1.

Solve : Spy/mal-ware infection on my vista desktop, unable to get on internet, etc.?

Answer»

I un-installed the AVG.Free 9.0.
Here the log that poped up.
Thank you for the advise and the avast uninstall tool.
I will try that now.

ComboFix 11-04-03.01 - Owner 03/04/2011  21:55:56.1.4 - x64
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.2.1033.18.4085.2841 [GMT -4:00]
Running from: c:\users\Owner\Pictures\Downloads\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
AV: AVG Anti-Virus Free *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: AVG Anti-Virus Free *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\jusched.exe
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_WMPNetworkSvc
.
.
(((((((((((((((((((((((((   Files Created from 2011-03-04 to 2011-04-04  )))))))))))))))))))))))))))))))
.
.
2011-04-04 02:02 . 2011-04-04 02:04   --------   d-----w-   c:\users\Owner\AppData\Local\temp
2011-04-04 02:02 . 2011-04-04 02:02   --------   d-----w-   c:\users\Default\AppData\Local\temp
2011-04-03 23:07 . 2011-04-03 23:07   --------   d-----w-   C:\_OTL
2011-03-28 20:30 . 2011-03-28 20:30   --------   d-----w-   c:\program files (x86)\Common Files\McAfee
2011-03-28 20:29 . 2011-03-29 16:15   --------   d-----w-   c:\program files (x86)\McAfee
2011-03-27 16:25 . 2011-03-27 16:25   --------   d-----w-   c:\users\Owner\AppData\Local\{CBBA9F6A-5EBB-4741-821E-D82E75EEC89E}
2011-03-26 13:16 . 2011-03-26 13:16   --------   d-----w-   c:\users\Owner\AppData\Local\{4470D77A-E11F-45A6-A9E0-729F4C4E9CE9}
2011-03-25 20:10 . 2011-03-25 20:10   --------   d-----w-   c:\users\Owner\AppData\Local\{A9E1FAD2-22DD-48B0-8E29-55EF316C4171}
2011-03-24 23:36 . 2011-03-24 23:36   --------   d-----w-   c:\program files (x86)\Microsoft
2011-03-24 11:05 . 2011-03-24 11:06   --------   d-----w-   c:\users\Owner\AppData\Local\{DF441B98-1BF7-4E6D-B31A-2D764105DE28}
2011-03-23 23:05 . 2011-03-23 23:05   --------   d-----w-   c:\users\Owner\AppData\Local\{47D884B2-F3B4-47E7-9BED-FC7BF6AED343}
2011-03-23 10:49 . 2011-02-22 14:47   479744   ----a-w-   c:\windows\system32\XpsGdiConverter.dll
2011-03-23 10:49 . 2011-02-22 14:13   288768   ----a-w-   c:\windows\SysWow64\XpsGdiConverter.dll
2011-03-23 10:49 . 2011-02-22 13:53   1555968   ----a-w-   c:\windows\system32\DWrite.dll
2011-03-23 10:49 . 2011-02-22 13:53   1149440   ----a-w-   c:\windows\system32\FntCache.dll
2011-03-23 10:49 . 2011-02-22 13:33   1068544   ----a-w-   c:\windows\SysWow64\DWrite.dll
2011-03-23 10:42 . 2011-03-23 10:43   --------   d-----w-   c:\users\Owner\AppData\Local\{E572A2F1-6DA3-4321-A0FE-1E12F4D8D404}
2011-03-22 11:45 . 2011-03-22 11:45   --------   d-----w-   c:\users\Owner\AppData\Local\{1621B3CC-19D5-4933-A98E-CC9DAC557333}
2011-03-21 07:07 . 2011-03-21 07:07   --------   d-----w-   c:\users\Owner\AppData\Local\{A6C7E9B1-8BAF-4F9F-AA7F-91D0E4CA6358}
2011-03-20 17:38 . 2011-03-20 17:39   --------   d-----w-   c:\users\Owner\AppData\Local\{98A71E93-2707-4C25-AC5C-108B8094C478}
2011-03-19 19:21 . 2011-03-19 19:21   --------   d-----w-   c:\users\Owner\AppData\Local\{7F7537D7-FB8E-47EB-8320-2A466ED1CA2A}
2011-03-19 16:37 . 2011-03-21 17:36   --------   d-----w-   c:\program files (x86)\McAfee Security SCAN
2011-03-19 15:12 . 2011-03-19 15:12   605960   ----a-w-   c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-03-17 11:22 . 2011-03-17 11:22   --------   d-----w-   c:\users\Owner\AppData\Local\{8E111FB5-56A1-4F21-9911-CC369D808F46}
2011-03-17 07:01 . 2009-10-09 21:56   2048   ----a-w-   c:\windows\SysWow64\winrsmgr.dll
2011-03-17 07:01 . 2009-10-09 21:35   2048   ----a-w-   c:\windows\system32\winrsmgr.dll
2011-03-17 07:01 . 2009-10-09 21:35   13312   ----a-w-   c:\windows\system32\wsmplpxy.dll
2011-03-17 07:01 . 2009-10-09 21:34   13312   ----a-w-   c:\windows\system32\winrssrv.dll
2011-03-17 04:26 . 2011-03-17 04:26   159744   ----a-w-   c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
2011-03-17 04:25 . 2011-03-17 04:25   --------   d-----w-   c:\programdata\Apple Computer
2011-03-17 04:25 . 2011-03-17 04:25   --------   d-----w-   c:\users\Owner\AppData\Local\Apple
2011-03-17 04:25 . 2011-03-17 04:25   --------   d-----w-   c:\program files (x86)\Apple Software Update
2011-03-17 04:24 . 2011-03-17 04:24   --------   d-----w-   c:\program files\Common Files\Apple
2011-03-17 04:24 . 2011-03-17 04:24   --------   d-----w-   c:\program files\Bonjour
2011-03-17 04:24 . 2011-03-17 04:24   --------   d-----w-   c:\program files (x86)\Bonjour
2011-03-17 04:23 . 2011-03-17 04:24   --------   d-----w-   c:\program files (x86)\Common Files\Apple
2011-03-17 04:23 . 2011-03-17 04:23   --------   d-----w-   c:\programdata\Apple
2011-03-17 04:16 . 2010-12-17 17:34   2425344   ----a-w-   c:\windows\system32\mstscax.dll
2011-03-17 04:16 . 2010-12-17 15:45   2067968   ----a-w-   c:\windows\SysWow64\mstscax.dll
2011-03-17 04:16 . 2010-12-17 15:41   731136   ----a-w-   c:\windows\system32\mstsc.exe
2011-03-17 04:16 . 2010-12-17 13:54   677888   ----a-w-   c:\windows\SysWow64\mstsc.exe
2011-03-17 04:16 . 2010-12-29 19:01   416768   ----a-w-   c:\windows\system32\sbe.dll
2011-03-17 04:16 . 2010-12-29 19:01   559616   ----a-w-   c:\windows\system32\EncDec.dll
2011-03-17 04:16 . 2010-12-29 18:59   226816   ----a-w-   c:\windows\system32\mpg2splt.ax
2011-03-17 04:16 . 2010-12-29 18:28   322560   ----a-w-   c:\windows\SysWow64\sbe.dll
2011-03-17 04:16 . 2010-12-29 18:28   429056   ----a-w-   c:\windows\SysWow64\EncDec.dll
2011-03-17 04:16 . 2010-12-29 18:26   177664   ----a-w-   c:\windows\SysWow64\mpg2splt.ax
2011-03-17 04:16 . 2010-12-29 19:01   210944   ----a-w-   c:\windows\system32\sbeio.dll
2011-03-17 04:16 . 2010-12-29 18:28   153088   ----a-w-   c:\windows\SysWow64\sbeio.dll
2011-03-17 04:15 . 2011-03-17 04:15   --------   d--h--w-   c:\programdata\Common Files
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-17 04:06 . 2010-06-24 15:33   18328   ----a-w-   c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-01-20 16:46 . 2011-02-14 19:13   900480   ----a-w-   c:\windows\system32\drivers\dxgkrnl.sys
2011-01-20 16:17 . 2011-02-14 19:13   366592   ----a-w-   c:\windows\system32\winspool.drv
2011-01-20 16:17 . 2011-02-14 19:13   625152   ----a-w-   c:\windows\system32\dxgi.dll
2011-01-20 16:16 . 2011-02-14 19:13   287232   ----a-w-   c:\windows\system32\d3d10core.dll
2011-01-20 16:16 . 2011-02-14 19:13   327680   ----a-w-   c:\windows\system32\d3d10_1core.dll
2011-01-20 16:16 . 2011-02-14 19:13   196096   ----a-w-   c:\windows\system32\d3d10_1.dll
2011-01-20 16:16 . 2011-02-14 19:13   1268224   ----a-w-   c:\windows\system32\d3d10.dll
2011-01-20 16:16 . 2011-02-14 19:13   748544   ----a-w-   c:\windows\system32\stobject.dll
2011-01-20 16:16 . 2011-02-14 19:13   47104   ----a-w-   c:\windows\system32\cdd.dll
2011-01-20 16:16 . 2011-02-14 19:13   3548672   ----a-w-   c:\windows\system32\mf.dll
2011-01-20 16:16 . 2011-02-14 19:13   35840   ----a-w-   c:\windows\system32\printfilterpipelineprxy.dll
2011-01-20 16:14 . 2011-02-14 19:13   278528   ----a-w-   c:\windows\system32\mfplat.dll
2011-01-20 16:14 . 2011-02-14 19:13   195072   ----a-w-   c:\windows\system32\mfps.dll
2011-01-20 16:08 . 2011-02-14 19:13   478720   ----a-w-   c:\windows\SysWow64\dxgi.dll
2011-01-20 16:08 . 2011-02-14 19:13   219648   ----a-w-   c:\windows\SysWow64\d3d10_1core.dll
2011-01-20 16:08 . 2011-02-14 19:13   160768   ----a-w-   c:\windows\SysWow64\d3d10_1.dll
2011-01-20 16:08 . 2011-02-14 19:13   1029120   ----a-w-   c:\windows\SysWow64\d3d10.dll
2011-01-20 16:08 . 2011-02-14 19:13   189952   ----a-w-   c:\windows\SysWow64\d3d10core.dll
2011-01-20 16:07 . 2011-02-14 19:13   258048   ----a-w-   c:\windows\SysWow64\winspool.drv
2011-01-20 16:07 . 2011-02-14 19:13   586240   ----a-w-   c:\windows\SysWow64\stobject.dll
2011-01-20 16:06 . 2011-02-14 19:13   2873344   ----a-w-   c:\windows\SysWow64\mf.dll
2011-01-20 16:04 . 2011-02-14 19:13   209920   ----a-w-   c:\windows\SysWow64\mfplat.dll
2011-01-20 16:04 . 2011-02-14 19:13   98816   ----a-w-   c:\windows\SysWow64\mfps.dll
2011-01-20 15:01 . 2011-02-14 19:13   3068416   ----a-w-   c:\windows\system32\xpsservices.dll
2011-01-20 15:01 . 2011-02-14 19:13   1653760   ----a-w-   c:\windows\system32\XpsPrint.dll
2011-01-20 14:59 . 2011-02-14 19:13   1032192   ----a-w-   c:\windows\system32\printfilterpipelinesvc.exe
2011-01-20 14:58 . 2011-02-14 19:13   1461760   ----a-w-   c:\windows\system32\OpcServices.dll
2011-01-20 14:57 . 2011-02-14 19:13   231936   ----a-w-   c:\windows\system32\XpsRasterService.dll
2011-01-20 14:42 . 2011-02-14 19:13   1257984   ----a-w-   c:\windows\system32\MFH264Dec.dll
2011-01-20 14:41 . 2011-02-14 19:13   428544   ----a-w-   c:\windows\system32\MFHEAACdec.dll
2011-01-20 14:40 . 2011-02-14 19:13   345088   ----a-w-   c:\windows\system32\mfreadwrite.dll
2011-01-20 14:40 . 2011-02-14 19:13   34304   ----a-w-   c:\windows\system32\mfpmp.exe
2011-01-20 14:40 . 2011-02-14 19:13   377344   ----a-w-   c:\windows\system32\mfmp4src.dll
2011-01-20 14:37 . 2011-02-14 19:13   2002944   ----a-w-   c:\windows\system32\d3d10warp.dll
2011-01-20 14:35 . 2011-02-14 19:13   566272   ----a-w-   c:\windows\system32\d3d10level9.dll
2011-01-20 14:28 . 2011-02-14 19:13   1554432   ----a-w-   c:\windows\SysWow64\xpsservices.dll
2011-01-20 14:27 . 2011-02-14 19:13   876032   ----a-w-   c:\windows\SysWow64\XpsPrint.dll
2011-01-20 14:25 . 2011-02-14 19:13   847360   ----a-w-   c:\windows\SysWow64\OpcServices.dll
2011-01-20 14:24 . 2011-02-14 19:13   135680   ----a-w-   c:\windows\SysWow64\XpsRasterService.dll
2011-01-20 14:15 . 2011-02-14 19:13   979456   ----a-w-   c:\windows\SysWow64\MFH264Dec.dll
2011-01-20 14:14 . 2011-02-14 19:13   357376   ----a-w-   c:\windows\SysWow64\MFHEAACdec.dll
2011-01-20 14:14 . 2011-02-14 19:13   302592   ----a-w-   c:\windows\SysWow64\mfmp4src.dll
2011-01-20 14:14 . 2011-02-14 19:13   261632   ----a-w-   c:\windows\SysWow64\mfreadwrite.dll
2011-01-20 14:12 . 2011-02-14 19:13   1172480   ----a-w-   c:\windows\SysWow64\d3d10warp.dll
2011-01-20 14:11 . 2011-02-14 19:13   486400   ----a-w-   c:\windows\SysWow64\d3d10level9.dll
2011-01-20 14:06 . 2011-02-14 19:13   834048   ----a-w-   c:\windows\system32\d2d1.dll
2011-01-20 13:47 . 2011-02-14 19:13   683008   ----a-w-   c:\windows\SysWow64\d2d1.dll
2011-01-13 10:20 . 2011-01-28 07:11   7844688   ----a-w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{7F58F427-5672-44B3-87E9-477EA0C28659}\mpengine.dll
2011-01-13 08:47 . 2011-01-24 00:26   237168   ----a-w-   c:\windows\system32\aswBoot.exe
2011-01-08 09:03 . 2011-02-14 19:12   48128   ----a-w-   c:\windows\system32\atmlib.dll
2011-01-08 08:47 . 2011-02-14 19:12   34304   ----a-w-   c:\windows\SysWow64\atmlib.dll
2011-01-08 06:45 . 2011-02-14 19:12   367104   ----a-w-   c:\windows\system32\atmfd.dll
2011-01-08 06:28 . 2011-02-14 19:12   292352   ----a-w-   c:\windows\SysWow64\atmfd.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-03-06 39408]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"AdobeUpdater"="c:\program files (x86)\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2008-09-26 2356088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2010-11-30 281768]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http:" [X]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\CONTROL\SafeBoot\Minimal\!SASCORE]
=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-06 135664]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
R3 LVcKap64;Logitech AEC Driver;c:\windows\system32\DRIVERS\LVcKap64.sys


R3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys

R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam_x64.sys

R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 netr7364;Linksys Compact Wireless-G USB Adapter Driver for Vista;c:\windows\system32\DRIVERS\WUSB54GCx64.sys

R3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys

R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]
R4 PdiService;Portrait Displays SDK Service;c:\program files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe [2009-06-23 109168]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2010-02-17 14920]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2010-02-17 12360]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2010-06-29 128752]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2010-11-30 135336]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~2\mcafee\SITEAD~1\mcsacore.exe [2011-02-16 101048]
S3 LVUVC64;Logitech Webcam 500(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys

S3 WUSB54GCv3;Compact Wireless-G USB Network Adapter;c:\windows\system32\DRIVERS\WUSB54GCv3.sys

.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt   REG_MULTI_SZ      hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-06 10:38]
.
2011-04-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-06 10:38]
.
2011-04-03 c:\windows\Tasks\User_Feed_Synchronization-{79662777-9144-4FDC-9878-A688B6B1948B}.job
- c:\windows\system32\msfeedssync.exe [2011-02-14 04:47]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="%ProgramFiles%\Windows Defender\MSASCui.exe -hide" [X]
"combofix"="c:\combofix\CF13003.cfxxe" [X]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://www.yahoo.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://ca.search.yahoo.com/search?fr=mcafee&p=%s
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\769657z5.default\
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4b8497d4&v=6.103.018.001&i=23&tp=ab&iy=&ychte=ca&lng=en-GB&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - c:\program files (x86)\McAfee\SiteAdvisor
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Wow6432Node-HKLM-Run-WindowsLiveDeviceIntegrator - c:\program files (x86)\Windows Live\Device Integrator\wldi.exe
SafeBoot-mcmscsvc
SafeBoot-MCODS
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{4E7BD74F-2B8D-469E-85B2-BC27FE9AAE2E} - (no file)
AddRemove-sp44626 - c:\hp\Softpaq\sp44626\sp44626.exe
AddRemove-WindowsLiveDeviceIntegrator - c:\program files (x86)\Windows Live\Device Integrator\InstallDI.exe
AddRemove-WinLiveSuite - c:\program files (x86)\Windows Live\Installer\wlarp.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
Denied: (A 2) (Everyone)
="FlashBroker"
"LocalizedString"="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
Denied: (A 2) (Everyone)
="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
Denied: (A 2) (Everyone)
="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
Denied: (A 2) (Everyone)
="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
Denied: (A 2) (Everyone)
=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\ACR0065\4&98671ce&0&UID16843008\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\ACR0065\4&98671ce&0&UID16843008\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\Default_Monitor\4&98671ce&0&UID16843008\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\Default_Monitor\4&98671ce&0&UID16843008\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\HWP26A8\4&98671ce&0&UID16843008\Device Parameters\MODES]
DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\HWP26A8\4&98671ce&0&UID16843008\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\HWP26A8\4&98671ce&0&UID16843008\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
DACL=(02 0000)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\windows\SysWOW64\rundll32.exe
.
**************************************************************************
.
Completion time: 2011-04-03  22:09:37 - machine was rebooted
ComboFix-quarantined-files.txt  2011-04-04 02:09
.
Pre-Run: 376,976,920,576 bytes free
Post-Run: 376,517,332,992 bytes free
.
- - End Of File - - 0F2952DAFA973D05741C739009A56F27
Please download the Sophos Anti-Rootkit Scanner and save it to your desktop.

You will need to enter your name, e-mail address and location in order to access the download page.

  • Once you have downloaded the file, double click the sarsfx icon
  • Review the licence agreement and click on the Accept button
  • The scanner will prompt you to extract the files to C:\SOPHTEMP - DO NOT change this location, simply click the Install button

  • Once the files have been extracted; using Windows Explorer, navigate to C:\SOPHTEMP and double click on the blue shield icon called sargui
  • Ensure that there are checkmarks next to Running processes, Windows registry and Local hard drives, then click Start scan
  • Allow the program to scan your computer - please be patient as it may take some time
  • Once the scan has completed a window will POP-up with the results of the scan - click OK to this
  • In the main window, you will see each of the entries found by the scan (if any)
    • If the scanner generated any warning messages, please click on each warning and copy and paste the text of it into this thread for me to review
    • Once you have posted any warning messages here, you can close the scanner and wait for me to get back to you
  • If you have not had any warnings, any entries which can be cleaned up by the scanner will have a box with a green checkmark in it next to the entry
  • To clean up these entries click on the Clean up checked items button
  • If you accidentally check a file NOT recommended for clean up, you will get a warning message and if necessary can re-select the entries you want to clean up
  • Once you have cleaned the selected files, you will be prompted to re-boot your computer - please do so
  • When you have re-booted, please post a fresh HijackThis log into this thread and tell me how your computer is running now
"Ensure that there are checkmarks next to Running processes, Windows registry and Local hard drives"
Won't let me checkmark "Running Processes".

 [/url]Ok. Please try this:

Please download Rooter and Save it to your desktop.
  • Double click it to start the tool.Vista and Windows7 run as administrator.
  • Click Scan.
  • Eventually, a Notepad file containing the report will open, also found at C:\Rooter.txt. Post that log in your next reply.

Won't work.
That's weird. Please try this one to see if it will work.

SysProt Antirootkit

Download
SysProt Antirootkit from the link below (you will find it at the bottom
of the page under attachments, or you can get it from one of the
mirrors).

http://sites.google.com/site/sysprotantirootkit/

Unzip it into a folder on your desktop.
  • Double click Sysprot.exe to start the program.
  • Click on the Log tab.
  • In the Write to log box select the following items.
    • Process << Selected
    • Kernel Modules << Selected
    • SSDT << Selected
    • Kernel Hooks << Selected
    • IRP Hooks << NOT Selected
    • Ports << NOT Selected
    • Hidden Files << Selected
  • At the bottom of the page
    • Hidden Objects Only << Selected
  • Click on the Create Log button on the bottom right.
  • After a few seconds a new window should APPEAR.
  • Select Scan Root Drive. Click on the Start button.
  • When it is complete a new window will appear to indicate that the scan is finished.
  • The log will be saved automatically in the same folder Sysprot.exe was extracted to. Open the text file and copy/paste the log here.


I got that pop up and I put run under Administrator.
So I'm not sure if the log showed everything.

SysProt AntiRootkit v1.0.1.0
by swatkat

******************************************************************************************
******************************************************************************************

No Hidden Processes found

******************************************************************************************
******************************************************************************************
No Hidden Kernel Modules found

******************************************************************************************
******************************************************************************************
No SSDT Hooks found

******************************************************************************************
******************************************************************************************
No Kernel Hooks found

******************************************************************************************
******************************************************************************************
No hidden files/folders found

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
•Click the button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the icon on your desktop.
•Check
•Click the button.
•Accept any security warnings from your browser.
•Check
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push
•Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the button.
•Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt
[email protected] as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
[email protected] as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6425
# api_version=3.0.2
# EOSSerial=161aeaa8969a0844a3567aa7a0e6a701
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-04-14 07:15:46
# local_time=2011-04-14 03:15:46 (-0500, Eastern Daylight Time)
# country="Canada"
# lang=4105
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=768 16777215 100 0 0 0 0 0
# compatibility_mode=1024 16777215 100 0 34903983 34903983 0 0
# compatibility_mode=1797 16775165 100 94 0 38396138 0 0
# compatibility_mode=5892 16776573 100 56 0 139401495 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=186383
# found=0
# cleaned=0
# scan_time=5757
How's your computer running now? Any other issues?


Discussion

No Comment Found

Related InterviewSolutions