All internet browsers keep crashing - possible virus or malware?

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

scordes

Thread Starter
Joined
Jan 18, 2013
Messages
4
Hi there. I need help please. My internet browsers are constantly crashing. IE is the worst, followed by firefox. Google chrome is ok sometimes and really bad at other times. I have done full scans with avira and malware but it is still happening. Here are my logs and thanks in advance for your help.

Steve

Hijack this

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:55:53, on 22/01/2013
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16457)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\vsnp2uvc.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\KidLogger\Kidlogger.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Ask.com\Updater\Updater.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\taskeng.exe
C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\User\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/webhp?sourceid=navclient&hl=en-GB&ie=UTF-8&rlz=1T4SUNA_enGB255GB255
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?ilc=8&fr=mkg029
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://uk.search.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?ilc=8&fr=mkg029
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll
R3 - URLSearchHook: uTorrentControl_v2 Toolbar - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files\uTorrentControl_v2\prxtbuTor.dll
O1 - Hosts: ::1 localhost
O2 - BHO: SearchElf 1.1 - {00f2c0c6-2194-484e-9064-44e57787867b} - C:\Program Files\SearchElf_1.1\tbSea0.dll
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: uTorrentControl_v2 - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files\uTorrentControl_v2\prxtbuTor.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O3 - Toolbar: SearchElf 1.1 Toolbar - {00f2c0c6-2194-484e-9064-44e57787867b} - C:\Program Files\SearchElf_1.1\tbSea0.dll
O3 - Toolbar: uTorrentControl_v2 Toolbar - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files\uTorrentControl_v2\prxtbuTor.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Avira SearchFree Toolbar plus Web Protection - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [snp2uvc] C:\Windows\vsnp2uvc.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [MS Shell Services] C:\Program Files\KidLogger\Kidlogger.exe -m
O4 - HKLM\..\Run: [tsnpstd] C:\Windows\tsnpstd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files\Ask.com\Updater\Updater.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\Windows\System32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1100429 -Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; GTB6; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.5.30729; .NET CLR 3.0.30618; OfficeLiveConnector.1.4; OfficeLivePatch.0.0; yie8)
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\Windows\system32\Shdocvw.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {004DF9D9-566D-11D7-B77D-00E018901A05} (Iqeye Control) - http://87.252.53.28/iqeye.ocx.gz
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {1C3DE665-D259-4C72-9D7D-C51FCB4CCFB9} (Panasonic Network Camera) - http://217.155.209.14:2220/SysCamInst.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper200711281.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/VistaMSNPUplden-gb.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://www.great-yarmouth.gov.uk:8080/live/AxisCamControl.ocx
O16 - DPF: {96816368-C1E3-414D-A193-63C3CC921990} (MJPEGRender Control) - http://greatyarmouth-webcam.remotemanager.co.uk/common/activex/MJPEGRender.ocx
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/webgames/popcaploader_v10.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUplden-gb.cab
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira Web Protection (AntiVirWebService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 11595 bytes

DDS log

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.5.1
Run by User at 20:56:39 on 2013-01-22
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3318.2005 [GMT 0:00]
.
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\vsnp2uvc.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\KidLogger\Kidlogger.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Ask.com\Updater\Updater.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/webhp?sourceid=navclient&hl=en-GB&ie=UTF-8&rlz=1T4SUNA_enGB255GB255
uWindow Title = Windows Internet Explorer provided by Yahoo!
mStart Page = hxxp://www.yahoo.com/?ilc=8&fr=mkg029
mSearch Page = hxxp://uk.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://uk.search.yahoo.com
mDefault_Page_URL = hxxp://www.yahoo.com/?ilc=8&fr=mkg029
uURLSearchHooks: UrlSearchHook Class: {00000000-6E41-4FD3-8538-502F5495E5FC} - c:\program files\ask.com\GenericAskToolbar.dll
uURLSearchHooks: uTorrentControl_v2 Toolbar: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - c:\program files\utorrentcontrol_v2\prxtbuTor.dll
mURLSearchHooks: SearchElf 1.1 Toolbar: {00f2c0c6-2194-484e-9064-44e57787867b} - c:\program files\searchelf_1.1\tbSea0.dll
mURLSearchHooks: uTorrentControl_v2 Toolbar: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - c:\program files\utorrentcontrol_v2\prxtbuTor.dll
BHO: SearchElf 1.1 Toolbar: {00f2c0c6-2194-484e-9064-44e57787867b} - c:\program files\searchelf_1.1\tbSea0.dll
BHO: {02478D38-C3F9-4EFB-9B51-7695ECA05670} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: uTorrentControl_v2 Toolbar: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - c:\program files\utorrentcontrol_v2\prxtbuTor.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - c:\program files\windows live\companion\companioncore.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Avira SearchFree Toolbar plus Web Protection: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Avira SearchFree Toolbar plus Web Protection: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: SearchElf 1.1 Toolbar: {00F2C0C6-2194-484E-9064-44E57787867B} - c:\program files\searchelf_1.1\tbSea0.dll
TB: uTorrentControl_v2 Toolbar: {7473B6BD-4691-4744-A82B-7854EB3D70B6} - c:\program files\utorrentcontrol_v2\prxtbuTor.dll
TB: SearchElf 1.1 Toolbar: {00f2c0c6-2194-484e-9064-44e57787867b} - c:\program files\searchelf_1.1\tbSea0.dll
TB: uTorrentControl_v2 Toolbar: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - c:\program files\utorrentcontrol_v2\prxtbuTor.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Avira SearchFree Toolbar plus Web Protection: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
EB: Real.com: {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\shdocvw.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messen~1\YahooMessenger.exe" -quiet
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockw~1\SWHELP~1.EXE -Update -1100429 -Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; GTB6; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.5.30729; .NET CLR 3.0.30618; OfficeLiveConnector.1.4; OfficeLivePatch.0.0; yie8)
mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [snp2uvc] c:\windows\vsnp2uvc.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [MS Shell Services] c:\program files\kidlogger\Kidlogger.exe -m
mRun: [tsnpstd] c:\windows\tsnpstd.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE}
LSP: c:\program files\avira\antivir desktop\avsda.dll
DPF: {004DF9D9-566D-11D7-B77D-00E018901A05} - hxxp://87.252.53.28/iqeye.ocx.gz
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - hxxp://www.musicnotes.com/download/mnviewer.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {1C3DE665-D259-4C72-9D7D-C51FCB4CCFB9} - hxxp://217.155.209.14:2220/SysCamInst.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper200711281.dll
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w2/resources/VistaMSNPUplden-gb.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - hxxp://www.great-yarmouth.gov.uk:8080/live/AxisCamControl.ocx
DPF: {96816368-C1E3-414D-A193-63C3CC921990} - hxxp://greatyarmouth-webcam.remotemanager.co.uk/common/activex/MJPEGRender.ocx
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://www.popcap.com/webgames/popcaploader_v10.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUplden-gb.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{92AF3B6C-09A4-4A59-9016-AE7105A244CA} : DHCPNameServer = 192.168.1.254
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\user\appdata\roaming\mozilla\firefox\profiles\s81c7r28.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=mkg030&p=
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/?ilc=8&fr=mkg031
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-4&o=APN10267&locale=en_GB&apn_uid=6089107d-a8dd-4e86-9d6d-a84c6f08501e&apn_ptnrs=%5EAGY&apn_sauid=B89C69D6-EA80-435A-B64F-20F4EC59F446&apn_dtid=%5EYYYYYY%5EYY%5EGB&&q=
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\programdata\realarcade\npraclient.dll
FF - plugin: c:\programdata\zylom\zylomgamesplayer\npzylomgamesplayer.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2013-1-19 36552]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2013-1-19 85280]
R2 AntiVirService;Avira Real-Time Protection;c:\program files\avira\antivir desktop\avguard.exe [2013-1-19 109344]
R2 AntiVirWebService;Avira Web Protection;c:\program files\avira\antivir desktop\avwebgrd.exe [2013-1-19 565024]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2013-1-19 83944]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-6-6 21504]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2012-4-4 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2012-3-8 1492840]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2011-2-10 9216]
S3 P1001VID;Creative WebCam (WDM);c:\windows\system32\drivers\P1001Vid.sys [2007-12-26 395224]
S3 silabenm;Silicon Labs CP210x USB to UART Bridge Serial Port Enumerator Driver;c:\windows\system32\drivers\silabenm.sys [2008-12-8 17920]
S3 silabser;Silicon Labs CP210x USB to UART Bridge Driver;c:\windows\system32\drivers\silabser.sys [2008-12-18 62592]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2013-01-22 09:46:51 -------- d-----w- c:\users\user\appdata\local\{46B7F5AC-2AB1-44D4-8CC2-310CA1AEA179}
2013-01-21 21:46:28 -------- d-----w- c:\users\user\appdata\local\{1FAA05A6-8E41-4EA9-9D57-C171ACC25FFE}
2013-01-21 09:45:53 -------- d-----w- c:\users\user\appdata\local\{75E3E1AA-6BB1-4C0D-ACFD-07E25A6FDBF4}
2013-01-20 21:45:16 -------- d-----w- c:\users\user\appdata\local\{CD635427-7B82-4149-865B-4401433508F2}
2013-01-20 09:44:54 -------- d-----w- c:\users\user\appdata\local\{F4BB5FF1-9A8F-4CA6-9A05-D90F09982375}
2013-01-19 21:44:18 -------- d-----w- c:\users\user\appdata\local\{D08DABA0-6FBC-4017-B1AA-0886CA78ABDC}
2013-01-19 19:30:10 -------- d-----w- c:\users\user\appdata\roaming\Avira
2013-01-19 19:25:55 -------- d-----w- c:\users\user\appdata\local\APN
2013-01-19 19:25:43 83944 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2013-01-19 19:25:43 36552 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2013-01-19 19:25:42 -------- d-----w- c:\programdata\Avira
2013-01-19 19:25:42 -------- d-----w- c:\program files\Avira
2013-01-19 09:43:56 -------- d-----w- c:\users\user\appdata\local\{5C56EB5D-E9E2-4CCA-AE91-42C513AA802D}
2013-01-18 21:43:22 -------- d-----w- c:\users\user\appdata\local\{64140C73-6F4D-4048-865E-5992DB3A07FD}
2013-01-18 18:24:42 -------- d-----w- c:\programdata\Ask
2013-01-18 18:22:50 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-01-18 16:36:26 6991832 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{f50494c5-4c24-4437-bbf3-32c8f91d6e46}\mpengine.dll
2013-01-18 09:43:00 -------- d-----w- c:\users\user\appdata\local\{9202C29B-7698-414D-91C4-839E92A59AD6}
2013-01-17 22:03:53 2048000 ----a-w- c:\windows\system32\win32k.sys
2013-01-17 22:01:26 204288 ----a-w- c:\windows\system32\ncrypt.dll
2013-01-17 22:00:05 1400832 ----a-w- c:\windows\system32\msxml6.dll
2013-01-17 21:42:36 -------- d-----w- c:\users\user\appdata\local\{A76CCCC9-0746-44A1-A2A1-C0EBC43E65F6}
2013-01-17 15:25:51 -------- d-----w- c:\program files\Microsoft Security Client
2013-01-16 17:38:59 -------- d-----w- c:\users\user\appdata\roaming\SpeedMaxPc
2013-01-16 17:38:59 -------- d-----w- c:\users\user\appdata\roaming\DriverCure
2013-01-16 17:38:50 -------- d-----w- c:\programdata\SpeedMaxPc
2013-01-07 21:13:38 -------- d-----w- c:\users\user\appdata\local\{CE765F94-6150-49D5-BEC4-8521483D1FBC}
2013-01-07 09:13:16 -------- d-----w- c:\users\user\appdata\local\{F7FD2F63-685A-461F-BA82-8A4C2939927D}
2013-01-06 21:12:42 -------- d-----w- c:\users\user\appdata\local\{4E2C2AC9-9790-4CA5-90E4-91DA90500F97}
2013-01-06 09:12:20 -------- d-----w- c:\users\user\appdata\local\{05CE397E-FC2D-428B-B8F0-DB2E18C34912}
2013-01-05 21:11:45 -------- d-----w- c:\users\user\appdata\local\{990F8EF6-2EE5-41EF-89CB-918569F9194B}
2013-01-05 09:11:23 -------- d-----w- c:\users\user\appdata\local\{D10C0E7F-1282-41BC-9E62-558B52B0E4A8}
2013-01-04 21:10:48 -------- d-----w- c:\users\user\appdata\local\{6849B698-CE6A-46DD-8D74-7F98D99D6A53}
2013-01-04 09:10:27 -------- d-----w- c:\users\user\appdata\local\{0B1DFCF5-FD5D-45DF-8887-E5C2BA233606}
2013-01-03 21:09:52 -------- d-----w- c:\users\user\appdata\local\{E0259AC6-0357-465E-8D17-B501764DCEA2}
2013-01-03 09:09:30 -------- d-----w- c:\users\user\appdata\local\{596900F1-DFCD-49C4-B284-36CE68926879}
2013-01-02 21:08:56 -------- d-----w- c:\users\user\appdata\local\{105B47C7-8404-4C6A-BF28-DE03C55B96BD}
2013-01-02 09:08:34 -------- d-----w- c:\users\user\appdata\local\{28FED484-FA18-44BD-8814-C3A97AA524DA}
2013-01-01 21:07:36 -------- d-----w- c:\users\user\appdata\local\{A15AAFA1-2D10-488D-A6EB-03E1E94FE8F7}
2013-01-01 09:07:14 -------- d-----w- c:\users\user\appdata\local\{1F751E50-A58E-49E2-85A3-114E1845CF4C}
2012-12-31 21:06:51 -------- d-----w- c:\users\user\appdata\local\{C1F2EEFE-D407-4CE9-976F-B4EDDFFE921E}
2012-12-31 09:06:29 -------- d-----w- c:\users\user\appdata\local\{E37ECD15-EA0A-4A3E-B203-09B092050BCC}
2012-12-30 21:05:55 -------- d-----w- c:\users\user\appdata\local\{A9B14D62-530B-4158-B3D4-8ED4AE44FBF1}
2012-12-30 09:05:33 -------- d-----w- c:\users\user\appdata\local\{44D09EAE-3B93-4A0F-9FB4-3FB721C16793}
2012-12-29 21:04:59 -------- d-----w- c:\users\user\appdata\local\{5C3C02B0-60A3-486C-B117-5D4D5CA89EE7}
2012-12-29 09:04:48 -------- d-----w- c:\users\user\appdata\local\{DD75B0BA-24BB-4675-A7BE-EFE07C35E691}
2012-12-28 21:04:12 -------- d-----w- c:\users\user\appdata\local\{E8970A7E-0F65-49AA-87A4-63B86BA17FA6}
2012-12-28 09:03:41 -------- d-----w- c:\users\user\appdata\local\{26323584-B670-4CE9-96A2-2E71080AF19F}
2012-12-27 09:21:13 -------- d-----w- c:\users\user\appdata\local\{841E1080-B196-44FE-8146-DEE512017D56}
2012-12-26 21:20:39 -------- d-----w- c:\users\user\appdata\local\{C7735666-C4CB-480A-A13A-FC9B930C3AE1}
2012-12-26 09:20:17 -------- d-----w- c:\users\user\appdata\local\{FEFB4287-86E1-4509-966F-4BDD4F6E1379}
2012-12-25 21:19:20 -------- d-----w- c:\users\user\appdata\local\{98E73025-788A-429D-AA50-1E23B3C823AB}
2012-12-25 09:18:58 -------- d-----w- c:\users\user\appdata\local\{7E428280-9F77-4819-9579-8A273AA064A8}
2012-12-24 21:18:24 -------- d-----w- c:\users\user\appdata\local\{10E35CD9-2870-4371-87B1-AA91F745D577}
2012-12-24 09:18:02 -------- d-----w- c:\users\user\appdata\local\{5905CB02-EC47-4D08-B784-A7C382D39E9D}
2012-12-23 21:17:28 -------- d-----w- c:\users\user\appdata\local\{3ADFB3D8-478E-4E1F-AF08-C8B7D93CE0A0}
.
==================== Find3M ====================
.
2013-01-20 13:13:22 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-20 13:13:22 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-16 13:12:54 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-12-16 10:50:29 293376 ----a-w- c:\windows\system32\atmfd.dll
2012-11-14 02:09:22 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-11-14 01:58:15 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-14 01:57:37 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-11-14 01:49:25 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-11-14 01:48:27 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-11-14 01:44:42 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-11-13 01:29:51 2048 ----a-w- c:\windows\system32\tzres.dll
2012-11-02 10:18:17 376320 ----a-w- c:\windows\system32\dpnet.dll
2012-11-02 08:26:06 23040 ----a-w- c:\windows\system32\dpnsvr.exe
.
============= FINISH: 20:57:43.39 ===============

attach file

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 12/12/2007 13:36:52
System Uptime: 22/01/2013 15:13:55 (5 hours ago)
.
Motherboard: Foxconn | | 945 7MD Series
Processor: Intel(R) Pentium(R) Dual CPU E2180 @ 2.00GHz | Socket 775 | 1000/49mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 149 GiB total, 55.043 GiB free.
D: is CDROM (UDF)
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP2181: 18/01/2013 18:21:01 - Installed Java 7 Update 11
RP2182: 19/01/2013 09:42:58 - Scheduled Checkpoint
RP2183: 19/01/2013 17:23:28 - Removed Ask Toolbar.
RP2184: 20/01/2013 08:19:49 - Windows Update
RP2185: 21/01/2013 09:40:35 - Scheduled Checkpoint
RP2186: 21/01/2013 21:41:00 - Scheduled Checkpoint
RP2187: 22/01/2013 17:35:42 - Scheduled Checkpoint
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.4.6
Adobe Shockwave Player
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
µTorrent
Avira Free Antivirus
Avira SearchFree Toolbar plus Web Protection Updater
Bonjour
CA Yahoo! Anti-Spy (remove only)
CCleaner
Creative WebCam Driver
D3DX10
forteManager
Fruit Machine Emulators
Future Pinball
getPlus(R) for Adobe
Google Chrome
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Intel(R) Graphics Media Accelerator Driver
Java 7 Update 11
Java Auto Updater
Java(TM) 6 Update 31
JavaFX 2.1.1
Junk Mail filter update
KidLogger 5.6.15
LightScribe 1.6.43.1
Malwarebytes Anti-Malware version 1.61.0.1400
Mesh Runtime
Messenger Companion
Microfuzion Update Prorgam
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft IntelliPoint 7.0
Microsoft IntelliType Pro 7.0
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office Live Add-in 1.5
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Mozilla Firefox 4.0.1 (x86 en-GB)
MSVCRT
OGA Notifier 2.0.0048.0
OpenAL
OpenOffice.org Installer 1.0
QuickTime
RealPlayer Basic
Realtek High Definition Audio Driver
Remote Mouse version 1.09
SDK
SearchElf 1.1 Toolbar
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
Segoe UI
Silicon Laboratories CP210x Evaluation Kit Tools Release 3.1
Spelling Dictionaries Support For Adobe Reader 9
Spotify
Stenders
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
USB PC Camera (SN9C103)
USB2.0 UVC Camera
uTorrentControl_v2 Toolbar
Viewpoint Media Player
Visual Install Pack
Visual Pinball
Visual Pinball VPInstaller 1.0.3
VobSub v2.23 (Remove Only)
Web Games Player Plugin
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR 4.10 (32-bit)
Yahoo! BrowserPlus 2.9.8
Yahoo! Messenger
Yahoo! Software Update
ZTE_1.2059.0.8
.
==== Event Viewer Messages From Past Week ========
.
20/01/2013 08:21:47, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f020b: SAMSUNG Electronics Co., Ltd. - Other hardware - SAMSUNG Mobile USB Composite Device.
18/01/2013 08:08:51, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
18/01/2013 08:08:51, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
18/01/2013 08:08:51, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
17/01/2013 22:03:46, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Windows Defender - KB915597 (Definition 1.141.3926.0).
17/01/2013 21:55:30, Error: Microsoft-Windows-Windows Defender [2004] - Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. Signatures Attempted: Current Error Code: 0x8050a001 Error description: The program can't find definition files that help detect unwanted software. Check for updates to the definition files, and then try again. For information on installing updates, see Help and Support. Signatures loading: Backup Loading signature version: 1.141.3676.0 Loading engine version: 1.1.9002.0
17/01/2013 20:43:00, Error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The system cannot find the path specified.
17/01/2013 15:30:10, Error: Microsoft Antimalware [2001] -
17/01/2013 15:14:08, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} to the user User-PC\User SID (S-1-5-21-1148538770-2691049322-1759465102-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
.
==== End Of File ===========================


ark file

GMER 2.0.18444 - http://www.gmer.net
Rootkit scan 2013-01-22 22:11:06
Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-5 MAXTOR_STM3160215AS rev.3.AAD 149.05GB
Running: e5rv9vtn.exe; Driver: C:\Users\User\AppData\Local\Temp\kxldapob.sys


---- System - GMER 2.0 ----

SSDT 8D210B4E ZwCreateSection
SSDT 8D210B58 ZwRequestWaitReplyPort
SSDT 8D210B53 ZwSetContextThread
SSDT 8D210B5D ZwSetSecurityObject
SSDT 8D210B62 ZwSystemDebugControl
SSDT 8D210AEF ZwTerminateProcess

---- Kernel code sections - GMER 2.0 ----

.text ntkrnlpa.exe!KeSetEvent + 215 820BC8D8 4 Bytes [4E, 0B, 21, 8D]
.text ntkrnlpa.exe!KeSetEvent + 539 820BCBFC 4 Bytes [58, 0B, 21, 8D]
.text ntkrnlpa.exe!KeSetEvent + 56D 820BCC30 4 Bytes [53, 0B, 21, 8D]
.text ntkrnlpa.exe!KeSetEvent + 5D1 820BCC94 4 Bytes [5D, 0B, 21, 8D]
.text ntkrnlpa.exe!KeSetEvent + 619 820BCCDC 4 Bytes [62, 0B, 21, 8D]
.text ...
? C:\Users\User\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 2.0 ----

.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[948] ntdll.dll!NtCreateFile + 6 76E1424A 4 Bytes [28, 20, 26, 00]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[948] ntdll.dll!NtCreateFile + B 76E1424F 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[948] ntdll.dll!NtMapViewOfSection + 6 76E1499A 4 Bytes [28, 23, 26, 00]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[948] ntdll.dll!NtMapViewOfSection + B 76E1499F 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[948] ntdll.dll!NtOpenFile + 6 76E14A2A 4 Bytes [68, 20, 26, 00]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[948] ntdll.dll!NtOpenFile + B 76E14A2F 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[948] ntdll.dll!NtOpenProcess + 6 76E14AAA 4 Bytes [A8, 21, 26, 00]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[948] ntdll.dll!NtOpenProcess + B 76E14AAF 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[948] ntdll.dll!NtOpenProcessToken + 6 76E14ABA 4 Bytes CALL 75E170E0 C:\Windows\system32\USER32.dll (Multi-User Windows USER API Client DLL/Microsoft Corporation)
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[948] ntdll.dll!NtOpenProcessToken + B 76E14ABF 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[948] ntdll.dll!NtOpenProcessTokenEx + 6 76E14ACA 4 Bytes [A8, 22, 26, 00]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[948] ntdll.dll!NtOpenProcessTokenEx + B 76E14ACF 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[948] ntdll.dll!NtOpenThread + 6 76E14B1A 4 Bytes [68, 21, 26, 00]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[948] ntdll.dll!NtOpenThread + B 76E14B1F 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[948] ntdll.dll!NtOpenThreadToken + 6 76E14B2A 4 Bytes [68, 22, 26, 00]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[948] ntdll.dll!NtOpenThreadToken + B 76E14B2F 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[948] ntdll.dll!NtOpenThreadTokenEx + 6 76E14B3A 4 Bytes CALL 75E17161 C:\Windows\system32\USER32.dll (Multi-User Windows USER API Client DLL/Microsoft Corporation)
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[948] ntdll.dll!NtOpenThreadTokenEx + B 76E14B3F 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[948] ntdll.dll!NtQueryAttributesFile + 6 76E14BCA 4 Bytes [A8, 20, 26, 00]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[948] ntdll.dll!NtQueryAttributesFile + B 76E14BCF 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[948] ntdll.dll!NtQueryFullAttributesFile + 6 76E14C7A 4 Bytes CALL 75E1729F C:\Windows\system32\USER32.dll (Multi-User Windows USER API Client DLL/Microsoft Corporation)
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[948] ntdll.dll!NtQueryFullAttributesFile + B 76E14C7F 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[948] ntdll.dll!NtSetInformationFile + 6 76E1515A 4 Bytes [28, 21, 26, 00]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[948] ntdll.dll!NtSetInformationFile + B 76E1515F 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[948] ntdll.dll!NtSetInformationThread + 6 76E151AA 4 Bytes [28, 22, 26, 00]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[948] ntdll.dll!NtSetInformationThread + B 76E151AF 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[948] ntdll.dll!NtUnmapViewOfSection + 6 76E1544A 4 Bytes [68, 23, 26, 00]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[948] ntdll.dll!NtUnmapViewOfSection + B 76E1544F 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3444] ntdll.dll!NtCreateFile + 6 76E1424A 4 Bytes [28, 64, E0, 00] {SUB [EAX+0x0], AH}
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3444] ntdll.dll!NtCreateFile + B 76E1424F 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3444] ntdll.dll!NtMapViewOfSection + 6 76E1499A 4 Bytes [28, 67, E0, 00]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3444] ntdll.dll!NtMapViewOfSection + B 76E1499F 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3444] ntdll.dll!NtOpenFile + 6 76E14A2A 4 Bytes [68, 64, E0, 00]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3444] ntdll.dll!NtOpenFile + B 76E14A2F 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3444] ntdll.dll!NtOpenProcess + 6 76E14AAA 4 Bytes [A8, 65, E0, 00] {TEST AL, 0x65; LOOPNZ 0x4}
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3444] ntdll.dll!NtOpenProcess + B 76E14AAF 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3444] ntdll.dll!NtOpenProcessToken + 6 76E14ABA 4 Bytes CALL 75E22B24
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3444] ntdll.dll!NtOpenProcessToken + B 76E14ABF 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3444] ntdll.dll!NtOpenProcessTokenEx + 6 76E14ACA 4 Bytes [A8, 66, E0, 00] {TEST AL, 0x66; LOOPNZ 0x4}
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3444] ntdll.dll!NtOpenProcessTokenEx + B 76E14ACF 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3444] ntdll.dll!NtOpenThread + 6 76E14B1A 4 Bytes [68, 65, E0, 00]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3444] ntdll.dll!NtOpenThread + B 76E14B1F 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3444] ntdll.dll!NtOpenThreadToken + 6 76E14B2A 4 Bytes [68, 66, E0, 00]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3444] ntdll.dll!NtOpenThreadToken + B 76E14B2F 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3444] ntdll.dll!NtOpenThreadTokenEx + 6 76E14B3A 4 Bytes CALL 75E22BA5
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3444] ntdll.dll!NtOpenThreadTokenEx + B 76E14B3F 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3444] ntdll.dll!NtQueryAttributesFile + 6 76E14BCA 4 Bytes [A8, 64, E0, 00] {TEST AL, 0x64; LOOPNZ 0x4}
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3444] ntdll.dll!NtQueryAttributesFile + B 76E14BCF 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3444] ntdll.dll!NtQueryFullAttributesFile + 6 76E14C7A 4 Bytes CALL 75E22CE3
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3444] ntdll.dll!NtQueryFullAttributesFile + B 76E14C7F 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3444] ntdll.dll!NtSetInformationFile + 6 76E1515A 4 Bytes [28, 65, E0, 00]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3444] ntdll.dll!NtSetInformationFile + B 76E1515F 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3444] ntdll.dll!NtSetInformationThread + 6 76E151AA 4 Bytes [28, 66, E0, 00]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3444] ntdll.dll!NtSetInformationThread + B 76E151AF 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3444] ntdll.dll!NtUnmapViewOfSection + 6 76E1544A 4 Bytes [68, 67, E0, 00]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3444] ntdll.dll!NtUnmapViewOfSection + B 76E1544F 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3700] ntdll.dll!NtCreateFile + 6 76E1424A 4 Bytes [28, 98, 78, 00]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3700] ntdll.dll!NtCreateFile + B 76E1424F 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3700] ntdll.dll!NtMapViewOfSection + 6 76E1499A 4 Bytes [28, 9B, 78, 00]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3700] ntdll.dll!NtMapViewOfSection + B 76E1499F 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3700] ntdll.dll!NtOpenFile + 6 76E14A2A 4 Bytes [68, 98, 78, 00]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3700] ntdll.dll!NtOpenFile + B 76E14A2F 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3700] ntdll.dll!NtOpenProcess + 6 76E14AAA 4 Bytes [A8, 99, 78, 00] {TEST AL, 0x99; JS 0x4}
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3700] ntdll.dll!NtOpenProcess + B 76E14AAF 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3700] ntdll.dll!NtOpenProcessToken + 6 76E14ABA 4 Bytes CALL 75E1C358 C:\Windows\system32\USER32.dll (Multi-User Windows USER API Client DLL/Microsoft Corporation)
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3700] ntdll.dll!NtOpenProcessToken + B 76E14ABF 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3700] ntdll.dll!NtOpenProcessTokenEx + 6 76E14ACA 4 Bytes [A8, 9A, 78, 00] {TEST AL, 0x9a; JS 0x4}
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3700] ntdll.dll!NtOpenProcessTokenEx + B 76E14ACF 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3700] ntdll.dll!NtOpenThread + 6 76E14B1A 4 Bytes [68, 99, 78, 00]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3700] ntdll.dll!NtOpenThread + B 76E14B1F 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3700] ntdll.dll!NtOpenThreadToken + 6 76E14B2A 4 Bytes [68, 9A, 78, 00]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3700] ntdll.dll!NtOpenThreadToken + B 76E14B2F 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3700] ntdll.dll!NtOpenThreadTokenEx + 6 76E14B3A 4 Bytes CALL 75E1C3D9 C:\Windows\system32\USER32.dll (Multi-User Windows USER API Client DLL/Microsoft Corporation)
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3700] ntdll.dll!NtOpenThreadTokenEx + B 76E14B3F 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3700] ntdll.dll!NtQueryAttributesFile + 6 76E14BCA 4 Bytes [A8, 98, 78, 00] {TEST AL, 0x98; JS 0x4}
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3700] ntdll.dll!NtQueryAttributesFile + B 76E14BCF 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3700] ntdll.dll!NtQueryFullAttributesFile + 6 76E14C7A 4 Bytes CALL 75E1C517 C:\Windows\system32\USER32.dll (Multi-User Windows USER API Client DLL/Microsoft Corporation)
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3700] ntdll.dll!NtQueryFullAttributesFile + B 76E14C7F 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3700] ntdll.dll!NtSetInformationFile + 6 76E1515A 4 Bytes [28, 99, 78, 00]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3700] ntdll.dll!NtSetInformationFile + B 76E1515F 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3700] ntdll.dll!NtSetInformationThread + 6 76E151AA 4 Bytes [28, 9A, 78, 00]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3700] ntdll.dll!NtSetInformationThread + B 76E151AF 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3700] ntdll.dll!NtUnmapViewOfSection + 6 76E1544A 4 Bytes [68, 9B, 78, 00]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3700] ntdll.dll!NtUnmapViewOfSection + B 76E1544F 1 Byte [E2]

---- Registry - GMER 2.0 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0013eff143ca
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\[email protected] 0xC6 0x61 0x16 0x61 ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0013eff143ca (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\[email protected] 0xC6 0x61 0x16 0x61 ...

---- EOF - GMER 2.0 ----
 

kevinf80

Kevin
Malware Specialist
Joined
Mar 21, 2006
Messages
11,440
Download http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner by Xplode onto your Desktop.

  • Please close all open programs and internet browsers.
  • Double click on Adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with OK.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.

Next,

Please download RogueKiller from here http://tigzy.geekstogo.com/Tools/RogueKiller.exe or here http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe and save Direct to your Desktop.

  • Quit all running programs
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
  • Wait until Prescan has finished...
  • The following EULA will appear, please select accept


  • Ensure MBR scan, Check faked and AntiRootkit are checked
  • Select Scan


  • When the scan completes select Report, copy and paste that to your reply.


  • The log should be found in RKreport[?].txt on your Desktop
  • Exit/Close RogueKiller

Post those two logs...

Kevin
 

scordes

Thread Starter
Joined
Jan 18, 2013
Messages
4
many thanks for helping! Here are the logs:

adw:

# AdwCleaner v2.108 - Logfile created 01/26/2013 at 14:28:59
# Updated 24/01/2013 by Xplode
# Operating system : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# User : User - USER-PC
# Boot Mode : Normal
# Running from : C:\Users\User\Desktop\adwcleaner (1).exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Program Files\Ask.com
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\SearchElf_1.1
Folder Deleted : C:\Program Files\Viewpoint
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\Trymedia
Folder Deleted : C:\ProgramData\Viewpoint
Folder Deleted : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}
Key Deleted : HKCU\Software\AppDataLow\Software\alot
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\SearchElf_1.1
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Google\Chrome\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SearchElf_1.1 Toolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{00F2C0C6-2194-484E-9064-44E57787867B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00F2C0C6-2194-484E-9064-44E57787867B}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{A7DDCBDE-5C86-415C-8A37-763AE183E7E4}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\WMHelper.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00F2C0C6-2194-484E-9064-44E57787867B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C4738-51BB-4A4C-B93F-A89F76900CE2}
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B37B4BA6-334E-72C1-B57E-6AFE8F8A5AF3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B77AD4AC-C1C2-B293-7737-71E13A11FFEA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E773F2CF-5E6E-FF2B-81A1-AC581A26B2B2}
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2769720
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2786678
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3220468
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{96F7FABC-5789-EFA4-B6ED-1272F4C1D27B}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
Key Deleted : HKLM\Software\MetaStream
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C5D0FA96-9AAB-4149-8E1D-652D4BCF9413}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00F2C0C6-2194-484E-9064-44E57787867B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E46C4738-51BB-4A4C-B93F-A89F76900CE2}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchElf_1.1 Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Deleted : HKLM\Software\SearchElf_1.1
Key Deleted : HKLM\Software\Viewpoint
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{00F2C0C6-2194-484E-9064-44E57787867B}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{00F2C0C6-2194-484E-9064-44E57787867B}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{00F2C0C6-2194-484E-9064-44E57787867B}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registry is clean.

-\\ Mozilla Firefox v4.0.1 (en-GB)

-\\ Google Chrome v24.0.1312.56

*************************

AdwCleaner[S1].txt - [6031 octets] - [26/01/2013 14:28:59]

########## EOF - C:\AdwCleaner[S1].txt - [6091 octets] ##########


RK log

RogueKiller V8.4.3 [Jan 25 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : User [Admin rights]
Mode : Scan -- Date : 01/26/2013 14:39:02
| ARK || FAK || MBR |

¤¤¤ Bad processes : 1 ¤¤¤
[DLL] rundll32.exe -- C:\Windows\System32\rundll32.exe : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.4.0.11328_0\npSkypeChromePlugin.dll -> KILLED [TermThr]

¤¤¤ Registry Entries : 4 ¤¤¤
[RUN][SUSP PATH] HKLM\[...]\Run : tsnpstd (C:\Windows\tsnpstd.exe) -> FOUND
[TASK][SUSP PATH] BFGLaunch_bejeweled2_s1_l1_gF20T1L1_d182292084[1] : "C:\Users\User\AppData\Local\Temp\bejeweled2_s1_l1_gF20T1L1_d182292084[1].exe" /STUBPATH "C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BICQK98D\bejeweled2_s1_l1_gF20T1L1_d182292084[1].exe" -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
SSDT[75] : NtCreateSection @ 0x82278E35 -> HOOKED (Unknown @ 0x8CBAB076)
SSDT[276] : NtRequestWaitReplyPort @ 0x8228AFE0 -> HOOKED (Unknown @ 0x8CBAB080)
SSDT[289] : NtSetContextThread @ 0x822DA10B -> HOOKED (Unknown @ 0x8CBAB07B)
SSDT[314] : NtSetSecurityObject @ 0x8220703C -> HOOKED (Unknown @ 0x8CBAB085)
SSDT[332] : NtSystemDebugControl @ 0x8223FEF1 -> HOOKED (Unknown @ 0x8CBAB08A)
SSDT[334] : NtTerminateProcess @ 0x82238173 -> HOOKED (Unknown @ 0x8CBAB017)
S_SSDT[573] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0x8CBAB09E)
S_SSDT[576] : NtUserSetWinEventHook -> HOOKED (Unknown @ 0x8CBAB0A3)

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost
::1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: MAXTOR STM3160215AS ATA Device +++++
--- User ---
[MBR] 0d9544277a3ce04f35d4dcc84ffeb3a5
[BSP] 273fd0ea4fb59d5e6ac6ecc0b0d28f22 : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 152625 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1]_S_01262013_02d1439.txt >>
RKreport[1]_S_01262013_02d1439.txt
 

kevinf80

Kevin
Malware Specialist
Joined
Mar 21, 2006
Messages
11,440
Quit all programs that you may have started.

  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator" to start
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[?].txt on your Desktop
  • Exit/Close RogueKiller

Next,

Delete any versions of Combofix that you may have on your Desktop, download a fresh copy from the following link :-

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

  • Ensure that Combofix is saved directly to the Desktop <--- Very important
  • Disable all security programs as they will have a negative effect on Combofix, instructions available here http://www.bleepingcomputer.com/forums/topic114351.html if required. Be aware the list may not have all programs listed, if you need more help please ask.
  • Close any open browsers and any other programs you might have running
  • Double click the
    icon to run the tool (Vista or Windows 7 users right click and select "Run as Administrator)
  • Instructions for running Combofix available here http://www.bleepingcomputer.com/combofix/how-to-use-combofix if required.
  • If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?" Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
  • When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" for further review

****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read here http://thespykiller.co.uk/index.php?page=20 why disabling autoruns is recommended.

*EXTRA NOTES*
  • If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
  • If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
  • If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

Post the logs in next reply please, give update on current issues/concerns...

Kevin
 

scordes

Thread Starter
Joined
Jan 18, 2013
Messages
4
Here are the logs. Sorry for not responding sooner. Things seem to have settled down which is great!

roadkill

RogueKiller V8.4.4 [Feb 3 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : User [Admin rights]
Mode : Remove -- Date : 02/03/2013 19:27:45
| ARK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤
[RUN][SUSP PATH] HKLM\[...]\Run : tsnpstd (C:\Windows\tsnpstd.exe) -> DELETED
[TASK][SUSP PATH] BFGLaunch_bejeweled2_s1_l1_gF20T1L1_d182292084[1] : "C:\Users\User\AppData\Local\Temp\bejeweled2_s1_l1_gF20T1L1_d182292084[1].exe" /STUBPATH "C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BICQK98D\bejeweled2_s1_l1_gF20T1L1_d182292084[1].exe" -> DELETED
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
SSDT[75] : NtCreateSection @ 0x82269E35 -> HOOKED (Unknown @ 0x8CB929EE)
SSDT[276] : NtRequestWaitReplyPort @ 0x8227BFE0 -> HOOKED (Unknown @ 0x8CB929F8)
SSDT[289] : NtSetContextThread @ 0x822CB10B -> HOOKED (Unknown @ 0x8CB929F3)
SSDT[314] : NtSetSecurityObject @ 0x821F803C -> HOOKED (Unknown @ 0x8CB929FD)
SSDT[332] : NtSystemDebugControl @ 0x82230EF1 -> HOOKED (Unknown @ 0x8CB92A02)
SSDT[334] : NtTerminateProcess @ 0x82229173 -> HOOKED (Unknown @ 0x8CB9298F)
S_SSDT[573] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0x8CB92A16)
S_SSDT[576] : NtUserSetWinEventHook -> HOOKED (Unknown @ 0x8CB92A1B)

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost
::1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: MAXTOR STM3160215AS ATA Device +++++
--- User ---
[MBR] 0d9544277a3ce04f35d4dcc84ffeb3a5
[BSP] 273fd0ea4fb59d5e6ac6ecc0b0d28f22 : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 152625 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2]_D_02032013_02d1927.txt >>
RKreport[1]_S_02032013_02d1927.txt ; RKreport[2]_D_02032013_02d1927.txt



ComboFix 13-02-03.03 - User 03/02/2013 19:32:58.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3318.2180 [GMT 0:00]
Running from: c:\users\User\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Outdated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Outdated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\User\AppData\Roaming\Microsoft\Windows\Recent\Future Pinball Support Forum.url
c:\users\User\USBDriver.exe
c:\windows\system32\jgaw400.dll
.
.
((((((((((((((((((((((((( Files Created from 2013-01-03 to 2013-02-03 )))))))))))))))))))))))))))))))
.
.
2013-02-03 19:40 . 2013-02-03 19:41 -------- d-----w- c:\users\User\AppData\Local\temp
2013-02-03 19:40 . 2013-02-03 19:40 -------- d-----w- c:\users\Mcx2\AppData\Local\temp
2013-02-03 19:40 . 2013-02-03 19:40 -------- d-----w- c:\users\Mcx1\AppData\Local\temp
2013-02-03 19:40 . 2013-02-03 19:40 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-01-26 12:00 . 2013-01-26 12:00 -------- d-----r- c:\program files\Skype
2013-01-26 12:00 . 2013-01-26 12:00 -------- d-----w- c:\program files\Common Files\Skype
2013-01-25 08:48 . 2013-02-03 19:26 -------- d-----w- c:\users\User\AppData\Roaming\Skype
2013-01-25 08:48 . 2013-01-26 12:00 -------- d-----w- c:\programdata\Skype
2013-01-23 14:15 . 2013-01-23 14:14 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-01-19 19:30 . 2013-01-19 19:30 -------- d-----w- c:\users\User\AppData\Roaming\Avira
2013-01-19 19:25 . 2013-01-19 19:25 -------- d-----w- c:\users\User\AppData\Local\APN
2013-01-19 19:25 . 2012-11-27 10:01 83944 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2013-01-19 19:25 . 2012-11-22 15:51 36552 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2013-01-19 19:25 . 2012-11-22 15:50 134336 ----a-w- c:\windows\system32\drivers\avipbb.sys
2013-01-19 19:25 . 2013-01-19 19:26 -------- d-----w- c:\programdata\Avira
2013-01-19 19:25 . 2013-01-19 19:25 -------- d-----w- c:\program files\Avira
2013-01-18 16:36 . 2013-01-08 04:57 6991832 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F50494C5-4C24-4437-BBF3-32C8F91D6E46}\mpengine.dll
2013-01-17 22:03 . 2012-11-23 01:35 2048000 ----a-w- c:\windows\system32\win32k.sys
2013-01-17 22:01 . 2012-11-20 04:22 204288 ----a-w- c:\windows\system32\ncrypt.dll
2013-01-17 22:00 . 2012-11-02 10:19 1400832 ----a-w- c:\windows\system32\msxml6.dll
2013-01-17 15:25 . 2013-01-17 15:26 -------- d-----w- c:\program files\Microsoft Security Client
2013-01-16 17:38 . 2013-01-16 17:38 -------- d-----w- c:\users\User\AppData\Roaming\SpeedMaxPc
2013-01-16 17:38 . 2013-01-16 17:38 -------- d-----w- c:\users\User\AppData\Roaming\DriverCure
2013-01-16 17:38 . 2013-01-16 17:43 -------- d-----w- c:\programdata\SpeedMaxPc
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-23 14:13 . 2012-06-30 19:43 859552 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-01-23 14:13 . 2010-06-09 11:24 780192 ----a-w- c:\windows\system32\deployJava1.dll
2013-01-20 13:13 . 2012-04-02 11:43 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-01-20 13:13 . 2011-05-13 11:56 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-16 13:12 . 2012-12-22 09:20 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-12-16 10:50 . 2012-12-22 09:20 293376 ----a-w- c:\windows\system32\atmfd.dll
2012-11-14 02:09 . 2012-12-12 10:50 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-11-14 01:58 . 2012-12-12 10:50 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-14 01:57 . 2012-12-12 10:50 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-11-14 01:49 . 2012-12-12 10:50 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-11-14 01:48 . 2012-12-12 10:50 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-11-14 01:44 . 2012-12-12 10:50 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-11-13 01:29 . 2012-12-12 08:39 2048 ----a-w- c:\windows\system32\tzres.dll
2011-04-14 16:41 . 2011-06-08 18:47 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe" [2011-08-22 6276408]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-03 39408]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-01-08 18708224]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-04-11 4431872]
"snp2uvc"="c:\windows\vsnp2uvc.exe" [2007-03-12 569344]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-11 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-11 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-11 133656]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2009-05-21 1501064]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-05-26 1468296]
"MS Shell Services"="c:\program files\KidLogger\Kidlogger.exe" [2012-04-24 434176]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-12-04 384800]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Users^User^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^User^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^ZooskMessenger.lnk]
path=c:\users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ZooskMessenger.lnk
backup=c:\windows\pss\ZooskMessenger.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-30 04:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-09-07 22:58 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2011-09-27 07:22 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DT LGE]
2007-02-01 14:07 285696 ----a-w- c:\program files\Portrait Displays\forteManager\dthtml.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2012-03-22 08:00 116648 ----atw- c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2012-04-04 14:56 981680 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 14:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
2008-02-06 23:57 26112 ----a-w- c:\program files\Real\RealPlayer\realplay.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-01-03 18:54 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - TrueSight
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-04-19 13:23 452136 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2012-04-26 18:30 114176 ----a-w- c:\windows\System32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
.
2013-02-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 13:13]
.
2013-02-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-25 21:03]
.
2013-02-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-25 21:03]
.
2013-02-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1148538770-2691049322-1759465102-1000Core.job
- c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-28 08:00]
.
2013-02-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1148538770-2691049322-1759465102-1000UA.job
- c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-28 08:00]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/webhp?sourceid=navclient&hl=en-GB&ie=UTF-8&rlz=1T4SUNA_enGB255GB255
mStart Page = hxxp://www.yahoo.com/?ilc=8&fr=mkg029
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.254
DPF: {1C3DE665-D259-4C72-9D7D-C51FCB4CCFB9} - hxxp://217.155.209.14:2220/SysCamInst.cab
DPF: {96816368-C1E3-414D-A193-63C3CC921990} - hxxp://greatyarmouth-webcam.remotemanager.co.uk/common/activex/MJPEGRender.ocx
FF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\s81c7r28.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=mkg030&p=
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/?ilc=8&fr=mkg031
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mkg030&p=
FF - prefs.js: network.proxy.type - 0
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{7473b6bd-4691-4744-a82b-7854eb3d70b6} - (no file)
WebBrowser-{196C3A46-4758-433D-A600-802C804AF39C} - (no file)
WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
WebBrowser-{7473B6BD-4691-4744-A82B-7854EB3D70B6} - (no file)
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-Octoshape Streaming Services - c:\users\User\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
AddRemove-Creative PD1001 - c:\windows\CtDrvIns.exe -uninstall USB\VID_041E&PID_400D -plugin P1001Pin.dll
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-02-03 19:41
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2013-02-03 19:44:09
ComboFix-quarantined-files.txt 2013-02-03 19:43
.
Pre-Run: 59,355,721,728 bytes free
Post-Run: 59,471,495,168 bytes free
.
- - End Of File - - 842910AE775096CD58A250A8D7F373A8
 

kevinf80

Kevin
Malware Specialist
Joined
Mar 21, 2006
Messages
11,440
Run Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page http://www.eset.com/home/products/online-scanner/ to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    Click Start
  • When asked, allow the add/on to be installed
    Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
  • Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
    Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish
When the scan is complete

  • If no threats were found
  • put a checkmark in "Uninstall application on close"
  • close program
  • report to me that nothing was found
If threats were found

  • click on "list of threats found"
  • click on "export to text file" and save it as ESET SCAN and save to the desktop
  • Click on back
  • put a checkmark in "Uninstall application on close"
  • click on finish
close program
copy and paste the report here

Next,

Download Security Check by screen317 from either of the following:
http://screen317.spywareinfoforum.org/SecurityCheck.exe or http://screen317.changelog.fr/SecurityCheck.exe
Save it to your Desktop.
Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Kevin....
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top