Solve : malware experts please take look?

1.	Solve : malware experts please take look?
Answer» ComboFix 10-07-27.05 - MIke 28/07/2010 21:13:13.1.2 - x86 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.2013.1079 [GMT 1:00] Running from: c:\USERS\MIke\Desktop\commy.exe SP: Spybot - Search and Destroy disabled (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9} SP: SUPERAntiSpyware disabled (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\users\MIke\AppData\Roaming\.# c:\users\MIke\AppData\Roaming\inst.exe c:\users\MIke\AppData\Roaming\System32 c:\users\MIke\AppData\Roaming\System32\database.dat c:\windows\struct~.ini c:\windows\system32\%appdata% c:\windows\system32\drivers\npf.sys c:\windows\system32\ernel32.dll c:\windows\system32\NTIMP3.dll c:\windows\system32\Packet.dll c:\windows\system32\WanPacket.dll c:\windows\system32\wpcap.dll c:\windows\UA000106.DLL . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_NPF ((((((((((((((((((((((((( Files Created from 2010-06-28 to 2010-07-28 ))))))))))))))))))))))))))))))) . 2010-07-28 20:37 . 2010-07-28 20:39--------d-----w-c:\users\MIke\AppData\Local\temp 2010-07-28 20:37 . 2010-07-28 20:37--------d-----w-c:\users\LogMeInRemoteUser\AppData\Local\temp 2010-07-27 22:48 . 2010-04-29 14:3938224----a-w-c:\windows\system32\drivers\mbamswissarmy.sys 2010-07-27 22:47 . 2010-07-27 22:48--------d-----w-c:\program files\Malwarebytes' Anti-Malware 2010-07-27 22:47 . 2010-04-29 14:3920952----a-w-c:\windows\system32\drivers\mbam.sys 2010-07-26 17:55 . 2010-07-26 17:55--------d-----w-c:\users\MIke\AppData\Local\Windows Live Writer 2010-07-26 17:55 . 2010-07-26 17:55--------d-----w-c:\users\MIke\AppData\Roaming\Windows Live Writer 2010-07-26 17:51 . 2010-07-27 06:40--------d-----w-c:\users\MIke\Tracing 2010-07-26 16:44 . 2010-07-26 16:44--------d-----w-c:\windows\PCHEALTH 2010-07-20 12:13 . 2010-07-20 19:49--------d-----w-c:\program files\AVS4YOU 2010-07-16 11:45 . 2010-07-16 11:45214925----a-w-c:\windows\system\tubelist.dat 2010-07-14 18:33 . 2010-06-07 19:30282928----a-w-c:\windows\system32\HMIPCore.dll 2010-07-14 18:33 . 2010-07-16 22:29--------d-----w-c:\program files\Common Files\IE 2010-07-14 17:47 . 2010-07-27 08:31--------d-----w-c:\windows\vf_hip 2010-07-07 20:53 . 2010-07-07 20:53--------d-----w-c:\users\MIke\AppData\Roaming\DAEMON Tools Pro . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-07-28 20:32 . 2009-06-09 08:38--------d-----w-c:\users\MIke\AppData\Roaming\uTorrent 2010-07-28 19:01 . 2009-06-20 07:34--------d-----w-c:\users\MIke\AppData\Roaming\Media Player Classic 2010-07-28 08:45 . 2009-06-08 06:38--------d-----w-c:\programdata\Microsoft Help 2010-07-27 22:01 . 2009-11-12 19:54--------d-----w-c:\program files\uTorrent 2010-07-27 19:06 . 2009-08-17 17:30--------d-----w-c:\program files\IObit 2010-07-27 18:42 . 2010-07-27 18:42180736----a-w-c:\programdata\Microsoft\Windows Defender\LocalCopy\{8E6310E1-8DA5-080A-FB23-12804F4F9D6C}-Ysq.exe 2010-07-27 18:09 . 2010-07-27 18:09180736----a-w-c:\programdata\Microsoft\Windows Defender\LocalCopy\{1F019097-7968-4D78-8782-EFF76FF12D36}-Ysq.exe 2010-07-27 17:31 . 2010-07-27 17:31180736----a-w-c:\programdata\Microsoft\Windows Defender\LocalCopy\{22BA253D-EBBD-3381-2225-387AE923EBC8}-Ysq.exe 2010-07-27 15:33 . 2010-07-27 15:33180736----a-w-c:\programdata\Microsoft\Windows Defender\LocalCopy\{CCD3CF61-EF75-B71F-DC5C-5AD1D3E350BD}-Ysq.exe 2010-07-27 15:19 . 2010-03-23 17:04--------d-----w-c:\program files\LG PC Suite II 2010-07-27 15:09 . 2010-07-27 15:09180736----a-w-c:\programdata\Microsoft\Windows Defender\LocalCopy\{848FED6C-7EE6-B846-4B66-E366B89EFB2F}-Ysq.exe 2010-07-27 14:19 . 2010-07-27 14:19180736----a-w-c:\programdata\Microsoft\Windows Defender\LocalCopy\{F18A2A99-0612-C888-89E5-E358A416E5F8}-Ysq.exe 2010-07-27 13:10 . 2010-07-27 13:10180736----a-w-c:\programdata\Microsoft\Windows Defender\LocalCopy\{84DF0411-6CB8-A026-252D-C1F771139F12}-Ysq.exe 2010-07-27 09:41 . 2009-11-26 22:08--------d-----w-c:\program files\SUPERAntiSpyware 2010-07-27 09:35 . 2010-07-27 09:35180736----a-w-c:\programdata\Microsoft\Windows Defender\LocalCopy\{D9D213B0-7DC2-BF4E-4A04-96EB8240C685}-Ysq.exe 2010-07-27 06:54 . 2010-07-27 06:54180736----a-w-c:\programdata\Microsoft\Windows Defender\LocalCopy\{F63BE560-7D6D-1B70-A0F9-3A4641ED788E}-Ysq.exe 2010-07-26 23:14 . 2009-06-08 13:07--------d-----w-c:\programdata\Spybot - Search & Destroy 2010-07-26 22:56 . 2010-07-26 22:56180736----a-w-c:\programdata\Microsoft\Windows Defender\LocalCopy\{E4B5338A-5E0E-AEDA-46AD-0E07A226FD3F}-Ysq.exe 2010-07-26 22:24 . 2010-07-26 22:24180736----a-w-c:\programdata\Microsoft\Windows Defender\LocalCopy\{658DEAB3-8448-2ED9-D639-73170FE3AA80}-Ysq.exe 2010-07-26 22:15 . 2010-07-26 22:15180736----a-w-c:\programdata\Microsoft\Windows Defender\LocalCopy\{F8002272-7755-E239-F93C-18E3CFF674EB}-Ysq.exe 2010-07-26 20:23 . 2010-07-26 20:23180736----a-w-c:\programdata\Microsoft\Windows Defender\LocalCopy\{48BAA9FB-AC17-3E5C-5D25-C936C2C6BF11}-Ysq.exe 2010-07-26 20:17 . 2010-07-26 20:17180736----a-w-c:\programdata\Microsoft\Windows Defender\LocalCopy\{18AFC62B-E554-C9F2-E1AB-00E1128067A5}-Ysq.exe 2010-07-26 19:24 . 2009-10-23 07:44166160----a-w-c:\users\MIke\AppData\Local\GDIPFONTCACHEV1.DAT 2010-07-26 19:23 . 2010-07-26 19:23180736----a-w-c:\programdata\Microsoft\Windows Defender\LocalCopy\{1DF5473F-13A1-0163-A135-458D392DB557}-Ysq.exe 2010-07-26 18:45 . 2009-07-14 04:52--------d-----w-c:\program files\MSBuild 2010-07-26 17:18 . 2009-10-20 18:10--------d-----w-c:\users\MIke\AppData\Roaming\DivX 2010-07-26 16:40 . 2009-10-11 09:25--------d-----w-c:\program files\Microsoft 2010-07-26 16:23 . 2009-06-08 00:10--------d-----w-c:\users\MIke\AppData\Roaming\Skype 2010-07-21 17:30 . 2009-06-08 00:11--------d-----w-c:\users\MIke\AppData\Roaming\skypePM 2010-07-21 07:51 . 2009-10-18 12:24--------d-----w-c:\users\MIke\AppData\Roaming\vlc 2010-07-20 19:48 . 2010-01-17 13:35--------d-----w-c:\program files\Common Files\AVSMedia 2010-07-20 12:15 . 2010-01-17 13:37--------d-----w-c:\users\MIke\AppData\Roaming\AVS4YOU 2010-07-16 23:56 . 2009-08-29 21:31--------d-----w-c:\users\MIke\AppData\Roaming\FrostWire 2010-07-14 19:11 . 2010-06-16 23:37--------d-----w-c:\program files\Hide IP Platinum 2010-07-14 17:43 . 2010-01-03 09:26--------d-----w-c:\users\MIke\AppData\Roaming\Hide IP NG 2010-07-07 20:57 . 2009-08-03 17:20721904----a-w-c:\windows\system32\drivers\sptd.sys 2010-06-30 07:26 . 2009-06-09 17:46--------d-----w-c:\programdata\P4G 2010-06-28 14:03 . 2009-06-08 06:43--------d-----w-c:\program files\Microsoft.NET 2010-06-27 10:39 . 2010-06-27 10:39501936----a-w-c:\programdata\Google\Google Toolbar\Update\gtb41E1.tmp.exe 2010-06-15 18:01 . 2009-06-08 20:33--------d-----w-c:\program files\CCleaner 2010-06-10 07:48 . 2010-06-10 07:48--------d-----w-c:\programdata\Comodo Downloader 2010-06-04 10:12 . 2010-05-26 06:53--------d-----w-c:\program files\Microsoft Silverlight 2010-06-01 12:22 . 2009-12-08 22:23--------d-----w-c:\program files\Java 2010-05-27 07:24 . 2010-06-11 16:3034304----a-w-c:\windows\system32\atmlib.dll 2010-05-27 03:49 . 2010-06-11 16:30293888----a-w-c:\windows\system32\atmfd.dll 2010-05-21 13:14 . 2009-10-03 22:41221568------w-c:\windows\system32\MpSigStub.exe 2010-05-21 07:24 . 2010-05-21 07:2486016----a-w-c:\programdata\NOS\Adobe_Downloads\arh.exe 2010-05-21 05:18 . 2010-06-11 16:31977920----a-w-c:\windows\system32\wininet.dll 2010-05-09 09:14 . 2010-06-26 15:57641536----a-w-c:\windows\system32\CPFilters.dll 2010-05-09 09:14 . 2010-06-26 15:57417792----a-w-c:\windows\system32\msdri.dll 2010-05-01 14:49 . 2010-06-11 16:312326528----a-w-c:\windows\system32\win32k.sys 2009-06-10 21:26 . 2009-07-14 02:049633792--sha-r-c:\windows\Fonts\StaticCache.dat 2009-07-14 01:14 . 2009-07-13 23:42396800--sha-w-c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-08 39408] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-09-03 14:21548352----a-w-c:\program files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk] backup=c:\windows\pss\WinZip Quick Pick.lnk.CommonStartup backupExtension=.CommonStartup [HKLM\~\startupfolder\C:^Users^MIke^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^FrostWire On Startup.lnk] backup=c:\windows\pss\FrostWire On Startup.lnk.Startup backupExtension=.Startup [HKLM\~\startupfolder\C:^Users^MIke^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LimeWire On Startup.lnk] backup=c:\windows\pss\LimeWire On Startup.lnk.Startup backupExtension=.Startup [HKLM\~\startupfolder\C:^Users^MIke^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk] path=c:\users\MIke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup backupExtension=.Startup [HKLM\~\startupfolder\C:^Users^MIke^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^WordWeb Pro.lnk] backup=c:\windows\pss\WordWeb Pro.lnk.Startup backupExtension=.Startup HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSSE HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\opqiabs HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PPLive HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2010-06-09 08:06976832----a-w-c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2010-06-20 02:0435760----a-w-c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATKOSD2] 2008-07-15 10:297651328----a-w-c:\program files\ASUS\ATKOSD2\ATKOSD2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer] 2008-07-18 18:52104936----a-w-c:\program files\CyberLink\Power2Go\CLMLSvc.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CPMonitor] 2009-07-21 11:5084464----a-w-c:\program files\Roxio 2010\5.0\CPMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Desktop Disc Tool] 2009-06-23 01:18494064----a-w-c:\program files\Roxio 2010\Roxio Burn\RoxioBurnLauncher.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe] 2009-07-14 01:14144384----a-w-c:\windows\ehome\ehtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] 2010-02-05 08:34135664----atw-c:\users\MIke\AppData\Local\Google\Update\GoogleUpdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] 2008-10-25 10:4431072----a-w-c:\program files\Microsoft Office\Office12\GrooveMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HControlUser] 2008-01-11 21:4098304----a-w-c:\program files\ASUS\ATK Hotkey\HControlUser.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds] 2009-09-08 16:26174104------w-c:\windows\System32\hkcmd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray] 2009-09-08 16:27141848------w-c:\windows\System32\igfxtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup] 2006-08-25 10:11221184----a-w-c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler] 2006-08-25 10:1181920----a-w-c:\program files\Common Files\InstallShield\UpdateService\issch.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)] 2010-04-29 14:391090952----a-w-c:\program files\Malwarebytes' Anti-Malware\mbam.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware] 2010-04-29 14:39437584----a-w-c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2007-03-01 15:57153136----a-w-c:\program files\Common Files\Ahead\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P2Go_Menu] 2008-06-13 17:11210216----a-w-c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence] 2009-09-08 16:27151064------w-c:\windows\System32\igfxpers.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerForPhone] 2008-01-25 17:32778240----a-w-c:\program files\P4P\P4P.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PPAP] 2010-02-04 05:37173512----a-w-c:\program files\Common Files\PPLiveNetwork\PPAP.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PPLiveVA] 2009-12-30 09:1571152----a-w-c:\program files\PPLive\PPVA\PPLiveVA.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE] 2007-08-07 00:05200704----a-w-c:\program files\PowerISO\PWRISOVM.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray] 2009-07-24 08:33240112----a-w-c:\program files\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatchTray12.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl] 2009-05-22 23:227514656----a-w-c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar] 2009-07-14 01:141173504----a-w-c:\program files\Windows Sidebar\sidebar.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] 2010-05-13 16:5726192168----a-r-c:\program files\Skype\Phone\Skype.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel] 2009-05-22 23:221833504----a-w-c:\program files\Realtek\Audio\HDA\SkyTel.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snpstd3] 2006-09-19 09:07827392----a-w-c:\windows\vsnpstd3.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2010-02-18 10:43248040----a-w-c:\program files\Common Files\Java\Java Update\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware] 2010-07-16 22:532403568----a-w-c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] 2009-06-08 22:0239408----a-w-c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tesco] 2009-08-19 16:247809024----a-w-c:\program files\Tesco Internet Phone\TescoIP.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent] 2010-07-27 21:41327472----a-w-c:\program files\uTorrent\uTorrent.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender] 2009-07-14 01:14660480----a-w-c:\program files\Windows Defender\MSASCui.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter] 2009-07-14 01:16859648----a-w-c:\windows\System32\OobeFldr.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG] 2009-07-14 01:1465024----a-w-c:\program files\Windows Media Player\wmpnscfg.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-07-07 721904] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 135664] R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatch12.exe [2009-07-24 219632] R3 bepldr;BCL easyPDF SDK 5 Loader;c:\program files\Common Files\BCL Technologies\easyPDF 5\bepldr.exe [2007-02-21 151552] R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2010-01-20 14216] R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2010-01-20 8456] R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2009-06-17 12648] R3 RoxMediaDB12;RoxMediaDB12;c:\program files\Common Files\Roxio Shared\12.0\SharedCOM\RoxMediaDB12.exe [2009-07-24 1116656] R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2010-02-23 12872] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-13 1343400] R3 XG762_VS;ZyXEL 802.11g XG762 1211 Vista Driver;c:\windows\system32\DRIVERS\WlanGZG.sys [2007-08-20 873472] S0 SahdIa32;HDD Filter Driver;c:\windows\System32\Drivers\SahdIa32.sys [2009-06-02 21488] S0 SaibIa32;Volume Filter Driver;c:\windows\System32\Drivers\SaibIa32.sys [2009-06-02 15856] S1 aswSP;avast! Self Protection; S1 SaibVd32;Virtual Disk Driver;c:\windows\system32\Drivers\SaibVd32.sys [2009-06-02 25584] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-23 12872] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2010-07-16 67656] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128] S2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269;Roxio SAIB Service;c:\program files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe [2009-06-02 457200] S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-09-15 20560] S2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2009-09-15 53328] S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368] S2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2010-01-12 185640] S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-07-10 122880] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-11-05 230912] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336] --- Other Services/Drivers In Memory --- Deregistered - cmdGuard Deregistered - cmdHlp Deregistered - inspect Deregistered - MBAMProtector [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2007-07-18 17:53451872----a-w-c:\program files\Common Files\LightScribe\LSRunOnce.exe . Contents of the 'Scheduled Tasks' folder 2010-07-28 c:\windows\Tasks\d3572b34.job - c:\users\MIke\AppData\Roaming\d3572b34.exe [2005-05-14 00:00] 2010-07-28 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-08 12:43] 2010-07-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 08:34] 2010-07-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 08:34] 2010-07-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-108769527-2725615563-1048934146-1000Core.job - c:\users\MIke\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-13 08:34] 2010-07-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-108769527-2725615563-1048934146-1000UA.job - c:\users\MIke\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-13 08:34] . . ------- Supplementary Scan ------- . uStart Page = hxxp://tiscali.co.uk/ IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html IE: {{09E90109-A9AA-4980-BCEF-76F8D924E902} TCP: 030313630313142314736414 = 156.154.70.22,156.154.71.22 TCP: 14572756F6C6D284F64756C6 = 156.154.70.22,156.154.71.22 TCP: 244564F4E4 = 156.154.70.22,156.154.71.22 TCP: 2445F40756E6A7F6E656 = 156.154.70.22,156.154.71.22 TCP: 377796373736F6D6 = 156.154.70.22,156.154.71.22 TCP: A5978554C4 = 156.154.70.22,156.154.71.22 . - - - - ORPHANS REMOVED - - - - Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-108769527-2725615563-1048934146-1000\Software\YourCompanyName\YourProductName\Version] "VersionData"=hex:e2,c9,d3,19,1d,de,68,b5,98,11,33,59,b6,5c,9c,45,2b,d9,BB,d0, f7,a7,f5,52,76,95,6d,e4,ec,0e,aa,81,02,f6,28,02,7c,c7,51,4f,a1,41,7b,dc,f2,\ [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files\ASUS\ATK Hotkey\ASLDRSrv.exe c:\program files\Alwil Software\Avast4\aswUpdSv.exe c:\program files\ATKGFNEX\GFNEXSrv.exe c:\program files\Alwil Software\Avast4\ashServ.exe c:\program files\ASUS\ATK Hotkey\HControl.exe c:\windows\system32\conhost.exe c:\windows\system32\taskhost.exe c:\program files\ASUS\ATK Hotkey\MsgTranAgt.exe c:\program files\P4G\BatteryLife.exe c:\windows\system32\ASTSRV.EXE c:\program files\ASUS\ATK Hotkey\ATKOSD.exe c:\program files\ASUS\ATK Hotkey\KBFiltr.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\program files\ASUS\ATK Hotkey\WDC.exe c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe c:\program files\Alwil Software\Avast4\ashDisp.exe c:\program files\ASUS\NB Probe\SPM\spmgr.exe c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe c:\program files\Alwil Software\Avast4\ashMaiSv.exe c:\windows\servicing\TrustedInstaller.exe c:\program files\Alwil Software\Avast4\ashWebSv.exe c:\windows\system32\taskhost.exe . *********************************************************************** . Completion time: 2010-07-28 21:45:01 - machine was rebooted ComboFix-quarantined-files.txt 2010-07-28 20:45 Pre-Run: 201,904,472,064 bytes free Post-Run: 201,422,614,528 bytes free - - End Of File - - E87A98F7B84E2E9894D550C11ABD3E01 IObit was recently accused by Malwarebytes, for stealing the MBAM database. See these links for more info on the situation: Relevant link 1: http://forums.malwarebytes.org/index.php?showtopic=30989&view=findpost&p=157535 Relevant link 2: http://forums.malwarebytes.org/index.php?showtopic=30989&view=findpost&p=158735 I recommend to change your security program to something more trusted, but that option is up to you. If you would like help finding a new security program, please let me know. ======= Re-running ComboFix to remove infections: Close any open browsers. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Open notepad and copy/paste the text in the quotebox below into it: Quote File:: c:\windows\Tasks\d3572b34.job Save this as CFScript.txt, in the same location as ComboFix.exe Referring to the picture above, drag CFScript into ComboFix.exe When finished, it shall produce a log for you at C:\ComboFix.txt** Please post the contents of the log in your next reply. [/list]Thanks for your time and help Problem solved ,backed up files etc ,reinstalled windows 7 ,there were under lying issues that are also solved nothing to do with viruses Put files and docs back on ,couple of hours back to normal job done oftrOk. Thanks for letting me know

Answer»

ComboFix 10-07-27.05 - MIke 28/07/2010 21:13:13.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.2013.1079 [GMT 1:00]
Running from: c:\USERS\MIke\Desktop\commy.exe
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\MIke\AppData\Roaming\.#
c:\users\MIke\AppData\Roaming\inst.exe
c:\users\MIke\AppData\Roaming\System32
c:\users\MIke\AppData\Roaming\System32\database.dat
c:\windows\struct~.ini
c:\windows\system32\%appdata%
c:\windows\system32\drivers\npf.sys
c:\windows\system32\ernel32.dll
c:\windows\system32\NTIMP3.dll
c:\windows\system32\Packet.dll
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll
c:\windows\UA000106.DLL

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_NPF

((((((((((((((((((((((((( Files Created from 2010-06-28 to 2010-07-28 )))))))))))))))))))))))))))))))
.

2010-07-28 20:37 . 2010-07-28 20:39--------d-----w-c:\users\MIke\AppData\Local\temp
2010-07-28 20:37 . 2010-07-28 20:37--------d-----w-c:\users\LogMeInRemoteUser\AppData\Local\temp
2010-07-27 22:48 . 2010-04-29 14:3938224----a-w-c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-27 22:47 . 2010-07-27 22:48--------d-----w-c:\program files\Malwarebytes' Anti-Malware
2010-07-27 22:47 . 2010-04-29 14:3920952----a-w-c:\windows\system32\drivers\mbam.sys
2010-07-26 17:55 . 2010-07-26 17:55--------d-----w-c:\users\MIke\AppData\Local\Windows Live Writer
2010-07-26 17:55 . 2010-07-26 17:55--------d-----w-c:\users\MIke\AppData\Roaming\Windows Live Writer
2010-07-26 17:51 . 2010-07-27 06:40--------d-----w-c:\users\MIke\Tracing
2010-07-26 16:44 . 2010-07-26 16:44--------d-----w-c:\windows\PCHEALTH
2010-07-20 12:13 . 2010-07-20 19:49--------d-----w-c:\program files\AVS4YOU
2010-07-16 11:45 . 2010-07-16 11:45214925----a-w-c:\windows\system\tubelist.dat
2010-07-14 18:33 . 2010-06-07 19:30282928----a-w-c:\windows\system32\HMIPCore.dll
2010-07-14 18:33 . 2010-07-16 22:29--------d-----w-c:\program files\Common Files\IE
2010-07-14 17:47 . 2010-07-27 08:31--------d-----w-c:\windows\vf_hip
2010-07-07 20:53 . 2010-07-07 20:53--------d-----w-c:\users\MIke\AppData\Roaming\DAEMON Tools Pro

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-28 20:32 . 2009-06-09 08:38--------d-----w-c:\users\MIke\AppData\Roaming\uTorrent
2010-07-28 19:01 . 2009-06-20 07:34--------d-----w-c:\users\MIke\AppData\Roaming\Media Player Classic
2010-07-28 08:45 . 2009-06-08 06:38--------d-----w-c:\programdata\Microsoft Help
2010-07-27 22:01 . 2009-11-12 19:54--------d-----w-c:\program files\uTorrent
2010-07-27 19:06 . 2009-08-17 17:30--------d-----w-c:\program files\IObit
2010-07-27 18:42 . 2010-07-27 18:42180736----a-w-c:\programdata\Microsoft\Windows Defender\LocalCopy\{8E6310E1-8DA5-080A-FB23-12804F4F9D6C}-Ysq.exe
2010-07-27 18:09 . 2010-07-27 18:09180736----a-w-c:\programdata\Microsoft\Windows Defender\LocalCopy\{1F019097-7968-4D78-8782-EFF76FF12D36}-Ysq.exe
2010-07-27 17:31 . 2010-07-27 17:31180736----a-w-c:\programdata\Microsoft\Windows Defender\LocalCopy\{22BA253D-EBBD-3381-2225-387AE923EBC8}-Ysq.exe
2010-07-27 15:33 . 2010-07-27 15:33180736----a-w-c:\programdata\Microsoft\Windows Defender\LocalCopy\{CCD3CF61-EF75-B71F-DC5C-5AD1D3E350BD}-Ysq.exe
2010-07-27 15:19 . 2010-03-23 17:04--------d-----w-c:\program files\LG PC Suite II
2010-07-27 15:09 . 2010-07-27 15:09180736----a-w-c:\programdata\Microsoft\Windows Defender\LocalCopy\{848FED6C-7EE6-B846-4B66-E366B89EFB2F}-Ysq.exe
2010-07-27 14:19 . 2010-07-27 14:19180736----a-w-c:\programdata\Microsoft\Windows Defender\LocalCopy\{F18A2A99-0612-C888-89E5-E358A416E5F8}-Ysq.exe
2010-07-27 13:10 . 2010-07-27 13:10180736----a-w-c:\programdata\Microsoft\Windows Defender\LocalCopy\{84DF0411-6CB8-A026-252D-C1F771139F12}-Ysq.exe
2010-07-27 09:41 . 2009-11-26 22:08--------d-----w-c:\program files\SUPERAntiSpyware
2010-07-27 09:35 . 2010-07-27 09:35180736----a-w-c:\programdata\Microsoft\Windows Defender\LocalCopy\{D9D213B0-7DC2-BF4E-4A04-96EB8240C685}-Ysq.exe
2010-07-27 06:54 . 2010-07-27 06:54180736----a-w-c:\programdata\Microsoft\Windows Defender\LocalCopy\{F63BE560-7D6D-1B70-A0F9-3A4641ED788E}-Ysq.exe
2010-07-26 23:14 . 2009-06-08 13:07--------d-----w-c:\programdata\Spybot - Search & Destroy
2010-07-26 22:56 . 2010-07-26 22:56180736----a-w-c:\programdata\Microsoft\Windows Defender\LocalCopy\{E4B5338A-5E0E-AEDA-46AD-0E07A226FD3F}-Ysq.exe
2010-07-26 22:24 . 2010-07-26 22:24180736----a-w-c:\programdata\Microsoft\Windows Defender\LocalCopy\{658DEAB3-8448-2ED9-D639-73170FE3AA80}-Ysq.exe
2010-07-26 22:15 . 2010-07-26 22:15180736----a-w-c:\programdata\Microsoft\Windows Defender\LocalCopy\{F8002272-7755-E239-F93C-18E3CFF674EB}-Ysq.exe
2010-07-26 20:23 . 2010-07-26 20:23180736----a-w-c:\programdata\Microsoft\Windows Defender\LocalCopy\{48BAA9FB-AC17-3E5C-5D25-C936C2C6BF11}-Ysq.exe
2010-07-26 20:17 . 2010-07-26 20:17180736----a-w-c:\programdata\Microsoft\Windows Defender\LocalCopy\{18AFC62B-E554-C9F2-E1AB-00E1128067A5}-Ysq.exe
2010-07-26 19:24 . 2009-10-23 07:44166160----a-w-c:\users\MIke\AppData\Local\GDIPFONTCACHEV1.DAT
2010-07-26 19:23 . 2010-07-26 19:23180736----a-w-c:\programdata\Microsoft\Windows Defender\LocalCopy\{1DF5473F-13A1-0163-A135-458D392DB557}-Ysq.exe
2010-07-26 18:45 . 2009-07-14 04:52--------d-----w-c:\program files\MSBuild
2010-07-26 17:18 . 2009-10-20 18:10--------d-----w-c:\users\MIke\AppData\Roaming\DivX
2010-07-26 16:40 . 2009-10-11 09:25--------d-----w-c:\program files\Microsoft
2010-07-26 16:23 . 2009-06-08 00:10--------d-----w-c:\users\MIke\AppData\Roaming\Skype
2010-07-21 17:30 . 2009-06-08 00:11--------d-----w-c:\users\MIke\AppData\Roaming\skypePM
2010-07-21 07:51 . 2009-10-18 12:24--------d-----w-c:\users\MIke\AppData\Roaming\vlc
2010-07-20 19:48 . 2010-01-17 13:35--------d-----w-c:\program files\Common Files\AVSMedia
2010-07-20 12:15 . 2010-01-17 13:37--------d-----w-c:\users\MIke\AppData\Roaming\AVS4YOU
2010-07-16 23:56 . 2009-08-29 21:31--------d-----w-c:\users\MIke\AppData\Roaming\FrostWire
2010-07-14 19:11 . 2010-06-16 23:37--------d-----w-c:\program files\Hide IP Platinum
2010-07-14 17:43 . 2010-01-03 09:26--------d-----w-c:\users\MIke\AppData\Roaming\Hide IP NG
2010-07-07 20:57 . 2009-08-03 17:20721904----a-w-c:\windows\system32\drivers\sptd.sys
2010-06-30 07:26 . 2009-06-09 17:46--------d-----w-c:\programdata\P4G
2010-06-28 14:03 . 2009-06-08 06:43--------d-----w-c:\program files\Microsoft.NET
2010-06-27 10:39 . 2010-06-27 10:39501936----a-w-c:\programdata\Google\Google Toolbar\Update\gtb41E1.tmp.exe
2010-06-15 18:01 . 2009-06-08 20:33--------d-----w-c:\program files\CCleaner
2010-06-10 07:48 . 2010-06-10 07:48--------d-----w-c:\programdata\Comodo Downloader
2010-06-04 10:12 . 2010-05-26 06:53--------d-----w-c:\program files\Microsoft Silverlight
2010-06-01 12:22 . 2009-12-08 22:23--------d-----w-c:\program files\Java
2010-05-27 07:24 . 2010-06-11 16:3034304----a-w-c:\windows\system32\atmlib.dll
2010-05-27 03:49 . 2010-06-11 16:30293888----a-w-c:\windows\system32\atmfd.dll
2010-05-21 13:14 . 2009-10-03 22:41221568------w-c:\windows\system32\MpSigStub.exe
2010-05-21 07:24 . 2010-05-21 07:2486016----a-w-c:\programdata\NOS\Adobe_Downloads\arh.exe
2010-05-21 05:18 . 2010-06-11 16:31977920----a-w-c:\windows\system32\wininet.dll
2010-05-09 09:14 . 2010-06-26 15:57641536----a-w-c:\windows\system32\CPFilters.dll
2010-05-09 09:14 . 2010-06-26 15:57417792----a-w-c:\windows\system32\msdri.dll
2010-05-01 14:49 . 2010-06-11 16:312326528----a-w-c:\windows\system32\win32k.sys
2009-06-10 21:26 . 2009-07-14 02:049633792--sha-r-c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42396800--sha-w-c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-08 39408]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 14:21548352----a-w-c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
backup=c:\windows\pss\WinZip Quick Pick.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^MIke^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^FrostWire On Startup.lnk]
backup=c:\windows\pss\FrostWire On Startup.lnk.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^MIke^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
backup=c:\windows\pss\LimeWire On Startup.lnk.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^MIke^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\MIke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^MIke^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^WordWeb Pro.lnk]
backup=c:\windows\pss\WordWeb Pro.lnk.Startup
backupExtension=.Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSSE
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\opqiabs
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PPLive
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06976832----a-w-c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:0435760----a-w-c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATKOSD2]
2008-07-15 10:297651328----a-w-c:\program files\ASUS\ATKOSD2\ATKOSD2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer]
2008-07-18 18:52104936----a-w-c:\program files\CyberLink\Power2Go\CLMLSvc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CPMonitor]
2009-07-21 11:5084464----a-w-c:\program files\Roxio 2010\5.0\CPMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Desktop Disc Tool]
2009-06-23 01:18494064----a-w-c:\program files\Roxio 2010\Roxio Burn\RoxioBurnLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2009-07-14 01:14144384----a-w-c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-02-05 08:34135664----atw-c:\users\MIke\AppData\Local\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 10:4431072----a-w-c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HControlUser]
2008-01-11 21:4098304----a-w-c:\program files\ASUS\ATK Hotkey\HControlUser.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2009-09-08 16:26174104------w-c:\windows\System32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2009-09-08 16:27141848------w-c:\windows\System32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2006-08-25 10:11221184----a-w-c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2006-08-25 10:1181920----a-w-c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2010-04-29 14:391090952----a-w-c:\program files\Malwarebytes' Anti-Malware\mbam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2010-04-29 14:39437584----a-w-c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 15:57153136----a-w-c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P2Go_Menu]
2008-06-13 17:11210216----a-w-c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2009-09-08 16:27151064------w-c:\windows\System32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerForPhone]
2008-01-25 17:32778240----a-w-c:\program files\P4P\P4P.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PPAP]
2010-02-04 05:37173512----a-w-c:\program files\Common Files\PPLiveNetwork\PPAP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PPLiveVA]
2009-12-30 09:1571152----a-w-c:\program files\PPLive\PPVA\PPLiveVA.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
2007-08-07 00:05200704----a-w-c:\program files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
2009-07-24 08:33240112----a-w-c:\program files\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatchTray12.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2009-05-22 23:227514656----a-w-c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-07-14 01:141173504----a-w-c:\program files\Windows Sidebar\sidebar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-05-13 16:5726192168----a-r-c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
2009-05-22 23:221833504----a-w-c:\program files\Realtek\Audio\HDA\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snpstd3]
2006-09-19 09:07827392----a-w-c:\windows\vsnpstd3.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 10:43248040----a-w-c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2010-07-16 22:532403568----a-w-c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-06-08 22:0239408----a-w-c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tesco]
2009-08-19 16:247809024----a-w-c:\program files\Tesco Internet Phone\TescoIP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2010-07-27 21:41327472----a-w-c:\program files\uTorrent\uTorrent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2009-07-14 01:14660480----a-w-c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter]
2009-07-14 01:16859648----a-w-c:\windows\System32\OobeFldr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2009-07-14 01:1465024----a-w-c:\program files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-07-07 721904]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 135664]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatch12.exe [2009-07-24 219632]
R3 bepldr;BCL easyPDF SDK 5 Loader;c:\program files\Common Files\BCL Technologies\easyPDF 5\bepldr.exe [2007-02-21 151552]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2010-01-20 14216]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2010-01-20 8456]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys

R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2009-06-17 12648]
R3 RoxMediaDB12;RoxMediaDB12;c:\program files\Common Files\Roxio Shared\12.0\SharedCOM\RoxMediaDB12.exe [2009-07-24 1116656]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2010-02-23 12872]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-13 1343400]
R3 XG762_VS;ZyXEL 802.11g XG762 1211 Vista Driver;c:\windows\system32\DRIVERS\WlanGZG.sys [2007-08-20 873472]
S0 SahdIa32;HDD Filter Driver;c:\windows\System32\Drivers\SahdIa32.sys [2009-06-02 21488]
S0 SaibIa32;Volume Filter Driver;c:\windows\System32\Drivers\SaibIa32.sys [2009-06-02 15856]
S1 aswSP;avast! Self Protection;

S1 SaibVd32;Virtual Disk Driver;c:\windows\system32\Drivers\SaibVd32.sys [2009-06-02 25584]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-23 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2010-07-16 67656]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269;Roxio SAIB Service;c:\program files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe [2009-06-02 457200]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-09-15 20560]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2009-09-15 53328]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2010-01-12 185640]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-07-10 122880]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-11-05 230912]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]

--- Other Services/Drivers In Memory ---

*Deregistered* - cmdGuard
*Deregistered* - cmdHlp
*Deregistered* - inspect
*Deregistered* - MBAMProtector

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-07-18 17:53451872----a-w-c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2010-07-28 c:\windows\Tasks\d3572b34.job
- c:\users\MIke\AppData\Roaming\d3572b34.exe [2005-05-14 00:00]

2010-07-28 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-08 12:43]

2010-07-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 08:34]

2010-07-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 08:34]

2010-07-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-108769527-2725615563-1048934146-1000Core.job
- c:\users\MIke\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-13 08:34]

2010-07-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-108769527-2725615563-1048934146-1000UA.job
- c:\users\MIke\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-13 08:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://tiscali.co.uk/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {{09E90109-A9AA-4980-BCEF-76F8D924E902}
TCP: 030313630313142314736414 = 156.154.70.22,156.154.71.22
TCP: 14572756F6C6D284F64756C6 = 156.154.70.22,156.154.71.22
TCP: 244564F4E4 = 156.154.70.22,156.154.71.22
TCP: 2445F40756E6A7F6E656 = 156.154.70.22,156.154.71.22
TCP: 377796373736F6D6 = 156.154.70.22,156.154.71.22
TCP: A5978554C4 = 156.154.70.22,156.154.71.22
.
- - - - ORPHANS REMOVED - - - -

Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-108769527-2725615563-1048934146-1000\Software\YourCompanyName\YourProductName\Version*]
"VersionData"=hex:e2,c9,d3,19,1d,de,68,b5,98,11,33,59,b6,5c,9c,45,2b,d9,BB,d0,
f7,a7,f5,52,76,95,6d,e4,ec,0e,aa,81,02,f6,28,02,7c,c7,51,4f,a1,41,7b,dc,f2,\

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\ASUS\ATK Hotkey\ASLDRSrv.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\ATKGFNEX\GFNEXSrv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\ASUS\ATK Hotkey\HControl.exe
c:\windows\system32\conhost.exe
c:\windows\system32\taskhost.exe
c:\program files\ASUS\ATK Hotkey\MsgTranAgt.exe
c:\program files\P4G\BatteryLife.exe
c:\windows\system32\ASTSRV.EXE
c:\program files\ASUS\ATK Hotkey\ATKOSD.exe
c:\program files\ASUS\ATK Hotkey\KBFiltr.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\ASUS\ATK Hotkey\WDC.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files\Alwil Software\Avast4\ashDisp.exe
c:\program files\ASUS\NB Probe\SPM\spmgr.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\windows\servicing\TrustedInstaller.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\taskhost.exe
.
**************************************************************************
.
Completion time: 2010-07-28 21:45:01 - machine was rebooted
ComboFix-quarantined-files.txt 2010-07-28 20:45

Pre-Run: 201,904,472,064 bytes free
Post-Run: 201,422,614,528 bytes free

- - End Of File - - E87A98F7B84E2E9894D550C11ABD3E01

IObit was recently accused by Malwarebytes, for stealing the MBAM database.

See these links for more info on the situation:

Relevant link 1: http://forums.malwarebytes.org/index.php?showtopic=30989&view=findpost&p=157535

Relevant link 2: http://forums.malwarebytes.org/index.php?showtopic=30989&view=findpost&p=158735

I recommend to change your security program to something more trusted, but that option is up to you. If you would like help finding a new security program, please let me know.
=======

Re-running ComboFix to remove infections:

Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Open notepad and copy/paste the text in the quotebox below into it:
Quote
File::
c:\windows\Tasks\d3572b34.job
Save this as CFScript.txt, in the same location as ComboFix.exe
Referring to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at C:\ComboFix.txt
Please post the contents of the log in your next reply.

[/list]Thanks for your time and help
Problem solved ,backed up files etc ,reinstalled windows 7 ,there were under lying issues that are also solved nothing to do with viruses
Put files and docs back on ,couple of hours back to normal job done
oftrOk. Thanks for letting me know

Solve : malware experts please take look?

Discussion

No Comment Found

Related InterviewSolutions

Reply to Comment