1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

All internet browsers keep crashing - possible virus or malware?

Discussion in 'Virus & Other Malware Removal' started by scordes, Jan 22, 2013.

Thread Status:
Not open for further replies.
Advertisement
  1. scordes

    scordes Thread Starter

    Joined:
    Jan 18, 2013
    Messages:
    4
    Hi there. I need help please. My internet browsers are constantly crashing. IE is the worst, followed by firefox. Google chrome is ok sometimes and really bad at other times. I have done full scans with avira and malware but it is still happening. Here are my logs and thanks in advance for your help.

    Steve

    Hijack this

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 20:55:53, on 22/01/2013
    Platform: Windows Vista SP2 (WinNT 6.00.1906)
    MSIE: Internet Explorer v9.00 (9.00.8112.16457)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Windows\RtHDVCpl.exe
    C:\Windows\vsnp2uvc.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Microsoft IntelliType Pro\itype.exe
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    C:\Program Files\KidLogger\Kidlogger.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Ask.com\Updater\Updater.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Windows Live\Contacts\wlcomm.exe
    C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\taskeng.exe
    C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Users\User\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/webhp?sourceid=navclient&hl=en-GB&ie=UTF-8&rlz=1T4SUNA_enGB255GB255
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?ilc=8&fr=mkg029
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://uk.search.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?ilc=8&fr=mkg029
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll
    R3 - URLSearchHook: uTorrentControl_v2 Toolbar - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files\uTorrentControl_v2\prxtbuTor.dll
    O1 - Hosts: ::1 localhost
    O2 - BHO: SearchElf 1.1 - {00f2c0c6-2194-484e-9064-44e57787867b} - C:\Program Files\SearchElf_1.1\tbSea0.dll
    O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    O2 - BHO: uTorrentControl_v2 - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files\uTorrentControl_v2\prxtbuTor.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
    O3 - Toolbar: SearchElf 1.1 Toolbar - {00f2c0c6-2194-484e-9064-44e57787867b} - C:\Program Files\SearchElf_1.1\tbSea0.dll
    O3 - Toolbar: uTorrentControl_v2 Toolbar - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files\uTorrentControl_v2\prxtbuTor.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O3 - Toolbar: Avira SearchFree Toolbar plus Web Protection - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [snp2uvc] C:\Windows\vsnp2uvc.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
    O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
    O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
    O4 - HKLM\..\Run: [MS Shell Services] C:\Program Files\KidLogger\Kidlogger.exe -m
    O4 - HKLM\..\Run: [tsnpstd] C:\Windows\tsnpstd.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files\Ask.com\Updater\Updater.exe"
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\Windows\System32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1100429 -Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; GTB6; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.5.30729; .NET CLR 3.0.30618; OfficeLiveConnector.1.4; OfficeLivePatch.0.0; yie8)
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
    O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\Windows\system32\Shdocvw.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O16 - DPF: {004DF9D9-566D-11D7-B77D-00E018901A05} (Iqeye Control) - http://87.252.53.28/iqeye.ocx.gz
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
    O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
    O16 - DPF: {1C3DE665-D259-4C72-9D7D-C51FCB4CCFB9} (Panasonic Network Camera) - http://217.155.209.14:2220/SysCamInst.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper200711281.dll
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/VistaMSNPUplden-gb.cab
    O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://www.great-yarmouth.gov.uk:8080/live/AxisCamControl.ocx
    O16 - DPF: {96816368-C1E3-414D-A193-63C3CC921990} (MJPEGRender Control) - http://greatyarmouth-webcam.remotemanager.co.uk/common/activex/MJPEGRender.ocx
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
    O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/webgames/popcaploader_v10.cab
    O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUplden-gb.cab
    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: Avira Web Protection (AntiVirWebService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
    O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

    --
    End of file - 11595 bytes

    DDS log

    DDS (Ver_2012-11-20.01) - NTFS_x86
    Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.5.1
    Run by User at 20:56:39 on 2013-01-22
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3318.2005 [GMT 0:00]
    .
    AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
    SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
    .
    ============== Running Processes ================
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\SLsvc.exe
    C:\Windows\System32\spoolsv.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\RtHDVCpl.exe
    C:\Windows\vsnp2uvc.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Microsoft IntelliType Pro\itype.exe
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    C:\Program Files\KidLogger\Kidlogger.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Ask.com\Updater\Updater.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Windows Live\Contacts\wlcomm.exe
    C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.co.uk/webhp?sourceid=navclient&hl=en-GB&ie=UTF-8&rlz=1T4SUNA_enGB255GB255
    uWindow Title = Windows Internet Explorer provided by Yahoo!
    mStart Page = hxxp://www.yahoo.com/?ilc=8&fr=mkg029
    mSearch Page = hxxp://uk.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://uk.search.yahoo.com
    mDefault_Page_URL = hxxp://www.yahoo.com/?ilc=8&fr=mkg029
    uURLSearchHooks: UrlSearchHook Class: {00000000-6E41-4FD3-8538-502F5495E5FC} - c:\program files\ask.com\GenericAskToolbar.dll
    uURLSearchHooks: uTorrentControl_v2 Toolbar: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - c:\program files\utorrentcontrol_v2\prxtbuTor.dll
    mURLSearchHooks: SearchElf 1.1 Toolbar: {00f2c0c6-2194-484e-9064-44e57787867b} - c:\program files\searchelf_1.1\tbSea0.dll
    mURLSearchHooks: uTorrentControl_v2 Toolbar: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - c:\program files\utorrentcontrol_v2\prxtbuTor.dll
    BHO: SearchElf 1.1 Toolbar: {00f2c0c6-2194-484e-9064-44e57787867b} - c:\program files\searchelf_1.1\tbSea0.dll
    BHO: {02478D38-C3F9-4EFB-9B51-7695ECA05670} - <orphaned>
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
    BHO: uTorrentControl_v2 Toolbar: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - c:\program files\utorrentcontrol_v2\prxtbuTor.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - c:\program files\windows live\companion\companioncore.dll
    BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Avira SearchFree Toolbar plus Web Protection: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
    TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: Avira SearchFree Toolbar plus Web Protection: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
    TB: SearchElf 1.1 Toolbar: {00F2C0C6-2194-484E-9064-44E57787867B} - c:\program files\searchelf_1.1\tbSea0.dll
    TB: uTorrentControl_v2 Toolbar: {7473B6BD-4691-4744-A82B-7854EB3D70B6} - c:\program files\utorrentcontrol_v2\prxtbuTor.dll
    TB: SearchElf 1.1 Toolbar: {00f2c0c6-2194-484e-9064-44e57787867b} - c:\program files\searchelf_1.1\tbSea0.dll
    TB: uTorrentControl_v2 Toolbar: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - c:\program files\utorrentcontrol_v2\prxtbuTor.dll
    TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: Avira SearchFree Toolbar plus Web Protection: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
    EB: Real.com: {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\shdocvw.dll
    uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
    uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
    uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messen~1\YahooMessenger.exe" -quiet
    uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockw~1\SWHELP~1.EXE -Update -1100429 -Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; GTB6; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.5.30729; .NET CLR 3.0.30618; OfficeLiveConnector.1.4; OfficeLivePatch.0.0; yie8)
    mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
    mRun: [RtHDVCpl] RtHDVCpl.exe
    mRun: [snp2uvc] c:\windows\vsnp2uvc.exe
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
    mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
    mRun: [MS Shell Services] c:\program files\kidlogger\Kidlogger.exe -m
    mRun: [tsnpstd] c:\windows\tsnpstd.exe
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"
    mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
    mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE}
    LSP: c:\program files\avira\antivir desktop\avsda.dll
    DPF: {004DF9D9-566D-11D7-B77D-00E018901A05} - hxxp://87.252.53.28/iqeye.ocx.gz
    DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
    DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - hxxp://www.musicnotes.com/download/mnviewer.cab
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
    DPF: {1C3DE665-D259-4C72-9D7D-C51FCB4CCFB9} - hxxp://217.155.209.14:2220/SysCamInst.cab
    DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
    DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper200711281.dll
    DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w2/resources/VistaMSNPUplden-gb.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
    DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - hxxp://www.great-yarmouth.gov.uk:8080/live/AxisCamControl.ocx
    DPF: {96816368-C1E3-414D-A193-63C3CC921990} - hxxp://greatyarmouth-webcam.remotemanager.co.uk/common/activex/MJPEGRender.ocx
    DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
    DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
    DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://www.popcap.com/webgames/popcaploader_v10.cab
    DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUplden-gb.cab
    TCP: NameServer = 192.168.1.254
    TCP: Interfaces\{92AF3B6C-09A4-4A59-9016-AE7105A244CA} : DHCPNameServer = 192.168.1.254
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
    Notify: igfxcui - igfxdev.dll
    LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
    mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
    mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\user\appdata\roaming\mozilla\firefox\profiles\s81c7r28.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=mkg030&p=
    FF - prefs.js: browser.search.selectedEngine - Ask.com
    FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/?ilc=8&fr=mkg031
    FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-4&o=APN10267&locale=en_GB&apn_uid=6089107d-a8dd-4e86-9d6d-a84c6f08501e&apn_ptnrs=%5EAGY&apn_sauid=B89C69D6-EA80-435A-B64F-20F4EC59F446&apn_dtid=%5EYYYYYY%5EYY%5EGB&&q=
    FF - prefs.js: network.proxy.type - 0
    FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
    FF - plugin: c:\program files\microsoft\office live\npOLW.dll
    FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
    FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
    FF - plugin: c:\programdata\realarcade\npraclient.dll
    FF - plugin: c:\programdata\zylom\zylomgamesplayer\npzylomgamesplayer.dll
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
    ============= SERVICES / DRIVERS ===============
    .
    R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2013-1-19 36552]
    R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2013-1-19 85280]
    R2 AntiVirService;Avira Real-Time Protection;c:\program files\avira\antivir desktop\avguard.exe [2013-1-19 109344]
    R2 AntiVirWebService;Avira Web Protection;c:\program files\avira\antivir desktop\avwebgrd.exe [2013-1-19 565024]
    R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2013-1-19 83944]
    R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-6-6 21504]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2012-4-4 39272]
    S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2012-3-8 1492840]
    S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2011-2-10 9216]
    S3 P1001VID;Creative WebCam (WDM);c:\windows\system32\drivers\P1001Vid.sys [2007-12-26 395224]
    S3 silabenm;Silicon Labs CP210x USB to UART Bridge Serial Port Enumerator Driver;c:\windows\system32\drivers\silabenm.sys [2008-12-8 17920]
    S3 silabser;Silicon Labs CP210x USB to UART Bridge Driver;c:\windows\system32\drivers\silabser.sys [2008-12-18 62592]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
    .
    =============== Created Last 30 ================
    .
    2013-01-22 09:46:51 -------- d-----w- c:\users\user\appdata\local\{46B7F5AC-2AB1-44D4-8CC2-310CA1AEA179}
    2013-01-21 21:46:28 -------- d-----w- c:\users\user\appdata\local\{1FAA05A6-8E41-4EA9-9D57-C171ACC25FFE}
    2013-01-21 09:45:53 -------- d-----w- c:\users\user\appdata\local\{75E3E1AA-6BB1-4C0D-ACFD-07E25A6FDBF4}
    2013-01-20 21:45:16 -------- d-----w- c:\users\user\appdata\local\{CD635427-7B82-4149-865B-4401433508F2}
    2013-01-20 09:44:54 -------- d-----w- c:\users\user\appdata\local\{F4BB5FF1-9A8F-4CA6-9A05-D90F09982375}
    2013-01-19 21:44:18 -------- d-----w- c:\users\user\appdata\local\{D08DABA0-6FBC-4017-B1AA-0886CA78ABDC}
    2013-01-19 19:30:10 -------- d-----w- c:\users\user\appdata\roaming\Avira
    2013-01-19 19:25:55 -------- d-----w- c:\users\user\appdata\local\APN
    2013-01-19 19:25:43 83944 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2013-01-19 19:25:43 36552 ----a-w- c:\windows\system32\drivers\avkmgr.sys
    2013-01-19 19:25:42 -------- d-----w- c:\programdata\Avira
    2013-01-19 19:25:42 -------- d-----w- c:\program files\Avira
    2013-01-19 09:43:56 -------- d-----w- c:\users\user\appdata\local\{5C56EB5D-E9E2-4CCA-AE91-42C513AA802D}
    2013-01-18 21:43:22 -------- d-----w- c:\users\user\appdata\local\{64140C73-6F4D-4048-865E-5992DB3A07FD}
    2013-01-18 18:24:42 -------- d-----w- c:\programdata\Ask
    2013-01-18 18:22:50 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
    2013-01-18 16:36:26 6991832 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{f50494c5-4c24-4437-bbf3-32c8f91d6e46}\mpengine.dll
    2013-01-18 09:43:00 -------- d-----w- c:\users\user\appdata\local\{9202C29B-7698-414D-91C4-839E92A59AD6}
    2013-01-17 22:03:53 2048000 ----a-w- c:\windows\system32\win32k.sys
    2013-01-17 22:01:26 204288 ----a-w- c:\windows\system32\ncrypt.dll
    2013-01-17 22:00:05 1400832 ----a-w- c:\windows\system32\msxml6.dll
    2013-01-17 21:42:36 -------- d-----w- c:\users\user\appdata\local\{A76CCCC9-0746-44A1-A2A1-C0EBC43E65F6}
    2013-01-17 15:25:51 -------- d-----w- c:\program files\Microsoft Security Client
    2013-01-16 17:38:59 -------- d-----w- c:\users\user\appdata\roaming\SpeedMaxPc
    2013-01-16 17:38:59 -------- d-----w- c:\users\user\appdata\roaming\DriverCure
    2013-01-16 17:38:50 -------- d-----w- c:\programdata\SpeedMaxPc
    2013-01-07 21:13:38 -------- d-----w- c:\users\user\appdata\local\{CE765F94-6150-49D5-BEC4-8521483D1FBC}
    2013-01-07 09:13:16 -------- d-----w- c:\users\user\appdata\local\{F7FD2F63-685A-461F-BA82-8A4C2939927D}
    2013-01-06 21:12:42 -------- d-----w- c:\users\user\appdata\local\{4E2C2AC9-9790-4CA5-90E4-91DA90500F97}
    2013-01-06 09:12:20 -------- d-----w- c:\users\user\appdata\local\{05CE397E-FC2D-428B-B8F0-DB2E18C34912}
    2013-01-05 21:11:45 -------- d-----w- c:\users\user\appdata\local\{990F8EF6-2EE5-41EF-89CB-918569F9194B}
    2013-01-05 09:11:23 -------- d-----w- c:\users\user\appdata\local\{D10C0E7F-1282-41BC-9E62-558B52B0E4A8}
    2013-01-04 21:10:48 -------- d-----w- c:\users\user\appdata\local\{6849B698-CE6A-46DD-8D74-7F98D99D6A53}
    2013-01-04 09:10:27 -------- d-----w- c:\users\user\appdata\local\{0B1DFCF5-FD5D-45DF-8887-E5C2BA233606}
    2013-01-03 21:09:52 -------- d-----w- c:\users\user\appdata\local\{E0259AC6-0357-465E-8D17-B501764DCEA2}
    2013-01-03 09:09:30 -------- d-----w- c:\users\user\appdata\local\{596900F1-DFCD-49C4-B284-36CE68926879}
    2013-01-02 21:08:56 -------- d-----w- c:\users\user\appdata\local\{105B47C7-8404-4C6A-BF28-DE03C55B96BD}
    2013-01-02 09:08:34 -------- d-----w- c:\users\user\appdata\local\{28FED484-FA18-44BD-8814-C3A97AA524DA}
    2013-01-01 21:07:36 -------- d-----w- c:\users\user\appdata\local\{A15AAFA1-2D10-488D-A6EB-03E1E94FE8F7}
    2013-01-01 09:07:14 -------- d-----w- c:\users\user\appdata\local\{1F751E50-A58E-49E2-85A3-114E1845CF4C}
    2012-12-31 21:06:51 -------- d-----w- c:\users\user\appdata\local\{C1F2EEFE-D407-4CE9-976F-B4EDDFFE921E}
    2012-12-31 09:06:29 -------- d-----w- c:\users\user\appdata\local\{E37ECD15-EA0A-4A3E-B203-09B092050BCC}
    2012-12-30 21:05:55 -------- d-----w- c:\users\user\appdata\local\{A9B14D62-530B-4158-B3D4-8ED4AE44FBF1}
    2012-12-30 09:05:33 -------- d-----w- c:\users\user\appdata\local\{44D09EAE-3B93-4A0F-9FB4-3FB721C16793}
    2012-12-29 21:04:59 -------- d-----w- c:\users\user\appdata\local\{5C3C02B0-60A3-486C-B117-5D4D5CA89EE7}
    2012-12-29 09:04:48 -------- d-----w- c:\users\user\appdata\local\{DD75B0BA-24BB-4675-A7BE-EFE07C35E691}
    2012-12-28 21:04:12 -------- d-----w- c:\users\user\appdata\local\{E8970A7E-0F65-49AA-87A4-63B86BA17FA6}
    2012-12-28 09:03:41 -------- d-----w- c:\users\user\appdata\local\{26323584-B670-4CE9-96A2-2E71080AF19F}
    2012-12-27 09:21:13 -------- d-----w- c:\users\user\appdata\local\{841E1080-B196-44FE-8146-DEE512017D56}
    2012-12-26 21:20:39 -------- d-----w- c:\users\user\appdata\local\{C7735666-C4CB-480A-A13A-FC9B930C3AE1}
    2012-12-26 09:20:17 -------- d-----w- c:\users\user\appdata\local\{FEFB4287-86E1-4509-966F-4BDD4F6E1379}
    2012-12-25 21:19:20 -------- d-----w- c:\users\user\appdata\local\{98E73025-788A-429D-AA50-1E23B3C823AB}
    2012-12-25 09:18:58 -------- d-----w- c:\users\user\appdata\local\{7E428280-9F77-4819-9579-8A273AA064A8}
    2012-12-24 21:18:24 -------- d-----w- c:\users\user\appdata\local\{10E35CD9-2870-4371-87B1-AA91F745D577}
    2012-12-24 09:18:02 -------- d-----w- c:\users\user\appdata\local\{5905CB02-EC47-4D08-B784-A7C382D39E9D}
    2012-12-23 21:17:28 -------- d-----w- c:\users\user\appdata\local\{3ADFB3D8-478E-4E1F-AF08-C8B7D93CE0A0}
    .
    ==================== Find3M ====================
    .
    2013-01-20 13:13:22 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2013-01-20 13:13:22 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-12-16 13:12:54 34304 ----a-w- c:\windows\system32\atmlib.dll
    2012-12-16 10:50:29 293376 ----a-w- c:\windows\system32\atmfd.dll
    2012-11-14 02:09:22 1800704 ----a-w- c:\windows\system32\jscript9.dll
    2012-11-14 01:58:15 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
    2012-11-14 01:57:37 1129472 ----a-w- c:\windows\system32\wininet.dll
    2012-11-14 01:49:25 142848 ----a-w- c:\windows\system32\ieUnatt.exe
    2012-11-14 01:48:27 420864 ----a-w- c:\windows\system32\vbscript.dll
    2012-11-14 01:44:42 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2012-11-13 01:29:51 2048 ----a-w- c:\windows\system32\tzres.dll
    2012-11-02 10:18:17 376320 ----a-w- c:\windows\system32\dpnet.dll
    2012-11-02 08:26:06 23040 ----a-w- c:\windows\system32\dpnsvr.exe
    .
    ============= FINISH: 20:57:43.39 ===============

    attach file

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft® Windows Vista™ Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 12/12/2007 13:36:52
    System Uptime: 22/01/2013 15:13:55 (5 hours ago)
    .
    Motherboard: Foxconn | | 945 7MD Series
    Processor: Intel(R) Pentium(R) Dual CPU E2180 @ 2.00GHz | Socket 775 | 1000/49mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 149 GiB total, 55.043 GiB free.
    D: is CDROM (UDF)
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP2181: 18/01/2013 18:21:01 - Installed Java 7 Update 11
    RP2182: 19/01/2013 09:42:58 - Scheduled Checkpoint
    RP2183: 19/01/2013 17:23:28 - Removed Ask Toolbar.
    RP2184: 20/01/2013 08:19:49 - Windows Update
    RP2185: 21/01/2013 09:40:35 - Scheduled Checkpoint
    RP2186: 21/01/2013 21:41:00 - Scheduled Checkpoint
    RP2187: 22/01/2013 17:35:42 - Scheduled Checkpoint
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    Acrobat.com
    Adobe AIR
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader 9.4.6
    Adobe Shockwave Player
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Ask Toolbar
    µTorrent
    Avira Free Antivirus
    Avira SearchFree Toolbar plus Web Protection Updater
    Bonjour
    CA Yahoo! Anti-Spy (remove only)
    CCleaner
    Creative WebCam Driver
    D3DX10
    forteManager
    Fruit Machine Emulators
    Future Pinball
    getPlus(R) for Adobe
    Google Chrome
    Google Earth
    Google Toolbar for Internet Explorer
    Google Update Helper
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Intel(R) Graphics Media Accelerator Driver
    Java 7 Update 11
    Java Auto Updater
    Java(TM) 6 Update 31
    JavaFX 2.1.1
    Junk Mail filter update
    KidLogger 5.6.15
    LightScribe 1.6.43.1
    Malwarebytes Anti-Malware version 1.61.0.1400
    Mesh Runtime
    Messenger Companion
    Microfuzion Update Prorgam
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft IntelliPoint 7.0
    Microsoft IntelliType Pro 7.0
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Home and Student 2007
    Microsoft Office Live Add-in 1.5
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Search Enhancement Pack
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable - KB2467175
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Mozilla Firefox 4.0.1 (x86 en-GB)
    MSVCRT
    OGA Notifier 2.0.0048.0
    OpenAL
    OpenOffice.org Installer 1.0
    QuickTime
    RealPlayer Basic
    Realtek High Definition Audio Driver
    Remote Mouse version 1.09
    SDK
    SearchElf 1.1 Toolbar
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
    Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
    Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
    Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
    Segoe UI
    Silicon Laboratories CP210x Evaluation Kit Tools Release 3.1
    Spelling Dictionaries Support For Adobe Reader 9
    Spotify
    Stenders
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    USB PC Camera (SN9C103)
    USB2.0 UVC Camera
    uTorrentControl_v2 Toolbar
    Viewpoint Media Player
    Visual Install Pack
    Visual Pinball
    Visual Pinball VPInstaller 1.0.3
    VobSub v2.23 (Remove Only)
    Web Games Player Plugin
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Family Safety
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Mail
    Windows Live Mesh
    Windows Live Mesh ActiveX Control for Remote Connections
    Windows Live Messenger
    Windows Live Messenger Companion Core
    Windows Live MIME IFilter
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live Remote Client
    Windows Live Remote Client Resources
    Windows Live Remote Service
    Windows Live Remote Service Resources
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live Sync
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    WinRAR 4.10 (32-bit)
    Yahoo! BrowserPlus 2.9.8
    Yahoo! Messenger
    Yahoo! Software Update
    ZTE_1.2059.0.8
    .
    ==== Event Viewer Messages From Past Week ========
    .
    20/01/2013 08:21:47, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f020b: SAMSUNG Electronics Co., Ltd. - Other hardware - SAMSUNG Mobile USB Composite Device.
    18/01/2013 08:08:51, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
    18/01/2013 08:08:51, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    18/01/2013 08:08:51, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    17/01/2013 22:03:46, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Windows Defender - KB915597 (Definition 1.141.3926.0).
    17/01/2013 21:55:30, Error: Microsoft-Windows-Windows Defender [2004] - Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. Signatures Attempted: Current Error Code: 0x8050a001 Error description: The program can't find definition files that help detect unwanted software. Check for updates to the definition files, and then try again. For information on installing updates, see Help and Support. Signatures loading: Backup Loading signature version: 1.141.3676.0 Loading engine version: 1.1.9002.0
    17/01/2013 20:43:00, Error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The system cannot find the path specified.
    17/01/2013 15:30:10, Error: Microsoft Antimalware [2001] -
    17/01/2013 15:14:08, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} to the user User-PC\User SID (S-1-5-21-1148538770-2691049322-1759465102-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
    .
    ==== End Of File ===========================


    ark file

    GMER 2.0.18444 - http://www.gmer.net
    Rootkit scan 2013-01-22 22:11:06
    Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-5 MAXTOR_STM3160215AS rev.3.AAD 149.05GB
    Running: e5rv9vtn.exe; Driver: C:\Users\User\AppData\Local\Temp\kxldapob.sys


    ---- System - GMER 2.0 ----

    SSDT 8D210B4E ZwCreateSection
    SSDT 8D210B58 ZwRequestWaitReplyPort
    SSDT 8D210B53 ZwSetContextThread
    SSDT 8D210B5D ZwSetSecurityObject
    SSDT 8D210B62 ZwSystemDebugControl
    SSDT 8D210AEF ZwTerminateProcess

    ---- Kernel code sections - GMER 2.0 ----

    .text ntkrnlpa.exe!KeSetEvent + 215 820BC8D8 4 Bytes [4E, 0B, 21, 8D]
    .text ntkrnlpa.exe!KeSetEvent + 539 820BCBFC 4 Bytes [58, 0B, 21, 8D]
    .text ntkrnlpa.exe!KeSetEvent + 56D 820BCC30 4 Bytes [53, 0B, 21, 8D]
    .text ntkrnlpa.exe!KeSetEvent + 5D1 820BCC94 4 Bytes [5D, 0B, 21, 8D]
    .text ntkrnlpa.exe!KeSetEvent + 619 820BCCDC 4 Bytes [62, 0B, 21, 8D]
    .text ...
    ? C:\Users\User\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !

    ---- User code sections - GMER 2.0 ----

    .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[948] ntdll.dll!NtCreateFile + 6 76E1424A 4 Bytes [28, 20, 26, 00]
    .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[948] ntdll.dll!NtCreateFile + B 76E1424F 1 Byte [E2]
    .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[948] ntdll.dll!NtMapViewOfSection + 6 76E1499A 4 Bytes [28, 23, 26, 00]
    .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[948] ntdll.dll!NtMapViewOfSection + B 76E1499F 1 Byte [E2]
    .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[948] ntdll.dll!NtOpenFile + 6 76E14A2A 4 Bytes [68, 20, 26, 00]
    .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[948] ntdll.dll!NtOpenFile + B 76E14A2F 1 Byte [E2]
    .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[948] ntdll.dll!NtOpenProcess + 6 76E14AAA 4 Bytes [A8, 21, 26, 00]
    .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[948] ntdll.dll!NtOpenProcess + B 76E14AAF 1 Byte [E2]
    .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[948] ntdll.dll!NtOpenProcessToken + 6 76E14ABA 4 Bytes CALL 75E170E0 C:\Windows\system32\USER32.dll (Multi-User Windows USER API Client DLL/Microsoft Corporation)
    .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[948] ntdll.dll!NtOpenProcessToken + B 76E14ABF 1 Byte [E2]
    .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[948] ntdll.dll!NtOpenProcessTokenEx + 6 76E14ACA 4 Bytes [A8, 22, 26, 00]
    .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[948] ntdll.dll!NtOpenProcessTokenEx + B 76E14ACF 1 Byte [E2]
    .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[948] ntdll.dll!NtOpenThread + 6 76E14B1A 4 Bytes [68, 21, 26, 00]
    .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[948] ntdll.dll!NtOpenThread + B 76E14B1F 1 Byte [E2]
    .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[948] ntdll.dll!NtOpenThreadToken + 6 76E14B2A 4 Bytes [68, 22, 26, 00]
    .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[948] ntdll.dll!NtOpenThreadToken + B 76E14B2F 1 Byte [E2]
    .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[948] ntdll.dll!NtOpenThreadTokenEx + 6 76E14B3A 4 Bytes CALL 75E17161 C:\Windows\system32\USER32.dll (Multi-User Windows USER API Client DLL/Microsoft Corporation)
    .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[948] ntdll.dll!NtOpenThreadTokenEx + B 76E14B3F 1 Byte [E2]
    .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[948] ntdll.dll!NtQueryAttributesFile + 6 76E14BCA 4 Bytes [A8, 20, 26, 00]
    .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[948] ntdll.dll!NtQueryAttributesFile + B 76E14BCF 1 Byte [E2]
    .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[948] ntdll.dll!NtQueryFullAttributesFile + 6 76E14C7A 4 Bytes CALL 75E1729F C:\Windows\system32\USER32.dll (Multi-User Windows USER API Client DLL/Microsoft Corporation)
    .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[948] ntdll.dll!NtQueryFullAttributesFile + B 76E14C7F 1 Byte [E2]
    .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[948] ntdll.dll!NtSetInformationFile + 6 76E1515A 4 Bytes [28, 21, 26, 00]
    .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[948] ntdll.dll!NtSetInformationFile + B 76E1515F 1 Byte [E2]
    .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[948] ntdll.dll!NtSetInformationThread + 6 76E151AA 4 Bytes [28, 22, 26, 00]
    .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[948] ntdll.dll!NtSetInformationThread + B 76E151AF 1 Byte [E2]
    .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[948] ntdll.dll!NtUnmapViewOfSection + 6 76E1544A 4 Bytes [68, 23, 26, 00]
    .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[948] ntdll.dll!NtUnmapViewOfSection + B 76E1544F 1 Byte [E2]
    .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3444] ntdll.dll!NtCreateFile + 6 76E1424A 4 Bytes [28, 64, E0, 00] {SUB [EAX+0x0], AH}
    .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3444] ntdll.dll!NtCreateFile + B 76E1424F 1 Byte [E2]
    .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3444] ntdll.dll!NtMapViewOfSection + 6 76E1499A 4 Bytes [28, 67, E0, 00]
    .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3444] ntdll.dll!NtMapViewOfSection + B 76E1499F 1 Byte [E2]
    .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3444] ntdll.dll!NtOpenFile + 6 76E14A2A 4 Bytes [68, 64, E0, 00]
    .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3444] ntdll.dll!NtOpenFile + B 76E14A2F 1 Byte [E2]
    .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3444] ntdll.dll!NtOpenProcess + 6 76E14AAA 4 Bytes [A8, 65, E0, 00] {TEST AL, 0x65; LOOPNZ 0x4}
    .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3444] ntdll.dll!NtOpenProcess + B 76E14AAF 1 Byte [E2]
    .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3444] ntdll.dll!NtOpenProcessToken + 6 76E14ABA 4 Bytes CALL 75E22B24
    .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3444] ntdll.dll!NtOpenProcessToken + B 76E14ABF 1 Byte [E2]
    .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3444] ntdll.dll!NtOpenProcessTokenEx + 6 76E14ACA 4 Bytes [A8, 66, E0, 00] {TEST AL, 0x66; LOOPNZ 0x4}
    .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3444] ntdll.dll!NtOpenProcessTokenEx + B 76E14ACF 1 Byte [E2]
    .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3444] ntdll.dll!NtOpenThread + 6 76E14B1A 4 Bytes [68, 65, E0, 00]
    .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3444] ntdll.dll!NtOpenThread + B 76E14B1F 1 Byte [E2]
    .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3444] ntdll.dll!NtOpenThreadToken + 6 76E14B2A 4 Bytes [68, 66, E0, 00]
    .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3444] ntdll.dll!NtOpenThreadToken + B 76E14B2F 1 Byte [E2]
    .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3444] ntdll.dll!NtOpenThreadTokenEx + 6 76E14B3A 4 Bytes CALL 75E22BA5
    .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3444] ntdll.dll!NtOpenThreadTokenEx + B 76E14B3F 1 Byte [E2]
    .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3444] ntdll.dll!NtQueryAttributesFile + 6 76E14BCA 4 Bytes [A8, 64, E0, 00] {TEST AL, 0x64; LOOPNZ 0x4}
    .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3444] ntdll.dll!NtQueryAttributesFile + B 76E14BCF 1 Byte [E2]
    .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3444] ntdll.dll!NtQueryFullAttributesFile + 6 76E14C7A 4 Bytes CALL 75E22CE3
    .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3444] ntdll.dll!NtQueryFullAttributesFile + B 76E14C7F 1 Byte [E2]
    .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3444] ntdll.dll!NtSetInformationFile + 6 76E1515A 4 Bytes [28, 65, E0, 00]
    .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3444] ntdll.dll!NtSetInformationFile + B 76E1515F 1 Byte [E2]
    .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3444] ntdll.dll!NtSetInformationThread + 6 76E151AA 4 Bytes [28, 66, E0, 00]
    .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3444] ntdll.dll!NtSetInformationThread + B 76E151AF 1 Byte [E2]
    .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3444] ntdll.dll!NtUnmapViewOfSection + 6 76E1544A 4 Bytes [68, 67, E0, 00]
    .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3444] ntdll.dll!NtUnmapViewOfSection + B 76E1544F 1 Byte [E2]
    .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3700] ntdll.dll!NtCreateFile + 6 76E1424A 4 Bytes [28, 98, 78, 00]
    .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3700] ntdll.dll!NtCreateFile + B 76E1424F 1 Byte [E2]
    .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3700] ntdll.dll!NtMapViewOfSection + 6 76E1499A 4 Bytes [28, 9B, 78, 00]
    .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3700] ntdll.dll!NtMapViewOfSection + B 76E1499F 1 Byte [E2]
    .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3700] ntdll.dll!NtOpenFile + 6 76E14A2A 4 Bytes [68, 98, 78, 00]
    .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3700] ntdll.dll!NtOpenFile + B 76E14A2F 1 Byte [E2]
    .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3700] ntdll.dll!NtOpenProcess + 6 76E14AAA 4 Bytes [A8, 99, 78, 00] {TEST AL, 0x99; JS 0x4}
    .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3700] ntdll.dll!NtOpenProcess + B 76E14AAF 1 Byte [E2]
    .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3700] ntdll.dll!NtOpenProcessToken + 6 76E14ABA 4 Bytes CALL 75E1C358 C:\Windows\system32\USER32.dll (Multi-User Windows USER API Client DLL/Microsoft Corporation)
    .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3700] ntdll.dll!NtOpenProcessToken + B 76E14ABF 1 Byte [E2]
    .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3700] ntdll.dll!NtOpenProcessTokenEx + 6 76E14ACA 4 Bytes [A8, 9A, 78, 00] {TEST AL, 0x9a; JS 0x4}
    .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3700] ntdll.dll!NtOpenProcessTokenEx + B 76E14ACF 1 Byte [E2]
    .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3700] ntdll.dll!NtOpenThread + 6 76E14B1A 4 Bytes [68, 99, 78, 00]
    .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3700] ntdll.dll!NtOpenThread + B 76E14B1F 1 Byte [E2]
    .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3700] ntdll.dll!NtOpenThreadToken + 6 76E14B2A 4 Bytes [68, 9A, 78, 00]
    .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3700] ntdll.dll!NtOpenThreadToken + B 76E14B2F 1 Byte [E2]
    .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3700] ntdll.dll!NtOpenThreadTokenEx + 6 76E14B3A 4 Bytes CALL 75E1C3D9 C:\Windows\system32\USER32.dll (Multi-User Windows USER API Client DLL/Microsoft Corporation)
    .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3700] ntdll.dll!NtOpenThreadTokenEx + B 76E14B3F 1 Byte [E2]
    .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3700] ntdll.dll!NtQueryAttributesFile + 6 76E14BCA 4 Bytes [A8, 98, 78, 00] {TEST AL, 0x98; JS 0x4}
    .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3700] ntdll.dll!NtQueryAttributesFile + B 76E14BCF 1 Byte [E2]
    .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3700] ntdll.dll!NtQueryFullAttributesFile + 6 76E14C7A 4 Bytes CALL 75E1C517 C:\Windows\system32\USER32.dll (Multi-User Windows USER API Client DLL/Microsoft Corporation)
    .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3700] ntdll.dll!NtQueryFullAttributesFile + B 76E14C7F 1 Byte [E2]
    .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3700] ntdll.dll!NtSetInformationFile + 6 76E1515A 4 Bytes [28, 99, 78, 00]
    .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3700] ntdll.dll!NtSetInformationFile + B 76E1515F 1 Byte [E2]
    .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3700] ntdll.dll!NtSetInformationThread + 6 76E151AA 4 Bytes [28, 9A, 78, 00]
    .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3700] ntdll.dll!NtSetInformationThread + B 76E151AF 1 Byte [E2]
    .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3700] ntdll.dll!NtUnmapViewOfSection + 6 76E1544A 4 Bytes [68, 9B, 78, 00]
    .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3700] ntdll.dll!NtUnmapViewOfSection + B 76E1544F 1 Byte [E2]

    ---- Registry - GMER 2.0 ----

    Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0013eff143ca
    Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\[email protected] 0xC6 0x61 0x16 0x61 ...
    Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0013eff143ca (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\[email protected] 0xC6 0x61 0x16 0x61 ...

    ---- EOF - GMER 2.0 ----
     
  2. scordes

    scordes Thread Starter

    Joined:
    Jan 18, 2013
    Messages:
    4
    Bump please?
     
  3. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,382
    First Name:
    Kevin
    Download http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner by Xplode onto your Desktop.

    • Please close all open programs and internet browsers.
    • Double click on Adwcleaner.exe to run the tool.
    • Click on Delete.
    • Confirm each time with OK.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the content of that logfile in your reply.
    • You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.

    Next,

    Please download RogueKiller from here http://tigzy.geekstogo.com/Tools/RogueKiller.exe or here http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe and save Direct to your Desktop.

    • Quit all running programs
    • Please disconnect any USB or external drives from the computer before you run this scan!
    • For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
    • Wait until Prescan has finished...
    • The following EULA will appear, please select accept

      [​IMG]
    • Ensure MBR scan, Check faked and AntiRootkit are checked
    • Select Scan

      [​IMG]
    • When the scan completes select Report, copy and paste that to your reply.

      [​IMG]
    • The log should be found in RKreport[?].txt on your Desktop
    • Exit/Close RogueKiller

    Post those two logs...

    Kevin
     
  4. scordes

    scordes Thread Starter

    Joined:
    Jan 18, 2013
    Messages:
    4
    many thanks for helping! Here are the logs:

    adw:

    # AdwCleaner v2.108 - Logfile created 01/26/2013 at 14:28:59
    # Updated 24/01/2013 by Xplode
    # Operating system : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
    # User : User - USER-PC
    # Boot Mode : Normal
    # Running from : C:\Users\User\Desktop\adwcleaner (1).exe
    # Option [Delete]


    ***** [Services] *****


    ***** [Files / Folders] *****

    Folder Deleted : C:\Program Files\Ask.com
    Folder Deleted : C:\Program Files\Conduit
    Folder Deleted : C:\Program Files\SearchElf_1.1
    Folder Deleted : C:\Program Files\Viewpoint
    Folder Deleted : C:\ProgramData\Ask
    Folder Deleted : C:\ProgramData\Trymedia
    Folder Deleted : C:\ProgramData\Viewpoint
    Folder Deleted : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda

    ***** [Registry] *****

    Key Deleted : HKCU\Software\AppDataLow\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}
    Key Deleted : HKCU\Software\AppDataLow\Software\alot
    Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
    Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
    Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
    Key Deleted : HKCU\Software\AppDataLow\Software\SearchElf_1.1
    Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
    Key Deleted : HKCU\Software\AppDataLow\Toolbar
    Key Deleted : HKCU\Software\Conduit
    Key Deleted : HKCU\Software\Google\Chrome\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SearchElf_1.1 Toolbar
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{00000000-6E41-4FD3-8538-502F5495E5FC}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{00F2C0C6-2194-484E-9064-44E57787867B}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00F2C0C6-2194-484E-9064-44E57787867B}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{A7DDCBDE-5C86-415C-8A37-763AE183E7E4}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\WMHelper.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
    Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
    Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
    Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00F2C0C6-2194-484E-9064-44E57787867B}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C4738-51BB-4A4C-B93F-A89F76900CE2}
    Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B37B4BA6-334E-72C1-B57E-6AFE8F8A5AF3}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B77AD4AC-C1C2-B293-7737-71E13A11FFEA}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E773F2CF-5E6E-FF2B-81A1-AC581A26B2B2}
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2769720
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2786678
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3220468
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{96F7FABC-5789-EFA4-B6ED-1272F4C1D27B}
    Key Deleted : HKLM\Software\Conduit
    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
    Key Deleted : HKLM\Software\MetaStream
    Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C5D0FA96-9AAB-4149-8E1D-652D4BCF9413}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00F2C0C6-2194-484E-9064-44E57787867B}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E46C4738-51BB-4A4C-B93F-A89F76900CE2}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchElf_1.1 Toolbar
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
    Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
    Key Deleted : HKLM\Software\SearchElf_1.1
    Key Deleted : HKLM\Software\Viewpoint
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{00F2C0C6-2194-484E-9064-44E57787867B}]
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{30F9B915-B755-4826-820B-08FBA6BD249D}]
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{00F2C0C6-2194-484E-9064-44E57787867B}]
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{00F2C0C6-2194-484E-9064-44E57787867B}]

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v9.0.8112.16457

    [OK] Registry is clean.

    -\\ Mozilla Firefox v4.0.1 (en-GB)

    -\\ Google Chrome v24.0.1312.56

    *************************

    AdwCleaner[S1].txt - [6031 octets] - [26/01/2013 14:28:59]

    ########## EOF - C:\AdwCleaner[S1].txt - [6091 octets] ##########


    RK log

    RogueKiller V8.4.3 [Jan 25 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website : http://tigzy.geekstogo.com/roguekiller.php
    Blog : http://tigzyrk.blogspot.com/

    Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
    Started in : Normal mode
    User : User [Admin rights]
    Mode : Scan -- Date : 01/26/2013 14:39:02
    | ARK || FAK || MBR |

    ¤¤¤ Bad processes : 1 ¤¤¤
    [DLL] rundll32.exe -- C:\Windows\System32\rundll32.exe : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.4.0.11328_0\npSkypeChromePlugin.dll -> KILLED [TermThr]

    ¤¤¤ Registry Entries : 4 ¤¤¤
    [RUN][SUSP PATH] HKLM\[...]\Run : tsnpstd (C:\Windows\tsnpstd.exe) -> FOUND
    [TASK][SUSP PATH] BFGLaunch_bejeweled2_s1_l1_gF20T1L1_d182292084[1] : "C:\Users\User\AppData\Local\Temp\bejeweled2_s1_l1_gF20T1L1_d182292084[1].exe" /STUBPATH "C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BICQK98D\bejeweled2_s1_l1_gF20T1L1_d182292084[1].exe" -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [LOADED] ¤¤¤
    SSDT[75] : NtCreateSection @ 0x82278E35 -> HOOKED (Unknown @ 0x8CBAB076)
    SSDT[276] : NtRequestWaitReplyPort @ 0x8228AFE0 -> HOOKED (Unknown @ 0x8CBAB080)
    SSDT[289] : NtSetContextThread @ 0x822DA10B -> HOOKED (Unknown @ 0x8CBAB07B)
    SSDT[314] : NtSetSecurityObject @ 0x8220703C -> HOOKED (Unknown @ 0x8CBAB085)
    SSDT[332] : NtSystemDebugControl @ 0x8223FEF1 -> HOOKED (Unknown @ 0x8CBAB08A)
    SSDT[334] : NtTerminateProcess @ 0x82238173 -> HOOKED (Unknown @ 0x8CBAB017)
    S_SSDT[573] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0x8CBAB09E)
    S_SSDT[576] : NtUserSetWinEventHook -> HOOKED (Unknown @ 0x8CBAB0A3)

    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts

    127.0.0.1 localhost
    ::1 localhost


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: MAXTOR STM3160215AS ATA Device +++++
    --- User ---
    [MBR] 0d9544277a3ce04f35d4dcc84ffeb3a5
    [BSP] 273fd0ea4fb59d5e6ac6ecc0b0d28f22 : Windows Vista MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 152625 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[1]_S_01262013_02d1439.txt >>
    RKreport[1]_S_01262013_02d1439.txt
     
  5. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,382
    First Name:
    Kevin
    Quit all programs that you may have started.

    • Please disconnect any USB or external drives from the computer before you run this scan!
    • For Vista or Windows 7, right-click and select "Run as Administrator" to start
    • For Windows XP, double-click to start.
    • Wait until Prescan has finished ...
    • Then Click on "Scan" button
    • Wait until the Status box shows "Scan Finished"
    • click on "delete"
    • Wait until the Status box shows "Deleting Finished"
    • Click on "Report" and copy/paste the content of the Notepad into your next reply.
    • The log should be found in RKreport[?].txt on your Desktop
    • Exit/Close RogueKiller

    Next,

    Delete any versions of Combofix that you may have on your Desktop, download a fresh copy from the following link :-

    http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    • Ensure that Combofix is saved directly to the Desktop <--- Very important
    • Disable all security programs as they will have a negative effect on Combofix, instructions available here http://www.bleepingcomputer.com/forums/topic114351.html if required. Be aware the list may not have all programs listed, if you need more help please ask.
    • Close any open browsers and any other programs you might have running
    • Double click the [​IMG] icon to run the tool (Vista or Windows 7 users right click and select "Run as Administrator)
    • Instructions for running Combofix available here http://www.bleepingcomputer.com/combofix/how-to-use-combofix if required.
    • If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?" Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
    • When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" for further review

    ****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

    Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
    Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read here http://thespykiller.co.uk/index.php?page=20 why disabling autoruns is recommended.

    *EXTRA NOTES*
    • If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
    • If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
    • If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

    Post the logs in next reply please, give update on current issues/concerns...

    Kevin
     
  6. scordes

    scordes Thread Starter

    Joined:
    Jan 18, 2013
    Messages:
    4
    Here are the logs. Sorry for not responding sooner. Things seem to have settled down which is great!

    roadkill

    RogueKiller V8.4.4 [Feb 3 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website : http://tigzy.geekstogo.com/roguekiller.php
    Blog : http://tigzyrk.blogspot.com/

    Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
    Started in : Normal mode
    User : User [Admin rights]
    Mode : Remove -- Date : 02/03/2013 19:27:45
    | ARK || MBR |

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 4 ¤¤¤
    [RUN][SUSP PATH] HKLM\[...]\Run : tsnpstd (C:\Windows\tsnpstd.exe) -> DELETED
    [TASK][SUSP PATH] BFGLaunch_bejeweled2_s1_l1_gF20T1L1_d182292084[1] : "C:\Users\User\AppData\Local\Temp\bejeweled2_s1_l1_gF20T1L1_d182292084[1].exe" /STUBPATH "C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BICQK98D\bejeweled2_s1_l1_gF20T1L1_d182292084[1].exe" -> DELETED
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [LOADED] ¤¤¤
    SSDT[75] : NtCreateSection @ 0x82269E35 -> HOOKED (Unknown @ 0x8CB929EE)
    SSDT[276] : NtRequestWaitReplyPort @ 0x8227BFE0 -> HOOKED (Unknown @ 0x8CB929F8)
    SSDT[289] : NtSetContextThread @ 0x822CB10B -> HOOKED (Unknown @ 0x8CB929F3)
    SSDT[314] : NtSetSecurityObject @ 0x821F803C -> HOOKED (Unknown @ 0x8CB929FD)
    SSDT[332] : NtSystemDebugControl @ 0x82230EF1 -> HOOKED (Unknown @ 0x8CB92A02)
    SSDT[334] : NtTerminateProcess @ 0x82229173 -> HOOKED (Unknown @ 0x8CB9298F)
    S_SSDT[573] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0x8CB92A16)
    S_SSDT[576] : NtUserSetWinEventHook -> HOOKED (Unknown @ 0x8CB92A1B)

    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts

    127.0.0.1 localhost
    ::1 localhost


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: MAXTOR STM3160215AS ATA Device +++++
    --- User ---
    [MBR] 0d9544277a3ce04f35d4dcc84ffeb3a5
    [BSP] 273fd0ea4fb59d5e6ac6ecc0b0d28f22 : Windows Vista MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 152625 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[2]_D_02032013_02d1927.txt >>
    RKreport[1]_S_02032013_02d1927.txt ; RKreport[2]_D_02032013_02d1927.txt



    ComboFix 13-02-03.03 - User 03/02/2013 19:32:58.1.2 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3318.2180 [GMT 0:00]
    Running from: c:\users\User\Desktop\ComboFix.exe
    AV: Avira Desktop *Disabled/Outdated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
    SP: Avira Desktop *Disabled/Outdated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\User\AppData\Roaming\Microsoft\Windows\Recent\Future Pinball Support Forum.url
    c:\users\User\USBDriver.exe
    c:\windows\system32\jgaw400.dll
    .
    .
    ((((((((((((((((((((((((( Files Created from 2013-01-03 to 2013-02-03 )))))))))))))))))))))))))))))))
    .
    .
    2013-02-03 19:40 . 2013-02-03 19:41 -------- d-----w- c:\users\User\AppData\Local\temp
    2013-02-03 19:40 . 2013-02-03 19:40 -------- d-----w- c:\users\Mcx2\AppData\Local\temp
    2013-02-03 19:40 . 2013-02-03 19:40 -------- d-----w- c:\users\Mcx1\AppData\Local\temp
    2013-02-03 19:40 . 2013-02-03 19:40 -------- d-----w- c:\users\Default\AppData\Local\temp
    2013-01-26 12:00 . 2013-01-26 12:00 -------- d-----r- c:\program files\Skype
    2013-01-26 12:00 . 2013-01-26 12:00 -------- d-----w- c:\program files\Common Files\Skype
    2013-01-25 08:48 . 2013-02-03 19:26 -------- d-----w- c:\users\User\AppData\Roaming\Skype
    2013-01-25 08:48 . 2013-01-26 12:00 -------- d-----w- c:\programdata\Skype
    2013-01-23 14:15 . 2013-01-23 14:14 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
    2013-01-19 19:30 . 2013-01-19 19:30 -------- d-----w- c:\users\User\AppData\Roaming\Avira
    2013-01-19 19:25 . 2013-01-19 19:25 -------- d-----w- c:\users\User\AppData\Local\APN
    2013-01-19 19:25 . 2012-11-27 10:01 83944 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2013-01-19 19:25 . 2012-11-22 15:51 36552 ----a-w- c:\windows\system32\drivers\avkmgr.sys
    2013-01-19 19:25 . 2012-11-22 15:50 134336 ----a-w- c:\windows\system32\drivers\avipbb.sys
    2013-01-19 19:25 . 2013-01-19 19:26 -------- d-----w- c:\programdata\Avira
    2013-01-19 19:25 . 2013-01-19 19:25 -------- d-----w- c:\program files\Avira
    2013-01-18 16:36 . 2013-01-08 04:57 6991832 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F50494C5-4C24-4437-BBF3-32C8F91D6E46}\mpengine.dll
    2013-01-17 22:03 . 2012-11-23 01:35 2048000 ----a-w- c:\windows\system32\win32k.sys
    2013-01-17 22:01 . 2012-11-20 04:22 204288 ----a-w- c:\windows\system32\ncrypt.dll
    2013-01-17 22:00 . 2012-11-02 10:19 1400832 ----a-w- c:\windows\system32\msxml6.dll
    2013-01-17 15:25 . 2013-01-17 15:26 -------- d-----w- c:\program files\Microsoft Security Client
    2013-01-16 17:38 . 2013-01-16 17:38 -------- d-----w- c:\users\User\AppData\Roaming\SpeedMaxPc
    2013-01-16 17:38 . 2013-01-16 17:38 -------- d-----w- c:\users\User\AppData\Roaming\DriverCure
    2013-01-16 17:38 . 2013-01-16 17:43 -------- d-----w- c:\programdata\SpeedMaxPc
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-01-23 14:13 . 2012-06-30 19:43 859552 ----a-w- c:\windows\system32\npDeployJava1.dll
    2013-01-23 14:13 . 2010-06-09 11:24 780192 ----a-w- c:\windows\system32\deployJava1.dll
    2013-01-20 13:13 . 2012-04-02 11:43 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2013-01-20 13:13 . 2011-05-13 11:56 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-12-16 13:12 . 2012-12-22 09:20 34304 ----a-w- c:\windows\system32\atmlib.dll
    2012-12-16 10:50 . 2012-12-22 09:20 293376 ----a-w- c:\windows\system32\atmfd.dll
    2012-11-14 02:09 . 2012-12-12 10:50 1800704 ----a-w- c:\windows\system32\jscript9.dll
    2012-11-14 01:58 . 2012-12-12 10:50 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
    2012-11-14 01:57 . 2012-12-12 10:50 1129472 ----a-w- c:\windows\system32\wininet.dll
    2012-11-14 01:49 . 2012-12-12 10:50 142848 ----a-w- c:\windows\system32\ieUnatt.exe
    2012-11-14 01:48 . 2012-12-12 10:50 420864 ----a-w- c:\windows\system32\vbscript.dll
    2012-11-14 01:44 . 2012-12-12 10:50 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2012-11-13 01:29 . 2012-12-12 08:39 2048 ----a-w- c:\windows\system32\tzres.dll
    2011-04-14 16:41 . 2011-06-08 18:47 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
    "Messenger (Yahoo!)"="c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe" [2011-08-22 6276408]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-03 39408]
    "Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-01-08 18708224]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="RtHDVCpl.exe" [2007-04-11 4431872]
    "snp2uvc"="c:\windows\vsnp2uvc.exe" [2007-03-12 569344]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-11 141848]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-11 166424]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-11 133656]
    "itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2009-05-21 1501064]
    "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-05-26 1468296]
    "MS Shell Services"="c:\program files\KidLogger\Kidlogger.exe" [2012-04-24 434176]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-12-04 384800]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
    @="Service"
    .
    [HKLM\~\startupfolder\C:^Users^User^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
    path=c:\users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
    backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
    backupExtension=.Startup
    .
    [HKLM\~\startupfolder\C:^Users^User^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^ZooskMessenger.lnk]
    path=c:\users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ZooskMessenger.lnk
    backup=c:\windows\pss\ZooskMessenger.lnk.Startup
    backupExtension=.Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2011-03-30 04:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2011-09-07 22:58 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
    2011-09-27 07:22 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DT LGE]
    2007-02-01 14:07 285696 ----a-w- c:\program files\Portrait Displays\forteManager\dthtml.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
    2012-03-22 08:00 116648 ----atw- c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
    2012-04-04 14:56 981680 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2011-10-24 14:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
    2008-02-06 23:57 26112 ----a-w- c:\program files\Real\RealPlayer\realplay.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    2009-01-03 18:54 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    .
    --- Other Services/Drivers In Memory ---
    .
    *Deregistered* - TrueSight
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    bthsvcs REG_MULTI_SZ BthServ
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    2007-04-19 13:23 452136 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
    2012-04-26 18:30 114176 ----a-w- c:\windows\System32\advpack.dll
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2013-02-03 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 13:13]
    .
    2013-02-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-25 21:03]
    .
    2013-02-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-25 21:03]
    .
    2013-02-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1148538770-2691049322-1759465102-1000Core.job
    - c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-28 08:00]
    .
    2013-02-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1148538770-2691049322-1759465102-1000UA.job
    - c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-28 08:00]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.co.uk/webhp?sourceid=navclient&hl=en-GB&ie=UTF-8&rlz=1T4SUNA_enGB255GB255
    mStart Page = hxxp://www.yahoo.com/?ilc=8&fr=mkg029
    uInternet Settings,ProxyOverride = *.local
    TCP: DhcpNameServer = 192.168.1.254
    DPF: {1C3DE665-D259-4C72-9D7D-C51FCB4CCFB9} - hxxp://217.155.209.14:2220/SysCamInst.cab
    DPF: {96816368-C1E3-414D-A193-63C3CC921990} - hxxp://greatyarmouth-webcam.remotemanager.co.uk/common/activex/MJPEGRender.ocx
    FF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\s81c7r28.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=mkg030&p=
    FF - prefs.js: browser.search.selectedEngine - Ask.com
    FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/?ilc=8&fr=mkg031
    FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mkg030&p=
    FF - prefs.js: network.proxy.type - 0
    FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
    .
    - - - - ORPHANS REMOVED - - - -
    .
    URLSearchHooks-{7473b6bd-4691-4744-a82b-7854eb3d70b6} - (no file)
    WebBrowser-{196C3A46-4758-433D-A600-802C804AF39C} - (no file)
    WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
    WebBrowser-{7473B6BD-4691-4744-A82B-7854EB3D70B6} - (no file)
    SafeBoot-WudfPf
    SafeBoot-WudfRd
    MSConfigStartUp-Octoshape Streaming Services - c:\users\User\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
    AddRemove-Creative PD1001 - c:\windows\CtDrvIns.exe -uninstall USB\VID_041E&PID_400D -plugin P1001Pin.dll
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2013-02-03 19:41
    Windows 6.0.6002 Service Pack 2 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    Completion time: 2013-02-03 19:44:09
    ComboFix-quarantined-files.txt 2013-02-03 19:43
    .
    Pre-Run: 59,355,721,728 bytes free
    Post-Run: 59,471,495,168 bytes free
    .
    - - End Of File - - 842910AE775096CD58A250A8D7F373A8
     
  7. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,382
    First Name:
    Kevin
    Run Eset Online Scanner

    **Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

    Go Eset web page http://www.eset.com/home/products/online-scanner/ to run an online scanner from ESET.

    • Turn off the real time scanner of any existing antivirus program while performing the online scan
    • click on the Run ESET Online Scanner button
    • Tick the box next to YES, I accept the Terms of Use.
      Click Start
    • When asked, allow the add/on to be installed
      Click Start
    • Make sure that the option Remove found threats is unticked
    • Click on Advanced Settings, ensure the options
    • Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
      Click Scan
    • wait for the virus definitions to be downloaded
    • Wait for the scan to finish
    When the scan is complete

    • If no threats were found
    • put a checkmark in "Uninstall application on close"
    • close program
    • report to me that nothing was found
    If threats were found

    • click on "list of threats found"
    • click on "export to text file" and save it as ESET SCAN and save to the desktop
    • Click on back
    • put a checkmark in "Uninstall application on close"
    • click on finish
    close program
    copy and paste the report here

    Next,

    Download Security Check by screen317 from either of the following:
    http://screen317.spywareinfoforum.org/SecurityCheck.exe or http://screen317.changelog.fr/SecurityCheck.exe
    Save it to your Desktop.
    Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.
    A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    Kevin....
     
  8. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1086454

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice