1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Help!! My files keep deleting themselves :(

Discussion in 'Virus & Other Malware Removal' started by Cait3d1d, Jun 11, 2011.

Thread Status:
Not open for further replies.
Advertisement
  1. Cait3d1d

    Cait3d1d Thread Starter

    Joined:
    Jun 11, 2011
    Messages:
    14
    Sincce Wednesday, files have just been deleting themselves from my computer, first it was just my documents folder and then last night it was my entire 750Gb external. I have no idea what is doing this, I've run countless antivirus scans and malware tests and nothing is being picked up.
    I've had the laptop since last September and this is the first problem I have had.
    Any ideas?

    OS Version: Microsoft Windows 7 Professional , 32 bit
    Processor: Intel(R) Core(TM) i5 CPU M 450 @ 2.40GHz, x64 Family 6 Model 37 Stepping 5
    Processor Count: 4
    RAM: 2548 Mb
    Graphics Card: NVIDIA GeForce GT 330M , 1024 Mb
    Hard Drives: C: Total - 228125 MB, Free - 1804 MB; D: Total - 228231 MB, Free - 2107 MB; J: Total - 715402 MB, Free - 346856 MB;
    Motherboard: Acer , BAP50-CP , Not Applicable, 027FB5MBQTF00203
    Antivirus: F-PROT Antivirus for Windows, Updated and Enabled
     
  2. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    10,162
    We need to see some additional information about what is happening in your machine.*
    Please perform the following scan:
    • Download DDS by sUBs from one of the following links.* Save it to your desktop.
    • Double click on the DDS icon, allow it to run.
    • A small box will open, with an explanation about the tool.* *
    • When done, DDS will open two (2) logs
      * * * * *1. DDS.txt
      * * * * *2. Attach.txt
    • Save both reports to your desktop.
    • The instructions here ask you to attach the Attach.txt.
      [​IMG]
      *
    • Instead of attaching, please copy/past both logs into your next reply.
    • Close the program window, and delete the program from your desktop.
    Please note:* You may have to disable any script protection running if the scan fails to run.
    After downloading the tool, disconnect from the internet and disable all antivirus protection.
    Run the scan, enable your A/V and reconnect to the internet.*
    Information on A/V control HERE

    Copy and paste both logs to your reply....

    Kevin
     
  3. Cait3d1d

    Cait3d1d Thread Starter

    Joined:
    Jun 11, 2011
    Messages:
    14
    Here are the logs, they are really really long...


    DDS (Ver_2011-06-11.01) - NTFSx86
    Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_24
    Run by user at 11:38:48 on 2011-06-11
    Microsoft Windows 7 Professional 6.1.7600.0.1252.27.1033.18.2548.833 [GMT 2:00]
    .
    AV: F-PROT Antivirus for Windows *Enabled/Updated* {31B7FFC6-2716-5A4E-528D-32786E690ED2}
    AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Program Files\Common Files\EgisTec\Services\EgisTicketService.exe
    C:\Program Files\Acer Bio Protection\EgisService.exe
    C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
    C:\Program Files\Launch Manager\dsiwmis.exe
    C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
    C:\Program Files\Acer\Registration\GREGsvc.exe
    C:\Windows\system32\svchost.exe -k HsfXAudioService
    C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
    C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
    C:\Program Files\Acer\Optical Drive Power Management\ODDPWRSvc.exe
    C:\Program Files\Acer\Acer VCM\RS_Service.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Acer\Acer Updater\UpdaterService.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent.exe
    C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
    C:\Program Files\Launch Manager\LManager.exe
    C:\Windows\PLFSetI.exe
    C:\Program Files\EgisTec IPS\PmmUpdate.exe
    C:\Program Files\Launch Manager\LMworker.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Acer Bio Protection\EgisTSR.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\DAEMON Tools Lite\DTLite.exe
    C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe
    C:\Program Files\Trillian\trillian.exe
    C:\Users\user\AppData\Local\Google\Update\1.3.21.57\GoogleCrashHandler.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files\Acer\Acer PowerSmart Manager\ePowerEvent.exe
    C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\system32\notepad.exe
    C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\system32\taskhost.exe
    C:\Program Files\SpeedFan\speedfan.exe
    F:\HBCD\WinTools\Autorun.exe
    C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
    C:\Windows\system32\StikyNot.exe
    C:\Users\user\AppData\Local\Temp\Recuva.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files\FRISK Software\F-PROT Antivirus for Windows\FPAVServer.exe
    C:\Windows\system32\WLANExt.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Foxit Software\Foxit Reader\Foxit Reader.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\rundll32.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Users\user\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
    C:\Windows\system32\NOTEPAD.EXE
    C:\Windows\system32\taskmgr.exe
    C:\Windows\system32\NOTEPAD.EXE
    C:\Program Files\FRISK Software\F-PROT Antivirus for Windows\FPWin.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Nero\Nero BackItUp & Burn\Nero BackItUp\NBCore.exe
    C:\Program Files\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\TeraCopy\teracopy.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://start.facemoods.com/?a=ddrnw
    uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=1c09&m=travelmate_8572g&r=27050810f406l0433z296x46m4p31r
    mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=1c09&m=travelmate_8572g&r=27050810f406l0433z296x46m4p31r
    mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=1c09&m=travelmate_8572g&r=27050810f406l0433z296x46m4p31r
    uInternet Settings,ProxyOverride = *.local
    mSearchAssistant = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
    BHO: CescrtHlpr Object: {64182481-4f71-486b-a045-b233bd0da8fc} - c:\program files\facemoods.com\facemoods\1.4.17.7\bh\facemoods.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
    BHO: EgisPBIE Class: {7b51ccbe-4af9-44a6-bdab-d7f7e4c4e6f9} - c:\program files\acer bio protection\EgisPBIE.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.6209.1142\swg.dll
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
    BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - c:\program files\free download manager\iefdm2.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    TB: &NetWorx Desk Band: {feea54b4-d80f-41c7-87b9-dc08e6d3255f} - c:\progra~1\networx\deskband.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: facemoods Toolbar: {db4e9724-f518-4dfd-9c7c-78b52103cab9} - c:\program files\facemoods.com\facemoods\1.4.17.7\facemoodsTlbr.dll
    TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
    uRun: [Google Update] "c:\users\user\appdata\local\google\update\GoogleUpdate.exe" /c
    uRun: [MediaGet2] c:\users\user\appdata\local\mediaget2\mediaget.exe --minimized
    uRun: [RESTART_STICKY_NOTES] c:\windows\system32\StikyNot.exe
    uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10p_Plugin.exe -update plugin
    mRun: [IAStorIcon] c:\program files\intel\intel(r) rapid storage technology\IAStorIcon.exe
    mRun: [cAudioFilterAgent] c:\program files\conexant\caudiofilteragent\cAudioFilterAgent.exe
    mRun: [AmIcoSinglun] c:\program files\amicosinglun\AmIcoSinglun.exe
    mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
    mRun: [BackupManagerTray] "c:\program files\newtech infosystems\acer backup manager\BackupManagerTray.exe" -h -k
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [LManager] c:\program files\launch manager\LManager.exe
    mRun: [PLFSetI] c:\windows\PLFSetI.exe
    mRun: [Acer ePower Management] c:\program files\acer\acer powersmart manager\ePowerTrayLauncher.exe
    mRun: [EgisTecPMMUpdate] "c:\program files\egistec ips\PmmUpdate.exe"
    mRun: [VitaKeyTSR] "c:\program files\acer bio protection\EgisTSR.exe" /run
    mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
    mRun: [NBAgent] "c:\program files\nero\nero backitup & burn\nero backitup\NBAgent.exe" /WinStart
    mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
    mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
    mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
    mRun: [facemoods] "c:\program files\facemoods.com\facemoods\1.4.17.7\facemoodssrv.exe" /md I
    mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
    mRun: [Openwares LiveUpdate] c:\program files\liveupdate\LiveUpdate.exe
    mRun: [Aqua Dock] c:\program files\aqua dock\Aqua Dock.exe
    mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
    mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
    mRun: [F-PROT Antivirus Tray application] c:\program files\frisk software\f-prot antivirus for windows\FProtTray.exe
    mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
    StartupFolder: c:\users\user\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\user\appdata\roaming\dropbox\bin\Dropbox.exe
    StartupFolder: c:\users\user\appdata\roaming\micros~1\windows\startm~1\programs\startup\trillian.lnk - c:\program files\trillian\trillian.exe
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    mPolicies-system: EnableLinkedConnections = 1 (0x1)
    IE: Download all with Free Download Manager - file://c:\program files\free download manager\dlall.htm
    IE: Download selected with Free Download Manager - file://c:\program files\free download manager\dlselected.htm
    IE: Download video with Free Download Manager - file://c:\program files\free download manager\dlfvideo.htm
    IE: Download with Free Download Manager - file://c:\program files\free download manager\dllink.htm
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
    IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
    IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
    IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
    IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    TCP: DhcpNameServer = 10.0.0.2
    TCP: Interfaces\{051C9CDD-D7F9-4C74-89E1-685A2DDCE195} : DhcpNameServer = 10.0.0.2
    TCP: Interfaces\{051C9CDD-D7F9-4C74-89E1-685A2DDCE195}\14C6F656 : DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{051C9CDD-D7F9-4C74-89E1-685A2DDCE195}\3597E63627F6E697E4 : DhcpNameServer = 196.28.80.139 196.28.80.140
    TCP: Interfaces\{051C9CDD-D7F9-4C74-89E1-685A2DDCE195}\74F646 : DhcpNameServer = 192.168.1.254
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Notify: igfxcui - igfxdev.dll
    STS: FencesShlExt Class: {1984dd45-52cf-49cd-ab77-18f378fea264} - c:\program files\fences\FencesMenu.dll
    STS: {1984D045-52CF-49cd-DB77-08F378FEA4DB} - No File
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
    LSA: Notification Packages = EgisPwdFilter EgisDSPwdFilter
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\user\appdata\roaming\mozilla\firefox\profiles\ar6zmn4m.default\
    FF - prefs.js: browser.search.selectedEngine - YouTube
    FF - prefs.js: browser.startup.homepage - www.google.co.za
    FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
    FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
    FF - plugin: c:\program files\foxit software\foxit reader\plugins\npFoxitReaderPlugin.dll
    FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
    FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
    FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
    FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
    FF - plugin: c:\users\user\appdata\local\google\update\1.3.21.57\npGoogleUpdate3.dll
    FF - plugin: c:\users\user\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
    FF - plugin: c:\users\user\appdata\roaming\mozilla\plugins\npgoogletalk.dll
    FF - plugin: c:\users\user\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: network.http.max-persistent-connections-per-server - 4
    FF - user.js: nglayout.initialpaint.delay - 600
    FF - user.js: content.notify.interval - 600000
    FF - user.js: content.max.tokenizing.time - 1800000
    FF - user.js: content.switch.threshold - 600000
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-5-6 218688]
    R1 FPAV_RTP;FPAV_RTP;c:\windows\system32\drivers\FPAV_RTP.sys [2011-6-10 693080]
    R1 PSSDK42;PSSDK42;c:\windows\system32\drivers\pssdk42.sys [2010-8-7 38976]
    R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-8-7 136360]
    R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-8-7 269480]
    R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-8-7 61960]
    R2 DsiWMIService;Dritek WMI Service;c:\program files\launch manager\dsiwmis.exe [2010-6-23 312400]
    R2 EgisTec Service;EgisTec Service;c:\program files\acer bio protection\EgisService.exe [2010-5-2 310128]
    R2 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files\common files\egistec\services\EgisTicketService.exe [2010-5-2 257904]
    R2 ePowerSvc;Acer ePower Service;c:\program files\acer\acer powersmart manager\ePowerSvc.exe [2010-7-20 703008]
    R2 FPAVServer;F-PROT Antivirus for Windows system;c:\program files\frisk software\f-prot antivirus for windows\FPAVServer.exe [2010-11-3 83624]
    R2 FPSensor;EgisTec-Corp Fingerprint Reader Driver (FPSensor.sys);c:\windows\system32\drivers\FPSensor.sys [2010-7-20 29232]
    R2 GREGService;GREGService;c:\program files\acer\registration\GREGsvc.exe [2010-1-8 23584]
    R2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe -k HsfXAudioService [2009-7-14 20992]
    R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\intel\intel(r) rapid storage technology\IAStorDataMgrSvc.exe [2010-6-23 13336]
    R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-6-10 366640]
    R2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files\newtech infosystems\acer backup manager\IScheduleSvc.exe [2010-3-9 250368]
    R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\newtech infosystems\nti backup now 5\SchedulerSvc.exe [2010-4-17 144640]
    R2 ODDPwrSvc;Acer ODD Power Service;c:\program files\acer\optical drive power management\ODDPWRSvc.exe [2010-6-23 129568]
    R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-18 11032]
    R2 RS_Service;Raw Socket Service;c:\program files\acer\acer vcm\RS_Service.exe [2010-6-23 260640]
    R2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files\intel\intel(r) management engine components\uns\UNS.exe [2010-7-20 2314240]
    R2 Updater Service;Updater Service;c:\program files\acer\acer updater\UpdaterService.exe [2010-6-23 243232]
    R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2010-2-9 325672]
    R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-6-23 132480]
    R3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\drivers\lgbtport.sys [2009-6-19 12032]
    R3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\drivers\lgbtbus.sys [2009-6-19 10496]
    R3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\drivers\lgvmodem.sys [2009-6-19 12928]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-6-10 22712]
    R3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
    R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-14 14336]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-8-7 135664]
    S3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.sys [2010-6-10 25600]
    S3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [2010-7-20 286248]
    S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2010-7-20 33320]
    S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\dragon age\bin_ship\daupdatersvc.service.exe [2011-5-6 25832]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-8-7 135664]
    S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-3-25 30969208]
    S3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\newtech infosystems\nti backup now 5\BackupSvc.exe [2010-4-17 50432]
    S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-14 207360]
    S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-14 980992]
    S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-14 661504]
    S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
    S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
    S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-8-8 1343400]
    S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
    .
    =============== Created Last 30 ================
    .
    2011-06-11 08:54:50 388096 ----a-r- c:\users\user\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
    2011-06-11 08:54:50 -------- d-----w- c:\program files\Trend Micro
    2011-06-10 20:58:27 6962000 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{3884224d-d443-423d-998c-406e61b53646}\mpengine.dll
    2011-06-10 19:47:04 -------- d-----w- c:\users\user\appdata\roaming\FRISK Software
    2011-06-10 19:32:04 693080 ----a-w- c:\windows\system32\drivers\FPAV_RTP.sys
    2011-06-10 19:32:00 -------- d-----w- c:\programdata\FRISK Software
    2011-06-10 19:31:58 -------- d-----w- c:\program files\FRISK Software
    2011-06-10 18:08:54 54016 ----a-w- c:\windows\system32\drivers\tdok.sys
    2011-06-10 17:25:49 -------- d-----w- c:\users\user\appdata\roaming\Malwarebytes
    2011-06-10 17:25:39 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-06-10 17:25:35 -------- d-----w- c:\programdata\Malwarebytes
    2011-06-10 17:25:31 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-06-10 17:25:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-06-09 12:33:29 -------- d-----w- c:\program files\SpeedFan
    2011-06-08 20:51:41 -------- d-----w- C:\Recovered
    2011-06-08 20:31:04 -------- d-sh--w- C:\found.000
    2011-06-08 20:05:37 -------- d-----w- c:\windows\Migo Recover Lost Data
    2011-06-08 19:35:59 -------- d-----w- c:\program files\QS
    2011-06-07 16:41:36 -------- d-----w- c:\users\user\appdata\roaming\Media Get LLC
    2011-06-07 16:41:36 -------- d-----w- c:\users\user\appdata\local\Media Get LLC
    2011-06-07 16:41:36 -------- d-----w- c:\programdata\Media Get LLC
    2011-06-07 16:41:19 -------- d-----w- c:\users\user\appdata\local\MediaGet2
    2011-06-05 14:07:09 -------- d-----w- c:\users\user\appdata\local\Wizards_of_the_Coast
    2011-06-05 13:27:33 -------- d-----w- c:\program files\Wizards of the Coast
    2011-06-03 21:34:50 -------- d-----w- c:\users\user\appdata\local\sabnzbd
    2011-06-03 21:34:42 -------- d-----w- c:\program files\SABnzbd
    2011-05-29 12:55:47 -------- d-----w- c:\users\user\appdata\local\My Games
    2011-05-29 08:31:06 -------- d-----w- c:\users\user\appdata\local\Geckofx
    2011-05-27 19:12:44 -------- d-----w- c:\program files\Microsoft XNA
    2011-05-27 19:10:58 -------- d-----w- c:\program files\Alientrap Games Inc
    2011-05-27 18:03:33 -------- d-----w- c:\users\user\appdata\local\FileServe Manager
    2011-05-27 18:03:07 -------- d-----w- c:\programdata\FileServe Limited
    2011-05-25 21:20:46 -------- d-----w- c:\program files\common files\Stardock
    2011-05-25 21:20:45 -------- d-----w- c:\program files\Stardock
    2011-05-25 21:03:24 -------- d-----w- c:\users\user\appdata\local\ODUI
    2011-05-25 21:03:11 -------- d-----w- c:\users\user\appdata\local\Stardock
    2011-05-25 20:59:55 -------- d-----w- c:\users\user\appdata\local\Richard_Z.H._Wang
    2011-05-25 20:54:49 -------- d-----w- c:\program files\Aqua Dock
    2011-05-25 20:54:48 -------- d-----w- c:\program files\LIVEUPDATE
    2011-05-25 08:36:08 26496 ----a-w- c:\windows\system32\drivers\Diskdump.sys
    2011-05-22 13:59:43 -------- d-----w- c:\users\user\appdata\local\MPlayer
    2011-05-22 13:55:57 -------- d-----w- c:\programdata\OEM Links
    2011-05-22 13:55:56 -------- d-----w- C:\MININT
    2011-05-21 12:44:57 -------- d-----w- c:\program files\Winamp Detect
    2011-05-19 15:01:41 123904 ----a-w- c:\windows\system32\poqexec.exe
    2011-05-17 23:04:47 -------- d-----w- c:\users\user\appdata\roaming\.minecraft
    2011-05-13 14:35:46 -------- d-----w- c:\program files\R.G. Catalyst
    2011-05-13 10:59:03 -------- d-----w- c:\users\user\appdata\roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    2011-05-13 07:15:47 -------- d-----w- c:\users\user\appdata\roaming\GetRightToGo
    .
    ==================== Find3M ====================
    .
    2011-05-06 20:19:31 218688 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
    2011-05-02 14:31:01 404128 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-04-30 21:29:00 201728 ----a-w- c:\windows\system32\HarryPotter7Screensaver.scr
    2011-04-09 06:13:06 3957632 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2011-04-09 06:13:06 3901824 ----a-w- c:\windows\system32\ntoskrnl.exe
    2011-04-07 20:43:36 580200 ----a-w- c:\windows\system32\easyUpdatusAPIU.dll
    2011-04-07 20:43:34 612456 ----a-w- c:\windows\system32\nvvsvc.exe
    2011-04-07 20:43:34 293992 ----a-w- c:\windows\system32\nvhotkey.dll
    2011-04-07 20:43:34 2582120 ----a-w- c:\windows\system32\nvsvcr.dll
    2011-04-07 20:43:34 111208 ----a-w- c:\windows\system32\nvmctray.dll
    2011-04-07 20:43:20 3701352 ----a-w- c:\windows\system32\nvcpl.dll
    2011-04-07 20:43:04 2565224 ----a-w- c:\windows\system32\nvsvc.dll
    2011-03-30 16:57:40 29504 ----a-w- c:\windows\system32\uxt559F.tmp
    2011-03-29 03:07:26 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys
    2011-03-29 03:06:51 76288 ----a-w- c:\windows\system32\drivers\usbccgp.sys
    2011-03-29 03:06:47 284160 ----a-w- c:\windows\system32\drivers\usbport.sys
    2011-03-29 03:06:43 43008 ----a-w- c:\windows\system32\drivers\usbehci.sys
    2011-03-29 03:06:39 20480 ----a-w- c:\windows\system32\drivers\usbohci.sys
    2011-03-29 03:06:37 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys
    2011-03-29 03:06:34 5888 ----a-w- c:\windows\system32\drivers\usbd.sys
    .
    ============= FINISH: 11:42:59.17 ===============

    And the attach file

    DDS (Ver_2011-06-11.01)
    .
    Microsoft Windows 7 Professional
    Boot Device: \Device\HarddiskVolume2
    Install Date: 2010/08/06 10:43:27 PM
    System Uptime: 2011/06/08 10:33:03 PM (61 hours ago)
    .
    Motherboard: Acer | | BAP50-CP
    Processor: Intel(R) Core(TM) i5 CPU M 450 @ 2.40GHz | CPU 1 | 2400/133mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 223 GiB total, 1.742 GiB free.
    D: is FIXED (NTFS) - 223 GiB total, 2.058 GiB free.
    E: is CDROM (CDFS)
    F: is CDROM (CDFS)
    H: is CDROM ()
    J: is FIXED (NTFS) - 699 GiB total, 338.732 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP250: 2011/06/10 09:30:44 PM - Installed F-PROT Antivirus for Windows
    RP251: 2011/06/10 10:56:50 PM - Windows Update
    RP252: 2011/06/11 10:53:36 AM - Installed HiJackThis
    .
    ==== Installed Programs ======================
    .
    'Magicka'
    µTorrent
    123 Free Solitaire 2009 v7.2
    Acer Backup Manager
    Acer Bio Protection
    Acer Crystal Eye webcam Ver:1.1.181.602
    Acer eRecovery Management
    Acer PowerSmart Manager
    Acer Registration
    Acer ScreenSaver
    Acer Updater
    Acer VCM
    Acrobat.com
    Adobe AIR
    Adobe Community Help
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Media Player
    Adobe Photoshop CS5
    Album Cover Finder v.6.8.0
    Alcor Micro USB Card Reader
    Amazon Kindle For PC
    Amnesia - The Dark Descent
    ApexDC++ 1.4.2
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Aqua Dock
    Astroburn Pro
    Audacity 1.3.12 (Unicode)
    Avira AntiVir Personal - Free Antivirus
    Backup Manager Advance
    Bonjour
    Broadcom Gigabit Integrated Controller
    Capsized
    Carcassonne
    CDisplay 1.8
    Character Builder
    Conexant HD Audio
    DAEMON Tools Lite
    DC++ 0.782
    Definition update for Microsoft Office 2010 (KB982726)
    Digsby
    DisplayFusion 3.3.0
    Dragon Age: Origins
    Dropbox
    Dungeons & Dragons Online ®: Eberron Unlimited ™ v01.13.00.802
    eSobi v2
    F-PROT Antivirus for Windows
    Facemoods Toolbar
    Fences
    Fingerprint Solution
    FluffyApp
    Foxit Reader
    Free Download Manager 3.0
    G-Force
    Google Chrome
    Google Chrome Canary
    Google Talk (remove only)
    Google Talk Plugin
    Google Toolbar for Internet Explorer
    Google Update Helper
    HarryPotter7Screensaver
    HDAUDIO Soft Data Fax Modem with SmartCP
    Hellgate: London
    HiJackThis
    Hitman Blood Money
    Hitman: Contracts
    Identity Card
    Intel(R) Control Center
    Intel(R) Management Engine Components
    Intel(R) Rapid Storage Technology
    Intel(R) Turbo Boost Technology Driver
    InterVideo WinDVD 8
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 24
    JDownloader
    JDownloader 0.9
    Junk Mail filter update
    Launch Manager
    LEGO® Batman™
    LEGO® Harry Potter™: Years 1-4
    LG Bluetooth Drivers
    LG Internet Kit
    LG MC USB U330 driver
    LG USB Modem Drivers
    Malwarebytes' Anti-Malware version 1.51.0.1200
    MediaGet2 version 2.1.577.0
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft Application Error Reporting
    Microsoft Choice Guard
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office Groove MUI (English) 2010
    Microsoft Office InfoPath MUI (English) 2010
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office Professional Plus 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2010
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office Word MUI (English) 2010
    Microsoft Primary Interoperability Assemblies 2005
    Microsoft Reader
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable - KB2467175
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    Microsoft WSE 3.0 Runtime
    Microsoft XNA Framework Redistributable 3.1
    Microsoft_VC80_ATL_x86
    Microsoft_VC80_CRT_x86
    Microsoft_VC80_MFC_x86
    Microsoft_VC80_MFCLOC_x86
    Microsoft_VC90_ATL_x86
    Microsoft_VC90_CRT_x86
    Microsoft_VC90_MFC_x86
    Migo Recover Lost Data
    mIRC
    MKV Player 2.0
    Mozilla Firefox 4.0.1 (x86 en-GB)
    Mp3tag v2.46a
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Nero BackItUp
    Nero BackItUp and Burn
    Nero BurnRights
    Nero Express
    Nero RescueAgent
    NetWorx 5.1.2
    Nokia Connectivity Cable Driver
    Norton Online Backup
    NTI Backup Now 5
    NTI Backup Now Standard
    NTI Media Maker 8
    NVIDIA Control Panel 270.61
    NVIDIA Graphics Driver 270.61
    NVIDIA Install Application
    NVIDIA PhysX
    NVIDIA PhysX System Software 9.10.0514
    ObjectDock Plus
    OpenAL
    OpenOffice.org 3.2
    Optical Drive Power Management
    Pando Media Booster
    PDF Settings CS5
    PeerGuardian 2.0
    PhotoScape
    Pidgin
    Portal
    Prince of Persia The Sands of Time
    QuickTime
    Revo Uninstaller 1.88
    Rhodes Certificate Authority 20101020
    SABnzbd 0.6.2
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
    Security Update for Microsoft Excel 2010 (KB2466146)
    Security Update for Microsoft Office 2010 (KB2289078)
    Security Update for Microsoft Office 2010 (KB2289161)
    Security Update for Microsoft PowerPoint 2010 (KB2519975)
    Security Update for Microsoft Publisher 2010 (KB2409055)
    Security Update for Microsoft Word 2010 (KB2345000)
    Skype Toolbars
    Skype™ 5.1
    SoftSkies
    SolSuite 2010 v10.5
    SpeedFan (remove only)
    Sumatra PDF reader
    Synaptics Pointing Device Driver
    TeraCopy 2.12
    Titan Quest
    Titan Quest Immortal Throne
    Trillian
    Uninstall LG PC Suite III
    Unity Web Player
    Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
    Update for Microsoft Office 2010 (KB2202188)
    Update for Microsoft Office 2010 (KB2413186)
    Update for Microsoft Office 2010 (KB2494150)
    Update for Microsoft OneNote 2010 (KB2493983)
    Update for Microsoft Outlook Social Connector (KB2441641)
    VLC media player 1.1.10
    vPod (Remove Only)
    Vuze
    Welcome Center
    WhiteCap
    WIDCOMM Bluetooth Software
    Winamp
    Winamp Detector Plug-in
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Mail
    Windows Live Messenger
    Windows Live Movie Maker
    Windows Live Photo Gallery
    Windows Live Sign-in Assistant
    Windows Live Sync
    Windows Live Upload Tool
    Windows Live Writer
    Windows Media Player Firefox Plugin
    WinRAR archiver
    Xilisoft Video to Audio Converter
    .
    ==== Event Viewer Messages From Past Week ========
    .
    2011/06/11 09:16:48 AM, Error: Service Control Manager [7031] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
    2011/06/11 05:46:16 AM, Error: Tcpip [4199] - The system detected an address conflict for IP address 10.0.0.101 with the system having network hardware address 00-24-8C-2A-2C-FE. Network operations on this system may be disrupted as a result.
    2011/06/11 03:03:29 AM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume DARKWING.
    2011/06/11 03:01:53 AM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume J:.
    2011/06/10 12:37:10 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
    2011/06/09 04:23:49 AM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
    2011/06/08 12:08:04 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR19.
    2011/06/08 10:40:29 PM, Error: Microsoft-Windows-Application-Experience [205] - The Program Compatibility Assistant service failed to perform the phase two initialization.
    2011/06/08 09:22:53 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume Acer.
    2011/06/08 09:20:07 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:.
    2011/06/07 09:42:03 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR15.
    2011/06/05 04:02:29 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer SENSESFAIL-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{051C9CDD-D7F9-4C74-89E1-685A. The master browser is stopping or an election is being forced.
    2011/06/05 03:21:40 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR3.
    .
    ==== End Of File ===========================
     
  4. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    10,162
    Continue as follows :-

    Delete any versions of Combofix that you may have on your Desktop, download a fresh copy from either of the following links :-

    Link 1
    Link 2

    • Ensure that Combofix is saved directly to the Desktop Very important

      Before saving Combofix to the Desktop re-name to Gotcha.exe as below:

      [​IMG]

    • Disable all security programs as they will have a negative effect on Combofix, instructions available Here if required. Be aware the list may not have all programs listed, if you need more help please ask.
    • Close any open browsers and any other programs you might have running
    • Double click the [​IMG] icon to run the tool (Vista or Windows 7 users right click and select "Run as Administrator)
    • Instructions for running Combofix available Here if required.
    • If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?" Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
    • When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" for further review

    ****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

    Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
    Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read Here why disabling autoruns is recommended.

    *EXTRA NOTES*
    • If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
    • If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
    • If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

    Post the log in next reply please...

    Kevin
     
  5. Cait3d1d

    Cait3d1d Thread Starter

    Joined:
    Jun 11, 2011
    Messages:
    14
    Hi so this is the log:


    ComboFix 11-06-10.0A - user 2011/06/11 12:54:53.1.4 - x86
    Microsoft Windows 7 Professional 6.1.7600.0.1252.27.1033.18.2548.852 [GMT 2:00]
    Running from: c:\users\user\Desktop\gotcha.exe
    AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
    AV: F-PROT Antivirus for Windows *Disabled/Updated* {31B7FFC6-2716-5A4E-528D-32786E690ED2}
    SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\user\AppData\Local\Temp\sfamcc00001.dll
    c:\users\user\AppData\Local\Temp\sfareca00001.dll
    c:\windows\system32\drivers\tdok.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Service_jeshvmx
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-05-11 to 2011-06-11 )))))))))))))))))))))))))))))))
    .
    .
    2011-06-11 11:05 . 2011-06-11 11:05 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-06-11 10:38 . 2011-06-11 10:38 -------- d-----w- C:\gotcha
    2011-06-11 08:54 . 2011-06-11 08:54 388096 ----a-r- c:\users\user\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2011-06-11 08:54 . 2011-06-11 08:54 -------- d-----w- c:\program files\Trend Micro
    2011-06-10 20:58 . 2011-05-09 20:46 6962000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3884224D-D443-423D-998C-406E61B53646}\mpengine.dll
    2011-06-10 19:47 . 2011-06-10 19:47 -------- d-----w- c:\users\user\AppData\Roaming\FRISK Software
    2011-06-10 19:32 . 2010-09-22 10:47 693080 ----a-w- c:\windows\system32\drivers\FPAV_RTP.sys
    2011-06-10 19:32 . 2011-06-10 19:32 -------- d-----w- c:\programdata\FRISK Software
    2011-06-10 19:31 . 2011-06-10 19:31 -------- d-----w- c:\program files\FRISK Software
    2011-06-10 17:25 . 2011-06-10 17:25 -------- d-----w- c:\users\user\AppData\Roaming\Malwarebytes
    2011-06-10 17:25 . 2011-05-29 07:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-06-10 17:25 . 2011-06-10 17:25 -------- d-----w- c:\programdata\Malwarebytes
    2011-06-10 17:25 . 2011-06-10 17:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-06-10 17:25 . 2011-05-29 07:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-06-09 12:33 . 2011-06-09 12:33 -------- d-----w- c:\program files\SpeedFan
    2011-06-08 20:51 . 2011-06-08 20:57 -------- d-----w- C:\Recovered
    2011-06-08 20:31 . 2011-06-08 20:31 -------- d-----w- C:\found.000
    2011-06-08 20:05 . 2011-06-08 20:05 -------- d-----w- c:\windows\Migo Recover Lost Data
    2011-06-08 19:35 . 2011-06-08 19:35 -------- d-----w- c:\program files\QS
    2011-06-07 16:41 . 2011-06-07 16:41 -------- d-----w- c:\programdata\Media Get LLC
    2011-06-07 16:41 . 2011-06-07 16:41 -------- d-----w- c:\users\user\AppData\Roaming\Media Get LLC
    2011-06-07 16:41 . 2011-06-07 16:41 -------- d-----w- c:\users\user\AppData\Local\Media Get LLC
    2011-06-07 16:41 . 2011-06-07 16:41 -------- d-----w- c:\users\user\AppData\Local\MediaGet2
    2011-06-05 14:07 . 2011-06-05 14:07 -------- d-----w- c:\users\user\AppData\Local\Wizards_of_the_Coast
    2011-06-05 13:27 . 2011-06-05 13:27 -------- d-----w- c:\program files\Wizards of the Coast
    2011-06-03 21:34 . 2011-06-03 21:35 -------- d-----w- c:\users\user\AppData\Local\sabnzbd
    2011-06-03 21:34 . 2011-06-03 21:34 -------- d-----w- c:\program files\SABnzbd
    2011-05-29 12:55 . 2011-05-29 12:55 -------- d-----w- c:\users\user\AppData\Local\My Games
    2011-05-29 08:31 . 2011-05-29 08:31 -------- d-----w- c:\users\user\AppData\Local\Geckofx
    2011-05-27 19:12 . 2011-05-27 19:12 -------- d-----w- c:\program files\Microsoft XNA
    2011-05-27 19:10 . 2011-05-27 19:10 -------- d-----w- c:\program files\Alientrap Games Inc
    2011-05-27 18:03 . 2011-06-09 17:14 -------- d-----w- c:\users\user\AppData\Local\FileServe Manager
    2011-05-27 18:03 . 2011-05-27 18:03 -------- d-----w- c:\programdata\FileServe Limited
    2011-05-25 21:20 . 2011-05-25 21:20 -------- d-----w- c:\program files\Common Files\Stardock
    2011-05-25 21:20 . 2011-05-25 21:20 -------- d-----w- c:\program files\Stardock
    2011-05-25 21:03 . 2011-05-25 21:03 -------- d-----w- c:\users\user\AppData\Local\ODUI
    2011-05-25 21:03 . 2011-05-25 21:21 -------- d-----w- c:\users\user\AppData\Local\Stardock
    2011-05-25 20:59 . 2011-05-25 20:59 -------- d-----w- c:\users\user\AppData\Local\Richard_Z.H._Wang
    2011-05-25 20:54 . 2011-05-25 20:54 -------- d-----w- c:\program files\Aqua Dock
    2011-05-25 20:54 . 2011-05-25 20:54 -------- d-----w- c:\program files\LIVEUPDATE
    2011-05-25 08:36 . 2011-04-22 19:36 26496 ----a-w- c:\windows\system32\drivers\Diskdump.sys
    2011-05-22 14:25 . 2011-05-22 14:25 -------- d-----w- c:\users\user\AppData\Roaming\gtk-2.0
    2011-05-22 13:59 . 2011-05-22 13:59 -------- d-----w- c:\users\user\AppData\Local\MPlayer
    2011-05-22 13:55 . 2011-05-22 13:55 -------- d-----w- c:\programdata\OEM Links
    2011-05-22 13:55 . 2011-05-22 13:55 -------- d-----w- C:\MININT
    2011-05-21 12:44 . 2011-05-21 12:44 -------- d-----w- c:\program files\Winamp Detect
    2011-05-21 12:44 . 2011-05-21 14:05 -------- d-----w- c:\users\user\AppData\Roaming\Winamp
    2011-05-21 12:44 . 2011-05-21 12:46 -------- d-----w- c:\program files\Winamp
    2011-05-19 15:01 . 2011-04-09 05:56 123904 ----a-w- c:\windows\system32\poqexec.exe
    2011-05-17 23:04 . 2011-05-30 17:06 -------- d-----w- c:\users\user\AppData\Roaming\.minecraft
    2011-05-13 14:35 . 2011-05-13 14:35 -------- d-----w- c:\program files\R.G. Catalyst
    2011-05-13 10:59 . 2011-05-13 10:59 -------- d-----w- c:\users\user\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    2011-05-13 07:15 . 2011-05-13 07:16 -------- d-----w- c:\users\user\AppData\Roaming\GetRightToGo
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-05-06 20:19 . 2011-05-06 20:19 218688 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
    2011-05-02 14:31 . 2011-05-02 14:31 404128 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-04-30 21:29 . 2011-04-30 21:20 201728 ----a-w- c:\windows\system32\HarryPotter7Screensaver.scr
    2011-04-09 06:13 . 2011-05-11 12:38 3957632 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2011-04-09 06:13 . 2011-05-11 12:38 3901824 ----a-w- c:\windows\system32\ntoskrnl.exe
    2011-04-08 05:14 . 2011-04-29 15:20 6299752 ----a-w- c:\windows\system32\nvwgf2um.dll
    2011-04-08 05:14 . 2011-04-29 15:20 57960 ----a-w- c:\windows\system32\OpenCL.dll
    2011-04-08 05:14 . 2011-04-29 15:20 944232 ----a-w- c:\windows\system32\nvdispco3220140.dll
    2011-04-08 05:14 . 2011-04-29 15:20 855656 ----a-w- c:\windows\system32\nvgenco322060.dll
    2011-04-08 05:14 . 2011-04-29 15:20 5180824 ----a-w- c:\windows\system32\nvcuda.dll
    2011-04-08 05:14 . 2011-04-29 15:20 2765928 ----a-w- c:\windows\system32\nvcuvid.dll
    2011-04-08 05:14 . 2011-04-29 15:20 2074216 ----a-w- c:\windows\system32\nvcuvenc.dll
    2011-04-08 05:14 . 2011-04-29 15:20 15227496 ----a-w- c:\windows\system32\nvoglv32.dll
    2011-04-08 05:14 . 2011-04-29 15:20 13007464 ----a-w- c:\windows\system32\nvcompiler.dll
    2011-04-08 05:14 . 2011-04-29 15:20 10920 ----a-w- c:\windows\system32\drivers\nvBridge.kmd
    2011-04-08 05:14 . 2011-04-29 15:20 10690024 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
    2011-04-08 05:14 . 2011-04-29 15:20 10071656 ----a-w- c:\windows\system32\nvd3dum.dll
    2011-04-08 05:14 . 2010-06-23 08:37 2034280 ----a-w- c:\windows\system32\nvapi.dll
    2011-04-07 20:43 . 2011-04-07 20:43 580200 ----a-w- c:\windows\system32\easyUpdatusAPIU.dll
    2011-04-07 20:43 . 2011-04-07 20:43 612456 ----a-w- c:\windows\system32\nvvsvc.exe
    2011-04-07 20:43 . 2011-04-07 20:43 293992 ----a-w- c:\windows\system32\nvhotkey.dll
    2011-04-07 20:43 . 2011-04-07 20:43 2582120 ----a-w- c:\windows\system32\nvsvcr.dll
    2011-04-07 20:43 . 2011-04-07 20:43 111208 ----a-w- c:\windows\system32\nvmctray.dll
    2011-04-07 20:43 . 2011-04-07 20:43 3701352 ----a-w- c:\windows\system32\nvcpl.dll
    2011-04-07 20:43 . 2011-04-07 20:43 2565224 ----a-w- c:\windows\system32\nvsvc.dll
    2011-03-29 03:07 . 2011-05-11 12:38 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys
    2011-03-29 03:06 . 2011-05-11 12:38 76288 ----a-w- c:\windows\system32\drivers\usbccgp.sys
    2011-03-29 03:06 . 2011-05-11 12:38 284160 ----a-w- c:\windows\system32\drivers\usbport.sys
    2011-03-29 03:06 . 2011-05-11 12:38 43008 ----a-w- c:\windows\system32\drivers\usbehci.sys
    2011-03-29 03:06 . 2011-05-11 12:38 20480 ----a-w- c:\windows\system32\drivers\usbohci.sys
    2011-03-29 03:06 . 2011-05-11 12:38 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys
    2011-03-29 03:06 . 2011-05-11 12:38 5888 ----a-w- c:\windows\system32\drivers\usbd.sys
    2011-03-16 14:34 . 2010-08-07 00:20 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
    2011-04-30 14:01 . 2011-03-22 15:59 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2010-10-06 23:36 94208 ----a-w- c:\users\user\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2010-10-06 23:36 94208 ----a-w- c:\users\user\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2010-10-06 23:36 94208 ----a-w- c:\users\user\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-01-26 15026056]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-06-23 39408]
    "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
    "MediaGet2"="c:\users\user\AppData\Local\MediaGet2\mediaget.exe" [2011-06-03 6045416]
    "RESTART_STICKY_NOTES"="c:\windows\system32\StikyNot.exe" [2009-07-14 354304]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
    "cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent.exe" [2010-03-04 496184]
    "AmIcoSinglun"="c:\program files\AmIcoSingLun\AmIcoSinglun.exe" [2010-06-10 233472]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-04-22 1725736]
    "BackupManagerTray"="c:\program files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2010-03-08 260608]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-20 141848]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-20 175640]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-20 169496]
    "LManager"="c:\program files\Launch Manager\LManager.exe" [2010-04-08 908368]
    "PLFSetI"="c:\windows\PLFSetI.exe" [2010-07-20 206208]
    "Acer ePower Management"="c:\program files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe" [2010-04-23 494112]
    "EgisTecPMMUpdate"="c:\program files\EgisTec IPS\PmmUpdate.exe" [2009-12-25 401192]
    "VitaKeyTSR"="c:\program files\Acer Bio Protection\EgisTSR.exe" [2010-05-01 186224]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-07 281768]
    "NBAgent"="c:\program files\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe" [2010-06-08 1086760]
    "AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
    "SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
    "AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
    "WinampAgent"="c:\program files\Winamp\winampa.exe" [2011-03-17 74752]
    "Openwares LiveUpdate"="c:\program files\LiveUpdate\LiveUpdate.exe" [2003-12-13 61440]
    "Aqua Dock"="c:\program files\Aqua Dock\Aqua Dock.exe" [2003-11-01 386560]
    "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]
    "Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-05-29 1047656]
    "F-PROT Antivirus Tray application"="c:\program files\FRISK Software\F-PROT Antivirus for Windows\FProtTray.exe" [2010-11-03 1674016]
    .
    c:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dropbox.lnk - c:\users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]
    Trillian.lnk - c:\program files\Trillian\trillian.exe [2011-2-15 2068832]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    "EnableLinkedConnections"= 1 (0x1)
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
    "{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files\Fences\FencesMenu.dll" [2010-06-22 202088]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "mixer1"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\FPAVServer]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Acer VCM.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Acer VCM.lnk
    backup=c:\windows\pss\Acer VCM.lnk.CommonStartup
    backupExtension=.CommonStartup
    .
    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
    backup=c:\windows\pss\Bluetooth.lnk.CommonStartup
    backupExtension=.CommonStartup
    .
    [HKLM\~\startupfolder\C:^Users^user^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
    path=c:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
    backup=c:\windows\pss\Dropbox.lnk.Startup
    backupExtension=.Startup
    .
    [HKLM\~\startupfolder\C:^Users^user^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk]
    path=c:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
    backup=c:\windows\pss\OneNote 2010 Screen Clipper and Launcher.lnk.Startup
    backupExtension=.Startup
    .
    [HKLM\~\startupfolder\C:^Users^user^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]
    path=c:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
    backup=c:\windows\pss\OpenOffice.org 3.2.lnk.Startup
    backupExtension=.Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
    2010-03-13 12:54 91520 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DisplayFusion]
    2011-02-16 09:49 1516264 ----a-w- c:\program files\DisplayFusion\DisplayFusion.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Free Download Manager]
    2010-04-28 20:28 3727411 ----a-w- c:\program files\Free Download Manager\fdm.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
    2011-02-12 11:28 136176 ----atw- c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
    2007-01-01 21:22 3739648 ----a-w- c:\users\user\AppData\Roaming\Google\Google Talk\googletalk.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2010-07-21 13:53 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NetWorx]
    2010-06-29 17:21 2944512 ----a-w- c:\program files\NetWorx\networx.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NortonOnlineBackupReminder]
    2009-07-24 23:31 588648 ----a-w- c:\program files\Symantec\Norton Online Backup\Activation\NobuActivation.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ODDPwr]
    2010-04-22 17:38 186912 ----a-w- c:\program files\Acer\Optical Drive Power Management\ODDPWR.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PeerGuardian]
    2007-06-02 13:59 1457152 ----a-w- c:\program files\PeerGuardian2\pg2.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2010-03-18 20:16 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SJelite3Launch]
    2010-06-28 09:56 180224 ----a-w- c:\users\user\AppData\Roaming\Transcend\SJelite3\SJelite3Launch.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2010-10-29 12:49 249064 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    2010-06-23 08:21 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    .
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "Google Update"="c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "EgisUpdate"="c:\program files\EgisTec IPS\EgisUpdate.exe" -d
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-08-07 135664]
    R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2010-06-10 25600]
    R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [2010-03-05 286248]
    R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-03-01 33320]
    R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-07-26 25832]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-08-07 135664]
    R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
    R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2010-04-17 50432]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
    R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
    R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
    R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
    R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-08-08 1343400]
    R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2008-05-06 11520]
    S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-08-24 691696]
    S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-05-06 218688]
    S1 FPAV_RTP;FPAV_RTP;c:\windows\system32\DRIVERS\FPAV_RTP.sys [2010-09-22 693080]
    S1 PSSDK42;PSSDK42;c:\windows\system32\Drivers\pssdk42.sys [2010-08-07 38976]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
    S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-04-27 136360]
    S2 DsiWMIService;Dritek WMI Service;c:\program files\Launch Manager\dsiwmis.exe [2010-04-08 312400]
    S2 EgisTec Service;EgisTec Service;c:\program files\Acer Bio Protection\EgisService.exe [2010-05-01 310128]
    S2 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files\Common Files\EgisTec\Services\EgisTicketService.exe [2010-05-01 257904]
    S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [2010-04-23 703008]
    S2 FPAVServer;F-PROT Antivirus for Windows system;c:\program files\FRISK Software\F-PROT Antivirus for Windows\FPAVServer.exe [2010-11-03 83624]
    S2 FPSensor;EgisTec-Corp Fingerprint Reader Driver (FPSensor.sys);c:\windows\system32\Drivers\FPSensor.sys [2010-07-20 29232]
    S2 GREGService;GREGService;c:\program files\Acer\Registration\GREGsvc.exe [2010-01-08 23584]
    S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 20992]
    S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]
    S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-05-29 366640]
    S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-03-08 250368]
    S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2010-04-17 144640]
    S2 ODDPwrSvc;Acer ODD Power Service;c:\program files\Acer\Optical Drive Power Management\ODDPWRSvc.exe [2010-04-22 129568]
    S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-18 11032]
    S2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [2010-01-29 260640]
    S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-10-01 2314240]
    S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2010-01-28 243232]
    S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-26 132480]
    S3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\DRIVERS\lgbtport.sys [2009-06-19 12032]
    S3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\DRIVERS\lgbtbus.sys [2009-06-19 10496]
    S3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\DRIVERS\lgvmodem.sys [2009-06-19 12928]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-05-29 22712]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HsfXAudioService REG_MULTI_SZ HsfXAudioService
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-06-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-08-07 05:13]
    .
    2011-06-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-08-07 05:13]
    .
    2011-06-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-895879528-1679901621-3576075842-1000Core.job
    - c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-12 11:28]
    .
    2011-06-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-895879528-1679901621-3576075842-1000UA.job
    - c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-12 11:28]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://start.facemoods.com/?a=ddrnw
    mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=1c09&m=travelmate_8572g&r=27050810f406l0433z296x46m4p31r
    uInternet Settings,ProxyOverride = *.local
    IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
    IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
    IE: Download video with Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
    IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
    IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
    IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    TCP: DhcpNameServer = 10.0.0.2
    FF - ProfilePath - c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ar6zmn4m.default\
    FF - prefs.js: browser.search.selectedEngine - YouTube
    FF - prefs.js: browser.startup.homepage - www.google.co.za
    FF - user.js: network.http.max-persistent-connections-per-server - 4
    FF - user.js: nglayout.initialpaint.delay - 600
    FF - user.js: content.notify.interval - 600000
    FF - user.js: content.max.tokenizing.time - 1800000
    FF - user.js: content.switch.threshold - 600000
    .
    - - - - ORPHANS REMOVED - - - -
    .
    BHO-{64182481-4F71-486b-A045-B233BD0DA8FC} - c:\program files\facemoods.com\facemoods\1.4.17.7\bh\facemoods.dll
    Toolbar-Locked - (no file)
    Toolbar-{DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - c:\program files\facemoods.com\facemoods\1.4.17.7\facemoodsTlbr.dll
    WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
    HKLM-Run-facemoods - c:\program files\facemoods.com\facemoods\1.4.17.7\facemoodssrv.exe
    SharedTaskScheduler-{1984D045-52CF-49cd-DB77-08F378FEA4DB} - (no file)
    MSConfigStartUp-Adobe ARM - c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
    MSConfigStartUp-DivXUpdate - c:\program files\DivX\DivX Update\DivXUpdate.exe
    MSConfigStartUp-FPVProTrialInfo - c:\program files\FastPictureViewer\FPVTrialInfo.exe
    MSConfigStartUp-Raptr - c:\progra~1\Raptr\raptrstub.exe
    MSConfigStartUp-Torrent2Exe[6d5b27a228a41b7486ba8a57d3853068a7ad49b8] - c:\users\user\Downloads\228A41B7486BA8A57D3853068A7AD49B8.exe
    MSConfigStartUp-TorrentEasy_ec55e5d1a7acbbed4f8643ca4f94c2939c75cdd5 - c:\users\user\Downloads\TorrentEasy-EC55E5D1A7ACBBED4F8643CA4F94C2939C75CDD5.exe
    MSConfigStartUp-VoxOxNG - c:\program files\Voxox\Voxox.exe
    AddRemove-facemoods - c:\program files\facemoods.com\facemoods\1.4.17.7\uninstall.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-895879528-1679901621-3576075842-1000\Software\SecuROM\License information*]
    @Allowed: (Read) (RestrictedCode)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'Explorer.exe'(5720)
    c:\users\user\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    c:\program files\Fences\FencesMenu.dll
    c:\program files\fences\DesktopDock.dll
    c:\program files\WIDCOMM\Bluetooth Software\btncopy.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\nvvsvc.exe
    c:\program files\NVIDIA Corporation\Display\NvXDSync.exe
    c:\windows\system32\nvvsvc.exe
    c:\windows\system32\WLANExt.exe
    c:\windows\system32\conhost.exe
    c:\program files\Avira\AntiVir Desktop\avguard.exe
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\WIDCOMM\Bluetooth Software\btwdins.exe
    c:\program files\Avira\AntiVir Desktop\avshadow.exe
    c:\windows\system32\conhost.exe
    c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    c:\program files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    c:\windows\system32\taskhost.exe
    c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
    c:\windows\system32\conhost.exe
    c:\program files\Windows Media Player\wmpnetwk.exe
    c:\program files\Nero\Nero BackItUp & Burn\Nero BackItUp\NBCore.exe
    c:\program files\Windows Media Player\wmpnscfg.exe
    c:\program files\Windows Media Player\wmpnscfg.exe
    .
    **************************************************************************
    .
    Completion time: 2011-06-11 13:16:49 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-06-11 11:16
    .
    Pre-Run: 1*975*590*912 bytes free
    Post-Run: 1*596*518*400 bytes free
    .
    - - End Of File - - 73F047C1E686A606CF6E0E8A781BE051
     
  6. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    10,162
    Continue as follows :-

    Step 1

    Navigate > Start > Control Panel > Uninstall a Program. Uninstall anything with Facemoods in its title.

    Step 2

    1. Close any open browsers.

    2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    3. Open notepad and copy/paste the text in the Codebox below into it:

    Code:
    KillAll::
    DDS:
    uStart Page = hxxp://start.facemoods.com/?a=ddrnw
    RegLock::
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000.
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    
    Save this as CFScript.txt, and as Type: All Files (*.*) in the same location as ComboFix.exe

    [​IMG]

    [​IMG]

    Refering to the picture above, drag CFScript into ComboFix.exe

    When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

    Step 3

    Run ESET Online Scan
    • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
      ESET OnlineScan
    • Click the [​IMG] button.
    • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on [​IMG] to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the [​IMG] icon on your desktop.
    • Check [​IMG]
    • Click the [​IMG] button.
    • Accept any security warnings from your browser.
    • Check [​IMG]
    • Leave the tick out of remove found threats
    • Push the Start button.
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push [​IMG]
    • Push [​IMG], and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • Push the [​IMG] button.
    • Push [​IMG]
    You can refer to this animation by neomage if needed.
    Frequently asked questions available Here Please read them before running the scan.

    Also be aware this scan can take between one and several hours to complete depending on the size of your system.

    ESET log can be found here "C:\Program Files\ESET\EsetOnlineScanner\log.txt".

    Step 4

    Download Security Check by screen317 from HERE or HERE.
    Save it to your Desktop.
    Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.
    A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    What i`d like in your reply :-

    • Log from Combofix
    • Log from ESET
    • Log from Security Checks
    • System review, let me know what issues/concerns remain

    Kevin...
     
  7. Cait3d1d

    Cait3d1d Thread Starter

    Joined:
    Jun 11, 2011
    Messages:
    14
    Hi Kevin - Here are the logs, thank you so much for all of your help!


    ComboFix 11-06-10.0A - user 2011/06/11 15:54:14.2.4 - x86
    Microsoft Windows 7 Professional 6.1.7600.0.1252.27.1033.18.2548.1220 [GMT 2:00]
    Running from: c:\users\user\Desktop\gotcha.exe
    Command switches used :: c:\users\user\Desktop\CFScript.txt
    AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
    AV: F-PROT Antivirus for Windows *Disabled/Updated* {31B7FFC6-2716-5A4E-528D-32786E690ED2}
    SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-05-11 to 2011-06-11 )))))))))))))))))))))))))))))))
    .
    .
    2011-06-11 14:05 . 2011-06-11 14:05 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-06-11 10:38 . 2011-06-11 10:38 -------- d-----w- C:\gotcha
    2011-06-11 08:54 . 2011-06-11 08:54 388096 ----a-r- c:\users\user\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2011-06-11 08:54 . 2011-06-11 08:54 -------- d-----w- c:\program files\Trend Micro
    2011-06-10 20:58 . 2011-05-09 20:46 6962000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3884224D-D443-423D-998C-406E61B53646}\mpengine.dll
    2011-06-10 19:47 . 2011-06-10 19:47 -------- d-----w- c:\users\user\AppData\Roaming\FRISK Software
    2011-06-10 19:32 . 2010-09-22 10:47 693080 ----a-w- c:\windows\system32\drivers\FPAV_RTP.sys
    2011-06-10 19:32 . 2011-06-10 19:32 -------- d-----w- c:\programdata\FRISK Software
    2011-06-10 19:31 . 2011-06-10 19:31 -------- d-----w- c:\program files\FRISK Software
    2011-06-10 17:25 . 2011-06-10 17:25 -------- d-----w- c:\users\user\AppData\Roaming\Malwarebytes
    2011-06-10 17:25 . 2011-05-29 07:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-06-10 17:25 . 2011-06-10 17:25 -------- d-----w- c:\programdata\Malwarebytes
    2011-06-10 17:25 . 2011-06-10 17:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-06-10 17:25 . 2011-05-29 07:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-06-09 12:33 . 2011-06-09 12:33 -------- d-----w- c:\program files\SpeedFan
    2011-06-08 20:51 . 2011-06-08 20:57 -------- d-----w- C:\Recovered
    2011-06-08 20:31 . 2011-06-08 20:31 -------- d-----w- C:\found.000
    2011-06-08 20:05 . 2011-06-08 20:05 -------- d-----w- c:\windows\Migo Recover Lost Data
    2011-06-08 19:35 . 2011-06-08 19:35 -------- d-----w- c:\program files\QS
    2011-06-07 16:41 . 2011-06-07 16:41 -------- d-----w- c:\programdata\Media Get LLC
    2011-06-07 16:41 . 2011-06-07 16:41 -------- d-----w- c:\users\user\AppData\Roaming\Media Get LLC
    2011-06-07 16:41 . 2011-06-07 16:41 -------- d-----w- c:\users\user\AppData\Local\Media Get LLC
    2011-06-07 16:41 . 2011-06-07 16:41 -------- d-----w- c:\users\user\AppData\Local\MediaGet2
    2011-06-05 14:07 . 2011-06-05 14:07 -------- d-----w- c:\users\user\AppData\Local\Wizards_of_the_Coast
    2011-06-05 13:27 . 2011-06-05 13:27 -------- d-----w- c:\program files\Wizards of the Coast
    2011-06-03 21:34 . 2011-06-03 21:35 -------- d-----w- c:\users\user\AppData\Local\sabnzbd
    2011-06-03 21:34 . 2011-06-03 21:34 -------- d-----w- c:\program files\SABnzbd
    2011-05-29 12:55 . 2011-05-29 12:55 -------- d-----w- c:\users\user\AppData\Local\My Games
    2011-05-29 08:31 . 2011-05-29 08:31 -------- d-----w- c:\users\user\AppData\Local\Geckofx
    2011-05-27 19:12 . 2011-05-27 19:12 -------- d-----w- c:\program files\Microsoft XNA
    2011-05-27 19:10 . 2011-05-27 19:10 -------- d-----w- c:\program files\Alientrap Games Inc
    2011-05-27 18:03 . 2011-06-09 17:14 -------- d-----w- c:\users\user\AppData\Local\FileServe Manager
    2011-05-27 18:03 . 2011-05-27 18:03 -------- d-----w- c:\programdata\FileServe Limited
    2011-05-25 21:20 . 2011-05-25 21:20 -------- d-----w- c:\program files\Common Files\Stardock
    2011-05-25 21:20 . 2011-05-25 21:20 -------- d-----w- c:\program files\Stardock
    2011-05-25 21:03 . 2011-05-25 21:03 -------- d-----w- c:\users\user\AppData\Local\ODUI
    2011-05-25 21:03 . 2011-05-25 21:21 -------- d-----w- c:\users\user\AppData\Local\Stardock
    2011-05-25 20:59 . 2011-05-25 20:59 -------- d-----w- c:\users\user\AppData\Local\Richard_Z.H._Wang
    2011-05-25 20:54 . 2011-05-25 20:54 -------- d-----w- c:\program files\Aqua Dock
    2011-05-25 20:54 . 2011-05-25 20:54 -------- d-----w- c:\program files\LIVEUPDATE
    2011-05-25 08:36 . 2011-04-22 19:36 26496 ----a-w- c:\windows\system32\drivers\Diskdump.sys
    2011-05-22 14:25 . 2011-05-22 14:25 -------- d-----w- c:\users\user\AppData\Roaming\gtk-2.0
    2011-05-22 13:59 . 2011-05-22 13:59 -------- d-----w- c:\users\user\AppData\Local\MPlayer
    2011-05-22 13:55 . 2011-05-22 13:55 -------- d-----w- c:\programdata\OEM Links
    2011-05-22 13:55 . 2011-05-22 13:55 -------- d-----w- C:\MININT
    2011-05-21 12:44 . 2011-05-21 12:44 -------- d-----w- c:\program files\Winamp Detect
    2011-05-21 12:44 . 2011-05-21 14:05 -------- d-----w- c:\users\user\AppData\Roaming\Winamp
    2011-05-21 12:44 . 2011-05-21 12:46 -------- d-----w- c:\program files\Winamp
    2011-05-19 15:01 . 2011-04-09 05:56 123904 ----a-w- c:\windows\system32\poqexec.exe
    2011-05-17 23:04 . 2011-05-30 17:06 -------- d-----w- c:\users\user\AppData\Roaming\.minecraft
    2011-05-13 14:35 . 2011-05-13 14:35 -------- d-----w- c:\program files\R.G. Catalyst
    2011-05-13 10:59 . 2011-05-13 10:59 -------- d-----w- c:\users\user\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    2011-05-13 07:15 . 2011-05-13 07:16 -------- d-----w- c:\users\user\AppData\Roaming\GetRightToGo
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-05-06 20:19 . 2011-05-06 20:19 218688 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
    2011-05-02 14:31 . 2011-05-02 14:31 404128 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-04-30 21:29 . 2011-04-30 21:20 201728 ----a-w- c:\windows\system32\HarryPotter7Screensaver.scr
    2011-04-09 06:13 . 2011-05-11 12:38 3957632 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2011-04-09 06:13 . 2011-05-11 12:38 3901824 ----a-w- c:\windows\system32\ntoskrnl.exe
    2011-04-08 05:14 . 2011-04-29 15:20 6299752 ----a-w- c:\windows\system32\nvwgf2um.dll
    2011-04-08 05:14 . 2011-04-29 15:20 57960 ----a-w- c:\windows\system32\OpenCL.dll
    2011-04-08 05:14 . 2011-04-29 15:20 944232 ----a-w- c:\windows\system32\nvdispco3220140.dll
    2011-04-08 05:14 . 2011-04-29 15:20 855656 ----a-w- c:\windows\system32\nvgenco322060.dll
    2011-04-08 05:14 . 2011-04-29 15:20 5180824 ----a-w- c:\windows\system32\nvcuda.dll
    2011-04-08 05:14 . 2011-04-29 15:20 2765928 ----a-w- c:\windows\system32\nvcuvid.dll
    2011-04-08 05:14 . 2011-04-29 15:20 2074216 ----a-w- c:\windows\system32\nvcuvenc.dll
    2011-04-08 05:14 . 2011-04-29 15:20 15227496 ----a-w- c:\windows\system32\nvoglv32.dll
    2011-04-08 05:14 . 2011-04-29 15:20 13007464 ----a-w- c:\windows\system32\nvcompiler.dll
    2011-04-08 05:14 . 2011-04-29 15:20 10920 ----a-w- c:\windows\system32\drivers\nvBridge.kmd
    2011-04-08 05:14 . 2011-04-29 15:20 10690024 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
    2011-04-08 05:14 . 2011-04-29 15:20 10071656 ----a-w- c:\windows\system32\nvd3dum.dll
    2011-04-08 05:14 . 2010-06-23 08:37 2034280 ----a-w- c:\windows\system32\nvapi.dll
    2011-04-07 20:43 . 2011-04-07 20:43 580200 ----a-w- c:\windows\system32\easyUpdatusAPIU.dll
    2011-04-07 20:43 . 2011-04-07 20:43 612456 ----a-w- c:\windows\system32\nvvsvc.exe
    2011-04-07 20:43 . 2011-04-07 20:43 293992 ----a-w- c:\windows\system32\nvhotkey.dll
    2011-04-07 20:43 . 2011-04-07 20:43 2582120 ----a-w- c:\windows\system32\nvsvcr.dll
    2011-04-07 20:43 . 2011-04-07 20:43 111208 ----a-w- c:\windows\system32\nvmctray.dll
    2011-04-07 20:43 . 2011-04-07 20:43 3701352 ----a-w- c:\windows\system32\nvcpl.dll
    2011-04-07 20:43 . 2011-04-07 20:43 2565224 ----a-w- c:\windows\system32\nvsvc.dll
    2011-03-29 03:07 . 2011-05-11 12:38 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys
    2011-03-29 03:06 . 2011-05-11 12:38 76288 ----a-w- c:\windows\system32\drivers\usbccgp.sys
    2011-03-29 03:06 . 2011-05-11 12:38 284160 ----a-w- c:\windows\system32\drivers\usbport.sys
    2011-03-29 03:06 . 2011-05-11 12:38 43008 ----a-w- c:\windows\system32\drivers\usbehci.sys
    2011-03-29 03:06 . 2011-05-11 12:38 20480 ----a-w- c:\windows\system32\drivers\usbohci.sys
    2011-03-29 03:06 . 2011-05-11 12:38 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys
    2011-03-29 03:06 . 2011-05-11 12:38 5888 ----a-w- c:\windows\system32\drivers\usbd.sys
    2011-03-16 14:34 . 2010-08-07 00:20 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
    2011-04-30 14:01 . 2011-03-22 15:59 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2010-10-06 23:36 94208 ----a-w- c:\users\user\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2010-10-06 23:36 94208 ----a-w- c:\users\user\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2010-10-06 23:36 94208 ----a-w- c:\users\user\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-01-26 15026056]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-06-23 39408]
    "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
    "MediaGet2"="c:\users\user\AppData\Local\MediaGet2\mediaget.exe" [2011-06-03 6045416]
    "RESTART_STICKY_NOTES"="c:\windows\system32\StikyNot.exe" [2009-07-14 354304]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
    "cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent.exe" [2010-03-04 496184]
    "AmIcoSinglun"="c:\program files\AmIcoSingLun\AmIcoSinglun.exe" [2010-06-10 233472]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-04-22 1725736]
    "BackupManagerTray"="c:\program files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2010-03-08 260608]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-20 141848]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-20 175640]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-20 169496]
    "LManager"="c:\program files\Launch Manager\LManager.exe" [2010-04-08 908368]
    "PLFSetI"="c:\windows\PLFSetI.exe" [2010-07-20 206208]
    "Acer ePower Management"="c:\program files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe" [2010-04-23 494112]
    "EgisTecPMMUpdate"="c:\program files\EgisTec IPS\PmmUpdate.exe" [2009-12-25 401192]
    "VitaKeyTSR"="c:\program files\Acer Bio Protection\EgisTSR.exe" [2010-05-01 186224]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-07 281768]
    "NBAgent"="c:\program files\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe" [2010-06-08 1086760]
    "AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
    "SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
    "AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
    "WinampAgent"="c:\program files\Winamp\winampa.exe" [2011-03-17 74752]
    "Openwares LiveUpdate"="c:\program files\LiveUpdate\LiveUpdate.exe" [2003-12-13 61440]
    "Aqua Dock"="c:\program files\Aqua Dock\Aqua Dock.exe" [2003-11-01 386560]
    "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]
    "Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-05-29 1047656]
    "F-PROT Antivirus Tray application"="c:\program files\FRISK Software\F-PROT Antivirus for Windows\FProtTray.exe" [2010-11-03 1674016]
    .
    c:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dropbox.lnk - c:\users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]
    Trillian.lnk - c:\program files\Trillian\trillian.exe [2011-2-15 2068832]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    "EnableLinkedConnections"= 1 (0x1)
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
    "{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files\Fences\FencesMenu.dll" [2010-06-22 202088]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "mixer1"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\FPAVServer]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Acer VCM.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Acer VCM.lnk
    backup=c:\windows\pss\Acer VCM.lnk.CommonStartup
    backupExtension=.CommonStartup
    .
    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
    backup=c:\windows\pss\Bluetooth.lnk.CommonStartup
    backupExtension=.CommonStartup
    .
    [HKLM\~\startupfolder\C:^Users^user^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
    path=c:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
    backup=c:\windows\pss\Dropbox.lnk.Startup
    backupExtension=.Startup
    .
    [HKLM\~\startupfolder\C:^Users^user^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk]
    path=c:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
    backup=c:\windows\pss\OneNote 2010 Screen Clipper and Launcher.lnk.Startup
    backupExtension=.Startup
    .
    [HKLM\~\startupfolder\C:^Users^user^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]
    path=c:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
    backup=c:\windows\pss\OpenOffice.org 3.2.lnk.Startup
    backupExtension=.Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
    2010-03-13 12:54 91520 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DisplayFusion]
    2011-02-16 09:49 1516264 ----a-w- c:\program files\DisplayFusion\DisplayFusion.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Free Download Manager]
    2010-04-28 20:28 3727411 ----a-w- c:\program files\Free Download Manager\fdm.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
    2011-02-12 11:28 136176 ----atw- c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
    2007-01-01 21:22 3739648 ----a-w- c:\users\user\AppData\Roaming\Google\Google Talk\googletalk.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2010-07-21 13:53 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NetWorx]
    2010-06-29 17:21 2944512 ----a-w- c:\program files\NetWorx\networx.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NortonOnlineBackupReminder]
    2009-07-24 23:31 588648 ----a-w- c:\program files\Symantec\Norton Online Backup\Activation\NobuActivation.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ODDPwr]
    2010-04-22 17:38 186912 ----a-w- c:\program files\Acer\Optical Drive Power Management\ODDPWR.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PeerGuardian]
    2007-06-02 13:59 1457152 ----a-w- c:\program files\PeerGuardian2\pg2.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2010-03-18 20:16 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SJelite3Launch]
    2010-06-28 09:56 180224 ----a-w- c:\users\user\AppData\Roaming\Transcend\SJelite3\SJelite3Launch.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2010-10-29 12:49 249064 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    2010-06-23 08:21 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    .
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "Google Update"="c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "EgisUpdate"="c:\program files\EgisTec IPS\EgisUpdate.exe" -d
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-08-07 135664]
    R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2010-06-10 25600]
    R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [2010-03-05 286248]
    R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-03-01 33320]
    R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-07-26 25832]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-08-07 135664]
    R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
    R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2010-04-17 50432]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
    R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
    R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
    R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
    R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-08-08 1343400]
    R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2008-05-06 11520]
    S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-08-24 691696]
    S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-05-06 218688]
    S1 FPAV_RTP;FPAV_RTP;c:\windows\system32\DRIVERS\FPAV_RTP.sys [2010-09-22 693080]
    S1 PSSDK42;PSSDK42;c:\windows\system32\Drivers\pssdk42.sys [2010-08-07 38976]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
    S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-04-27 136360]
    S2 DsiWMIService;Dritek WMI Service;c:\program files\Launch Manager\dsiwmis.exe [2010-04-08 312400]
    S2 EgisTec Service;EgisTec Service;c:\program files\Acer Bio Protection\EgisService.exe [2010-05-01 310128]
    S2 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files\Common Files\EgisTec\Services\EgisTicketService.exe [2010-05-01 257904]
    S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [2010-04-23 703008]
    S2 FPAVServer;F-PROT Antivirus for Windows system;c:\program files\FRISK Software\F-PROT Antivirus for Windows\FPAVServer.exe [2010-11-03 83624]
    S2 FPSensor;EgisTec-Corp Fingerprint Reader Driver (FPSensor.sys);c:\windows\system32\Drivers\FPSensor.sys [2010-07-20 29232]
    S2 GREGService;GREGService;c:\program files\Acer\Registration\GREGsvc.exe [2010-01-08 23584]
    S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 20992]
    S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]
    S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-05-29 366640]
    S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-03-08 250368]
    S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2010-04-17 144640]
    S2 ODDPwrSvc;Acer ODD Power Service;c:\program files\Acer\Optical Drive Power Management\ODDPWRSvc.exe [2010-04-22 129568]
    S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-18 11032]
    S2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [2010-01-29 260640]
    S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-10-01 2314240]
    S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2010-01-28 243232]
    S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-26 132480]
    S3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\DRIVERS\lgbtport.sys [2009-06-19 12032]
    S3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\DRIVERS\lgbtbus.sys [2009-06-19 10496]
    S3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\DRIVERS\lgvmodem.sys [2009-06-19 12928]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-05-29 22712]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HsfXAudioService REG_MULTI_SZ HsfXAudioService
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-06-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-08-07 05:13]
    .
    2011-06-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-08-07 05:13]
    .
    2011-06-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-895879528-1679901621-3576075842-1000Core.job
    - c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-12 11:28]
    .
    2011-06-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-895879528-1679901621-3576075842-1000UA.job
    - c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-12 11:28]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://start.facemoods.com/?a=ddrnw
    mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=1c09&m=travelmate_8572g&r=27050810f406l0433z296x46m4p31r
    uInternet Settings,ProxyOverride = *.local
    IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
    IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
    IE: Download video with Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
    IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
    IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
    IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    TCP: DhcpNameServer = 10.0.0.2
    FF - ProfilePath - c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ar6zmn4m.default\
    FF - prefs.js: browser.search.selectedEngine - YouTube
    FF - prefs.js: browser.startup.homepage - www.google.co.za
    FF - user.js: network.http.max-persistent-connections-per-server - 4
    FF - user.js: nglayout.initialpaint.delay - 600
    FF - user.js: content.notify.interval - 600000
    FF - user.js: content.max.tokenizing.time - 1800000
    FF - user.js: content.switch.threshold - 600000
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-895879528-1679901621-3576075842-1000\Software\SecuROM\License information*]
    @Allowed: (Read) (RestrictedCode)
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'Explorer.exe'(1568)
    c:\users\user\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    c:\program files\Fences\FencesMenu.dll
    c:\program files\fences\DesktopDock.dll
    c:\program files\WIDCOMM\Bluetooth Software\btncopy.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\nvvsvc.exe
    c:\program files\NVIDIA Corporation\Display\NvXDSync.exe
    c:\windows\system32\nvvsvc.exe
    c:\windows\system32\WLANExt.exe
    c:\windows\system32\conhost.exe
    c:\program files\Avira\AntiVir Desktop\avguard.exe
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\WIDCOMM\Bluetooth Software\btwdins.exe
    c:\program files\Avira\AntiVir Desktop\avshadow.exe
    c:\windows\system32\conhost.exe
    c:\windows\system32\taskhost.exe
    c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    c:\program files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
    c:\windows\system32\conhost.exe
    c:\program files\Windows Media Player\wmpnetwk.exe
    c:\windows\system32\taskhost.exe
    c:\program files\Windows Media Player\wmpnscfg.exe
    c:\program files\Windows Media Player\wmpnscfg.exe
    .
    **************************************************************************
    .
    Completion time: 2011-06-11 16:15:35 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-06-11 14:15
    ComboFix2.txt 2011-06-11 11:16
    .
    Pre-Run: 1*598*447*616 bytes free
    Post-Run: 1*863*131*136 bytes free
    .
    - - End Of File - - F579B683274DDF59448FE62A90DAB520

    Eset Log:


    C:\Users\user\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\ac8c29b-17959963 multiple threats
    C:\Users\user\Desktop\Hiren\Hirens.BootCD.9.6\Hiren's.BootCD.9.6.iso probably unknown NewHeur_PE virus
    C:\Users\user\Downloads\MKVPlayerSetup.exe multiple threats
    J:\Nero Local Autobackup\20110610_211415_Local Autobackup\C\Users\user\Desktop\Hiren\Hirens.BootCD.9.6\Hiren's.BootCD.9.6.iso probably unknown NewHeur_PE virus
    J:\Nero Local Autobackup\20110610_211415_Local Autobackup\C\Users\user\Downloads\MKVPlayerSetup.exe multiple threats
    J:\Nero Local Autobackup\20110611_191419_Local Autobackup\C\Users\user\Desktop\Hiren\Hirens.BootCD.9.6\Hiren's.BootCD.9.6.iso probably unknown NewHeur_PE virus
    J:\Nero Local Autobackup\20110611_191419_Local Autobackup\C\Users\user\Downloads\MKVPlayerSetup.exe multiple threats

    Security Check:


    Results of screen317's Security Check version 0.99.13
    Windows 7 (UAC is enabled)
    Internet Explorer 8
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Enabled!
    Avira AntiVir Personal - Free Antivirus
    ESET Online Scanner v3
    F-PROT Antivirus for Windows
    WMI entry may not exist for antivirus; attempting automatic update.
    Avira successfully updated!
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Malwarebytes' Anti-Malware
    Java(TM) 6 Update 24
    Out of date Java installed!
    Flash Player Out of Date!
    Adobe Flash Player 10.2.159.1
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Malwarebytes' Anti-Malware mbamservice.exe
    Avira Antivir avguard.exe
    FRISK Software F-PROT Antivirus for Windows FPAVServer.exe
    ``````````End of Log````````````
     
  8. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    10,162
    Continue as follows please....

    Step 1

    Please download OTM by OldTimer.
    Alternative Mirror 1
    Alternative Mirror 2
    Save it to your desktop.
    Double click OTM.exe to start the tool. Vista or Windows 7 users right click and select Run as Administrator
    • Copy the text between the dotted lines below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

      -------------------------------------------------------------------

      :Files
      ipconfig /flushdns /c
      C:\Users\user\Downloads\MKVPlayerSetup.exe
      J:\Nero Local Autobackup\20110610_211415_Local Autobackup\C\Users\user\Downloads\MKVPlayerSetup.exe
      J:\Nero Local Autobackup\20110611_191419_Local Autobackup\C\Users\user\Downloads\MKVPlayerSetup.exe
      :Commands
      [EmptyTemp]
      [ResetHosts]
      [CreateRestorePoint]

      ---------------------------------------------------------------------
    • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
    • Click the red [​IMG] button.
    • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
    • Close OTM
    Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

    If the machine reboots, the Results log can be found here:

    c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log

    Where mmddyyyy_hhmmss is the date of the tool run.

    Step 2

    You have two Antivirus Programs running together, Avira and FRISK Software F-PROT Antivirus. One of them must be uninstalled, I recommend you keep Avira.

    Let me see the log from OTM, Also tell me how your system is responding and what issues/concerns remain...

    Kevin
     
  9. Cait3d1d

    Cait3d1d Thread Starter

    Joined:
    Jun 11, 2011
    Messages:
    14
    All processes killed
    ========== FILES ==========
    < ipconfig /flushdns /c >
    Windows IP Configuration
    Successfully flushed the DNS Resolver Cache.
    C:\Users\user\Desktop\cmd.bat deleted successfully.
    C:\Users\user\Desktop\cmd.txt deleted successfully.
    C:\Users\user\Downloads\MKVPlayerSetup.exe moved successfully.
    J:\Nero Local Autobackup\20110610_211415_Local Autobackup\C\Users\user\Downloads\MKVPlayerSetup.exe moved successfully.
    J:\Nero Local Autobackup\20110611_191419_Local Autobackup\C\Users\user\Downloads\MKVPlayerSetup.exe moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes
    ->Flash cache emptied: 41620 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    User: user
    ->Temp folder emptied: 1613149 bytes
    ->Temporary Internet Files folder emptied: 6088209 bytes
    ->Java cache emptied: 1975091 bytes
    ->FireFox cache emptied: 52047741 bytes
    ->Google Chrome cache emptied: 177490805 bytes
    ->Flash cache emptied: 211916 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 200704 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 525778 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 229.00 mb

    C:\Windows\System32\drivers\etc\Hosts moved successfully.
    HOSTS file reset successfully


    OTM by OldTimer - Version 3.1.18.0 log created on 06122011_202817

    Files moved on Reboot...
    File move failed. C:\Windows\temp\dsiwmis.log scheduled to be moved on reboot.
    File C:\Windows\temp\TMP0000207C1F3DE3D541F5D0DC not found!

    Registry entries deleted on Reboot...

    All processes killed
    ========== FILES ==========
    < ipconfig /flushdns /c >
    Windows IP Configuration
    Successfully flushed the DNS Resolver Cache.
    C:\Users\user\Desktop\cmd.bat deleted successfully.
    C:\Users\user\Desktop\cmd.txt deleted successfully.
    C:\Users\user\Downloads\MKVPlayerSetup.exe moved successfully.
    J:\Nero Local Autobackup\20110610_211415_Local Autobackup\C\Users\user\Downloads\MKVPlayerSetup.exe moved successfully.
    J:\Nero Local Autobackup\20110611_191419_Local Autobackup\C\Users\user\Downloads\MKVPlayerSetup.exe moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes
    ->Flash cache emptied: 41620 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    User: user
    ->Temp folder emptied: 1613149 bytes
    ->Temporary Internet Files folder emptied: 6088209 bytes
    ->Java cache emptied: 1975091 bytes
    ->FireFox cache emptied: 52047741 bytes
    ->Google Chrome cache emptied: 177490805 bytes
    ->Flash cache emptied: 211916 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 200704 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 525778 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 229.00 mb

    C:\Windows\System32\drivers\etc\Hosts moved successfully.
    HOSTS file reset successfully


    OTM by OldTimer - Version 3.1.18.0 log created on 06122011_202817

    Files moved on Reboot...
    File move failed. C:\Windows\temp\dsiwmis.log scheduled to be moved on reboot.
    File C:\Windows\temp\TMP0000207C1F3DE3D541F5D0DC not found!

    Registry entries deleted on Reboot...

    My system seems to be doing fine at the moment. Nothing has deleted itself again, everything is running pretty smoothly.
     
  10. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    10,162
    OK lets clean up....

    Step 1

    • Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
    • Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between the "x" and "/")
      [​IMG]
    • Please follow the prompts to uninstall Combofix.
    • You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself.
    The above procedure will delete the following:
    • ComboFix and its associated files and folders.
    • VundoFix backups, if present
    • The C:_OtMoveIt folder, if present
    • Reset the clock settings.
    • Hide file extensions, if required.
    • Hide System/Hidden files, if required.
    • Reset System Restore.
    It is very important that you get a successful uninstall because of the extra functions done at the same time, let me know if this does not happen.

    Step 2

    • Download OTC by OldTimer and save it to your desktop. Alternative mirror
    • Double click [​IMG] icon to start the program.
      If you are using Vista or Windows 7, please right-click and choose run as administrator
    • Then Click the big [​IMG] button.
    • You will get a prompt saying "Begining Cleanup Process". Please select Yes.
    • Restart your computer when prompted.
    • This will remove tools we have used and itself. Any tools/logs remaining on the Desktop can be deleted.

    Step 3

    Remove the ESET Online Scanner components from your computer, start the Uninstall a Program applet from Start > Control Panel, select the ESET Online Scanner entry and click Uninstall. This will happen quickly, only re-boot if prompted.

    Step 4

    Your Adobe Flash Player is out of date. Older versions are vulnerable to attack and exploitation
    Please go to the link below to update.
    Adobe Flash Player Untick the Free McAfee® Security Scan Plus (optional) unless you want it. (not required)

    Step 5

    You are using an old version of Java. Sun's Java is sometimes updated in order to eliminate the exploitation of vulnerabilities in an existing version.
    For this reason, it's extremely important that you keep the program up to date, and also remove the older more vulnerable versions from your system.
    The most current version of Sun Java is: Java Runtime Environment Version 6 Update 26.

    • Go to Sun Java
    • Select Windows 7/XP/Vista/2000/2003/2008 If using 64 bit OS Select Information about the 64-bit Java plug-in and follow prompts
    • Install the new version by running the newly-downloaded file with the java icon which will be at your desktop, and follow the on-screen instructions.
    • Reboot your computer

    Let me know if the above steps completed OK, also if any remaining issues or concerns...

    Kevin
     
  11. Cait3d1d

    Cait3d1d Thread Starter

    Joined:
    Jun 11, 2011
    Messages:
    14
    Hi Kevin, thanks for all your help. Everything seems to be fine
    :)
     
  12. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    10,162
    Good to hear that al is well for you, here are some tips to reduce the potential for malware infection in the future:

    Make proper use of your antivirus and firewall

    Antivirus and Firewall programs are integral to your computer security. However, just having them installed isn't enough. The definitions of these programs are frequently updated to detect the latest malware, if you don't keep up with these updates then you'll be vulnerable to infection. Many antivirus and firewall programs have automatic update features, make use of those if you can. If your program doesn't, then get in the habit of routinely performing manual updates, because it's important.

    You should keep your antivirus and firewall guard enabled at all times, NEVER turn them off unless there's a specific reason to do so. Also, regularly performing a full system scan with your antivirus program is a good idea to make sure you're system remains clean. Once a week should be adequate. You can set the scan to run during a time when you don't plan to use the computer and just leave it to complete on its own.

    Install and use WinPatrol This will inform you of any attempted unauthorized changes to your system.

    WinPatrol features explained Here

    You will have several programs installed, these maybe outdated and vulnerable to exploits also. To be certain, please run the free online scan by Secunia, available Here Before clicking the Start scan button, please check the box for the option Enable thorough system inspection. Just below the "Scan Options:" section, you'll see the status of what's currently processing.... [​IMG]
    ...when the scan completes, the message "Detection completed successfully" will appear in the Programs/Result section. For each problem detected, Secunia will offer a "Solution" option. Please follow those instructions to download updated versions of the programs as recommended by Secunia.


    Use a safer web browser

    Internet Explorer is not the most secure tool for browsing the web. It has been known to be very susceptible to infection, and there are a few good free alternatives:

    Firefox,

    Opera, and

    Chrome.

    All of these are excellent faster, safer, more powerful and functional free alternatives to Internet Explorer. It's definitely worth the short period of adjustment to start using one of these. If you wish to continue using Internet Explorer, it would be a good idea to follow the tutorial HERE which will help you to make IE MUCH safer.

    These browser add-ons will help to make your browser safer:

    Web of Trust warns you about risky websites that try to scam visitors, deliver malware or send spam. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous ones:

    Available for Firefox and Internet Explorer.

    Green to go,
    Yellow for caution, and
    Red to stop.


    Available for Firefox only. NoScript helps to block malicious scripts and in general gives you much better control over what types of things webpages can do to your computer while you're browsing.

    These are just a couple of the most popular add-ons, if you're interested in more, take a look at THIS article.

    Here a couple of links by two security experts that will give some excellent tips and advice.

    So how did I get infected in the first place by Tony Klein

    How to prevent Malware by Miekiemoes

    Finally this link HERE will give a comprehensive upto date list of free Security programs. To include - Antivirus, Antispyware, Firewall, Antimalware, Online scanners and rescue CD`s.

    Don`t forget, the best form of defense is common sense. If you don`t recognize it, don`t open it. If something looks to good to be true, then it aint.

    If no remaining issues hit the Mark Solved tab at the top of the thread...

    Kevin
     
  13. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1001641