Error: Service Control Manager [7001] - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

27/06/2011 12:29:58 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.

27/06/2011 12:29:58 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

27/06/2011 11:17:35 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}

27/06/2011 1:51:16 AM, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.

.

==== End Of File ===========================

Posted

Hello and welcome to IOBit Forums. My name is Dave. I will be helping you out with your particular problem on your computer.

 

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.

2. The fixes are specific to your problem and should only be used for this issue on this machine.

3. If you don't know or understand something, please don't hesitate to ask.

4. Please DO NOT run any other tools or scans while I am helping you.

5. It is important that you reply to this thread. Do not start a new topic.

6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

7. Absence of symptoms does not mean that everything is clear.

 

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.

**************************************************

SUPERAntiSpyware

 

If you already have SUPERAntiSpyware be sure to check for updates before scanning!

 

Download SuperAntispyware Free Edition (SAS)

* Double-click the icon on your desktop to run the installer.

* When asked to Update the program definitions, click Yes

* If you encounter any problems while downloading the updates, manually download and unzip them from here

* Next click the Preferences button.

 

•Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts

* Click the Scanning Control tab.

* Under Scanner Options make sure only the following are checked:

 

•Close browsers before scanning

•Scan for tracking cookies

•Terminate memory threats before quarantining

Please leave the others unchecked

 

•Click the Close button to leave the control center screen.

 

* On the main screen click Scan your computer

* On the left check the box for the drive you are scanning.

* On the right choose Perform Complete Scan

* Click Next to start the scan. Please be patient while it scans your computer.

* After the scan is complete a summary box will appear. Click OK

* Make sure everything in the white box has a check next to it, then click Next

* It will quarantine what it found and if it asks if you want to reboot, click Yes

 

•To retrieve the removal information please do the following:

•After reboot, double-click the SUPERAntiSpyware icon on your desktop.

•Click Preferences. Click the Statistics/Logs tab.

 

•Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.

 

•It will open in your default text editor (preferably Notepad).

•Save the notepad file to your desktop by clicking (in notepad) File > Save As...

 

* Save the log somewhere you can easily find it. (normally the desktop)

* Click close and close again to exit the program.

*Copy and Paste the log in your post.

*********************************************

 

 

Please download Malwarebytes Anti-Malware from here.

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Extra Note:

 

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

***********************************************

I strongly recommend that you remove Ask from your computer because it;

 

•Promotes its toolbars on sites targeted to kids.

 

•Promotes its toolbars through ads that appear to be part of other companies' sites.

 

•Promotes its toolbars through other companies' spyware.

 

•Installs without any disclosure whatsoever and without any consent whatsoever.

 

•Solicits installations via "deceptive door openers" that do not accurately describe the offer; failing to affirmatively show a license agreement; linking to a EULA via an off-screen link.

 

•Makes confusing changes to users' browsers -- increasing Ask's revenues while taking users to pages they didn't intend to visit.

 

See Here for more info.

 

If you choose to follow my recommendation then please go to Start > Control Panel > Add/Remove Programs and remove the following programs if present.

 

AskBarDis or anything related to Ask

 

Then please find and delete this folder in bold (if present):

C:\Program Files\AskBarDis. or anything related to Ask.

***************************************************

P2P - I see you have P2P software installed on your machine (eMule). We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It is certainly contributing to your current situation.

 

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

 

I would strongly recommend that you uninstall them, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.

***********************************************

Download OTL to your desktop.

 

* Open OTL

* Copy and Paste the following text in the codebox into the Custom Scans/Fixes window.

 

:OTL
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - Searchqu Toolbar
BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO-X64: 0x1 - No File
BHO-X64: AcroIEHelperStub - No File
BHO-X64: PhotoPos Toolbar - No File
BHO-X64: {99079a25-328f-4bd4-be04-00955acaa0a7} - Searchqu Toolbar
BHO-X64: Searchqu Toolbar - No File
BHO-X64: Ask Toolbar BHO - No File

:COMMANDS
[resethosts]
[purity]
[emptytemp]
[start explorer]

 

* Click Run Fix

* OTLI2 may ask to reboot the machine. Please do so if asked.

* Click OK

* A report will open. Copy and Paste that report in your next reply.

*************************************************************

Download ComboFix by sUBs from one of the below links. Be sure to save it to the Desktop.

 

link # 1

Link # 2

If you are using Firefox, make sure that your download settings are as follows:

 

* Tools->Options->Main tab

* Set to "Always ask me where to Save the files".

 

Close any open web browsers (Firefox, Internet Explorer, etc) before starting ComboFix.

 

Temporarily disable your anti-virus, and any anti-spyware real-time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

 

Right-click combofix.exe and select Run as Administrator and follow the prompts.

When finished, ComboFix will produce a log for you.

Post the ComboFix login your next reply.

 

NOTE: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

 

Remember to re-enable your anti-virus and anti-spyware protection when ComboFix is complete.

Posted

Hi Dave,

Thanks for your help. I have done as you asked and IE seems to have returned to normal but firefox was still directing me to searchqu.com although after changing my home page back to google it now seems to be holding at google. I was not aware of emule and have deleted it, the ask toolbar will not remove. Here are the logs as requested thanks again.

 

 

SUPERAntiSpyware Scan Log

http://www.superantispyware.com

 

Generated 06/29/2011 at 08:06 PM

 

Application Version : 4.54.1000

 

Core Rules Database Version : 7349

Trace Rules Database Version: 5161

 

Scan type : Complete Scan

Total Scan Time : 00:41:33

 

Memory items scanned : 565

Memory threats detected : 0

Registry items scanned : 13675

Registry threats detected : 0

File items scanned : 56861

File threats detected : 1

 

Adware.Tracking Cookie

C:\Users\rob\AppData\Roaming\Microsoft\Windows\Cookies\rob@advertising.counterpath[2].txt

 

 

 

 

 

 

 

00:08:07 rob IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 50065, Process: firefox.exe)

00:17:27 rob IP-BLOCK 193.105.134.94 (Type: outgoing, Port: 51063, Process: firefox.exe)

00:22:24 rob IP-BLOCK 80.91.191.171 (Type: outgoing, Port: 51713, Process: firefox.exe)

00:22:24 rob IP-BLOCK 80.91.191.171 (Type: outgoing, Port: 51718, Process: firefox.exe)

00:22:24 rob IP-BLOCK 80.91.191.171 (Type: outgoing, Port: 51751, Process: firefox.exe)

00:22:24 rob IP-BLOCK 80.91.191.171 (Type: outgoing, Port: 51758, Process: firefox.exe)

00:22:32 rob IP-BLOCK 80.91.191.171 (Type: outgoing, Port: 51776, Process: firefox.exe)

00:22:32 rob IP-BLOCK 80.91.191.171 (Type: outgoing, Port: 51780, Process: firefox.exe)

00:22:32 rob IP-BLOCK 80.91.191.171 (Type: outgoing, Port: 51798, Process: firefox.exe)

00:22:32 rob IP-BLOCK 80.91.191.171 (Type: outgoing, Port: 51802, Process: firefox.exe)

00:22:32 rob IP-BLOCK 80.91.191.171 (Type: outgoing, Port: 51811, Process: firefox.exe)

00:22:32 rob IP-BLOCK 80.91.191.171 (Type: outgoing, Port: 51816, Process: firefox.exe)

00:28:48 rob IP-BLOCK 94.100.30.165 (Type: outgoing, Port: 53105, Process: firefox.exe)

00:28:48 rob IP-BLOCK 94.100.30.166 (Type: outgoing, Port: 53106, Process: firefox.exe)

00:28:48 rob IP-BLOCK 94.100.30.167 (Type: outgoing, Port: 53108, Process: firefox.exe)

00:28:48 rob IP-BLOCK 94.100.30.163 (Type: outgoing, Port: 53109, Process: firefox.exe)

00:28:48 rob IP-BLOCK 94.100.30.164 (Type: outgoing, Port: 53110, Process: firefox.exe)

00:28:48 rob IP-BLOCK 94.100.30.165 (Type: outgoing, Port: 53117, Process: firefox.exe)

00:28:49 rob IP-BLOCK 94.100.30.166 (Type: outgoing, Port: 53118, Process: firefox.exe)

00:28:49 rob IP-BLOCK 94.100.30.167 (Type: outgoing, Port: 53119, Process: firefox.exe)

00:28:49 rob IP-BLOCK 94.100.30.163 (Type: outgoing, Port: 53120, Process: firefox.exe)

00:28:49 rob IP-BLOCK 94.100.30.164 (Type: outgoing, Port: 53121, Process: firefox.exe)

00:29:53 rob IP-BLOCK 94.100.30.165 (Type: outgoing, Port: 53293, Process: firefox.exe)

00:29:53 rob IP-BLOCK 94.100.30.166 (Type: outgoing, Port: 53295, Process: firefox.exe)

00:29:53 rob IP-BLOCK 94.100.30.167 (Type: outgoing, Port: 53296, Process: firefox.exe)

00:29:53 rob IP-BLOCK 94.100.30.163 (Type: outgoing, Port: 53297, Process: firefox.exe)

00:29:53 rob IP-BLOCK 94.100.30.164 (Type: outgoing, Port: 53298, Process: firefox.exe)

00:29:53 rob IP-BLOCK 94.100.30.165 (Type: outgoing, Port: 53306, Process: firefox.exe)

00:29:53 rob IP-BLOCK 94.100.30.166 (Type: outgoing, Port: 53307, Process: firefox.exe)

00:29:53 rob IP-BLOCK 94.100.30.167 (Type: outgoing, Port: 53308, Process: firefox.exe)

00:29:53 rob IP-BLOCK 94.100.30.163 (Type: outgoing, Port: 53309, Process: firefox.exe)

00:29:53 rob IP-BLOCK 94.100.30.164 (Type: outgoing, Port: 53310, Process: firefox.exe)

00:32:01 rob IP-BLOCK 94.100.30.165 (Type: outgoing, Port: 53663, Process: firefox.exe)

00:32:01 rob IP-BLOCK 94.100.30.166 (Type: outgoing, Port: 53665, Process: firefox.exe)

00:32:01 rob IP-BLOCK 94.100.30.167 (Type: outgoing, Port: 53666, Process: firefox.exe)

00:32:01 rob IP-BLOCK 94.100.30.163 (Type: outgoing, Port: 53667, Process: firefox.exe)

00:32:01 rob IP-BLOCK 94.100.30.164 (Type: outgoing, Port: 53668, Process: firefox.exe)

00:32:01 rob IP-BLOCK 94.100.30.165 (Type: outgoing, Port: 53674, Process: firefox.exe)

00:32:01 rob IP-BLOCK 94.100.30.166 (Type: outgoing, Port: 53675, Process: firefox.exe)

00:32:01 rob IP-BLOCK 94.100.30.167 (Type: outgoing, Port: 53676, Process: firefox.exe)

00:32:01 rob IP-BLOCK 94.100.30.163 (Type: outgoing, Port: 53677, Process: firefox.exe)

00:32:01 rob IP-BLOCK 94.100.30.164 (Type: outgoing, Port: 53678, Process: firefox.exe)

00:32:33 rob IP-BLOCK 94.100.30.165 (Type: outgoing, Port: 53790, Process: firefox.exe)

00:32:33 rob IP-BLOCK 94.100.30.166 (Type: outgoing, Port: 53792, Process: firefox.exe)

00:32:33 rob IP-BLOCK 94.100.30.167 (Type: outgoing, Port: 53793, Process: firefox.exe)

00:32:33 rob IP-BLOCK 94.100.30.163 (Type: outgoing, Port: 53794, Process: firefox.exe)

00:32:33 rob IP-BLOCK 94.100.30.164 (Type: outgoing, Port: 53795, Process: firefox.exe)

00:32:33 rob IP-BLOCK 94.100.30.165 (Type: outgoing, Port: 53798, Process: firefox.exe)

00:32:33 rob IP-BLOCK 94.100.30.166 (Type: outgoing, Port: 53799, Process: firefox.exe)

00:32:33 rob IP-BLOCK 94.100.30.167 (Type: outgoing, Port: 53800, Process: firefox.exe)

00:32:33 rob IP-BLOCK 94.100.30.163 (Type: outgoing, Port: 53801, Process: firefox.exe)

00:32:34 rob IP-BLOCK 94.100.30.164 (Type: outgoing, Port: 53802, Process: firefox.exe)

00:35:46 rob IP-BLOCK 74.53.228.114 (Type: outgoing, Port: 54313, Process: firefox.exe)

00:35:46 rob IP-BLOCK 174.132.104.34 (Type: outgoing, Port: 54315, Process: firefox.exe)

00:35:54 rob IP-BLOCK 174.132.104.34 (Type: outgoing, Port: 54323, Process: firefox.exe)

00:35:54 rob IP-BLOCK 74.53.228.114 (Type: outgoing, Port: 54324, Process: firefox.exe)

00:35:54 rob IP-BLOCK 94.100.30.165 (Type: outgoing, Port: 54327, Process: firefox.exe)

00:35:54 rob IP-BLOCK 94.100.30.166 (Type: outgoing, Port: 54329, Process: firefox.exe)

00:35:54 rob IP-BLOCK 94.100.30.167 (Type: outgoing, Port: 54330, Process: firefox.exe)

00:35:54 rob IP-BLOCK 94.100.30.163 (Type: outgoing, Port: 54331, Process: firefox.exe)

00:35:54 rob IP-BLOCK 94.100.30.164 (Type: outgoing, Port: 54332, Process: firefox.exe)

00:35:54 rob IP-BLOCK 174.132.104.34 (Type: outgoing, Port: 54335, Process: firefox.exe)

00:35:54 rob IP-BLOCK 74.53.228.114 (Type: outgoing, Port: 54336, Process: firefox.exe)

00:35:54 rob IP-BLOCK 94.100.30.165 (Type: outgoing, Port: 54341, Process: firefox.exe)

00:35:54 rob IP-BLOCK 94.100.30.166 (Type: outgoing, Port: 54342, Process: firefox.exe)

00:35:54 rob IP-BLOCK 94.100.30.167 (Type: outgoing, Port: 54343, Process: firefox.exe)

00:35:54 rob IP-BLOCK 94.100.30.163 (Type: outgoing, Port: 54344, Process: firefox.exe)

00:35:54 rob IP-BLOCK 94.100.30.164 (Type: outgoing, Port: 54345, Process: firefox.exe)

00:37:14 rob IP-BLOCK 94.100.30.165 (Type: outgoing, Port: 54470, Process: firefox.exe)

00:37:14 rob IP-BLOCK 94.100.30.166 (Type: outgoing, Port: 54471, Process: firefox.exe)

00:37:14 rob IP-BLOCK 94.100.30.167 (Type: outgoing, Port: 54472, Process: firefox.exe)

00:37:14 rob IP-BLOCK 94.100.30.163 (Type: outgoing, Port: 54474, Process: firefox.exe)

00:37:14 rob IP-BLOCK 94.100.30.164 (Type: outgoing, Port: 54475, Process: firefox.exe)

00:37:14 rob IP-BLOCK 94.100.30.165 (Type: outgoing, Port: 54480, Process: firefox.exe)

00:37:14 rob IP-BLOCK 94.100.30.166 (Type: outgoing, Port: 54481, Process: firefox.exe)

00:37:14 rob IP-BLOCK 94.100.30.167 (Type: outgoing, Port: 54482, Process: firefox.exe)

00:37:14 rob IP-BLOCK 94.100.30.163 (Type: outgoing, Port: 54483, Process: firefox.exe)

00:37:14 rob IP-BLOCK 94.100.30.164 (Type: outgoing, Port: 54484, Process: firefox.exe)

00:38:02 rob IP-BLOCK 95.168.177.20 (Type: outgoing, Port: 54538, Process: firefox.exe)

00:38:02 rob IP-BLOCK 95.168.177.20 (Type: outgoing, Port: 54569, Process: firefox.exe)

00:39:15 rob IP-BLOCK 94.100.30.165 (Type: outgoing, Port: 54684, Process: firefox.exe)

00:39:15 rob IP-BLOCK 94.100.30.166 (Type: outgoing, Port: 54685, Process: firefox.exe)

00:39:15 rob IP-BLOCK 94.100.30.167 (Type: outgoing, Port: 54686, Process: firefox.exe)

00:39:15 rob IP-BLOCK 94.100.30.163 (Type: outgoing, Port: 54687, Process: firefox.exe)

00:39:15 rob IP-BLOCK 94.100.30.164 (Type: outgoing, Port: 54690, Process: firefox.exe)

00:39:15 rob IP-BLOCK 94.100.30.165 (Type: outgoing, Port: 54714, Process: firefox.exe)

00:39:15 rob IP-BLOCK 94.100.30.166 (Type: outgoing, Port: 54715, Process: firefox.exe)

00:39:15 rob IP-BLOCK 94.100.30.167 (Type: outgoing, Port: 54716, Process: firefox.exe)

00:39:15 rob IP-BLOCK 94.100.30.163 (Type: outgoing, Port: 54718, Process: firefox.exe)

00:39:15 rob IP-BLOCK 94.100.30.164 (Type: outgoing, Port: 54719, Process: firefox.exe)

00:39:23 rob IP-BLOCK 94.100.30.165 (Type: outgoing, Port: 54767, Process: firefox.exe)

00:39:23 rob IP-BLOCK 94.100.30.166 (Type: outgoing, Port: 54768, Process: firefox.exe)

00:39:23 rob IP-BLOCK 94.100.30.167 (Type: outgoing, Port: 54769, Process: firefox.exe)

00:39:23 rob IP-BLOCK 94.100.30.163 (Type: outgoing, Port: 54770, Process: firefox.exe)

00:39:23 rob IP-BLOCK 94.100.30.164 (Type: outgoing, Port: 54771, Process: firefox.exe)

00:51:56 rob IP-BLOCK 94.100.30.166 (Type: outgoing, Port: 55888, Process: firefox.exe)

00:51:56 rob IP-BLOCK 94.100.30.167 (Type: outgoing, Port: 55889, Process: firefox.exe)

00:51:56 rob IP-BLOCK 94.100.30.163 (Type: outgoing, Port: 55890, Process: firefox.exe)

00:51:56 rob IP-BLOCK 94.100.30.164 (Type: outgoing, Port: 55891, Process: firefox.exe)

00:51:56 rob IP-BLOCK 94.100.30.165 (Type: outgoing, Port: 55892, Process: firefox.exe)

00:51:56 rob IP-BLOCK 94.100.30.166 (Type: outgoing, Port: 55902, Process: firefox.exe)

00:51:56 rob IP-BLOCK 94.100.30.167 (Type: outgoing, Port: 55903, Process: firefox.exe)

00:51:56 rob IP-BLOCK 94.100.30.163 (Type: outgoing, Port: 55904, Process: firefox.exe)

00:51:56 rob IP-BLOCK 94.100.30.164 (Type: outgoing, Port: 55905, Process: firefox.exe)

00:51:56 rob IP-BLOCK 94.100.30.165 (Type: outgoing, Port: 55906, Process: firefox.exe)

00:53:24 rob IP-BLOCK 94.100.30.166 (Type: outgoing, Port: 56029, Process: firefox.exe)

00:53:24 rob IP-BLOCK 94.100.30.167 (Type: outgoing, Port: 56031, Process: firefox.exe)

00:53:24 rob IP-BLOCK 94.100.30.163 (Type: outgoing, Port: 56032, Process: firefox.exe)

00:53:24 rob IP-BLOCK 94.100.30.164 (Type: outgoing, Port: 56033, Process: firefox.exe)

00:53:24 rob IP-BLOCK 94.100.30.165 (Type: outgoing, Port: 56034, Process: firefox.exe)

00:53:24 rob IP-BLOCK 94.100.30.166 (Type: outgoing, Port: 56037, Process: firefox.exe)

00:53:24 rob IP-BLOCK 94.100.30.167 (Type: outgoing, Port: 56038, Process: firefox.exe)

00:53:24 rob IP-BLOCK 94.100.30.163 (Type: outgoing, Port: 56039, Process: firefox.exe)

00:53:24 rob IP-BLOCK 94.100.30.164 (Type: outgoing, Port: 56040, Process: firefox.exe)

00:53:24 rob IP-BLOCK 94.100.30.165 (Type: outgoing, Port: 56041, Process: firefox.exe)

00:54:36 rob IP-BLOCK 94.100.30.166 (Type: outgoing, Port: 56154, Process: firefox.exe)

00:54:36 rob IP-BLOCK 94.100.30.167 (Type: outgoing, Port: 56156, Process: firefox.exe)

00:54:36 rob IP-BLOCK 94.100.30.163 (Type: outgoing, Port: 56157, Process: firefox.exe)

00:54:36 rob IP-BLOCK 94.100.30.164 (Type: outgoing, Port: 56158, Process: firefox.exe)

00:54:36 rob IP-BLOCK 94.100.30.165 (Type: outgoing, Port: 56159, Process: firefox.exe)

00:54:36 rob IP-BLOCK 94.100.30.166 (Type: outgoing, Port: 56165, Process: firefox.exe)

00:54:36 rob IP-BLOCK 94.100.30.167 (Type: outgoing, Port: 56166, Process: firefox.exe)

00:54:36 rob IP-BLOCK 94.100.30.163 (Type: outgoing, Port: 56167, Process: firefox.exe)

00:54:36 rob IP-BLOCK 94.100.30.164 (Type: outgoing, Port: 56168, Process: firefox.exe)

00:54:36 rob IP-BLOCK 94.100.30.165 (Type: outgoing, Port: 56169, Process: firefox.exe)

00:55:48 rob IP-BLOCK 94.100.30.166 (Type: outgoing, Port: 56276, Process: firefox.exe)

00:55:48 rob IP-BLOCK 94.100.30.167 (Type: outgoing, Port: 56278, Process: firefox.exe)

00:55:48 rob IP-BLOCK 94.100.30.163 (Type: outgoing, Port: 56279, Process: firefox.exe)

00:55:48 rob IP-BLOCK 94.100.30.164 (Type: outgoing, Port: 56280, Process: firefox.exe)

00:55:48 rob IP-BLOCK 94.100.30.165 (Type: outgoing, Port: 56281, Process: firefox.exe)

00:55:57 rob IP-BLOCK 94.100.30.166 (Type: outgoing, Port: 56286, Process: firefox.exe)

00:55:57 rob IP-BLOCK 94.100.30.167 (Type: outgoing, Port: 56287, Process: firefox.exe)

00:55:57 rob IP-BLOCK 94.100.30.163 (Type: outgoing, Port: 56288, Process: firefox.exe)

00:55:57 rob IP-BLOCK 94.100.30.164 (Type: outgoing, Port: 56289, Process: firefox.exe)

00:55:57 rob IP-BLOCK 94.100.30.165 (Type: outgoing, Port: 56290, Process: firefox.exe)

02:03:32 rob MESSAGE Protection started successfully

02:03:35 rob MESSAGE IP Protection started successfully

11:55:44 rob MESSAGE Protection started successfully

11:55:48 rob MESSAGE IP Protection started successfully

18:01:14 rob MESSAGE Protection started successfully

18:01:17 rob MESSAGE IP Protection started successfully

18:10:21 rob MESSAGE Protection started successfully

18:10:24 rob MESSAGE IP Protection started successfully

18:11:20 rob IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 49188, Process: firefox.exe)

18:15:19 rob MESSAGE IP Protection stopped

18:25:19 rob MESSAGE Protection started successfully

18:25:23 rob MESSAGE IP Protection started successfully

 

 

 

 

 

 

 

ComboFix 11-06-28.05 - rob 29/06/2011 18:16:45.1.4 - x64

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.61.1033.18.4079.2494 [GMT 10:00]

Running from: c:\users\rob\Desktop\combofix\ComboFix.exe

AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}

SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\ntuser.dat

c:\windows\TEMP\logishrd\LVPrcInj01.dll . . . . Failed to delete

c:\windows\TEMP\logishrd\LVPrcInj02.dll . . . . Failed to delete

.

.

((((((((((((((((((((((((( Files Created from 2011-05-28 to 2011-06-29 )))))))))))))))))))))))))))))))

.

.

2011-06-29 08:22 . 2011-06-29 08:22 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-06-29 08:06 . 2011-06-29 08:06 -------- d-----w- C:\_OTL

2011-06-29 02:06 . 2011-06-29 02:06 -------- d-----w- c:\users\rob\AppData\Roaming\SUPERAntiSpyware.com

2011-06-29 02:06 . 2011-06-29 02:06 -------- d-----w- c:\programdata\SUPERAntiSpyware.com

2011-06-29 02:06 . 2011-06-29 02:06 -------- d-----w- c:\programdata\!SASCORE

2011-06-29 02:06 . 2011-06-29 02:06 -------- d-----w- c:\program files\SUPERAntiSpyware

2011-06-27 23:32 . 2011-06-27 23:32 -------- d-----w- c:\program files (x86)\Free Offers from Freeze.com

2011-06-26 14:56 . 2011-06-26 14:56 -------- d-----w- c:\users\rob\AppData\Roaming\Malwarebytes

2011-06-26 14:56 . 2011-05-28 23:11 39984 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys

2011-06-26 14:56 . 2011-06-26 14:56 -------- d-----w- c:\programdata\Malwarebytes

2011-06-26 14:56 . 2011-06-26 14:56 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2011-06-26 14:56 . 2011-05-28 23:11 25912 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-06-26 14:33 . 2011-06-26 14:42 -------- d-----w- c:\programdata\boost_interprocess

2011-06-26 14:32 . 2011-06-26 14:32 -------- d-----w- c:\users\rob\AppData\Local\PackageAware

2011-06-24 02:20 . 2011-06-24 02:20 2106216 ----a-w- c:\program files (x86)\Mozilla Firefox\D3DCompiler_43.dll

2011-06-24 02:20 . 2011-06-24 02:20 1998168 ----a-w- c:\program files (x86)\Mozilla Firefox\d3dx9_43.dll

2011-06-22 11:10 . 2011-06-29 08:23 -------- d-----w- c:\programdata\NVIDIA

2011-06-22 03:15 . 2002-07-31 09:55 96 --sh--w- c:\windows\WSYS049.SYS

2011-06-22 03:14 . 2011-06-22 03:14 -------- d-----w- c:\users\rob\AppData\Roaming\Photopos

2011-06-22 03:14 . 2011-06-22 03:14 -------- d-----w- c:\programdata\EmailNotifier

2011-06-22 03:14 . 2011-06-26 15:43 -------- d-----w- c:\program files (x86)\PhotoposComTbr

2011-06-22 03:14 . 2011-06-22 03:14 208017 ----a-w- c:\windows\Photo Pos Pro Uninstaller.exe

2011-06-22 03:14 . 2011-06-22 03:14 -------- d-----w- c:\program files (x86)\Photo Pos Pro

2011-06-22 03:14 . 2011-06-22 03:14 -------- d-----w- c:\program files (x86)\Common Files\Thraex Software

2011-06-15 12:25 . 2011-04-29 03:13 461312 ----a-w- c:\windows\system32\drivers\srv.sys

2011-06-15 12:25 . 2011-04-29 03:12 399872 ----a-w- c:\windows\system32\drivers\srv2.sys

2011-06-15 12:25 . 2011-04-29 03:12 161792 ----a-w- c:\windows\system32\drivers\srvnet.sys

2011-06-15 12:17 . 2010-12-18 06:13 861184 ----a-w- c:\windows\system32\oleaut32.dll

2011-06-15 12:17 . 2010-12-18 05:31 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll

2011-06-15 12:12 . 2011-05-03 05:21 976896 ----a-w- c:\windows\system32\inetcomm.dll

2011-06-15 12:12 . 2011-05-03 04:50 740864 ----a-w- c:\windows\SysWow64\inetcomm.dll

2011-06-15 09:41 . 2011-06-15 09:41 -------- d-----w- c:\users\rob\AppData\Local\CounterPath Corporation

2011-06-15 09:41 . 2011-06-15 09:41 -------- d-----w- c:\users\rob\AppData\Local\CounterPath

2011-06-15 09:40 . 2011-06-15 09:40 -------- d-----w- c:\program files (x86)\CounterPath

2011-06-12 07:41 . 2011-06-12 07:41 -------- d-----w- c:\program files (x86)\Common Files\Java

2011-06-12 07:38 . 2011-05-03 18:52 476904 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

2011-06-10 12:50 . 2011-06-24 02:21 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-06-08 14:42 . 2011-06-08 14:42 -------- d-----w- c:\program files (x86)\GoldWave

2011-06-07 02:35 . 2011-06-07 02:35 103864 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll

2011-06-07 02:35 . 2011-06-07 02:35 103864 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll

2011-06-06 08:25 . 2011-06-06 08:25 -------- d-----w- c:\program files (x86)\IObit Toolbar

2011-06-06 08:25 . 2011-06-06 08:25 -------- d-----w- c:\program files (x86)\Application Updater

2011-05-30 09:11 . 2011-05-30 09:11 -------- d-----w- C:\MGS

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-06-29 08:23 . 2011-01-31 10:09 30528 ----a-w- c:\windows\GVTDrv64.sys

2011-06-29 08:23 . 2011-01-31 10:09 25640 ----a-w- c:\windows\gdrv.sys

2011-05-03 18:52 . 2011-02-13 12:09 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll

2011-04-28 00:49 . 2011-04-28 00:49 197120 ----a-w- c:\windows\system32\d3d10_1.dll

2011-04-28 00:49 . 2011-04-28 00:49 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll

2011-04-28 00:48 . 2011-04-28 00:48 14336 ----a-w- c:\windows\system32\drivers\sffp_sd.sys

2011-04-22 20:18 . 2011-05-25 04:19 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys

2011-04-09 06:58 . 2011-05-21 17:31 142336 ----a-w- c:\windows\system32\poqexec.exe

2011-04-09 06:45 . 2011-05-11 14:16 5509504 ----a-w- c:\windows\system32\ntoskrnl.exe

2011-04-09 06:13 . 2011-05-11 14:16 3957632 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2011-04-09 06:13 . 2011-05-11 14:16 3901824 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2011-04-09 05:56 . 2011-05-21 17:31 123904 ----a-w- c:\windows\SysWow64\poqexec.exe

2011-04-07 00:12 . 2011-01-31 10:48 505128 ----a-w- c:\windows\SysWow64\msvcp71.dll

2011-04-07 00:12 . 2011-01-31 10:48 29480 ----a-w- c:\windows\SysWow64\msxml3a.dll

2011-04-07 00:12 . 2011-01-31 10:37 353576 ----a-w- c:\windows\SysWow64\msvcr71.dll

2011-04-03 01:30 . 2011-01-31 10:32 25640 ----a-w- c:\windows\etdrv.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{0F3DC9E0-C459-4a40-BCF8-747BD9322E10}"= "c:\program files (x86)\Splashtop\Splashtop Connect IE\AddressBarSearch.dll" [2011-01-20 165776]

.

[HKEY_CLASSES_ROOT\clsid\{0f3dc9e0-c459-4a40-bcf8-747bd9322e10}]

[HKEY_CLASSES_ROOT\AddressBarSearch.SearchHook.1]

[HKEY_CLASSES_ROOT\TypeLib\{4E8E0178-00EF-413d-9324-E7B3E31572E3}]

[HKEY_CLASSES_ROOT\AddressBarSearch.SearchHook]

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{0E5680D1-BF44-4929-94AF-FD30D784AD1D}]

2011-01-20 22:39 345968 ----a-w- c:\program files (x86)\Splashtop\Splashtop Connect IE\STC.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ISUSPM Startup"="c:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-16 221184]

"WinFast Schedule"="c:\program files\WinFast\WFDTV\WFWIZ.exe" [2010-08-11 2920448]

"Steam"="c:\program files (x86)\Steam\steam.exe" [2011-03-18 1242448]

"Advanced SystemCare 4"="c:\program files (x86)\IObit\Advanced SystemCare 4\ASCTray.exe" [2011-05-28 412560]

"X-Lite 4"="c:\program files (x86)\CounterPath\X-Lite 4\X-Lite4.exe" [2010-08-11 2863616]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288]

"ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]

"ASUSGamerOSD"="c:\program files (x86)\ASUS\GamerOSD\GamerOSD.exe" [2009-07-30 380928]

"InstantBurn"="c:\progra~2\CYBERL~1\INSTAN~1\Win2K\IBurn.exe" [2008-10-17 681256]

"MDS_Menu"="c:\program files (x86)\CyberLink\MediaShow4\MUITransfer\MUIStartMenu.exe" [2009-02-25 218408]

"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2009-04-30 103720]

"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-02-25 218408]

"UpdatePPShortCut"="c:\program files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]

"UpdatePSTShortCut"="c:\program files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe" [2009-05-25 210216]

"STCAgent"="c:\program files (x86)\Splashtop\Splashtop Connect IE\STCAgent.exe" [2011-01-20 776064]

"ZyngaGamesAgent"="c:\program files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe" [2010-11-15 841544]

"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]

"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2010-12-12 281768]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

"WinFastDTV"="c:\program files\WinFast\WFDTV\DTVSchdl.exe" [2010-06-09 101888]

"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]

"RemoteControl8"="c:\program files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe" [2009-07-16 91432]

"PDVD8LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD8\Language\Language.exe" [2009-04-15 50472]

"BDRegion"="c:\program files (x86)\Cyberlink\Shared Files\brs.exe" [2009-08-28 75048]

"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2011-05-17 395144]

"SearchSettings"="c:\program files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe" [2011-05-06 532320]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-28 449584]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]

"EasyTuneVI"="c:\program files (x86)\GIGABYTE\ET6\ETCall.exe" [2007-07-26 20480]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-11 136176]

R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-05-28 366640]

R2 SmartViewService;Smart View Service;c:\program files (x86)\DeviceVM\SmartView\SmartViewService.exe [x]

R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-10-05 2655768]

R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [x]

R3 etdrv;etdrv;c:\windows\etdrv.sys [2011-04-03 25640]

R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [x]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-11 136176]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [x]

S1 CLBStor;InstantBurn Storage Helper Driver;c:\windows\system32\DRIVERS\CLBStor.sys [x]

S1 EIO64;EIO Driver;c:\windows\system32\DRIVERS\EIO64.sys [x]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2010-02-17 14920]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2010-02-17 12360]

S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-05-04 128384]

S2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};Power Control [2011/04/07 10:13];c:\program files (x86)\CyberLink\PowerDVD8\000.fcl [2009-08-28 08:36 146928]

S2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files (x86)\IObit\Advanced SystemCare 4\ASCService.exe [2011-05-28 353168]

S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-04-29 136360]

S2 Application Updater;Application Updater;c:\program files (x86)\Application Updater\ApplicationUpdater.exe [2011-05-06 393112]

S2 CLBUDF;CyberLink InstantBurn UDF Filesystem; [x]

S2 DES2 Service;DES2 Service for Energy Saving.;c:\program files (x86)\GIGABYTE\EnergySaver2\des2svr.exe [2009-06-17 68136]

S2 LVPrcS64;Process Monitor;c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2009-10-06 191000]

S2 SCBackService;Splashtop Connect Service;c:\program files (x86)\Splashtop\Splashtop Connect\BackService.exe [2010-11-15 477000]

S2 Smart TimeLock;Smart TimeLock Service;c:\program files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe [2009-10-13 114688]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-03-23 378472]

S2 WCUService_STC_IE;Splashtop Connect IE Software Updater Service;c:\program files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe [2011-03-22 497480]

S3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys [2011-06-29 30528]

S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [x]

S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]

S3 LVUVC64;QuickCam Communicate Deluxe(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x]

S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]

S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]

S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

S3 WFSONORA;WinFast PxDVR3200 H (XC4000);c:\windows\system32\drivers\wfsonora.sys [x]

.

.

Contents of the 'Scheduled Tasks' folder

.

2011-06-29 c:\windows\Tasks\FreeFileViewerUpdateChecker.job

- c:\program files (x86)\FreeFileViewer\FFVCheckForUpdates.exe [2011-02-04 05:24]

.

2011-06-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-23 07:45]

.

2011-06-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-23 07:45]

.

2011-06-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3789966692-4173378482-2834506782-1000Core.job

- c:\users\rob\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-11 07:45]

.

2011-06-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3789966692-4173378482-2834506782-1000UA.job

- c:\users\rob\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-11 07:45]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{45d30484-7ded-43d9-957a-d2fd1f046511}]

2009-11-25 01:47 444752 ----a-w- c:\windows\System32\mscoree.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{1d09c093-f71e-43c3-b948-19316cbd695e}"= "mscoree.dll" [2009-11-25 444752]

.

[HKEY_CLASSES_ROOT\CLSID\{1d09c093-f71e-43c3-b948-19316cbd695e}]

[HKEY_CLASSES_ROOT\tGBandObj.tGBandObjClass]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-09-03 11464296]

"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2010-06-14 190536]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"RPMKickstart"="c:\program files\GIGABYTE\SMART6\Recovery\RPMKickstart.exe" [2010-08-23 2552320]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x1

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = about:blank

IE: Download all with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dlall.htm

IE: Download selected with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dlselected.htm

IE: Download video with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dlfvideo.htm

IE: Download with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dllink.htm

TCP: DhcpNameServer = 192.168.1.1

FF - ProfilePath - c:\users\rob\AppData\Roaming\Mozilla\Firefox\Profiles\8c05a9jo.default\

FF - prefs.js: browser.search.selectedEngine - Search Results

FF - prefs.js: browser.startup.homepage - hxxp://www.searchqu.com/406

FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties

FF - user.js: browser.cache.memory.capacity - 65536

FF - user.js: browser.chrome.favicons - false

FF - user.js: browser.display.show_image_placeholders - true

FF - user.js: browser.turbo.enabled - true

FF - user.js: browser.urlbar.autocomplete.enabled - true

FF - user.js: browser.urlbar.autofill - false

FF - user.js: browser.xul.error_pages.enabled - false

FF - user.js: content.interrupt.parsing - true

FF - user.js: content.max.tokenizing.time - 3000000

FF - user.js: content.maxtextrun - 8191

FF - user.js: content.notify.backoffcount - 5

FF - user.js: content.notify.interval - 750000

FF - user.js: content.notify.ontimer - true

FF - user.js: content.switch.threshold - 750000

FF - user.js: network.http.max-connections - 32

FF - user.js: network.http.max-connections-per-server - 8

FF - user.js: network.http.max-persistent-connections-per-proxy - 8

FF - user.js: network.http.max-persistent-connections-per-server - 4

FF - user.js: network.http.pipelining - true

FF - user.js: network.http.pipelining.firstrequest - true

FF - user.js: network.http.pipelining.maxrequests - 8

FF - user.js: network.http.proxy.pipelining - true

FF - user.js: network.http.request.max-start-delay - 0

FF - user.js: nglayout.initialpaint.delay - 0

FF - user.js: plugin.expose_full_path - true

FF - user.js: ui.submenuDelay - 0

FF - user.js: yahoo.ytff.general.dontshowhpoffer - true

FF - user.js: browser.urlbar.hideGoButton -

FF - user.js: dom.disable_window_open_feature.minimizable - True

FF - user.js: dom.disable_window_open_feature.menubar - True

FF - user.js: dom.disable_window_open_feature.scrollbars - True

.

- - - - ORPHANS REMOVED - - - -

.

URLSearchHooks-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)

BHO-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)

BHO-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)

BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

Toolbar-10 - (no file)

Toolbar-10 - (no file)

WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

.

.

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]

"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD8\000.fcl"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\IObit\Advanced SystemCare 4\PMonitor.exe

c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe

c:\windows\SysWOW64\ASDR.exe

c:\program files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe

c:\program files (x86)\CyberLink\Shared files\RichVideo.exe

c:\program files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

c:\program files (x86)\GIGABYTE\ET6\GUI.exe

c:\program files (x86)\CyberLink\InstantBurn\Win2K\IBurn.exe

c:\program files (x86)\Common Files\Steam\SteamService.exe

c:\program files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe

c:\program files (x86)\GIGABYTE\Smart6\Timelock\AlarmClock.exe

c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

.

**************************************************************************

.

Completion time: 2011-06-29 18:26:02 - machine was rebooted

ComboFix-quarantined-files.txt 2011-06-29 08:26

.

Pre-Run: 870,916,612,096 bytes free

Post-Run: 870,379,823,104 bytes free

.

- - End Of File - - 0DD91591C85E819365330B94B8C1AC56

Posted
the ask toolbar will not remove.

 

* Open OTL

* Copy and Paste the following text in the codebox into the Custom Scans/Fixes window.

 

:OTL

:folders
Ask Toolbar

:COMMANDS
[resethosts]
[purity]
[emptytemp]
[start explorer]

 

* Click Run Fix

* OTLI2 may ask to reboot the machine. Please do so if asked.

* Click OK

* A report will open. Copy and Paste that report in your next reply.

******************************************************

firefox was still directing me to searchqu.com

Did you do the OTL script as described in Reply # 4? I would like to see the log.

I would also like to see the log for MBAM. If you can't find it, please run it again and post the log.

 

Re-running ComboFix to remove infections:

 

  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Open notepad and copy/paste the text in the quotebox below into it:

    KillAll::
     
    File::
    c:\windows\TEMP\logishrd\LVPrcInj01.dll
    c:\windows\TEMP\logishrd\LVPrcInj02.dll
    Folder::
    \Free Offers from Freeze.com
     
  • Save this as CFScript.txt, in the same location as ComboFix.exe
     
    http://i424.photobucket.com/albums/pp322/digistar/cfscriptb4.gif
     
  • Referring to the picture above, drag CFScript into ComboFix.exe
  • When finished, it shall produce a log for you at C:\ComboFix.txt
  • Please post the contents of the log in your next reply.

*****************************************************

Download Security Check by screen317 from one of the following links and save it to your desktop.

 

Link 1

Link 2

 

* Unzip SecurityCheck.zip and a folder named Security Check should appear.

* Open the Security Check folder and double-click Security Check.bat

* Follow the on-screen instructions inside of the black box.

* A Notepad document should open automatically called checkup.txt

* Post the contents of that document in your next reply.

 

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.

Posted

Hi Dave,

I did run all the scripts as asked sorry i missed the otl report, i rerun it along with the others you requested. I get a window that says windows has encountered a critical error at the end of the custom fix's just thought i would let you know. The ask toolbar still remains when i have tried in the past it tells me it is missing something it needs to remove it if you like I could do it again and take note. here is the latest.

 

Thanks Rob

 

 

 

 

 

 

 

 

All processes killed

========== OTL ==========

========== COMMANDS ==========

C:\Windows\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

 

[EMPTYTEMP]

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: Public

->Temp folder emptied: 0 bytes

 

User: rob

->Temp folder emptied: 6893 bytes

->Temporary Internet Files folder emptied: 94587 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 19315645 bytes

->Google Chrome cache emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 240688 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 19.00 mb

 

 

OTL by OldTimer - Version 3.2.24.1 log created on 06302011_112046

 

Files\Folders moved on Reboot...

C:\Users\rob\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

File move failed. C:\Windows\temp\logishrd\LVPrcInj01.dll scheduled to be moved on reboot.

File move failed. C:\Windows\temp\logishrd\LVPrcInj02.dll scheduled to be moved on reboot.

 

Registry entries deleted on Reboot...

 

 

 

 

 

 

 

 

 

 

All processes killed

========== OTL ==========

Error: Unable to interpret <:folders> in the current context!

Error: Unable to interpret <Ask Toolbar> in the current context!

========== COMMANDS ==========

C:\Windows\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

 

[EMPTYTEMP]

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: Public

->Temp folder emptied: 0 bytes

 

User: rob

->Temp folder emptied: 418746 bytes

->Temporary Internet Files folder emptied: 1463660 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 141741160 bytes

->Google Chrome cache emptied: 0 bytes

->Flash cache emptied: 1308 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 240688 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 137.00 mb

 

 

OTL by OldTimer - Version 3.2.24.1 log created on 06302011_110419

 

Files\Folders moved on Reboot...

C:\Users\rob\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

File move failed. C:\Windows\temp\logishrd\LVPrcInj01.dll scheduled to be moved on reboot.

File move failed. C:\Windows\temp\logishrd\LVPrcInj02.dll scheduled to be moved on reboot.

 

Registry entries deleted on Reboot...

 

 

 

 

 

 

 

 

 

ComboFix 11-06-28.05 - rob 30/06/2011 11:30:27.2.4 - x64

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.61.1033.18.4079.2525 [GMT 10:00]

Running from: c:\users\rob\Desktop\combofix\ComboFix.exe

Command switches used :: c:\users\rob\Desktop\logs\New folder\CFscript.txt

AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}

SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

FILE ::

"c:\windows\TEMP\logishrd\LVPrcInj01.dll"

"c:\windows\TEMP\logishrd\LVPrcInj02.dll"

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\TEMP\logishrd\LVPrcInj01.dll . . . . Failed to delete

c:\windows\TEMP\logishrd\LVPrcInj02.dll . . . . Failed to delete

.

.

((((((((((((((((((((((((( Files Created from 2011-05-28 to 2011-06-30 )))))))))))))))))))))))))))))))

.

.

2011-06-30 01:35 . 2011-06-30 01:35 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-06-29 08:06 . 2011-06-29 08:06 -------- d-----w- C:\_OTL

2011-06-29 02:06 . 2011-06-29 02:06 -------- d-----w- c:\users\rob\AppData\Roaming\SUPERAntiSpyware.com

2011-06-29 02:06 . 2011-06-29 02:06 -------- d-----w- c:\programdata\SUPERAntiSpyware.com

2011-06-29 02:06 . 2011-06-29 02:06 -------- d-----w- c:\programdata\!SASCORE

2011-06-29 02:06 . 2011-06-29 02:06 -------- d-----w- c:\program files\SUPERAntiSpyware

2011-06-27 23:32 . 2011-06-27 23:32 -------- d-----w- c:\program files (x86)\Free Offers from Freeze.com

2011-06-26 14:56 . 2011-06-26 14:56 -------- d-----w- c:\users\rob\AppData\Roaming\Malwarebytes

2011-06-26 14:56 . 2011-05-28 23:11 39984 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys

2011-06-26 14:56 . 2011-06-26 14:56 -------- d-----w- c:\programdata\Malwarebytes

2011-06-26 14:56 . 2011-06-26 14:56 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2011-06-26 14:56 . 2011-05-28 23:11 25912 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-06-26 14:33 . 2011-06-26 14:42 -------- d-----w- c:\programdata\boost_interprocess

2011-06-26 14:32 . 2011-06-26 14:32 -------- d-----w- c:\users\rob\AppData\Local\PackageAware

2011-06-24 02:20 . 2011-06-24 02:20 2106216 ----a-w- c:\program files (x86)\Mozilla Firefox\D3DCompiler_43.dll

2011-06-24 02:20 . 2011-06-24 02:20 1998168 ----a-w- c:\program files (x86)\Mozilla Firefox\d3dx9_43.dll

2011-06-22 11:10 . 2011-06-30 01:36 -------- d-----w- c:\programdata\NVIDIA

2011-06-22 03:15 . 2002-07-31 09:55 96 --sh--w- c:\windows\WSYS049.SYS

2011-06-22 03:14 . 2011-06-22 03:14 -------- d-----w- c:\users\rob\AppData\Roaming\Photopos

2011-06-22 03:14 . 2011-06-22 03:14 -------- d-----w- c:\programdata\EmailNotifier

2011-06-22 03:14 . 2011-06-26 15:43 -------- d-----w- c:\program files (x86)\PhotoposComTbr

2011-06-22 03:14 . 2011-06-22 03:14 208017 ----a-w- c:\windows\Photo Pos Pro Uninstaller.exe

2011-06-22 03:14 . 2011-06-22 03:14 -------- d-----w- c:\program files (x86)\Photo Pos Pro

2011-06-22 03:14 . 2011-06-22 03:14 -------- d-----w- c:\program files (x86)\Common Files\Thraex Software

2011-06-15 12:25 . 2011-04-29 03:13 461312 ----a-w- c:\windows\system32\drivers\srv.sys

2011-06-15 12:25 . 2011-04-29 03:12 399872 ----a-w- c:\windows\system32\drivers\srv2.sys

2011-06-15 12:25 . 2011-04-29 03:12 161792 ----a-w- c:\windows\system32\drivers\srvnet.sys

2011-06-15 12:17 . 2010-12-18 06:13 861184 ----a-w- c:\windows\system32\oleaut32.dll

2011-06-15 12:17 . 2010-12-18 05:31 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll

2011-06-15 12:12 . 2011-05-03 05:21 976896 ----a-w- c:\windows\system32\inetcomm.dll

2011-06-15 12:12 . 2011-05-03 04:50 740864 ----a-w- c:\windows\SysWow64\inetcomm.dll

2011-06-15 09:41 . 2011-06-15 09:41 -------- d-----w- c:\users\rob\AppData\Local\CounterPath Corporation

2011-06-15 09:41 . 2011-06-15 09:41 -------- d-----w- c:\users\rob\AppData\Local\CounterPath

2011-06-15 09:40 . 2011-06-15 09:40 -------- d-----w- c:\program files (x86)\CounterPath

2011-06-12 07:41 . 2011-06-12 07:41 -------- d-----w- c:\program files (x86)\Common Files\Java

2011-06-12 07:38 . 2011-05-03 18:52 476904 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

2011-06-10 12:50 . 2011-06-24 02:21 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-06-08 14:42 . 2011-06-08 14:42 -------- d-----w- c:\program files (x86)\GoldWave

2011-06-07 02:35 . 2011-06-07 02:35 103864 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll

2011-06-07 02:35 . 2011-06-07 02:35 103864 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll

2011-06-06 08:25 . 2011-06-06 08:25 -------- d-----w- c:\program files (x86)\IObit Toolbar

2011-06-06 08:25 . 2011-06-06 08:25 -------- d-----w- c:\program files (x86)\Application Updater

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-06-30 01:37 . 2011-01-31 10:09 30528 ----a-w- c:\windows\GVTDrv64.sys

2011-06-30 01:37 . 2011-01-31 10:09 25640 ----a-w- c:\windows\gdrv.sys

2011-05-03 18:52 . 2011-02-13 12:09 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll

2011-04-28 00:49 . 2011-04-28 00:49 197120 ----a-w- c:\windows\system32\d3d10_1.dll

2011-04-28 00:49 . 2011-04-28 00:49 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll

2011-04-28 00:48 . 2011-04-28 00:48 14336 ----a-w- c:\windows\system32\drivers\sffp_sd.sys

2011-04-22 20:18 . 2011-05-25 04:19 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys

2011-04-09 06:58 . 2011-05-21 17:31 142336 ----a-w- c:\windows\system32\poqexec.exe

2011-04-09 06:45 . 2011-05-11 14:16 5509504 ----a-w- c:\windows\system32\ntoskrnl.exe

2011-04-09 06:13 . 2011-05-11 14:16 3957632 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2011-04-09 06:13 . 2011-05-11 14:16 3901824 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2011-04-09 05:56 . 2011-05-21 17:31 123904 ----a-w- c:\windows\SysWow64\poqexec.exe

2011-04-07 00:12 . 2011-01-31 10:48 505128 ----a-w- c:\windows\SysWow64\msvcp71.dll

2011-04-07 00:12 . 2011-01-31 10:48 29480 ----a-w- c:\windows\SysWow64\msxml3a.dll

2011-04-07 00:12 . 2011-01-31 10:37 353576 ----a-w- c:\windows\SysWow64\msvcr71.dll

2011-04-03 01:30 . 2011-01-31 10:32 25640 ----a-w- c:\windows\etdrv.sys

.

.

((((((((((((((((((((((((((((( SnapShot@2011-06-29_08.23.27 )))))))))))))))))))))))))))))))))))))))))

.

- 2009-07-14 00:13 . 2009-07-14 01:14 86528 c:\windows\SysWOW64\SearchFilterHost.exe

+ 2011-06-29 01:58 . 2011-05-04 04:52 86528 c:\windows\SysWOW64\SearchFilterHost.exe

+ 2011-06-29 01:58 . 2011-05-04 04:52 59392 c:\windows\SysWOW64\msscntrs.dll

- 2009-07-14 00:12 . 2009-07-14 01:15 59392 c:\windows\SysWOW64\msscntrs.dll

- 2009-07-13 23:16 . 2009-07-14 01:15 44544 c:\windows\SysWOW64\devrtl.dll

+ 2011-06-29 01:58 . 2011-05-24 10:34 44544 c:\windows\SysWOW64\devrtl.dll

- 2009-07-13 23:16 . 2009-07-14 01:15 64512 c:\windows\SysWOW64\devobj.dll

+ 2011-06-29 01:58 . 2011-05-24 10:34 64512 c:\windows\SysWOW64\devobj.dll

+ 2009-07-14 04:54 . 2011-06-30 01:36 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2009-07-14 04:54 . 2011-06-29 08:23 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2009-07-14 04:54 . 2011-06-29 08:23 81920 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-07-14 04:54 . 2011-06-30 01:36 81920 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-07-14 04:54 . 2011-06-29 08:23 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 04:54 . 2011-06-30 01:36 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2011-01-31 10:41 . 2011-06-30 01:23 43934 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 05:10 . 2011-06-30 01:23 32210 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2011-06-29 01:58 . 2011-05-04 05:28 75264 c:\windows\system32\msscntrs.dll

- 2009-07-14 00:29 . 2009-07-14 01:41 75264 c:\windows\system32\msscntrs.dll

- 2011-01-31 09:51 . 2011-06-16 04:01 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2011-01-31 09:51 . 2011-06-29 17:20 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2009-07-14 04:54 . 2011-06-16 04:01 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 04:54 . 2011-06-29 17:20 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2011-01-31 10:34 . 2011-06-29 08:09 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2011-01-31 10:34 . 2011-06-30 01:22 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-07-14 04:46 . 2011-06-30 01:13 78432 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat

- 2011-01-31 10:34 . 2011-06-29 08:09 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2011-01-31 10:34 . 2011-06-30 01:22 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2011-01-31 10:34 . 2011-06-29 08:09 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2011-01-31 10:34 . 2011-06-30 01:22 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2011-01-31 10:34 . 2011-06-29 08:23 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2011-01-31 10:34 . 2011-06-30 01:36 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2011-01-31 10:34 . 2011-06-29 08:23 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2011-01-31 10:34 . 2011-06-30 01:36 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2011-01-31 10:13 . 2011-06-30 01:23 6602 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3789966692-4173378482-2834506782-1000_UserData.bin

- 2011-06-29 08:23 . 2011-06-29 08:23 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2011-06-30 01:36 . 2011-06-30 01:36 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2011-06-29 08:23 . 2009-10-06 14:46 131608 c:\windows\Temp\logishrd\LVPrcInj02.dll

+ 2011-06-30 01:36 . 2009-10-06 14:46 131608 c:\windows\Temp\logishrd\LVPrcInj02.dll

+ 2011-06-30 01:36 . 2009-10-06 14:47 109080 c:\windows\Temp\logishrd\LVPrcInj01.dll

- 2011-06-29 08:23 . 2009-10-06 14:47 109080 c:\windows\Temp\logishrd\LVPrcInj01.dll

+ 2011-06-29 01:58 . 2011-05-04 04:52 164352 c:\windows\SysWOW64\SearchProtocolHost.exe

- 2009-07-14 00:14 . 2009-07-14 01:14 164352 c:\windows\SysWOW64\SearchProtocolHost.exe

+ 2011-06-29 01:58 . 2011-05-04 04:52 428032 c:\windows\SysWOW64\SearchIndexer.exe

- 2009-07-14 00:14 . 2009-07-14 01:14 428032 c:\windows\SysWOW64\SearchIndexer.exe

- 2009-07-14 00:13 . 2009-07-14 01:15 666624 c:\windows\SysWOW64\mssvp.dll

+ 2011-06-29 01:58 . 2011-05-04 04:52 666624 c:\windows\SysWOW64\mssvp.dll

- 2009-07-14 00:14 . 2009-07-14 01:15 197120 c:\windows\SysWOW64\mssphtb.dll

+ 2011-06-29 01:58 . 2011-05-04 04:52 197120 c:\windows\SysWOW64\mssphtb.dll

- 2009-07-14 00:13 . 2009-07-14 01:15 337408 c:\windows\SysWOW64\mssph.dll

+ 2011-06-29 01:58 . 2011-05-04 04:52 337408 c:\windows\SysWOW64\mssph.dll

+ 2011-06-29 01:58 . 2011-05-24 10:32 252928 c:\windows\SysWOW64\drvinst.exe

- 2009-07-13 23:16 . 2009-07-14 01:14 252928 c:\windows\SysWOW64\drvinst.exe

+ 2011-06-29 01:58 . 2011-05-24 10:34 145920 c:\windows\SysWOW64\cfgmgr32.dll

- 2009-07-13 23:16 . 2009-07-14 01:15 145920 c:\windows\SysWOW64\cfgmgr32.dll

+ 2011-01-31 20:31 . 2011-06-30 01:01 302686 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin

+ 2011-06-29 01:58 . 2011-05-24 11:21 404992 c:\windows\system32\umpnpmgr.dll

- 2009-07-14 00:30 . 2009-07-14 01:39 249856 c:\windows\system32\SearchProtocolHost.exe

+ 2011-06-29 01:58 . 2011-05-04 05:24 249856 c:\windows\system32\SearchProtocolHost.exe

+ 2011-06-29 01:58 . 2011-05-04 05:24 593408 c:\windows\system32\SearchIndexer.exe

- 2009-07-14 00:32 . 2009-07-14 01:39 593408 c:\windows\system32\SearchIndexer.exe

- 2009-07-14 00:29 . 2009-07-14 01:39 113664 c:\windows\system32\SearchFilterHost.exe

+ 2011-06-29 01:58 . 2011-05-04 05:24 113664 c:\windows\system32\SearchFilterHost.exe

+ 2009-07-14 02:36 . 2011-06-30 01:27 628024 c:\windows\system32\perfh009.dat

- 2009-07-14 02:36 . 2011-06-29 08:14 628024 c:\windows\system32\perfh009.dat

+ 2009-07-14 02:36 . 2011-06-30 01:27 110208 c:\windows\system32\perfc009.dat

- 2009-07-14 02:36 . 2011-06-29 08:14 110208 c:\windows\system32\perfc009.dat

+ 2011-06-29 01:58 . 2011-05-04 05:28 779264 c:\windows\system32\mssvp.dll

- 2009-07-14 00:30 . 2009-07-14 01:41 779264 c:\windows\system32\mssvp.dll

- 2009-07-14 00:32 . 2009-07-14 01:41 288256 c:\windows\system32\mssphtb.dll

+ 2011-06-29 01:58 . 2011-05-04 05:28 288256 c:\windows\system32\mssphtb.dll

- 2009-07-14 00:30 . 2009-07-14 01:41 491520 c:\windows\system32\mssph.dll

+ 2011-06-29 01:58 . 2011-05-04 05:28 491520 c:\windows\system32\mssph.dll

+ 2009-07-14 04:45 . 2011-06-29 17:16 276096 c:\windows\system32\FNTCACHE.DAT

- 2009-07-14 04:45 . 2011-06-16 04:01 276096 c:\windows\system32\FNTCACHE.DAT

+ 2011-06-15 11:11 . 2011-06-30 01:35 289920 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

+ 2009-07-14 05:01 . 2011-06-30 01:35 233792 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2011-06-29 01:58 . 2011-05-04 04:53 1553920 c:\windows\SysWOW64\tquery.dll

+ 2011-06-29 01:58 . 2011-05-04 04:52 1401856 c:\windows\SysWOW64\mssrch.dll

- 2009-07-14 00:13 . 2009-07-14 01:15 1401856 c:\windows\SysWOW64\mssrch.dll

+ 2011-06-29 01:58 . 2011-05-04 05:30 2326016 c:\windows\system32\tquery.dll

- 2009-07-14 00:35 . 2009-07-14 01:41 2228224 c:\windows\system32\mssrch.dll

+ 2011-06-29 01:58 . 2011-05-04 05:28 2228224 c:\windows\system32\mssrch.dll

+ 2009-07-14 04:45 . 2011-06-29 17:19 3834178 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat

- 2009-07-14 04:45 . 2011-06-16 04:03 3834178 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat

- 2009-07-14 02:34 . 2011-06-29 08:21 10223616 c:\windows\system32\SMI\Store\Machine\schema.dat

+ 2009-07-14 02:34 . 2011-06-30 01:34 10223616 c:\windows\system32\SMI\Store\Machine\schema.dat

+ 2011-03-19 00:32 . 2011-06-30 01:35 12150216 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3789966692-4173378482-2834506782-1000-8192.dat

.

-- Snapshot reset to current date --

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{0F3DC9E0-C459-4a40-BCF8-747BD9322E10}"= "c:\program files (x86)\Splashtop\Splashtop Connect IE\AddressBarSearch.dll" [2011-01-20 165776]

.

[HKEY_CLASSES_ROOT\clsid\{0f3dc9e0-c459-4a40-bcf8-747bd9322e10}]

[HKEY_CLASSES_ROOT\AddressBarSearch.SearchHook.1]

[HKEY_CLASSES_ROOT\TypeLib\{4E8E0178-00EF-413d-9324-E7B3E31572E3}]

[HKEY_CLASSES_ROOT\AddressBarSearch.SearchHook]

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{0E5680D1-BF44-4929-94AF-FD30D784AD1D}]

2011-01-20 22:39 345968 ----a-w- c:\program files (x86)\Splashtop\Splashtop Connect IE\STC.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ISUSPM Startup"="c:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-16 221184]

"WinFast Schedule"="c:\program files\WinFast\WFDTV\WFWIZ.exe" [2010-08-11 2920448]

"Steam"="c:\program files (x86)\Steam\steam.exe" [2011-03-18 1242448]

"Advanced SystemCare 4"="c:\program files (x86)\IObit\Advanced SystemCare 4\ASCTray.exe" [2011-05-28 412560]

"X-Lite 4"="c:\program files (x86)\CounterPath\X-Lite 4\X-Lite4.exe" [2010-08-11 2863616]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288]

"ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]

"ASUSGamerOSD"="c:\program files (x86)\ASUS\GamerOSD\GamerOSD.exe" [2009-07-30 380928]

"InstantBurn"="c:\progra~2\CYBERL~1\INSTAN~1\Win2K\IBurn.exe" [2008-10-17 681256]

"MDS_Menu"="c:\program files (x86)\CyberLink\MediaShow4\MUITransfer\MUIStartMenu.exe" [2009-02-25 218408]

"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2009-04-30 103720]

"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-02-25 218408]

"UpdatePPShortCut"="c:\program files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]

"UpdatePSTShortCut"="c:\program files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe" [2009-05-25 210216]

"STCAgent"="c:\program files (x86)\Splashtop\Splashtop Connect IE\STCAgent.exe" [2011-01-20 776064]

"ZyngaGamesAgent"="c:\program files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe" [2010-11-15 841544]

"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]

"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2010-12-12 281768]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

"WinFastDTV"="c:\program files\WinFast\WFDTV\DTVSchdl.exe" [2010-06-09 101888]

"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]

"RemoteControl8"="c:\program files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe" [2009-07-16 91432]

"PDVD8LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD8\Language\Language.exe" [2009-04-15 50472]

"BDRegion"="c:\program files (x86)\Cyberlink\Shared Files\brs.exe" [2009-08-28 75048]

"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2011-05-17 395144]

"SearchSettings"="c:\program files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe" [2011-05-06 532320]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-28 449584]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]

"EasyTuneVI"="c:\program files (x86)\GIGABYTE\ET6\ETCall.exe" [2007-07-26 20480]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-11 136176]

R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-05-28 366640]

R2 SmartViewService;Smart View Service;c:\program files (x86)\DeviceVM\SmartView\SmartViewService.exe [x]

R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-10-05 2655768]

R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [x]

R3 etdrv;etdrv;c:\windows\etdrv.sys [2011-04-03 25640]

R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [x]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-11 136176]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [x]

S1 CLBStor;InstantBurn Storage Helper Driver;c:\windows\system32\DRIVERS\CLBStor.sys [x]

S1 EIO64;EIO Driver;c:\windows\system32\DRIVERS\EIO64.sys [x]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2010-02-17 14920]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2010-02-17 12360]

S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-05-04 128384]

S2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};Power Control [2011/04/07 10:13];c:\program files (x86)\CyberLink\PowerDVD8\000.fcl [2009-08-28 08:36 146928]

S2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files (x86)\IObit\Advanced SystemCare 4\ASCService.exe [2011-05-28 353168]

S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-04-29 136360]

S2 Application Updater;Application Updater;c:\program files (x86)\Application Updater\ApplicationUpdater.exe [2011-05-06 393112]

S2 CLBUDF;CyberLink InstantBurn UDF Filesystem; [x]

S2 DES2 Service;DES2 Service for Energy Saving.;c:\program files (x86)\GIGABYTE\EnergySaver2\des2svr.exe [2009-06-17 68136]

S2 LVPrcS64;Process Monitor;c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2009-10-06 191000]

S2 SCBackService;Splashtop Connect Service;c:\program files (x86)\Splashtop\Splashtop Connect\BackService.exe [2010-11-15 477000]

S2 Smart TimeLock;Smart TimeLock Service;c:\program files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe [2009-10-13 114688]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-03-23 378472]

S2 WCUService_STC_IE;Splashtop Connect IE Software Updater Service;c:\program files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe [2011-03-22 497480]

S3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys [2011-06-30 30528]

S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [x]

S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]

S3 LVUVC64;QuickCam Communicate Deluxe(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x]

S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]

S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]

S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

S3 WFSONORA;WinFast PxDVR3200 H (XC4000);c:\windows\system32\drivers\wfsonora.sys [x]

.

.

Contents of the 'Scheduled Tasks' folder

.

2011-06-30 c:\windows\Tasks\FreeFileViewerUpdateChecker.job

- c:\program files (x86)\FreeFileViewer\FFVCheckForUpdates.exe [2011-02-04 05:24]

.

2011-06-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-23 07:45]

.

2011-06-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-23 07:45]

.

2011-06-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3789966692-4173378482-2834506782-1000Core.job

- c:\users\rob\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-11 07:45]

.

2011-06-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3789966692-4173378482-2834506782-1000UA.job

- c:\users\rob\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-11 07:45]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{45d30484-7ded-43d9-957a-d2fd1f046511}]

2009-11-25 01:47 444752 ----a-w- c:\windows\System32\mscoree.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{1d09c093-f71e-43c3-b948-19316cbd695e}"= "mscoree.dll" [2009-11-25 444752]

.

[HKEY_CLASSES_ROOT\CLSID\{1d09c093-f71e-43c3-b948-19316cbd695e}]

[HKEY_CLASSES_ROOT\tGBandObj.tGBandObjClass]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-09-03 11464296]

"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2010-06-14 190536]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"RPMKickstart"="c:\program files\GIGABYTE\SMART6\Recovery\RPMKickstart.exe" [2010-08-23 2552320]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.com/

IE: Download all with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dlall.htm

IE: Download selected with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dlselected.htm

IE: Download video with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dlfvideo.htm

IE: Download with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dllink.htm

TCP: DhcpNameServer = 192.168.1.1

FF - ProfilePath - c:\users\rob\AppData\Roaming\Mozilla\Firefox\Profiles\8c05a9jo.default\

FF - prefs.js: browser.search.selectedEngine - Search Results

FF - prefs.js: browser.startup.homepage - hxxp://google.com.au/

FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties

FF - user.js: browser.cache.memory.capacity - 65536

FF - user.js: browser.chrome.favicons - false

FF - user.js: browser.display.show_image_placeholders - true

FF - user.js: browser.turbo.enabled - true

FF - user.js: browser.urlbar.autocomplete.enabled - true

FF - user.js: browser.urlbar.autofill - false

FF - user.js: browser.xul.error_pages.enabled - false

FF - user.js: content.interrupt.parsing - true

FF - user.js: content.max.tokenizing.time - 3000000

FF - user.js: content.maxtextrun - 8191

FF - user.js: content.notify.backoffcount - 5

FF - user.js: content.notify.interval - 750000

FF - user.js: content.notify.ontimer - true

FF - user.js: content.switch.threshold - 750000

FF - user.js: network.http.max-connections - 32

FF - user.js: network.http.max-connections-per-server - 8

FF - user.js: network.http.max-persistent-connections-per-proxy - 8

FF - user.js: network.http.max-persistent-connections-per-server - 4

FF - user.js: network.http.pipelining - true

FF - user.js: network.http.pipelining.firstrequest - true

FF - user.js: network.http.pipelining.maxrequests - 8

FF - user.js: network.http.proxy.pipelining - true

FF - user.js: network.http.request.max-start-delay - 0

FF - user.js: nglayout.initialpaint.delay - 0

FF - user.js: plugin.expose_full_path - true

FF - user.js: ui.submenuDelay - 0

FF - user.js: yahoo.ytff.general.dontshowhpoffer - true

FF - user.js: browser.urlbar.hideGoButton -

FF - user.js: dom.disable_window_open_feature.minimizable - True

FF - user.js: dom.disable_window_open_feature.menubar - True

FF - user.js: dom.disable_window_open_feature.scrollbars - True

.

- - - - ORPHANS REMOVED - - - -

.

BHO-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)

BHO-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)

BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

Toolbar-10 - (no file)

.

.

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]

"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD8\000.fcl"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe

c:\program files (x86)\IObit\Advanced SystemCare 4\PMonitor.exe

c:\windows\SysWOW64\ASDR.exe

c:\program files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe

c:\program files (x86)\CyberLink\Shared files\RichVideo.exe

c:\program files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

c:\program files (x86)\ASUS\SmartDoctor\SmartDoctor.exe

c:\program files (x86)\GIGABYTE\ET6\GUI.exe

c:\program files (x86)\CyberLink\InstantBurn\Win2K\IBurn.exe

c:\program files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe

c:\program files (x86)\GIGABYTE\Smart6\Timelock\AlarmClock.exe

c:\program files (x86)\Common Files\Steam\SteamService.exe

c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

.

**************************************************************************

.

Completion time: 2011-06-30 11:39:07 - machine was rebooted

ComboFix-quarantined-files.txt 2011-06-30 01:39

ComboFix2.txt 2011-06-29 08:26

.

Pre-Run: 872,605,351,936 bytes free

Post-Run: 872,503,898,112 bytes free

.

- - End Of File - - EB746CCB7046191A3B979725FC801E5F

 

 

 

 

 

 

 

 

 

 

Results of screen317's Security Check version 0.99.17

Windows 7 (UAC is enabled)

Internet Explorer 8

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Enabled!

Avira AntiVir Personal - Free Antivirus

WMI entry may not exist for antivirus; attempting automatic update.

Avira successfully updated!

```````````````````````````````

Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware

Java 6 Update 26

Adobe Flash Player 10.3.181.26

Mozilla Firefox (x86 en-US..)

````````````````````````````````

Process Check:

objlist.exe by Laurent

Malwarebytes' Anti-Malware mbamservice.exe

Avira Antivir avgnt.exe

Avira Antivir avguard.exe

``````````End of Log````````````

 

 

 

 

 

 

 

 

 

Malwarebytes' Anti-Malware 1.51.0.1200

http://www.malwarebytes.org

 

Database version: 6975

 

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

 

30/06/2011 12:35:09 PM

mbam-log-2011-06-30 (12-34-42).txt

 

Scan type: Full scan (C:\|)

Objects scanned: 352281

Time elapsed: 39 minute(s), 56 second(s)

 

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 3

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 8

 

Memory Processes Infected:

(No malicious items detected)

 

Memory Modules Infected:

(No malicious items detected)

 

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PKRCasino (PUP.Casino) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mummysgold (PUP.Casino.Gen) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\spinpalace (PUP.Casino.Gen) -> No action taken.

 

Registry Values Infected:

(No malicious items detected)

 

Registry Data Items Infected:

(No malicious items detected)

 

Folders Infected:

(No malicious items detected)

 

Files Infected:

c:\Casino\pkrcasino\_setupcasino_750a.exe (PUP.Casino) -> No action taken.

c:\microgaming\Casino\mummysgoldcasino\install.exe (PUP.Casino.Gen) -> No action taken.

c:\microgaming\Casino\rubyfortune\install.exe (PUP.Casino.Gen) -> No action taken.

c:\microgaming\Casino\spinpalace\install.exe (PUP.Casino.Gen) -> No action taken.

c:\Users\rob\downloads\mummysgold.exe (PUP.Casino.Gen) -> No action taken.

c:\Users\rob\downloads\setupcasino_750a.exe (PUP.Casino) -> No action taken.

c:\Users\rob\downloads\spinpalace(1).exe (PUP.Casino.Gen) -> No action taken.

c:\Users\rob\downloads\spinpalace.exe (PUP.Casino.Gen) -> No action taken.

Posted

Please run MBAM again and, this time, fix the infections.

 

Please download Rooter and Save it to your desktop.

  • Double click it to start the tool.Vista and Windows7 run as administrator.
  • Click Scan.
  • Eventually, a Notepad file containing the report will open, also found at C:\Rooter.txt. Post that log in your next reply.

Posted
Hi dave just to let you know I have no internet atm should be back up in a few days. Thanks again for you help so far

Ok. Just post the logs when you're able.

Posted

Hi Dave,

Im back online, here are the latest logs.

 

 

 

Malwarebytes' Anti-Malware 1.51.0.1200

http://www.malwarebytes.org

 

Database version: 6975

 

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

 

1/07/2011 11:50:13 AM

mbam-log-2011-07-01 (11-50-13).txt

 

Scan type: Full scan (C:\|G:\|)

Objects scanned: 352620

Time elapsed: 50 minute(s), 58 second(s)

 

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 3

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 4

 

Memory Processes Infected:

(No malicious items detected)

 

Memory Modules Infected:

(No malicious items detected)

 

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PKRCasino (PUP.Casino) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mummysgold (PUP.Casino.Gen) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\spinpalace (PUP.Casino.Gen) -> Quarantined and deleted successfully.

 

Registry Values Infected:

(No malicious items detected)

 

Registry Data Items Infected:

(No malicious items detected)

 

Folders Infected:

(No malicious items detected)

 

Files Infected:

c:\Casino\pkrcasino\_setupcasino_750a.exe (PUP.Casino) -> Quarantined and deleted successfully.

c:\microgaming\Casino\mummysgoldcasino\install.exe (PUP.Casino.Gen) -> Quarantined and deleted successfully.

c:\microgaming\Casino\rubyfortune\install.exe (PUP.Casino.Gen) -> Quarantined and deleted successfully.

c:\microgaming\Casino\spinpalace\install.exe (PUP.Casino.Gen) -> Quarantined and deleted successfully.

 

 

 

 

 

Rooter.exe (v1.0.2) by Eric_71

.

SeDebugPrivilege granted successfully ...

.

Windows 7 Home Edition (6.1.7600)

[32_bits] - Intel64 Family 6 Model 42 Stepping 7, GenuineIntel

.

[wscsvc] (Security Center) RUNNING (state:4)

[MpsSvc] RUNNING (state:4)

Windows Firewall -> Enabled

Windows Defender -> Enabled

User Account Control (UAC) -> Enabled

.

Internet Explorer 8.0.7600.16385

Mozilla Firefox 5.0 (en-US)

.

C:\ [Fixed-NTFS] .. ( Total:931 Go - Free:804 Go )

D:\ [CD_Rom]

.

Scan : 12:24.24

Path : C:\Users\rob\Desktop\Rooter.exe

User : rob ( Administrator -> YES )

.

----------------------\\ Processes

.

Locked [system Process] (0)

Locked System (4)

______ ?????????? (276)

______ ?????????? (444)

______ ?????????? (504)

______ ?????????? (560)

______ ?????????? (588)

______ ?????????? (596)

______ ?????????? (692)

______ ?????????? (816)

______ ?????????? (844)

______ ?????????? (896)

______ ?????????? (988)

______ ?????????? (252)

______ ?????????? (324)

______ ?????????? (540)

______ ?????????? (1476)

______ ?????????? (1572)

______ ?????????? (1648)

______ C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (1708)

______ ?????????? (1944)

______ C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (1964)

______ C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCService.exe (1988)

______ C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (2020)

______ C:\Windows\SysWOW64\ASDR.exe (1204)

______ C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe (1352)

______ ?????????? (1736)

______ ?????????? (1756)

______ ?????????? (1276)

______ C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe (1432)

______ C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe (2084)

______ C:\Program Files (x86)\Splashtop\Splashtop Connect\BackService.exe (2112)

______ C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe (2152)

______ C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (2180)

______ C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (2224)

______ C:\Program Files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe (2248)

______ ?????????? (2756)

______ ?????????? (2852)

______ C:\Windows\sysWOW64\wbem\wmiprvse.exe (3888)

______ ?????????? (4840)

______ ?????????? (5036)

______ ?????????? (5108)

______ ?????????? (4016)

______ C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (5632)

______ C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (3524)

______ C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (5956)

______ C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe (5824)

______ ?????????? (5596)

______ ?????????? (4656)

______ C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\AlarmClock.exe (3144)

______ ?????????? (4044)

______ ?????????? (4632)

______ ?????????? (5620)

______ ?????????? (352)

______ ?????????? (3864)

______ ?????????? (2440)

______ ?????????? (4688)

______ C:\Program Files (x86)\IObit\Advanced SystemCare 4\PMonitor.exe (3628)

______ ?????????? (3256)

______ ?????????? (2280)

______ C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe (5392)

______ ?????????? (5444)

______ ?????????? (1144)

______ C:\Program Files\WinFast\WFDTV\WFWIZ.exe (2540)

______ C:\Program Files (x86)\Steam\steam.exe (1196)

______ C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCTray.exe (6132)

______ C:\Program Files (x86)\CounterPath\X-Lite 4\X-Lite4.exe (4332)

______ C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (4816)

______ C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe (3996)

______ C:\Program Files (x86)\ASUS\GamerOSD\GamerOSD.exe (4760)

______ C:\Program Files (x86)\CyberLink\InstantBurn\Win2K\IBurn.exe (1892)

______ C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (1612)

______ C:\Program Files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe (4640)

______ C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe (4560)

______ C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (3840)

______ C:\Program Files\WinFast\WFDTV\DTVSchdl.exe (1364)

______ C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe (4864)

______ C:\Program Files (x86)\CyberLink\Shared files\brs.exe (3640)

______ C:\Program Files (x86)\Ask.com\Updater\Updater.exe (1036)

______ C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (2920)

______ C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (4724)

______ ?????????? (1372)

______ C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe (852)

______ ?????????? (1692)

______ C:\Program Files (x86)\Common Files\Steam\SteamService.exe (3720)

______ C:\Program Files (x86)\Mozilla Firefox\firefox.exe (6064)

Locked audiodg.exe (3316)

______ C:\Windows\SysWOW64\NOTEPAD.EXE (3080)

______ ?????????? (4540)

______ ?????????? (1428)

______ C:\Users\rob\Desktop\Rooter.exe (5256)

.

----------------------\\ Device\Harddisk0\

.

\Device\Harddisk0 [sectors : 19 x 512 Bytes]

.

\Device\Harddisk0\Partition1 --[ MBR ]-- (Start_Offset:1048576 | Length:104857600)

\Device\Harddisk0\Partition2 (Start_Offset:105906176 | Length:1000097185792)

.

----------------------\\ Scheduled Tasks

.

C:\Windows\Tasks\FreeFileViewerUpdateChecker.job

C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3789966692-4173378482-2834506782-1000Core.job

C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3789966692-4173378482-2834506782-1000UA.job

C:\Windows\Tasks\SA.DAT

C:\Windows\Tasks\SCHEDLGU.TXT

.

----------------------\\ Registry

.

.

----------------------\\ Files & Folders

.

----------------------\\ Scan completed at 12:24.24

.

C:\Rooter$\Rooter_6.txt - (08/07/2011 | 12:24.24)

Posted

Results of screen317's Security Check version 0.99.17

Windows 7 (UAC is enabled)

Internet Explorer 8

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Enabled!

Avira AntiVir Personal - Free Antivirus

WMI entry may not exist for antivirus; attempting automatic update.

Avira successfully updated!

```````````````````````````````

Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware

Java 6 Update 26

Adobe Flash Player 10.3.181.26

Mozilla Firefox (x86 en-US..)

````````````````````````````````

Process Check:

objlist.exe by Laurent

Malwarebytes' Anti-Malware mbamservice.exe

Avira Antivir avgnt.exe

Avira Antivir avguard.exe

``````````End of Log````````````

Posted

Today I received a phone call from a person pretending to be from Microsoft. They were telling me my computer has been sending them error reports saying it has dangerous errors and bugs. I hung up on them only to ring Microsoft and find out if this was for real, and just like I guessed its not. Man I am really starting to hate the way computers and the internet are going, so good in some ways but so bad in others. I think we need stronger laws and penalty's worldwide against malware designers, hackers etc.

Posted

I totally agree with your last statement. But, we all have to protect ourselves as much as possible. One more scan, please

 

ESET Online Scan

 

Scan your computer with the ESET FREE Online Virus Scan

 

* Click the ESET Online Scanner button.

 

* For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

* Click on the esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop

* Double click on the esetsmartinstaller_enu.exe icon on your desktop.

* Place a check mark next to YES, I accept the Terms of Use.

 

* Click the Start button.

* Accept any security warnings from your browser.

* Leave the check mark next to Remove found threats and place a check next to Scan archives.

* Click the Start button.

* ESET will then download updates, install, and begin scanning your computer. Please be patient as this can take some time.

* When the scan completes, click List of found threats.

* Next click Export to text file and save the file to your desktop using a name such as ESETScan. Include the contents of this report in your next reply.

* Click the Back button then click Finish.

 

In your next reply please include the ESET Online Scan Log

Posted

Hi Dave,

here is the eset log.

 

Thanks Rob

 

 

C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll a variant of Win32/Adware.Toolbar.Dealio application cleaned by deleting (after the next restart) - quarantined

C:\Program Files (x86)\IObit Toolbar\IE\4.5\iobitToolbarIE.dll a variant of Win32/Adware.Toolbar.Dealio application cleaned by deleting - quarantined

C:\Users\rob\AppData\Local\Temp\NODF635.tmp a variant of Win32/Adware.Toolbar.Dealio application cleaned by deleting (after the next restart) - quarantined

C:\Users\rob\Downloads\PhotoPosPro_SetUp.exe Win32/Toolbar.Zugo application deleted - quarantined

C:\Windows\Installer\3b042f7.msi a variant of Win32/Adware.Toolbar.Dealio application deleted - quarantined

C:\_OTL\MovedFiles\07082011_183003\C_Program Files (x86)\Application Updater\ApplicationUpdater.exe probably a variant of Win32/Adware.Toolbar.Dealio application cleaned by deleting - quarantined

C:\_OTL\MovedFiles\07082011_183003\C_Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe a variant of Win32/Adware.Toolbar.Dealio application cleaned by deleting - quarantined

Posted

That looks good. If there are no other issues, we can some cleanup.

 

To uninstall ComboFix

 

  • Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
  • In the field, type in ComboFix /uninstall

 

http://i424.photobucket.com/albums/pp322/digistar/Combofix_uninstall_image.jpg

 

(Note: Make sure there's a space between the word ComboFix and the forward-slash.)

 

  • Then, press Enter, or click OK.
  • This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.

*****************************************************

To remove all of the tools we used and the files and folders they created do the following:

Double click OTL.exe.

  • Click the CleanUp button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

*******************************************************

Clean out your temporary internet files and temp files.

Download TFC by OldTimer to your desktop.

 

Double-click TFC.exe to run it.

 

Note: If you are running on Vista, right-click on the file and choose Run As Administrator

 

TFC will close all programs when run, so make sure you have saved all your work before you begin.

 

* Click the Start button to begin the cleaning process.

* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.

* Please let TFC run uninterrupted until it is finished.

 

Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.

*****************************************************

Looking over your log it seems you don't have any evidence of a third party firewall.

 

Firewalls protect against hackers and malicious intruders. You need to download a free firewall from one of these reliable vendors.

 

Remember only install ONE firewall

 

1) Comodo Personal Firewall (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" and uncheck any HopSurf and/or Ask.com options if you choose this one)

2) Online Armor

3) Agnitum Outpost

4) PC Tools Firewall Plus

 

If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time.

**************************************************

Use the Secunia Software Inspector to check for out of date software.

 

•Click Start Now

 

•Check the box next to Enable thorough system inspection.

 

•Click Start

 

•Allow the scan to finish and scroll down to see if any updates are needed.

•Update anything listed.

.

----------

 

Go to Microsoft Windows Update and get all critical updates.

 

----------

 

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

 

SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.

* Using SpywareBlaster to protect your computer from Spyware and Malware

* If you don't know what ActiveX controls are, see here

 

Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

 

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

 

Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.

Safe Surfing!

Posted

Hi Dave,

I have loaded a new firewall and the other programs as recommended, the only concern I have now is will any of the programs i have conflict with each other? Apart from that the computer seems to be running great thanks again for all your help Dave and keep up the good work.

 

Thanks Rob

Posted
I have loaded a new firewall and the other programs as recommended, the only concern I have now is will any of the programs i have conflict with each other? Apart from that the computer seems to be running great thanks again for all your help Dave and keep up the good work.

The only programs that will conflict is if you run two AV's or two or more Firewalls. You're welcome. Tell your friends about us.

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...