Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Go to first new post NtAlpcCo... virus HELP PLEASE!
Go to first new post bitcoin miner infected on my PC
Go to first new post Trojan virus
Go to first new post Laptop is acting weird
Go to first new post WmiPrvSE.exe hogging CPU 30 - 50%
Go to first new post Not sure if my computer is infected
Go to first new post Unable to turn on Windows Security Centr ...
Go to first new post Unable to use HJT
Go to first new post YellowMoxie Redirect
Go to first new post only command prompt apears on boot
Go to first new post Unable to run malware programs, Proxy Se ...
Go to first new post Blekko Lavasoft search engine removal
Go to first new post WhiteSmoke virus?
Go to first new post possable infection request help ( hijack ...
Go to first new post Cannot download files (including Microso ...
Search Search
Search for:
Tech Support Guy Forums > > >

Help!! My files keep deleting themselves :(

(In Progress)
(!)

Reply
Cait3d1d's Avatar
Computer Specs
Junior Member with 14 posts.
THREAD STARTER
  
Join Date: Jun 2011
Experience: Intermediate
11-Jun-2011, 05:24 AM #1
Exclamation Help!! My files keep deleting themselves :(
Sincce Wednesday, files have just been deleting themselves from my computer, first it was just my documents folder and then last night it was my entire 750Gb external. I have no idea what is doing this, I've run countless antivirus scans and malware tests and nothing is being picked up.
I've had the laptop since last September and this is the first problem I have had.
Any ideas?

OS Version: Microsoft Windows 7 Professional , 32 bit
Processor: Intel(R) Core(TM) i5 CPU M 450 @ 2.40GHz, x64 Family 6 Model 37 Stepping 5
Processor Count: 4
RAM: 2548 Mb
Graphics Card: NVIDIA GeForce GT 330M , 1024 Mb
Hard Drives: C: Total - 228125 MB, Free - 1804 MB; D: Total - 228231 MB, Free - 2107 MB; J: Total - 715402 MB, Free - 346856 MB;
Motherboard: Acer , BAP50-CP , Not Applicable, 027FB5MBQTF00203
Antivirus: F-PROT Antivirus for Windows, Updated and Enabled
kevinf80's Avatar
kevinf80   (Kevin) kevinf80 is offline kevinf80 is authorized to help remove malware. kevinf80 has a Profile Picture
Computer Specs
Malware Removal Specialist with 8,514 posts.
  
Join Date: Mar 2006
Location: Sunderland UK
Experience: Intermediate
11-Jun-2011, 05:33 AM #2
We need to see some additional information about what is happening in your machine.*
Please perform the following scan:
  • Download DDS by sUBs from one of the following links.* Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool.* *
  • When done, DDS will open two (2) logs
    * * * * *1. DDS.txt
    * * * * *2. Attach.txt
  • Save both reports to your desktop.
  • The instructions here ask you to attach the Attach.txt.

    *
  • Instead of attaching, please copy/past both logs into your next reply.
  • Close the program window, and delete the program from your desktop.
Please note:* You may have to disable any script protection running if the scan fails to run.
After downloading the tool, disconnect from the internet and disable all antivirus protection.
Run the scan, enable your A/V and reconnect to the internet.*
Information on A/V control HERE

Copy and paste both logs to your reply....

Kevin
Cait3d1d's Avatar
Computer Specs
Junior Member with 14 posts.
THREAD STARTER
  
Join Date: Jun 2011
Experience: Intermediate
11-Jun-2011, 05:46 AM #3
Here are the logs, they are really really long...


DDS (Ver_2011-06-11.01) - NTFSx86
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_24
Run by user at 11:38:48 on 2011-06-11
Microsoft Windows 7 Professional 6.1.7600.0.1252.27.1033.18.2548.833 [GMT 2:00]
.
AV: F-PROT Antivirus for Windows *Enabled/Updated* {31B7FFC6-2716-5A4E-528D-32786E690ED2}
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Common Files\EgisTec\Services\EgisTicketService.exe
C:\Program Files\Acer Bio Protection\EgisService.exe
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files\Launch Manager\dsiwmis.exe
C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
C:\Program Files\Acer\Registration\GREGsvc.exe
C:\Windows\system32\svchost.exe -k HsfXAudioService
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Program Files\Acer\Optical Drive Power Management\ODDPWRSvc.exe
C:\Program Files\Acer\Acer VCM\RS_Service.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent.exe
C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Windows\PLFSetI.exe
C:\Program Files\EgisTec IPS\PmmUpdate.exe
C:\Program Files\Launch Manager\LMworker.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Winamp\winampa.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Acer Bio Protection\EgisTSR.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Trillian\trillian.exe
C:\Users\user\AppData\Local\Google\Update\1.3.21.57\GoogleCrashHandler.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Acer\Acer PowerSmart Manager\ePowerEvent.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\notepad.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\SpeedFan\speedfan.exe
F:\HBCD\WinTools\Autorun.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\StikyNot.exe
C:\Users\user\AppData\Local\Temp\Recuva.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\FRISK Software\F-PROT Antivirus for Windows\FPAVServer.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Foxit Software\Foxit Reader\Foxit Reader.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\user\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\taskmgr.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\FRISK Software\F-PROT Antivirus for Windows\FPWin.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Nero\Nero BackItUp & Burn\Nero BackItUp\NBCore.exe
C:\Program Files\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\TeraCopy\teracopy.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://start.facemoods.com/?a=ddrnw
uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=1c09&m=travelmate_8572g&r=27050810f406l0433z296x46m4p31r
mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=1c09&m=travelmate_8572g&r=27050810f406l0433z296x46m4p31r
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=1c09&m=travelmate_8572g&r=27050810f406l0433z296x46m4p31r
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
BHO: CescrtHlpr Object: {64182481-4f71-486b-a045-b233bd0da8fc} - c:\program files\facemoods.com\facemoods\1.4.17.7\bh\facemoods.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
BHO: EgisPBIE Class: {7b51ccbe-4af9-44a6-bdab-d7f7e4c4e6f9} - c:\program files\acer bio protection\EgisPBIE.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.6209.1142\swg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - c:\program files\free download manager\iefdm2.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: &NetWorx Desk Band: {feea54b4-d80f-41c7-87b9-dc08e6d3255f} - c:\progra~1\networx\deskband.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: facemoods Toolbar: {db4e9724-f518-4dfd-9c7c-78b52103cab9} - c:\program files\facemoods.com\facemoods\1.4.17.7\facemoodsTlbr.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
uRun: [Google Update] "c:\users\user\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [MediaGet2] c:\users\user\appdata\local\mediaget2\mediaget.exe --minimized
uRun: [RESTART_STICKY_NOTES] c:\windows\system32\StikyNot.exe
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10p_Plugin.exe -update plugin
mRun: [IAStorIcon] c:\program files\intel\intel(r) rapid storage technology\IAStorIcon.exe
mRun: [cAudioFilterAgent] c:\program files\conexant\caudiofilteragent\cAudioFilterAgent.exe
mRun: [AmIcoSinglun] c:\program files\amicosinglun\AmIcoSinglun.exe
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [BackupManagerTray] "c:\program files\newtech infosystems\acer backup manager\BackupManagerTray.exe" -h -k
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [LManager] c:\program files\launch manager\LManager.exe
mRun: [PLFSetI] c:\windows\PLFSetI.exe
mRun: [Acer ePower Management] c:\program files\acer\acer powersmart manager\ePowerTrayLauncher.exe
mRun: [EgisTecPMMUpdate] "c:\program files\egistec ips\PmmUpdate.exe"
mRun: [VitaKeyTSR] "c:\program files\acer bio protection\EgisTSR.exe" /run
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [NBAgent] "c:\program files\nero\nero backitup & burn\nero backitup\NBAgent.exe" /WinStart
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
mRun: [facemoods] "c:\program files\facemoods.com\facemoods\1.4.17.7\facemoodssrv.exe" /md I
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [Openwares LiveUpdate] c:\program files\liveupdate\LiveUpdate.exe
mRun: [Aqua Dock] c:\program files\aqua dock\Aqua Dock.exe
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [F-PROT Antivirus Tray application] c:\program files\frisk software\f-prot antivirus for windows\FProtTray.exe
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
StartupFolder: c:\users\user\appdata\roaming\micros~1\windows\startm~1\programs\startup\dr opbox.lnk - c:\users\user\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\users\user\appdata\roaming\micros~1\windows\startm~1\programs\startup\tr illian.lnk - c:\program files\trillian\trillian.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: Download all with Free Download Manager - file://c:\program files\free download manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\free download manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\free download manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\free download manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
TCP: DhcpNameServer = 10.0.0.2
TCP: Interfaces\{051C9CDD-D7F9-4C74-89E1-685A2DDCE195} : DhcpNameServer = 10.0.0.2
TCP: Interfaces\{051C9CDD-D7F9-4C74-89E1-685A2DDCE195}\14C6F656 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{051C9CDD-D7F9-4C74-89E1-685A2DDCE195}\3597E63627F6E697E4 : DhcpNameServer = 196.28.80.139 196.28.80.140
TCP: Interfaces\{051C9CDD-D7F9-4C74-89E1-685A2DDCE195}\74F646 : DhcpNameServer = 192.168.1.254
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
STS: FencesShlExt Class: {1984dd45-52cf-49cd-ab77-18f378fea264} - c:\program files\fences\FencesMenu.dll
STS: {1984D045-52CF-49cd-DB77-08F378FEA4DB} - No File
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
LSA: Notification Packages = EgisPwdFilter EgisDSPwdFilter
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\user\appdata\roaming\mozilla\firefox\profiles\ar6zmn4m.default\
FF - prefs.js: browser.search.selectedEngine - YouTube
FF - prefs.js: browser.startup.homepage - www.google.co.za
FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\foxit software\foxit reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\user\appdata\local\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\users\user\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\users\user\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\user\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
============= SERVICES / DRIVERS ===============
.
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-5-6 218688]
R1 FPAV_RTP;FPAV_RTP;c:\windows\system32\drivers\FPAV_RTP.sys [2011-6-10 693080]
R1 PSSDK42;PSSDK42;c:\windows\system32\drivers\pssdk42.sys [2010-8-7 38976]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-8-7 136360]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-8-7 269480]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-8-7 61960]
R2 DsiWMIService;Dritek WMI Service;c:\program files\launch manager\dsiwmis.exe [2010-6-23 312400]
R2 EgisTec Service;EgisTec Service;c:\program files\acer bio protection\EgisService.exe [2010-5-2 310128]
R2 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files\common files\egistec\services\EgisTicketService.exe [2010-5-2 257904]
R2 ePowerSvc;Acer ePower Service;c:\program files\acer\acer powersmart manager\ePowerSvc.exe [2010-7-20 703008]
R2 FPAVServer;F-PROT Antivirus for Windows system;c:\program files\frisk software\f-prot antivirus for windows\FPAVServer.exe [2010-11-3 83624]
R2 FPSensor;EgisTec-Corp Fingerprint Reader Driver (FPSensor.sys);c:\windows\system32\drivers\FPSensor.sys [2010-7-20 29232]
R2 GREGService;GREGService;c:\program files\acer\registration\GREGsvc.exe [2010-1-8 23584]
R2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe -k HsfXAudioService [2009-7-14 20992]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\intel\intel(r) rapid storage technology\IAStorDataMgrSvc.exe [2010-6-23 13336]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-6-10 366640]
R2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files\newtech infosystems\acer backup manager\IScheduleSvc.exe [2010-3-9 250368]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\newtech infosystems\nti backup now 5\SchedulerSvc.exe [2010-4-17 144640]
R2 ODDPwrSvc;Acer ODD Power Service;c:\program files\acer\optical drive power management\ODDPWRSvc.exe [2010-6-23 129568]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-18 11032]
R2 RS_Service;Raw Socket Service;c:\program files\acer\acer vcm\RS_Service.exe [2010-6-23 260640]
R2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files\intel\intel(r) management engine components\uns\UNS.exe [2010-7-20 2314240]
R2 Updater Service;Updater Service;c:\program files\acer\acer updater\UpdaterService.exe [2010-6-23 243232]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2010-2-9 325672]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-6-23 132480]
R3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\drivers\lgbtport.sys [2009-6-19 12032]
R3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\drivers\lgbtbus.sys [2009-6-19 10496]
R3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\drivers\lgvmodem.sys [2009-6-19 12928]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-6-10 22712]
R3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-14 14336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-8-7 135664]
S3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.sys [2010-6-10 25600]
S3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [2010-7-20 286248]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2010-7-20 33320]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\dragon age\bin_ship\daupdatersvc.service.exe [2011-5-6 25832]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-8-7 135664]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-3-25 30969208]
S3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\newtech infosystems\nti backup now 5\BackupSvc.exe [2010-4-17 50432]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-14 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-14 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-14 661504]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-8-8 1343400]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
.
=============== Created Last 30 ================
.
2011-06-11 08:54:50 388096 ----a-r- c:\users\user\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-06-11 08:54:50 -------- d-----w- c:\program files\Trend Micro
2011-06-10 20:58:27 6962000 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{3884224d-d443-423d-998c-406e61b53646}\mpengine.dll
2011-06-10 19:47:04 -------- d-----w- c:\users\user\appdata\roaming\FRISK Software
2011-06-10 19:32:04 693080 ----a-w- c:\windows\system32\drivers\FPAV_RTP.sys
2011-06-10 19:32:00 -------- d-----w- c:\programdata\FRISK Software
2011-06-10 19:31:58 -------- d-----w- c:\program files\FRISK Software
2011-06-10 18:08:54 54016 ----a-w- c:\windows\system32\drivers\tdok.sys
2011-06-10 17:25:49 -------- d-----w- c:\users\user\appdata\roaming\Malwarebytes
2011-06-10 17:25:39 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-10 17:25:35 -------- d-----w- c:\programdata\Malwarebytes
2011-06-10 17:25:31 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-10 17:25:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-06-09 12:33:29 -------- d-----w- c:\program files\SpeedFan
2011-06-08 20:51:41 -------- d-----w- C:\Recovered
2011-06-08 20:31:04 -------- d-sh--w- C:\found.000
2011-06-08 20:05:37 -------- d-----w- c:\windows\Migo Recover Lost Data
2011-06-08 19:35:59 -------- d-----w- c:\program files\QS
2011-06-07 16:41:36 -------- d-----w- c:\users\user\appdata\roaming\Media Get LLC
2011-06-07 16:41:36 -------- d-----w- c:\users\user\appdata\local\Media Get LLC
2011-06-07 16:41:36 -------- d-----w- c:\programdata\Media Get LLC
2011-06-07 16:41:19 -------- d-----w- c:\users\user\appdata\local\MediaGet2
2011-06-05 14:07:09 -------- d-----w- c:\users\user\appdata\local\Wizards_of_the_Coast
2011-06-05 13:27:33 -------- d-----w- c:\program files\Wizards of the Coast
2011-06-03 21:34:50 -------- d-----w- c:\users\user\appdata\local\sabnzbd
2011-06-03 21:34:42 -------- d-----w- c:\program files\SABnzbd
2011-05-29 12:55:47 -------- d-----w- c:\users\user\appdata\local\My Games
2011-05-29 08:31:06 -------- d-----w- c:\users\user\appdata\local\Geckofx
2011-05-27 19:12:44 -------- d-----w- c:\program files\Microsoft XNA
2011-05-27 19:10:58 -------- d-----w- c:\program files\Alientrap Games Inc
2011-05-27 18:03:33 -------- d-----w- c:\users\user\appdata\local\FileServe Manager
2011-05-27 18:03:07 -------- d-----w- c:\programdata\FileServe Limited
2011-05-25 21:20:46 -------- d-----w- c:\program files\common files\Stardock
2011-05-25 21:20:45 -------- d-----w- c:\program files\Stardock
2011-05-25 21:03:24 -------- d-----w- c:\users\user\appdata\local\ODUI
2011-05-25 21:03:11 -------- d-----w- c:\users\user\appdata\local\Stardock
2011-05-25 20:59:55 -------- d-----w- c:\users\user\appdata\local\Richard_Z.H._Wang
2011-05-25 20:54:49 -------- d-----w- c:\program files\Aqua Dock
2011-05-25 20:54:48 -------- d-----w- c:\program files\LIVEUPDATE
2011-05-25 08:36:08 26496 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-05-22 13:59:43 -------- d-----w- c:\users\user\appdata\local\MPlayer
2011-05-22 13:55:57 -------- d-----w- c:\programdata\OEM Links
2011-05-22 13:55:56 -------- d-----w- C:\MININT
2011-05-21 12:44:57 -------- d-----w- c:\program files\Winamp Detect
2011-05-19 15:01:41 123904 ----a-w- c:\windows\system32\poqexec.exe
2011-05-17 23:04:47 -------- d-----w- c:\users\user\appdata\roaming\.minecraft
2011-05-13 14:35:46 -------- d-----w- c:\program files\R.G. Catalyst
2011-05-13 10:59:03 -------- d-----w- c:\users\user\appdata\roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE. 1
2011-05-13 07:15:47 -------- d-----w- c:\users\user\appdata\roaming\GetRightToGo
.
==================== Find3M ====================
.
2011-05-06 20:19:31 218688 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-05-02 14:31:01 404128 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-04-30 21:29:00 201728 ----a-w- c:\windows\system32\HarryPotter7Screensaver.scr
2011-04-09 06:13:06 3957632 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-04-09 06:13:06 3901824 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-04-07 20:43:36 580200 ----a-w- c:\windows\system32\easyUpdatusAPIU.dll
2011-04-07 20:43:34 612456 ----a-w- c:\windows\system32\nvvsvc.exe
2011-04-07 20:43:34 293992 ----a-w- c:\windows\system32\nvhotkey.dll
2011-04-07 20:43:34 2582120 ----a-w- c:\windows\system32\nvsvcr.dll
2011-04-07 20:43:34 111208 ----a-w- c:\windows\system32\nvmctray.dll
2011-04-07 20:43:20 3701352 ----a-w- c:\windows\system32\nvcpl.dll
2011-04-07 20:43:04 2565224 ----a-w- c:\windows\system32\nvsvc.dll
2011-03-30 16:57:40 29504 ----a-w- c:\windows\system32\uxt559F.tmp
2011-03-29 03:07:26 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys
2011-03-29 03:06:51 76288 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2011-03-29 03:06:47 284160 ----a-w- c:\windows\system32\drivers\usbport.sys
2011-03-29 03:06:43 43008 ----a-w- c:\windows\system32\drivers\usbehci.sys
2011-03-29 03:06:39 20480 ----a-w- c:\windows\system32\drivers\usbohci.sys
2011-03-29 03:06:37 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2011-03-29 03:06:34 5888 ----a-w- c:\windows\system32\drivers\usbd.sys
.
============= FINISH: 11:42:59.17 ===============

And the attach file

DDS (Ver_2011-06-11.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 2010/08/06 10:43:27 PM
System Uptime: 2011/06/08 10:33:03 PM (61 hours ago)
.
Motherboard: Acer | | BAP50-CP
Processor: Intel(R) Core(TM) i5 CPU M 450 @ 2.40GHz | CPU 1 | 2400/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 223 GiB total, 1.742 GiB free.
D: is FIXED (NTFS) - 223 GiB total, 2.058 GiB free.
E: is CDROM (CDFS)
F: is CDROM (CDFS)
H: is CDROM ()
J: is FIXED (NTFS) - 699 GiB total, 338.732 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP250: 2011/06/10 09:30:44 PM - Installed F-PROT Antivirus for Windows
RP251: 2011/06/10 10:56:50 PM - Windows Update
RP252: 2011/06/11 10:53:36 AM - Installed HiJackThis
.
==== Installed Programs ======================
.
'Magicka'
µTorrent
123 Free Solitaire 2009 v7.2
Acer Backup Manager
Acer Bio Protection
Acer Crystal Eye webcam Ver:1.1.181.602
Acer eRecovery Management
Acer PowerSmart Manager
Acer Registration
Acer ScreenSaver
Acer Updater
Acer VCM
Acrobat.com
Adobe AIR
Adobe Community Help
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Media Player
Adobe Photoshop CS5
Album Cover Finder v.6.8.0
Alcor Micro USB Card Reader
Amazon Kindle For PC
Amnesia - The Dark Descent
ApexDC++ 1.4.2
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Aqua Dock
Astroburn Pro
Audacity 1.3.12 (Unicode)
Avira AntiVir Personal - Free Antivirus
Backup Manager Advance
Bonjour
Broadcom Gigabit Integrated Controller
Capsized
Carcassonne
CDisplay 1.8
Character Builder
Conexant HD Audio
DAEMON Tools Lite
DC++ 0.782
Definition update for Microsoft Office 2010 (KB982726)
Digsby
DisplayFusion 3.3.0
Dragon Age: Origins
Dropbox
Dungeons & Dragons Online ®: Eberron Unlimited ™ v01.13.00.802
eSobi v2
F-PROT Antivirus for Windows
Facemoods Toolbar
Fences
Fingerprint Solution
FluffyApp
Foxit Reader
Free Download Manager 3.0
G-Force
Google Chrome
Google Chrome Canary
Google Talk (remove only)
Google Talk Plugin
Google Toolbar for Internet Explorer
Google Update Helper
HarryPotter7Screensaver
HDAUDIO Soft Data Fax Modem with SmartCP
Hellgate: London
HiJackThis
Hitman Blood Money
Hitman: Contracts
Identity Card
Intel(R) Control Center
Intel(R) Management Engine Components
Intel(R) Rapid Storage Technology
Intel(R) Turbo Boost Technology Driver
InterVideo WinDVD 8
iTunes
Java Auto Updater
Java(TM) 6 Update 24
JDownloader
JDownloader 0.9
Junk Mail filter update
Launch Manager
LEGO® Batman™
LEGO® Harry Potter™: Years 1-4
LG Bluetooth Drivers
LG Internet Kit
LG MC USB U330 driver
LG USB Modem Drivers
Malwarebytes' Anti-Malware version 1.51.0.1200
MediaGet2 version 2.1.577.0
Microsoft .NET Framework 1.1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Primary Interoperability Assemblies 2005
Microsoft Reader
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft WSE 3.0 Runtime
Microsoft XNA Framework Redistributable 3.1
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Migo Recover Lost Data
mIRC
MKV Player 2.0
Mozilla Firefox 4.0.1 (x86 en-GB)
Mp3tag v2.46a
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero BackItUp
Nero BackItUp and Burn
Nero BurnRights
Nero Express
Nero RescueAgent
NetWorx 5.1.2
Nokia Connectivity Cable Driver
Norton Online Backup
NTI Backup Now 5
NTI Backup Now Standard
NTI Media Maker 8
NVIDIA Control Panel 270.61
NVIDIA Graphics Driver 270.61
NVIDIA Install Application
NVIDIA PhysX
NVIDIA PhysX System Software 9.10.0514
ObjectDock Plus
OpenAL
OpenOffice.org 3.2
Optical Drive Power Management
Pando Media Booster
PDF Settings CS5
PeerGuardian 2.0
PhotoScape
Pidgin
Portal
Prince of Persia The Sands of Time
QuickTime
Revo Uninstaller 1.88
Rhodes Certificate Authority 20101020
SABnzbd 0.6.2
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft Excel 2010 (KB2466146)
Security Update for Microsoft Office 2010 (KB2289078)
Security Update for Microsoft Office 2010 (KB2289161)
Security Update for Microsoft PowerPoint 2010 (KB2519975)
Security Update for Microsoft Publisher 2010 (KB2409055)
Security Update for Microsoft Word 2010 (KB2345000)
Skype Toolbars
Skype™ 5.1
SoftSkies
SolSuite 2010 v10.5
SpeedFan (remove only)
Sumatra PDF reader
Synaptics Pointing Device Driver
TeraCopy 2.12
Titan Quest
Titan Quest Immortal Throne
Trillian
Uninstall LG PC Suite III
Unity Web Player
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft Office 2010 (KB2202188)
Update for Microsoft Office 2010 (KB2413186)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft OneNote 2010 (KB2493983)
Update for Microsoft Outlook Social Connector (KB2441641)
VLC media player 1.1.10
vPod (Remove Only)
Vuze
Welcome Center
WhiteCap
WIDCOMM Bluetooth Software
Winamp
Winamp Detector Plug-in
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Windows Media Player Firefox Plugin
WinRAR archiver
Xilisoft Video to Audio Converter
.
==== Event Viewer Messages From Past Week ========
.
2011/06/11 09:16:48 AM, Error: Service Control Manager [7031] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
2011/06/11 05:46:16 AM, Error: Tcpip [4199] - The system detected an address conflict for IP address 10.0.0.101 with the system having network hardware address 00-24-8C-2A-2C-FE. Network operations on this system may be disrupted as a result.
2011/06/11 03:03:29 AM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume DARKWING.
2011/06/11 03:01:53 AM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume J:.
2011/06/10 12:37:10 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
2011/06/09 04:23:49 AM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
2011/06/08 12:08:04 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR19.
2011/06/08 10:40:29 PM, Error: Microsoft-Windows-Application-Experience [205] - The Program Compatibility Assistant service failed to perform the phase two initialization.
2011/06/08 09:22:53 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume Acer.
2011/06/08 09:20:07 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:.
2011/06/07 09:42:03 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR15.
2011/06/05 04:02:29 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer SENSESFAIL-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{051C9CDD-D7F9-4C74-89E1-685A. The master browser is stopping or an election is being forced.
2011/06/05 03:21:40 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR3.
.
==== End Of File ===========================
kevinf80's Avatar
kevinf80   (Kevin) kevinf80 is offline kevinf80 is authorized to help remove malware. kevinf80 has a Profile Picture
Computer Specs
Malware Removal Specialist with 8,514 posts.
  
Join Date: Mar 2006
Location: Sunderland UK
Experience: Intermediate
11-Jun-2011, 06:06 AM #4
Continue as follows :-

Delete any versions of Combofix that you may have on your Desktop, download a fresh copy from either of the following links :-

Link 1
Link 2
  • Ensure that Combofix is saved directly to the Desktop Very important

    Before saving Combofix to the Desktop re-name to Gotcha.exe as below:



  • Disable all security programs as they will have a negative effect on Combofix, instructions available Here if required. Be aware the list may not have all programs listed, if you need more help please ask.
  • Close any open browsers and any other programs you might have running
  • Double click the icon to run the tool (Vista or Windows 7 users right click and select "Run as Administrator)
  • Instructions for running Combofix available Here if required.
  • If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?" Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
  • When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" for further review

****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read Here why disabling autoruns is recommended.

*EXTRA NOTES*
  • If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
  • If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
  • If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

Post the log in next reply please...

Kevin
Cait3d1d's Avatar
Computer Specs
Junior Member with 14 posts.
THREAD STARTER
  
Join Date: Jun 2011
Experience: Intermediate
11-Jun-2011, 08:28 AM #5
Hi so this is the log:


ComboFix 11-06-10.0A - user 2011/06/11 12:54:53.1.4 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1252.27.1033.18.2548.852 [GMT 2:00]
Running from: c:\users\user\Desktop\gotcha.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
AV: F-PROT Antivirus for Windows *Disabled/Updated* {31B7FFC6-2716-5A4E-528D-32786E690ED2}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\user\AppData\Local\Temp\sfamcc00001.dll
c:\users\user\AppData\Local\Temp\sfareca00001.dll
c:\windows\system32\drivers\tdok.sys
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_jeshvmx
.
.
((((((((((((((((((((((((( Files Created from 2011-05-11 to 2011-06-11 )))))))))))))))))))))))))))))))
.
.
2011-06-11 11:05 . 2011-06-11 11:05 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-06-11 10:38 . 2011-06-11 10:38 -------- d-----w- C:\gotcha
2011-06-11 08:54 . 2011-06-11 08:54 388096 ----a-r- c:\users\user\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-06-11 08:54 . 2011-06-11 08:54 -------- d-----w- c:\program files\Trend Micro
2011-06-10 20:58 . 2011-05-09 20:46 6962000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3884224D-D443-423D-998C-406E61B53646}\mpengine.dll
2011-06-10 19:47 . 2011-06-10 19:47 -------- d-----w- c:\users\user\AppData\Roaming\FRISK Software
2011-06-10 19:32 . 2010-09-22 10:47 693080 ----a-w- c:\windows\system32\drivers\FPAV_RTP.sys
2011-06-10 19:32 . 2011-06-10 19:32 -------- d-----w- c:\programdata\FRISK Software
2011-06-10 19:31 . 2011-06-10 19:31 -------- d-----w- c:\program files\FRISK Software
2011-06-10 17:25 . 2011-06-10 17:25 -------- d-----w- c:\users\user\AppData\Roaming\Malwarebytes
2011-06-10 17:25 . 2011-05-29 07:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-10 17:25 . 2011-06-10 17:25 -------- d-----w- c:\programdata\Malwarebytes
2011-06-10 17:25 . 2011-06-10 17:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-06-10 17:25 . 2011-05-29 07:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-09 12:33 . 2011-06-09 12:33 -------- d-----w- c:\program files\SpeedFan
2011-06-08 20:51 . 2011-06-08 20:57 -------- d-----w- C:\Recovered
2011-06-08 20:31 . 2011-06-08 20:31 -------- d-----w- C:\found.000
2011-06-08 20:05 . 2011-06-08 20:05 -------- d-----w- c:\windows\Migo Recover Lost Data
2011-06-08 19:35 . 2011-06-08 19:35 -------- d-----w- c:\program files\QS
2011-06-07 16:41 . 2011-06-07 16:41 -------- d-----w- c:\programdata\Media Get LLC
2011-06-07 16:41 . 2011-06-07 16:41 -------- d-----w- c:\users\user\AppData\Roaming\Media Get LLC
2011-06-07 16:41 . 2011-06-07 16:41 -------- d-----w- c:\users\user\AppData\Local\Media Get LLC
2011-06-07 16:41 . 2011-06-07 16:41 -------- d-----w- c:\users\user\AppData\Local\MediaGet2
2011-06-05 14:07 . 2011-06-05 14:07 -------- d-----w- c:\users\user\AppData\Local\Wizards_of_the_Coast
2011-06-05 13:27 . 2011-06-05 13:27 -------- d-----w- c:\program files\Wizards of the Coast
2011-06-03 21:34 . 2011-06-03 21:35 -------- d-----w- c:\users\user\AppData\Local\sabnzbd
2011-06-03 21:34 . 2011-06-03 21:34 -------- d-----w- c:\program files\SABnzbd
2011-05-29 12:55 . 2011-05-29 12:55 -------- d-----w- c:\users\user\AppData\Local\My Games
2011-05-29 08:31 . 2011-05-29 08:31 -------- d-----w- c:\users\user\AppData\Local\Geckofx
2011-05-27 19:12 . 2011-05-27 19:12 -------- d-----w- c:\program files\Microsoft XNA
2011-05-27 19:10 . 2011-05-27 19:10 -------- d-----w- c:\program files\Alientrap Games Inc
2011-05-27 18:03 . 2011-06-09 17:14 -------- d-----w- c:\users\user\AppData\Local\FileServe Manager
2011-05-27 18:03 . 2011-05-27 18:03 -------- d-----w- c:\programdata\FileServe Limited
2011-05-25 21:20 . 2011-05-25 21:20 -------- d-----w- c:\program files\Common Files\Stardock
2011-05-25 21:20 . 2011-05-25 21:20 -------- d-----w- c:\program files\Stardock
2011-05-25 21:03 . 2011-05-25 21:03 -------- d-----w- c:\users\user\AppData\Local\ODUI
2011-05-25 21:03 . 2011-05-25 21:21 -------- d-----w- c:\users\user\AppData\Local\Stardock
2011-05-25 20:59 . 2011-05-25 20:59 -------- d-----w- c:\users\user\AppData\Local\Richard_Z.H._Wang
2011-05-25 20:54 . 2011-05-25 20:54 -------- d-----w- c:\program files\Aqua Dock
2011-05-25 20:54 . 2011-05-25 20:54 -------- d-----w- c:\program files\LIVEUPDATE
2011-05-25 08:36 . 2011-04-22 19:36 26496 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-05-22 14:25 . 2011-05-22 14:25 -------- d-----w- c:\users\user\AppData\Roaming\gtk-2.0
2011-05-22 13:59 . 2011-05-22 13:59 -------- d-----w- c:\users\user\AppData\Local\MPlayer
2011-05-22 13:55 . 2011-05-22 13:55 -------- d-----w- c:\programdata\OEM Links
2011-05-22 13:55 . 2011-05-22 13:55 -------- d-----w- C:\MININT
2011-05-21 12:44 . 2011-05-21 12:44 -------- d-----w- c:\program files\Winamp Detect
2011-05-21 12:44 . 2011-05-21 14:05 -------- d-----w- c:\users\user\AppData\Roaming\Winamp
2011-05-21 12:44 . 2011-05-21 12:46 -------- d-----w- c:\program files\Winamp
2011-05-19 15:01 . 2011-04-09 05:56 123904 ----a-w- c:\windows\system32\poqexec.exe
2011-05-17 23:04 . 2011-05-30 17:06 -------- d-----w- c:\users\user\AppData\Roaming\.minecraft
2011-05-13 14:35 . 2011-05-13 14:35 -------- d-----w- c:\program files\R.G. Catalyst
2011-05-13 10:59 . 2011-05-13 10:59 -------- d-----w- c:\users\user\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE. 1
2011-05-13 07:15 . 2011-05-13 07:16 -------- d-----w- c:\users\user\AppData\Roaming\GetRightToGo
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-06 20:19 . 2011-05-06 20:19 218688 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-05-02 14:31 . 2011-05-02 14:31 404128 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-04-30 21:29 . 2011-04-30 21:20 201728 ----a-w- c:\windows\system32\HarryPotter7Screensaver.scr
2011-04-09 06:13 . 2011-05-11 12:38 3957632 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-04-09 06:13 . 2011-05-11 12:38 3901824 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-04-08 05:14 . 2011-04-29 15:20 6299752 ----a-w- c:\windows\system32\nvwgf2um.dll
2011-04-08 05:14 . 2011-04-29 15:20 57960 ----a-w- c:\windows\system32\OpenCL.dll
2011-04-08 05:14 . 2011-04-29 15:20 944232 ----a-w- c:\windows\system32\nvdispco3220140.dll
2011-04-08 05:14 . 2011-04-29 15:20 855656 ----a-w- c:\windows\system32\nvgenco322060.dll
2011-04-08 05:14 . 2011-04-29 15:20 5180824 ----a-w- c:\windows\system32\nvcuda.dll
2011-04-08 05:14 . 2011-04-29 15:20 2765928 ----a-w- c:\windows\system32\nvcuvid.dll
2011-04-08 05:14 . 2011-04-29 15:20 2074216 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-04-08 05:14 . 2011-04-29 15:20 15227496 ----a-w- c:\windows\system32\nvoglv32.dll
2011-04-08 05:14 . 2011-04-29 15:20 13007464 ----a-w- c:\windows\system32\nvcompiler.dll
2011-04-08 05:14 . 2011-04-29 15:20 10920 ----a-w- c:\windows\system32\drivers\nvBridge.kmd
2011-04-08 05:14 . 2011-04-29 15:20 10690024 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2011-04-08 05:14 . 2011-04-29 15:20 10071656 ----a-w- c:\windows\system32\nvd3dum.dll
2011-04-08 05:14 . 2010-06-23 08:37 2034280 ----a-w- c:\windows\system32\nvapi.dll
2011-04-07 20:43 . 2011-04-07 20:43 580200 ----a-w- c:\windows\system32\easyUpdatusAPIU.dll
2011-04-07 20:43 . 2011-04-07 20:43 612456 ----a-w- c:\windows\system32\nvvsvc.exe
2011-04-07 20:43 . 2011-04-07 20:43 293992 ----a-w- c:\windows\system32\nvhotkey.dll
2011-04-07 20:43 . 2011-04-07 20:43 2582120 ----a-w- c:\windows\system32\nvsvcr.dll
2011-04-07 20:43 . 2011-04-07 20:43 111208 ----a-w- c:\windows\system32\nvmctray.dll
2011-04-07 20:43 . 2011-04-07 20:43 3701352 ----a-w- c:\windows\system32\nvcpl.dll
2011-04-07 20:43 . 2011-04-07 20:43 2565224 ----a-w- c:\windows\system32\nvsvc.dll
2011-03-29 03:07 . 2011-05-11 12:38 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys
2011-03-29 03:06 . 2011-05-11 12:38 76288 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2011-03-29 03:06 . 2011-05-11 12:38 284160 ----a-w- c:\windows\system32\drivers\usbport.sys
2011-03-29 03:06 . 2011-05-11 12:38 43008 ----a-w- c:\windows\system32\drivers\usbehci.sys
2011-03-29 03:06 . 2011-05-11 12:38 20480 ----a-w- c:\windows\system32\drivers\usbohci.sys
2011-03-29 03:06 . 2011-05-11 12:38 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2011-03-29 03:06 . 2011-05-11 12:38 5888 ----a-w- c:\windows\system32\drivers\usbd.sys
2011-03-16 14:34 . 2010-08-07 00:20 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-04-30 14:01 . 2011-03-22 15:59 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\user\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\user\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\user\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-01-26 15026056]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-06-23 39408]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
"MediaGet2"="c:\users\user\AppData\Local\MediaGet2\mediaget.exe" [2011-06-03 6045416]
"RESTART_STICKY_NOTES"="c:\windows\system32\StikyNot.exe" [2009-07-14 354304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent.exe" [2010-03-04 496184]
"AmIcoSinglun"="c:\program files\AmIcoSingLun\AmIcoSinglun.exe" [2010-06-10 233472]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-04-22 1725736]
"BackupManagerTray"="c:\program files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2010-03-08 260608]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-20 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-20 175640]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-20 169496]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2010-04-08 908368]
"PLFSetI"="c:\windows\PLFSetI.exe" [2010-07-20 206208]
"Acer ePower Management"="c:\program files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe" [2010-04-23 494112]
"EgisTecPMMUpdate"="c:\program files\EgisTec IPS\PmmUpdate.exe" [2009-12-25 401192]
"VitaKeyTSR"="c:\program files\Acer Bio Protection\EgisTSR.exe" [2010-05-01 186224]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-07 281768]
"NBAgent"="c:\program files\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe" [2010-06-08 1086760]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2011-03-17 74752]
"Openwares LiveUpdate"="c:\program files\LiveUpdate\LiveUpdate.exe" [2003-12-13 61440]
"Aqua Dock"="c:\program files\Aqua Dock\Aqua Dock.exe" [2003-11-01 386560]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-05-29 1047656]
"F-PROT Antivirus Tray application"="c:\program files\FRISK Software\F-PROT Antivirus for Windows\FProtTray.exe" [2010-11-03 1674016]
.
c:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]
Trillian.lnk - c:\program files\Trillian\trillian.exe [2011-2-15 2068832]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\syste m]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\Share dTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files\Fences\FencesMenu.dll" [2010-06-22 202088]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\FPAVSe rver]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Acer VCM.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Acer VCM.lnk
backup=c:\windows\pss\Acer VCM.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^user^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
path=c:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^user^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk]
path=c:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2010 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^user^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]
path=c:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
backup=c:\windows\pss\OpenOffice.org 3.2.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
2010-03-13 12:54 91520 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DisplayFusion]
2011-02-16 09:49 1516264 ----a-w- c:\program files\DisplayFusion\DisplayFusion.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Free Download Manager]
2010-04-28 20:28 3727411 ----a-w- c:\program files\Free Download Manager\fdm.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-02-12 11:28 136176 ----atw- c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
2007-01-01 21:22 3739648 ----a-w- c:\users\user\AppData\Roaming\Google\Google Talk\googletalk.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-07-21 13:53 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NetWorx]
2010-06-29 17:21 2944512 ----a-w- c:\program files\NetWorx\networx.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NortonOnlineBackupReminder]
2009-07-24 23:31 588648 ----a-w- c:\program files\Symantec\Norton Online Backup\Activation\NobuActivation.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ODDPwr]
2010-04-22 17:38 186912 ----a-w- c:\program files\Acer\Optical Drive Power Management\ODDPWR.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PeerGuardian]
2007-06-02 13:59 1457152 ----a-w- c:\program files\PeerGuardian2\pg2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-18 20:16 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SJelite3Launch]
2010-06-28 09:56 180224 ----a-w- c:\users\user\AppData\Roaming\Transcend\SJelite3\SJelite3Launch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-10-29 12:49 249064 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2010-06-23 08:21 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Google Update"="c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe" /c
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"EgisUpdate"="c:\program files\EgisTec IPS\EgisUpdate.exe" -d
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-08-07 135664]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2010-06-10 25600]
R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [2010-03-05 286248]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-03-01 33320]
R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-07-26 25832]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-08-07 135664]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2010-04-17 50432]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-08-08 1343400]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2008-05-06 11520]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-08-24 691696]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-05-06 218688]
S1 FPAV_RTP;FPAV_RTP;c:\windows\system32\DRIVERS\FPAV_RTP.sys [2010-09-22 693080]
S1 PSSDK42;PSSDK42;c:\windows\system32\Drivers\pssdk42.sys [2010-08-07 38976]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-04-27 136360]
S2 DsiWMIService;Dritek WMI Service;c:\program files\Launch Manager\dsiwmis.exe [2010-04-08 312400]
S2 EgisTec Service;EgisTec Service;c:\program files\Acer Bio Protection\EgisService.exe [2010-05-01 310128]
S2 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files\Common Files\EgisTec\Services\EgisTicketService.exe [2010-05-01 257904]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [2010-04-23 703008]
S2 FPAVServer;F-PROT Antivirus for Windows system;c:\program files\FRISK Software\F-PROT Antivirus for Windows\FPAVServer.exe [2010-11-03 83624]
S2 FPSensor;EgisTec-Corp Fingerprint Reader Driver (FPSensor.sys);c:\windows\system32\Drivers\FPSensor.sys [2010-07-20 29232]
S2 GREGService;GREGService;c:\program files\Acer\Registration\GREGsvc.exe [2010-01-08 23584]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-05-29 366640]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-03-08 250368]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2010-04-17 144640]
S2 ODDPwrSvc;Acer ODD Power Service;c:\program files\Acer\Optical Drive Power Management\ODDPWRSvc.exe [2010-04-22 129568]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-18 11032]
S2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [2010-01-29 260640]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-10-01 2314240]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2010-01-28 243232]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-26 132480]
S3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\DRIVERS\lgbtport.sys [2009-06-19 12032]
S3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\DRIVERS\lgbtbus.sys [2009-06-19 10496]
S3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\DRIVERS\lgvmodem.sys [2009-06-19 12928]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-05-29 22712]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HsfXAudioService REG_MULTI_SZ HsfXAudioService
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-07 05:13]
.
2011-06-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-07 05:13]
.
2011-06-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-895879528-1679901621-3576075842-1000Core.job
- c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-12 11:28]
.
2011-06-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-895879528-1679901621-3576075842-1000UA.job
- c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-12 11:28]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://start.facemoods.com/?a=ddrnw
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=1c09&m=travelmate_8572g&r=27050810f406l0433z296x46m4p31r
uInternet Settings,ProxyOverride = *.local
IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 10.0.0.2
FF - ProfilePath - c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ar6zmn4m.default\
FF - prefs.js: browser.search.selectedEngine - YouTube
FF - prefs.js: browser.startup.homepage - www.google.co.za
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{64182481-4F71-486b-A045-B233BD0DA8FC} - c:\program files\facemoods.com\facemoods\1.4.17.7\bh\facemoods.dll
Toolbar-Locked - (no file)
Toolbar-{DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - c:\program files\facemoods.com\facemoods\1.4.17.7\facemoodsTlbr.dll
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-facemoods - c:\program files\facemoods.com\facemoods\1.4.17.7\facemoodssrv.exe
SharedTaskScheduler-{1984D045-52CF-49cd-DB77-08F378FEA4DB} - (no file)
MSConfigStartUp-Adobe ARM - c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
MSConfigStartUp-DivXUpdate - c:\program files\DivX\DivX Update\DivXUpdate.exe
MSConfigStartUp-FPVProTrialInfo - c:\program files\FastPictureViewer\FPVTrialInfo.exe
MSConfigStartUp-Raptr - c:\progra~1\Raptr\raptrstub.exe
MSConfigStartUp-Torrent2Exe[6d5b27a228a41b7486ba8a57d3853068a7ad49b8] - c:\users\user\Downloads\228A41B7486BA8A57D3853068A7AD49B8.exe
MSConfigStartUp-TorrentEasy_ec55e5d1a7acbbed4f8643ca4f94c2939c75cdd5 - c:\users\user\Downloads\TorrentEasy-EC55E5D1A7ACBBED4F8643CA4F94C2939C75CDD5.exe
MSConfigStartUp-VoxOxNG - c:\program files\Voxox\Voxox.exe
AddRemove-facemoods - c:\program files\facemoods.com\facemoods\1.4.17.7\uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-895879528-1679901621-3576075842-1000\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(5720)
c:\users\user\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
c:\program files\Fences\FencesMenu.dll
c:\program files\fences\DesktopDock.dll
c:\program files\WIDCOMM\Bluetooth Software\btncopy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\NVIDIA Corporation\Display\NvXDSync.exe
c:\windows\system32\nvvsvc.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\conhost.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\WIDCOMM\Bluetooth Software\btwdins.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\conhost.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\windows\system32\conhost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Nero\Nero BackItUp & Burn\Nero BackItUp\NBCore.exe
c:\program files\Windows Media Player\wmpnscfg.exe
c:\program files\Windows Media Player\wmpnscfg.exe
.
**************************************************************************
.
Completion time: 2011-06-11 13:16:49 - machine was rebooted
ComboFix-quarantined-files.txt 2011-06-11 11:16
.
Pre-Run: 1*975*590*912 bytes free
Post-Run: 1*596*518*400 bytes free
.
- - End Of File - - 73F047C1E686A606CF6E0E8A781BE051
kevinf80's Avatar
kevinf80   (Kevin) kevinf80 is offline kevinf80 is authorized to help remove malware. kevinf80 has a Profile Picture
Computer Specs
Malware Removal Specialist with 8,514 posts.
  
Join Date: Mar 2006
Location: Sunderland UK
Experience: Intermediate
11-Jun-2011, 09:42 AM #6
Continue as follows :-

Step 1

Navigate > Start > Control Panel > Uninstall a Program. Uninstall anything with Facemoods in its title.

Step 2

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the Codebox below into it:

Code:
KillAll::
DDS:
uStart Page = hxxp://start.facemoods.com/?a=ddrnw
RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
Save this as CFScript.txt, and as Type: All Files (*.*) in the same location as ComboFix.exe





Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Step 3

Run ESET Online Scan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the icon on your desktop.
  • Check
  • Click the button.
  • Accept any security warnings from your browser.
  • Check
  • Leave the tick out of remove found threats
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push
  • Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the button.
  • Push
You can refer to this animation by neomage if needed.
Frequently asked questions available Here Please read them before running the scan.

Also be aware this scan can take between one and several hours to complete depending on the size of your system.

ESET log can be found here "C:\Program Files\ESET\EsetOnlineScanner\log.txt".

Step 4

Download Security Check by screen317 from HERE or HERE.
Save it to your Desktop.
Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

What i`d like in your reply :-
  • Log from Combofix
  • Log from ESET
  • Log from Security Checks
  • System review, let me know what issues/concerns remain

Kevin...
Cait3d1d's Avatar
Computer Specs
Junior Member with 14 posts.
THREAD STARTER
  
Join Date: Jun 2011
Experience: Intermediate
12-Jun-2011, 12:19 PM #7
Hi Kevin - Here are the logs, thank you so much for all of your help!


ComboFix 11-06-10.0A - user 2011/06/11 15:54:14.2.4 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1252.27.1033.18.2548.1220 [GMT 2:00]
Running from: c:\users\user\Desktop\gotcha.exe
Command switches used :: c:\users\user\Desktop\CFScript.txt
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
AV: F-PROT Antivirus for Windows *Disabled/Updated* {31B7FFC6-2716-5A4E-528D-32786E690ED2}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-05-11 to 2011-06-11 )))))))))))))))))))))))))))))))
.
.
2011-06-11 14:05 . 2011-06-11 14:05 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-06-11 10:38 . 2011-06-11 10:38 -------- d-----w- C:\gotcha
2011-06-11 08:54 . 2011-06-11 08:54 388096 ----a-r- c:\users\user\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-06-11 08:54 . 2011-06-11 08:54 -------- d-----w- c:\program files\Trend Micro
2011-06-10 20:58 . 2011-05-09 20:46 6962000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3884224D-D443-423D-998C-406E61B53646}\mpengine.dll
2011-06-10 19:47 . 2011-06-10 19:47 -------- d-----w- c:\users\user\AppData\Roaming\FRISK Software
2011-06-10 19:32 . 2010-09-22 10:47 693080 ----a-w- c:\windows\system32\drivers\FPAV_RTP.sys
2011-06-10 19:32 . 2011-06-10 19:32 -------- d-----w- c:\programdata\FRISK Software
2011-06-10 19:31 . 2011-06-10 19:31 -------- d-----w- c:\program files\FRISK Software
2011-06-10 17:25 . 2011-06-10 17:25 -------- d-----w- c:\users\user\AppData\Roaming\Malwarebytes
2011-06-10 17:25 . 2011-05-29 07:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-10 17:25 . 2011-06-10 17:25 -------- d-----w- c:\programdata\Malwarebytes
2011-06-10 17:25 . 2011-06-10 17:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-06-10 17:25 . 2011-05-29 07:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-09 12:33 . 2011-06-09 12:33 -------- d-----w- c:\program files\SpeedFan
2011-06-08 20:51 . 2011-06-08 20:57 -------- d-----w- C:\Recovered
2011-06-08 20:31 . 2011-06-08 20:31 -------- d-----w- C:\found.000
2011-06-08 20:05 . 2011-06-08 20:05 -------- d-----w- c:\windows\Migo Recover Lost Data
2011-06-08 19:35 . 2011-06-08 19:35 -------- d-----w- c:\program files\QS
2011-06-07 16:41 . 2011-06-07 16:41 -------- d-----w- c:\programdata\Media Get LLC
2011-06-07 16:41 . 2011-06-07 16:41 -------- d-----w- c:\users\user\AppData\Roaming\Media Get LLC
2011-06-07 16:41 . 2011-06-07 16:41 -------- d-----w- c:\users\user\AppData\Local\Media Get LLC
2011-06-07 16:41 . 2011-06-07 16:41 -------- d-----w- c:\users\user\AppData\Local\MediaGet2
2011-06-05 14:07 . 2011-06-05 14:07 -------- d-----w- c:\users\user\AppData\Local\Wizards_of_the_Coast
2011-06-05 13:27 . 2011-06-05 13:27 -------- d-----w- c:\program files\Wizards of the Coast
2011-06-03 21:34 . 2011-06-03 21:35 -------- d-----w- c:\users\user\AppData\Local\sabnzbd
2011-06-03 21:34 . 2011-06-03 21:34 -------- d-----w- c:\program files\SABnzbd
2011-05-29 12:55 . 2011-05-29 12:55 -------- d-----w- c:\users\user\AppData\Local\My Games
2011-05-29 08:31 . 2011-05-29 08:31 -------- d-----w- c:\users\user\AppData\Local\Geckofx
2011-05-27 19:12 . 2011-05-27 19:12 -------- d-----w- c:\program files\Microsoft XNA
2011-05-27 19:10 . 2011-05-27 19:10 -------- d-----w- c:\program files\Alientrap Games Inc
2011-05-27 18:03 . 2011-06-09 17:14 -------- d-----w- c:\users\user\AppData\Local\FileServe Manager
2011-05-27 18:03 . 2011-05-27 18:03 -------- d-----w- c:\programdata\FileServe Limited
2011-05-25 21:20 . 2011-05-25 21:20 -------- d-----w- c:\program files\Common Files\Stardock
2011-05-25 21:20 . 2011-05-25 21:20 -------- d-----w- c:\program files\Stardock
2011-05-25 21:03 . 2011-05-25 21:03 -------- d-----w- c:\users\user\AppData\Local\ODUI
2011-05-25 21:03 . 2011-05-25 21:21 -------- d-----w- c:\users\user\AppData\Local\Stardock
2011-05-25 20:59 . 2011-05-25 20:59 -------- d-----w- c:\users\user\AppData\Local\Richard_Z.H._Wang
2011-05-25 20:54 . 2011-05-25 20:54 -------- d-----w- c:\program files\Aqua Dock
2011-05-25 20:54 . 2011-05-25 20:54 -------- d-----w- c:\program files\LIVEUPDATE
2011-05-25 08:36 . 2011-04-22 19:36 26496 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-05-22 14:25 . 2011-05-22 14:25 -------- d-----w- c:\users\user\AppData\Roaming\gtk-2.0
2011-05-22 13:59 . 2011-05-22 13:59 -------- d-----w- c:\users\user\AppData\Local\MPlayer
2011-05-22 13:55 . 2011-05-22 13:55 -------- d-----w- c:\programdata\OEM Links
2011-05-22 13:55 . 2011-05-22 13:55 -------- d-----w- C:\MININT
2011-05-21 12:44 . 2011-05-21 12:44 -------- d-----w- c:\program files\Winamp Detect
2011-05-21 12:44 . 2011-05-21 14:05 -------- d-----w- c:\users\user\AppData\Roaming\Winamp
2011-05-21 12:44 . 2011-05-21 12:46 -------- d-----w- c:\program files\Winamp
2011-05-19 15:01 . 2011-04-09 05:56 123904 ----a-w- c:\windows\system32\poqexec.exe
2011-05-17 23:04 . 2011-05-30 17:06 -------- d-----w- c:\users\user\AppData\Roaming\.minecraft
2011-05-13 14:35 . 2011-05-13 14:35 -------- d-----w- c:\program files\R.G. Catalyst
2011-05-13 10:59 . 2011-05-13 10:59 -------- d-----w- c:\users\user\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE. 1
2011-05-13 07:15 . 2011-05-13 07:16 -------- d-----w- c:\users\user\AppData\Roaming\GetRightToGo
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-06 20:19 . 2011-05-06 20:19 218688 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-05-02 14:31 . 2011-05-02 14:31 404128 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-04-30 21:29 . 2011-04-30 21:20 201728 ----a-w- c:\windows\system32\HarryPotter7Screensaver.scr
2011-04-09 06:13 . 2011-05-11 12:38 3957632 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-04-09 06:13 . 2011-05-11 12:38 3901824 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-04-08 05:14 . 2011-04-29 15:20 6299752 ----a-w- c:\windows\system32\nvwgf2um.dll
2011-04-08 05:14 . 2011-04-29 15:20 57960 ----a-w- c:\windows\system32\OpenCL.dll
2011-04-08 05:14 . 2011-04-29 15:20 944232 ----a-w- c:\windows\system32\nvdispco3220140.dll
2011-04-08 05:14 . 2011-04-29 15:20 855656 ----a-w- c:\windows\system32\nvgenco322060.dll
2011-04-08 05:14 . 2011-04-29 15:20 5180824 ----a-w- c:\windows\system32\nvcuda.dll
2011-04-08 05:14 . 2011-04-29 15:20 2765928 ----a-w- c:\windows\system32\nvcuvid.dll
2011-04-08 05:14 . 2011-04-29 15:20 2074216 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-04-08 05:14 . 2011-04-29 15:20 15227496 ----a-w- c:\windows\system32\nvoglv32.dll
2011-04-08 05:14 . 2011-04-29 15:20 13007464 ----a-w- c:\windows\system32\nvcompiler.dll
2011-04-08 05:14 . 2011-04-29 15:20 10920 ----a-w- c:\windows\system32\drivers\nvBridge.kmd
2011-04-08 05:14 . 2011-04-29 15:20 10690024 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2011-04-08 05:14 . 2011-04-29 15:20 10071656 ----a-w- c:\windows\system32\nvd3dum.dll
2011-04-08 05:14 . 2010-06-23 08:37 2034280 ----a-w- c:\windows\system32\nvapi.dll
2011-04-07 20:43 . 2011-04-07 20:43 580200 ----a-w- c:\windows\system32\easyUpdatusAPIU.dll
2011-04-07 20:43 . 2011-04-07 20:43 612456 ----a-w- c:\windows\system32\nvvsvc.exe
2011-04-07 20:43 . 2011-04-07 20:43 293992 ----a-w- c:\windows\system32\nvhotkey.dll
2011-04-07 20:43 . 2011-04-07 20:43 2582120 ----a-w- c:\windows\system32\nvsvcr.dll
2011-04-07 20:43 . 2011-04-07 20:43 111208 ----a-w- c:\windows\system32\nvmctray.dll
2011-04-07 20:43 . 2011-04-07 20:43 3701352 ----a-w- c:\windows\system32\nvcpl.dll
2011-04-07 20:43 . 2011-04-07 20:43 2565224 ----a-w- c:\windows\system32\nvsvc.dll
2011-03-29 03:07 . 2011-05-11 12:38 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys
2011-03-29 03:06 . 2011-05-11 12:38 76288 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2011-03-29 03:06 . 2011-05-11 12:38 284160 ----a-w- c:\windows\system32\drivers\usbport.sys
2011-03-29 03:06 . 2011-05-11 12:38 43008 ----a-w- c:\windows\system32\drivers\usbehci.sys
2011-03-29 03:06 . 2011-05-11 12:38 20480 ----a-w- c:\windows\system32\drivers\usbohci.sys
2011-03-29 03:06 . 2011-05-11 12:38 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2011-03-29 03:06 . 2011-05-11 12:38 5888 ----a-w- c:\windows\system32\drivers\usbd.sys
2011-03-16 14:34 . 2010-08-07 00:20 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-04-30 14:01 . 2011-03-22 15:59 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\user\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\user\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\user\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-01-26 15026056]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-06-23 39408]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
"MediaGet2"="c:\users\user\AppData\Local\MediaGet2\mediaget.exe" [2011-06-03 6045416]
"RESTART_STICKY_NOTES"="c:\windows\system32\StikyNot.exe" [2009-07-14 354304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent.exe" [2010-03-04 496184]
"AmIcoSinglun"="c:\program files\AmIcoSingLun\AmIcoSinglun.exe" [2010-06-10 233472]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-04-22 1725736]
"BackupManagerTray"="c:\program files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2010-03-08 260608]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-20 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-20 175640]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-20 169496]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2010-04-08 908368]
"PLFSetI"="c:\windows\PLFSetI.exe" [2010-07-20 206208]
"Acer ePower Management"="c:\program files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe" [2010-04-23 494112]
"EgisTecPMMUpdate"="c:\program files\EgisTec IPS\PmmUpdate.exe" [2009-12-25 401192]
"VitaKeyTSR"="c:\program files\Acer Bio Protection\EgisTSR.exe" [2010-05-01 186224]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-07 281768]
"NBAgent"="c:\program files\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe" [2010-06-08 1086760]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2011-03-17 74752]
"Openwares LiveUpdate"="c:\program files\LiveUpdate\LiveUpdate.exe" [2003-12-13 61440]
"Aqua Dock"="c:\program files\Aqua Dock\Aqua Dock.exe" [2003-11-01 386560]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-05-29 1047656]
"F-PROT Antivirus Tray application"="c:\program files\FRISK Software\F-PROT Antivirus for Windows\FProtTray.exe" [2010-11-03 1674016]
.
c:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]
Trillian.lnk - c:\program files\Trillian\trillian.exe [2011-2-15 2068832]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\syste m]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\Share dTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files\Fences\FencesMenu.dll" [2010-06-22 202088]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\FPAVSe rver]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Acer VCM.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Acer VCM.lnk
backup=c:\windows\pss\Acer VCM.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^user^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
path=c:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^user^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk]
path=c:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2010 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^user^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]
path=c:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
backup=c:\windows\pss\OpenOffice.org 3.2.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
2010-03-13 12:54 91520 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DisplayFusion]
2011-02-16 09:49 1516264 ----a-w- c:\program files\DisplayFusion\DisplayFusion.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Free Download Manager]
2010-04-28 20:28 3727411 ----a-w- c:\program files\Free Download Manager\fdm.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-02-12 11:28 136176 ----atw- c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
2007-01-01 21:22 3739648 ----a-w- c:\users\user\AppData\Roaming\Google\Google Talk\googletalk.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-07-21 13:53 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NetWorx]
2010-06-29 17:21 2944512 ----a-w- c:\program files\NetWorx\networx.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NortonOnlineBackupReminder]
2009-07-24 23:31 588648 ----a-w- c:\program files\Symantec\Norton Online Backup\Activation\NobuActivation.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ODDPwr]
2010-04-22 17:38 186912 ----a-w- c:\program files\Acer\Optical Drive Power Management\ODDPWR.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PeerGuardian]
2007-06-02 13:59 1457152 ----a-w- c:\program files\PeerGuardian2\pg2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-18 20:16 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SJelite3Launch]
2010-06-28 09:56 180224 ----a-w- c:\users\user\AppData\Roaming\Transcend\SJelite3\SJelite3Launch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-10-29 12:49 249064 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2010-06-23 08:21 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Google Update"="c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe" /c
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"EgisUpdate"="c:\program files\EgisTec IPS\EgisUpdate.exe" -d
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-08-07 135664]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2010-06-10 25600]
R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [2010-03-05 286248]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-03-01 33320]
R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-07-26 25832]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-08-07 135664]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2010-04-17 50432]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-08-08 1343400]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2008-05-06 11520]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-08-24 691696]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-05-06 218688]
S1 FPAV_RTP;FPAV_RTP;c:\windows\system32\DRIVERS\FPAV_RTP.sys [2010-09-22 693080]
S1 PSSDK42;PSSDK42;c:\windows\system32\Drivers\pssdk42.sys [2010-08-07 38976]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-04-27 136360]
S2 DsiWMIService;Dritek WMI Service;c:\program files\Launch Manager\dsiwmis.exe [2010-04-08 312400]
S2 EgisTec Service;EgisTec Service;c:\program files\Acer Bio Protection\EgisService.exe [2010-05-01 310128]
S2 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files\Common Files\EgisTec\Services\EgisTicketService.exe [2010-05-01 257904]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [2010-04-23 703008]
S2 FPAVServer;F-PROT Antivirus for Windows system;c:\program files\FRISK Software\F-PROT Antivirus for Windows\FPAVServer.exe [2010-11-03 83624]
S2 FPSensor;EgisTec-Corp Fingerprint Reader Driver (FPSensor.sys);c:\windows\system32\Drivers\FPSensor.sys [2010-07-20 29232]
S2 GREGService;GREGService;c:\program files\Acer\Registration\GREGsvc.exe [2010-01-08 23584]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-05-29 366640]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-03-08 250368]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2010-04-17 144640]
S2 ODDPwrSvc;Acer ODD Power Service;c:\program files\Acer\Optical Drive Power Management\ODDPWRSvc.exe [2010-04-22 129568]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-18 11032]
S2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [2010-01-29 260640]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-10-01 2314240]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2010-01-28 243232]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-26 132480]
S3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\DRIVERS\lgbtport.sys [2009-06-19 12032]
S3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\DRIVERS\lgbtbus.sys [2009-06-19 10496]
S3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\DRIVERS\lgvmodem.sys [2009-06-19 12928]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-05-29 22712]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HsfXAudioService REG_MULTI_SZ HsfXAudioService
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-07 05:13]
.
2011-06-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-07 05:13]
.
2011-06-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-895879528-1679901621-3576075842-1000Core.job
- c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-12 11:28]
.
2011-06-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-895879528-1679901621-3576075842-1000UA.job
- c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-12 11:28]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://start.facemoods.com/?a=ddrnw
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=1c09&m=travelmate_8572g&r=27050810f406l0433z296x46m4p31r
uInternet Settings,ProxyOverride = *.local
IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 10.0.0.2
FF - ProfilePath - c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ar6zmn4m.default\
FF - prefs.js: browser.search.selectedEngine - YouTube
FF - prefs.js: browser.startup.homepage - www.google.co.za
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-895879528-1679901621-3576075842-1000\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(1568)
c:\users\user\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
c:\program files\Fences\FencesMenu.dll
c:\program files\fences\DesktopDock.dll
c:\program files\WIDCOMM\Bluetooth Software\btncopy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\NVIDIA Corporation\Display\NvXDSync.exe
c:\windows\system32\nvvsvc.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\conhost.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\WIDCOMM\Bluetooth Software\btwdins.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\conhost.exe
c:\windows\system32\taskhost.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\windows\system32\conhost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\taskhost.exe
c:\program files\Windows Media Player\wmpnscfg.exe
c:\program files\Windows Media Player\wmpnscfg.exe
.
**************************************************************************
.
Completion time: 2011-06-11 16:15:35 - machine was rebooted
ComboFix-quarantined-files.txt 2011-06-11 14:15
ComboFix2.txt 2011-06-11 11:16
.
Pre-Run: 1*598*447*616 bytes free
Post-Run: 1*863*131*136 bytes free
.
- - End Of File - - F579B683274DDF59448FE62A90DAB520

Eset Log:

C:\Users\user\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\ac8c29b-17959963 multiple threats
C:\Users\user\Desktop\Hiren\Hirens.BootCD.9.6\Hiren's.BootCD.9.6.iso probably unknown NewHeur_PE virus
C:\Users\user\Downloads\MKVPlayerSetup.exe multiple threats
J:\Nero Local Autobackup\20110610_211415_Local Autobackup\C\Users\user\Desktop\Hiren\Hirens.BootCD.9.6\Hiren's.BootCD.9.6. iso probably unknown NewHeur_PE virus
J:\Nero Local Autobackup\20110610_211415_Local Autobackup\C\Users\user\Downloads\MKVPlayerSetup.exe multiple threats
J:\Nero Local Autobackup\20110611_191419_Local Autobackup\C\Users\user\Desktop\Hiren\Hirens.BootCD.9.6\Hiren's.BootCD.9.6. iso probably unknown NewHeur_PE virus
J:\Nero Local Autobackup\20110611_191419_Local Autobackup\C\Users\user\Downloads\MKVPlayerSetup.exe multiple threats

Security Check:


Results of screen317's Security Check version 0.99.13
Windows 7 (UAC is enabled)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
Avira AntiVir Personal - Free Antivirus
ESET Online Scanner v3
F-PROT Antivirus for Windows
WMI entry may not exist for antivirus; attempting automatic update.
Avira successfully updated!
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Java(TM) 6 Update 24
Out of date Java installed!
Flash Player Out of Date!
Adobe Flash Player 10.2.159.1
````````````````````````````````
Process Check:
objlist.exe by Laurent
Malwarebytes' Anti-Malware mbamservice.exe
Avira Antivir avguard.exe
FRISK Software F-PROT Antivirus for Windows FPAVServer.exe
``````````End of Log````````````
kevinf80's Avatar
kevinf80   (Kevin) kevinf80 is offline kevinf80 is authorized to help remove malware. kevinf80 has a Profile Picture
Computer Specs
Malware Removal Specialist with 8,514 posts.
  
Join Date: Mar 2006
Location: Sunderland UK
Experience: Intermediate
12-Jun-2011, 02:14 PM #8
Continue as follows please....

Step 1

Please download OTM by OldTimer.
Alternative Mirror 1
Alternative Mirror 2
Save it to your desktop.
Double click OTM.exe to start the tool. Vista or Windows 7 users right click and select Run as Administrator
  • Copy the text between the dotted lines below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    -------------------------------------------------------------------

    :Files
    ipconfig /flushdns /c
    C:\Users\user\Downloads\MKVPlayerSetup.exe
    J:\Nero Local Autobackup\20110610_211415_Local Autobackup\C\Users\user\Downloads\MKVPlayerSetup.exe
    J:\Nero Local Autobackup\20110611_191419_Local Autobackup\C\Users\user\Downloads\MKVPlayerSetup.exe
    :Commands
    [EmptyTemp]
    [ResetHosts]
    [CreateRestorePoint]

    ---------------------------------------------------------------------
  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTM
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

If the machine reboots, the Results log can be found here:

c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log

Where mmddyyyy_hhmmss is the date of the tool run.

Step 2

You have two Antivirus Programs running together, Avira and FRISK Software F-PROT Antivirus. One of them must be uninstalled, I recommend you keep Avira.

Let me see the log from OTM, Also tell me how your system is responding and what issues/concerns remain...

Kevin
Cait3d1d's Avatar
Computer Specs
Junior Member with 14 posts.
THREAD STARTER
  
Join Date: Jun 2011
Experience: Intermediate
12-Jun-2011, 02:39 PM #9
All processes killed
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\user\Desktop\cmd.bat deleted successfully.
C:\Users\user\Desktop\cmd.txt deleted successfully.
C:\Users\user\Downloads\MKVPlayerSetup.exe moved successfully.
J:\Nero Local Autobackup\20110610_211415_Local Autobackup\C\Users\user\Downloads\MKVPlayerSetup.exe moved successfully.
J:\Nero Local Autobackup\20110611_191419_Local Autobackup\C\Users\user\Downloads\MKVPlayerSetup.exe moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 41620 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: user
->Temp folder emptied: 1613149 bytes
->Temporary Internet Files folder emptied: 6088209 bytes
->Java cache emptied: 1975091 bytes
->FireFox cache emptied: 52047741 bytes
->Google Chrome cache emptied: 177490805 bytes
->Flash cache emptied: 211916 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 200704 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 525778 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 229.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully


OTM by OldTimer - Version 3.1.18.0 log created on 06122011_202817

Files moved on Reboot...
File move failed. C:\Windows\temp\dsiwmis.log scheduled to be moved on reboot.
File C:\Windows\temp\TMP0000207C1F3DE3D541F5D0DC not found!

Registry entries deleted on Reboot...

All processes killed
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\user\Desktop\cmd.bat deleted successfully.
C:\Users\user\Desktop\cmd.txt deleted successfully.
C:\Users\user\Downloads\MKVPlayerSetup.exe moved successfully.
J:\Nero Local Autobackup\20110610_211415_Local Autobackup\C\Users\user\Downloads\MKVPlayerSetup.exe moved successfully.
J:\Nero Local Autobackup\20110611_191419_Local Autobackup\C\Users\user\Downloads\MKVPlayerSetup.exe moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 41620 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: user
->Temp folder emptied: 1613149 bytes
->Temporary Internet Files folder emptied: 6088209 bytes
->Java cache emptied: 1975091 bytes
->FireFox cache emptied: 52047741 bytes
->Google Chrome cache emptied: 177490805 bytes
->Flash cache emptied: 211916 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 200704 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 525778 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 229.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully


OTM by OldTimer - Version 3.1.18.0 log created on 06122011_202817

Files moved on Reboot...
File move failed. C:\Windows\temp\dsiwmis.log scheduled to be moved on reboot.
File C:\Windows\temp\TMP0000207C1F3DE3D541F5D0DC not found!

Registry entries deleted on Reboot...

My system seems to be doing fine at the moment. Nothing has deleted itself again, everything is running pretty smoothly.
kevinf80's Avatar
kevinf80   (Kevin) kevinf80 is offline kevinf80 is authorized to help remove malware. kevinf80 has a Profile Picture
Computer Specs
Malware Removal Specialist with 8,514 posts.
  
Join Date: Mar 2006
Location: Sunderland UK
Experience: Intermediate
12-Jun-2011, 02:53 PM #10
OK lets clean up....

Step 1
  • Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
  • Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between the "x" and "/")

  • Please follow the prompts to uninstall Combofix.
  • You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself.
The above procedure will delete the following:
  • ComboFix and its associated files and folders.
  • VundoFix backups, if present
  • The C:_OtMoveIt folder, if present
  • Reset the clock settings.
  • Hide file extensions, if required.
  • Hide System/Hidden files, if required.
  • Reset System Restore.
It is very important that you get a successful uninstall because of the extra functions done at the same time, let me know if this does not happen.

Step 2
  • Download OTC by OldTimer and save it to your desktop. Alternative mirror
  • Double click icon to start the program.
    If you are using Vista or Windows 7, please right-click and choose run as administrator
  • Then Click the big button.
  • You will get a prompt saying "Begining Cleanup Process". Please select Yes.
  • Restart your computer when prompted.
  • This will remove tools we have used and itself. Any tools/logs remaining on the Desktop can be deleted.

Step 3

Remove the ESET Online Scanner components from your computer, start the Uninstall a Program applet from Start > Control Panel, select the ESET Online Scanner entry and click Uninstall. This will happen quickly, only re-boot if prompted.

Step 4

Your Adobe Flash Player is out of date. Older versions are vulnerable to attack and exploitation
Please go to the link below to update.
Adobe Flash Player Untick the Free McAfee® Security Scan Plus (optional) unless you want it. (not required)

Step 5

You are using an old version of Java. Sun's Java is sometimes updated in order to eliminate the exploitation of vulnerabilities in an existing version.
For this reason, it's extremely important that you keep the program up to date, and also remove the older more vulnerable versions from your system.
The most current version of Sun Java is: Java Runtime Environment Version 6 Update 26.
  • Go to Sun Java
  • Select Windows 7/XP/Vista/2000/2003/2008 If using 64 bit OS Select Information about the 64-bit Java plug-in and follow prompts
  • Install the new version by running the newly-downloaded file with the java icon which will be at your desktop, and follow the on-screen instructions.
  • Reboot your computer

Let me know if the above steps completed OK, also if any remaining issues or concerns...

Kevin
Cait3d1d's Avatar
Computer Specs
Junior Member with 14 posts.
THREAD STARTER
  
Join Date: Jun 2011
Experience: Intermediate
15-Jun-2011, 05:05 PM #11
Hi Kevin, thanks for all your help. Everything seems to be fine
kevinf80's Avatar
kevinf80   (Kevin) kevinf80 is offline kevinf80 is authorized to help remove malware. kevinf80 has a Profile Picture
Computer Specs
Malware Removal Specialist with 8,514 posts.
  
Join Date: Mar 2006
Location: Sunderland UK
Experience: Intermediate
15-Jun-2011, 05:34 PM #12
Good to hear that al is well for you, here are some tips to reduce the potential for malware infection in the future:

Make proper use of your antivirus and firewall

Antivirus and Firewall programs are integral to your computer security. However, just having them installed isn't enough. The definitions of these programs are frequently updated to detect the latest malware, if you don't keep up with these updates then you'll be vulnerable to infection. Many antivirus and firewall programs have automatic update features, make use of those if you can. If your program doesn't, then get in the habit of routinely performing manual updates, because it's important.

You should keep your antivirus and firewall guard enabled at all times, NEVER turn them off unless there's a specific reason to do so. Also, regularly performing a full system scan with your antivirus program is a good idea to make sure you're system remains clean. Once a week should be adequate. You can set the scan to run during a time when you don't plan to use the computer and just leave it to complete on its own.

Install and use WinPatrol This will inform you of any attempted unauthorized changes to your system.

WinPatrol features explained Here

You will have several programs installed, these maybe outdated and vulnerable to exploits also. To be certain, please run the free online scan by Secunia, available Here Before clicking the Start scan button, please check the box for the option Enable thorough system inspection. Just below the "Scan Options:" section, you'll see the status of what's currently processing....
...when the scan completes, the message "Detection completed successfully" will appear in the Programs/Result section. For each problem detected, Secunia will offer a "Solution" option. Please follow those instructions to download updated versions of the programs as recommended by Secunia.


Use a safer web browser

Internet Explorer is not the most secure tool for browsing the web. It has been known to be very susceptible to infection, and there are a few good free alternatives:

Firefox,

Opera, and

Chrome.

All of these are excellent faster, safer, more powerful and functional free alternatives to Internet Explorer. It's definitely worth the short period of adjustment to start using one of these. If you wish to continue using Internet Explorer, it would be a good idea to follow the tutorial HERE which will help you to make IE MUCH safer.

These browser add-ons will help to make your browser safer:

Web of Trust warns you about risky websites that try to scam visitors, deliver malware or send spam. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous ones:

Available for Firefox and Internet Explorer.

Green to go,
Yellow for caution, and
Red to stop.


Available for Firefox only. NoScript helps to block malicious scripts and in general gives you much better control over what types of things webpages can do to your computer while you're browsing.

These are just a couple of the most popular add-ons, if you're interested in more, take a look at THIS article.

Here a couple of links by two security experts that will give some excellent tips and advice.

So how did I get infected in the first place by Tony Klein

How to prevent Malware by Miekiemoes

Finally this link HERE will give a comprehensive upto date list of free Security programs. To include - Antivirus, Antispyware, Firewall, Antimalware, Online scanners and rescue CD`s.

Don`t forget, the best form of defense is common sense. If you don`t recognize it, don`t open it. If something looks to good to be true, then it aint.

If no remaining issues hit the Mark Solved tab at the top of the thread...

Kevin
Email This Email  Print This Print  Tweet This Send to Facebook Send to MySpace Send to StumbleUpon Digg This | More Services More
Reply
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join Today!

Tags
files deleted, virus

(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!

« Previous Thread | Virus & Other Malware Removal | Next Thread »

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


TECH SUPPORT GUY
WELCOME
FOLLOW US
 
You Are Using: Server ID
All times are GMT -4. The time now is 11:09 AM.
Advertisements do not imply our endorsement of that product or service.
Copyright © 1996 - 2013 TechGuy, Inc. All rights reserved. Privacy & Terms.

Trusted Website Back to the Top ↑