Police Ransom Virus

[Fiery]

There may have been some error along the CD burning process. Let's try to burn OTLPE onto a USB. Follow the instructions here: http://forums.majorgeeks.com/showthread.php?t=216844

After you completed the steps above, download Farbar Recovery Scan Tool and Listparts onto the USB (don't download the tools first then burn OTLPE as that will delete the tools on the USB).

Go into the BIOS again and change the boot setting to USB/ flash drive.

 

[edward1]

There may have been some error along the CD burning process. Let's try to burn OTLPE onto a USB. Follow the instructions here: http://forums.majorgeeks.com/showthread.php?t=216844

After you completed the steps above, download Farbar Recovery Scan Tool and Listparts onto the USB (don't download the tools first then burn OTLPE as that will delete the tools on the USB).

Go into the BIOS again and change the boot setting to USB/ flash drive.

Hi. Problems again! I get as far as PeToUSB with all the correct names inserted and correct boxes ticked. Pressing "Start" brings up an error message "Format Fix Error(11). An error occurred during the formatting of the Drive".
Have repeated four times with same result each time!.

 

[Fiery]

Download a new version of OTL.

Then Download Malwarebytes Anti-Rootkit from here

Then download OTH from here. Transfer all 3 files to your infected PC.

• Unzip the Malwarebytes Anti-rootkit to a folder on your Desktop.
• Start OTH and click Kill All Processes
• Click Start OTL
  Under custom scan/fixes, copy and paste the following:
  
  • 
    
    :reg
    [-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{81ACBB45-06B6-AC1D-98EF-D6ECE7754907}\InProcServer32*]
    
  
  Then click Run Fix. Post the log afterwards.

---

In OTH, click Start Misc program
Navigate to the Malwarebytes Anti-rootkit folder ( mbar.exe) and click open

• Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
• Make sure there is a check next to Create Restore Point and click the Cleanup button to remove any threats. Reboot if prompted to do so.
• After the reboot, start OTH, kill all processes and perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If there are threats, click Cleanup once more and reboot.
• When done, please post the two logs in the MBAR folder(mbar-log.txt and system-log.txt)

 

[edward1]

Download a new version of OTL.

Then Download Malwarebytes Anti-Rootkit from here

Then download OTH from here. Transfer all 3 files to your infected PC.

• Unzip the Malwarebytes Anti-rootkit to a folder on your Desktop.
• Start OTH and click Kill All Processes
• Click Start OTL
  Under custom scan/fixes, copy and paste the following:
  
  • 
    
    :reg
    [-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{81ACBB45-06B6-AC1D-98EF-D6ECE7754907}\InProcServer32*]
    
  
  Then click Run Fix. Post the log afterwards.

---

In OTH, click Start Misc program
Navigate to the Malwarebytes Anti-rootkit folder ( mbar.exe) and click open

• Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
• Make sure there is a check next to Create Restore Point and click the Cleanup button to remove any threats. Reboot if prompted to do so.
• After the reboot, start OTH, kill all processes and perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If there are threats, click Cleanup once more and reboot.
• When done, please post the two logs in the MBAR folder(mbar-log.txt and system-log.txt)

---

Hi. A 3 downloads moved to PC. Malwarebytes unzipped ok to Desktop. When clicking on "Kill All Proceses" there is no response. Nothing either when clicking "Start OTL". Tried 3 times. Same each time.

 

[Fiery]

Can you run MBAR or OTL without the help of OTH?

If not, do you have another USB that you can use to try burning OTLPE onto there since we can't run any tools in the standard windows environment.

Also, try making a Rescue Disk. Follow the instructions here: http://malwaretips.com/Announcement-Computer-won-t-boot-up-Hard-to-remove-malware-Learn-how-to-create-and-use-a-Kaspersky-Rescue-Disk

 

[edward1]

Can you run MBAR or OTL without the help of OTH?

If not, do you have another USB that you can use to try burning OTLPE onto there since we can't run any tools in the standard windows environment.

Also, try making a Rescue Disk. Follow the instructions here: http://malwaretips.com/Announcement-Computer-won-t-boot-up-Hard-to-remove-malware-Learn-how-to-create-and-use-a-Kaspersky-Rescue-Disk

Hi. Ran MBAR no problem.At end of scan message was "Scan Finished. No Malware Found" It was quite a lengthy scan.
On the other hand, the OTL scan was over in seconds and the report is here:-
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\software\Classes\CLSID\{81ACBB45-06B6-AC1D-98EF-D6ECE7754907}\InProcServer32*\ not found.
What next?

 

[Fiery]

Download a new version of combofix, rename it to explorer.exe and try to run it in safemode

 

[edward1]

Download a new version of combofix, rename it to explorer.exe and try to run it in safemode

A window, explorer.exe opens for a second and shuts.

 

[Fiery]

Download a new version of combofix and rkill

Download and run RKill
Download mirror 1 - Download mirror 2 - Download mirror 3

Boot to safe mode, try running rKill first then combofix.

If that doesn't work, Follow the instructions here: http://malwaretips.com/Announcement-Computer-won-t-boot-up-Hard-to-remove-malware-Learn-how-to-create-and-use-a-Kaspersky-Rescue-Disk

 

[edward1]

Success, I hope. Here are the logs:-
Rkill 2.4.5 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 01/14/2013 07:39:46 PM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* AFD (AFD) is not Running.
Startup Type set to: System

* DHCP Client (Dhcp) is not Running.
Startup Type set to: Automatic

* DNS Client (Dnscache) is not Running.
Startup Type set to: Automatic

* COM+ Event System (EventSystem) is not Running.
Startup Type set to: Manual

* Network Connections (Netman) is not Running.
Startup Type set to: Manual

* Security Center (wscsvc) is not Running.
Startup Type set to: Automatic

* Automatic Updates (wuauserv) is not Running.
Startup Type set to: Automatic

* AFD (AFD) is not Running.
Startup Type set to: System

* IPSEC driver (IPSec) is not Running.
Startup Type set to: System

* NetBios over Tcpip (NetBT) is not Running.
Startup Type set to: System

* TCP/IP Protocol Driver (Tcpip) is not Running.
Startup Type set to: System

* RpcSs => %SystemRoot%\system32\svchost.exe -k rpcss [Incorrect ImagePath]

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* HOSTS file entries found:

ÿþ1 2 7 . 0 . 0 . 1 l o c a l h o s t

: : 1 l o c a l h o s t



Program finished at: 01/14/2013 07:40:54 PM
Execution time: 0 hours(s), 1 minute(s), and 8 seconds(s)

ComboFix 13-01-14.01 - Administrator 14/01/2013 19:51:53.3.2 - x86 MINIMAL
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1023.819 [GMT 0:00]
Running from: D:\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Antivirus *Disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((( Files Created from 2012-12-14 to 2013-01-14 )))))))))))))))))))))))))))))))
.
.
2013-01-14 17:03 . 2013-01-14 17:03 -------- d-----w- C:\_OTL
2013-01-14 16:32 . 2013-01-14 16:32 35144 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2013-01-13 19:35 . 2013-01-13 19:35 -------- d-----w- C:\eeepcfr
2013-01-12 09:21 . 2013-01-12 09:21 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2013-01-09 10:57 . 2013-01-09 10:57 -------- d-----w- c:\documents and settings\Jane\Local Settings\Application Data\PCHealth
2013-01-06 15:58 . 2012-12-14 16:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-01-06 15:11 . 2013-01-06 15:11 -------- d-----w- c:\program files\ERUNT
2013-01-05 09:59 . 2013-01-05 09:59 -------- d-----w- c:\documents and settings\Jane\Application Data\SUPERAntiSpyware.com
2013-01-05 09:59 . 2013-01-05 09:59 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\SUPERAntiSpyware.com
2012-12-31 20:54 . 2012-12-31 20:54 -------- d-----w- c:\documents and settings\Administrator\Application Data\vlc
2012-12-31 20:54 . 2012-12-31 20:54 -------- d-----w- c:\documents and settings\Administrator\Application Data\dvdcss
2012-12-31 10:20 . 2012-12-31 10:20 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2012-12-31 08:52 . 2013-01-05 21:05 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\HitmanPro
2012-12-31 08:50 . 2012-12-31 08:50 -------- d-----w- c:\documents and settings\Jane\Application Data\Malwarebytes
2012-12-31 08:50 . 2012-12-31 08:50 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes
2012-12-29 12:13 . 2013-01-06 16:22 -------- d-----w- c:\program files\GridinSoft Trojan Killer
2012-12-18 14:28 . 2012-12-18 14:28 186584 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
2012-12-18 11:44 . 2012-12-18 11:44 -------- d-----w- c:\program files\Common Files\xing shared
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-08 23:09 . 2012-03-31 16:24 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-01-08 23:09 . 2012-01-13 09:02 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-18 11:43 . 2009-05-21 19:21 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-12-18 11:43 . 2009-05-21 17:57 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-12-16 12:23 . 2004-08-04 12:00 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-12-03 15:40 . 2012-12-04 16:46 1874280 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-12-03 15:40 . 2012-10-19 14:19 5955584 ----a-w- c:\windows\system32\nvopencl.dll
2012-12-03 15:40 . 2012-10-19 14:19 889192 ----a-w- c:\windows\system32\nvdispgenco32.dll
2012-12-03 15:40 . 2012-02-09 21:40 7606272 ----a-w- c:\windows\system32\nvcuda.dll
2012-12-03 15:40 . 2012-02-09 21:40 2611560 ----a-w- c:\windows\system32\nvcuvid.dll
2012-12-03 15:40 . 2012-02-09 21:40 2441728 ----a-w- c:\windows\system32\nvapi.dll
2012-12-03 15:40 . 2012-02-09 21:40 19460096 ----a-w- c:\windows\system32\nvoglnt.dll
2012-12-03 15:40 . 2012-02-09 21:40 17551360 ----a-w- c:\windows\system32\nvcompiler.dll
2012-12-03 15:40 . 2012-02-09 21:40 1011048 ----a-w- c:\windows\system32\nvdispco32.dll
2012-12-03 15:40 . 2011-04-11 09:51 11053992 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2012-12-03 15:40 . 2008-04-14 00:12 4153600 ----a-w- c:\windows\system32\nv4_disp.dll
2012-12-01 04:56 . 2012-12-04 16:52 249856 ----a-w- c:\windows\system32\nvrscs.dll
2012-12-01 04:56 . 2012-12-04 16:52 286720 ----a-w- c:\windows\system32\nvrsfr.dll
2012-12-01 04:56 . 2012-12-04 16:52 274432 ----a-w- c:\windows\system32\nvrsnl.dll
2012-12-01 04:56 . 2012-12-04 16:52 258048 ----a-w- c:\windows\system32\nvrstr.dll
2012-12-01 04:56 . 2012-12-04 16:52 258048 ----a-w- c:\windows\system32\nvrssl.dll
2012-12-01 04:56 . 2012-12-04 16:52 278528 ----a-w- c:\windows\system32\nvrsde.dll
2012-12-01 04:56 . 2012-12-04 16:52 253952 ----a-w- c:\windows\system32\nvrsda.dll
2012-12-01 04:56 . 2012-12-04 16:52 282624 ----a-w- c:\windows\system32\nvrsit.dll
2012-12-01 04:56 . 2012-12-04 16:52 253952 ----a-w- c:\windows\system32\nvrsth.dll
2012-12-01 04:56 . 2012-12-04 16:52 253952 ----a-w- c:\windows\system32\nvrssv.dll
2012-12-01 04:56 . 2012-12-04 16:52 249856 ----a-w- c:\windows\system32\nvrsfi.dll
2012-12-01 04:56 . 2012-12-04 16:52 229376 ----a-w- c:\windows\system32\nvrszhc.dll
2012-12-01 04:56 . 2012-12-04 16:52 335872 ----a-w- c:\windows\system32\nvrsar.dll
2012-12-01 04:56 . 2012-12-04 16:52 270336 ----a-w- c:\windows\system32\nvrsru.dll
2012-12-01 04:56 . 2012-12-04 16:52 270336 ----a-w- c:\windows\system32\nvrsptb.dll
2012-12-01 04:56 . 2012-12-04 16:52 258048 ----a-w- c:\windows\system32\nvrssk.dll
2012-12-01 04:56 . 2012-12-04 16:52 258048 ----a-w- c:\windows\system32\nvrspl.dll
2012-12-01 04:56 . 2012-12-04 16:52 282624 ----a-w- c:\windows\system32\nvrsel.dll
2012-12-01 04:56 . 2012-12-04 16:52 335872 ----a-w- c:\windows\system32\nvrshe.dll
2012-12-01 04:56 . 2012-12-04 16:52 274432 ----a-w- c:\windows\system32\nvrspt.dll
2012-12-01 04:56 . 2012-12-04 16:52 266240 ----a-w- c:\windows\system32\nvrsko.dll
2012-12-01 04:56 . 2012-12-04 16:52 262144 ----a-w- c:\windows\system32\nvrshu.dll
2012-12-01 04:56 . 2012-12-04 16:52 253952 ----a-w- c:\windows\system32\nvrsno.dll
2012-12-01 04:56 . 2012-12-04 16:52 282624 ----a-w- c:\windows\system32\nvrses.dll
2012-12-01 04:56 . 2012-12-04 16:52 249856 ----a-w- c:\windows\system32\nvrseng.dll
2012-12-01 04:56 . 2012-12-04 16:52 274432 ----a-w- c:\windows\system32\nvrsja.dll
2012-12-01 04:56 . 2012-12-04 16:52 126976 ----a-w- c:\windows\system32\nvrszht.dll
2012-12-01 04:56 . 2012-12-04 16:52 274432 ----a-w- c:\windows\system32\nvrsesm.dll
2012-12-01 04:53 . 2012-10-19 14:22 15524712 ----a-w- c:\windows\system32\nvcpl.dll
2012-12-01 04:53 . 2012-10-19 14:22 164712 ----a-w- c:\windows\system32\nvsvc32.exe
2012-12-01 04:53 . 2012-10-19 14:22 143720 ----a-w- c:\windows\system32\nvcolor.exe
2012-12-01 04:53 . 2012-10-19 14:22 108392 ----a-w- c:\windows\system32\nvmctray.dll
2012-12-01 04:52 . 2012-10-19 14:22 54272 ----a-w- c:\windows\system32\nvwddi.dll
2012-11-13 01:25 . 2004-08-04 12:00 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-11-06 02:01 . 2008-04-14 00:12 1371648 ----a-w- c:\windows\system32\msxml6.dll
2012-11-02 02:02 . 2004-08-04 12:00 375296 ----a-w- c:\windows\system32\dpnet.dll
2012-11-01 12:17 . 2004-09-29 18:47 916992 ----a-w- c:\windows\system32\wininet.dll
2012-11-01 12:17 . 2004-08-04 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2012-11-01 12:17 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-11-01 00:35 . 2004-08-04 12:00 385024 ------w- c:\windows\system32\html.iec
2012-10-30 22:51 . 2012-07-11 13:47 361032 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-10-30 22:51 . 2012-07-11 13:47 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-10-30 22:51 . 2012-07-11 13:47 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-10-30 22:51 . 2012-07-11 13:47 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-10-30 22:51 . 2012-07-11 13:47 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-10-30 22:51 . 2012-07-11 13:47 89752 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-10-30 22:51 . 2012-07-11 13:47 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-10-30 22:51 . 2012-07-11 13:47 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-10-30 22:51 . 2012-07-11 13:46 41224 ----a-w- c:\windows\avastSS.scr
2012-10-30 22:50 . 2012-07-11 13:46 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-10-25 03:12 . 2012-10-25 03:12 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-10-25 03:12 . 2012-10-25 03:12 69632 ----a-w- c:\windows\system32\QuickTime.qts
2013-01-12 09:52 . 2013-01-12 09:50 262704 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 61952]
"SpeedTouch USB Diagnostics"="c:\program files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 866816]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-07-26 2569616]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2010-07-04 17408]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2012-12-01 15524712]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2012-12-01 108392]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2012-12-03 1982312]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-02-05 849280]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2012-12-18 295072]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Z1"="c:\documents and settings\Jane\Desktop\MAK\mbar\mbar.exe" [2013-01-09 1356360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\TalkTalk\\agent\\bin\\bcont.exe"=
"c:\\Program Files\\Common Files\\SupportSoft\\bin\\tgsrvc.exe"=
"c:\\Program Files\\TalkTalk\\agent\\bin\\bcont_nm.exe"=
"c:\\Program Files\\TalkTalk\\bin\\sprtcmd.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Deluge\\deluge.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\AVAST Software\\Avast\\AvastUI.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundRouterRequest"= 1 (0x1)
"AllowOutboundDestinationUnreachable"= 1 (0x1)
.
S1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files\Emsisoft Anti-Malware\a2ddax86.sys [21/11/2012 00:53 17904]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [11/07/2012 13:47 738504]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [11/07/2012 13:47 361032]
S1 SABKUTIL;SABKUTIL;\??\c:\program files\SUPERAntiSpyware\SABKUTIL.sys --> c:\program files\SUPERAntiSpyware\SABKUTIL.sys [?]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17/02/2010 18:25 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10/05/2010 18:41 67656]
S2 a2AntiMalware;Emsisoft Anti-Malware 6.6 - Service;c:\program files\Emsisoft Anti-Malware\a2service.exe [21/11/2012 00:53 3069752]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [11/07/2012 13:47 21256]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [06/01/2013 15:58 398184]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [28/04/2010 20:24 682344]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe [09/08/2012 12:02 38608]
S2 sprtsvc_TalkTalk;SupportSoft Sprocket Service (TalkTalk);c:\program files\TalkTalk\bin\sprtsvc.exe [12/10/2007 08:33 202016]
S2 tgsrvc_TalkTalk;SupportSoft Repair Service (TalkTalk);c:\program files\Common Files\SupportSoft\bin\tgsrvc.exe [02/08/2007 13:42 148768]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [23/01/2012 04:43 92592]
S3 a2acc;a2acc;c:\program files\Emsisoft Anti-Malware\a2accx86.sys [21/11/2012 00:53 54072]
S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [14/01/2013 16:32 35144]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [06/01/2013 15:58 21104]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [17/04/2012 18:48 137600]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [17/04/2012 18:48 8576]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-01-12 20:13 1606760 ----a-w- c:\program files\Google\Chrome\Application\24.0.1312.52\Installer\setup.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 23:09]
.
2012-12-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 16:57]
.
2013-01-14 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-07-11 22:50]
.
2013-01-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-07-11 13:47]
.
2013-01-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-07-11 13:47]
.
2012-12-14 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job
- c:\program files\Microsoft IntelliPoint\ipoint.exe [2007-02-05 15:52]
.
2013-01-08 c:\windows\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1060284298-1202660629-725345543-1005.job
- c:\program files\RealNetworks\RealDownloader\recordingmanager.exe [2012-08-09 12:04]
.
2013-01-14 c:\windows\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1060284298-1202660629-725345543-1005.job
- c:\program files\RealNetworks\RealDownloader\realupgrade.exe [2012-08-09 12:02]
.
2013-01-14 c:\windows\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1060284298-1202660629-725345543-1005.job
- c:\program files\RealNetworks\RealDownloader\realupgrade.exe [2012-08-09 12:02]
.
2013-01-14 c:\windows\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1060284298-1202660629-725345543-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-11-30 15:30]
.
2013-01-12 c:\windows\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1060284298-1202660629-725345543-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-11-30 15:30]
.
2013-01-14 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1060284298-1202660629-725345543-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-11-30 15:30]
.
2012-12-17 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1060284298-1202660629-725345543-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-11-30 15:30]
.
.
------- Supplementary Scan -------
.
mStart Page = hxxp://www.google.com
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vaynlbab.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-01-14 20:01
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{81ACBB45-06B6-AC1D-98EF-D6ECE7754907}\InProcServer32*]
"jabjhlfinlaeedbeehda"=hex:6a,61,70,61,6f,6f,62,63,62,66,63,6f,70,6b,62,63,68,
69,67,68,00,fa
"iabjnjpdmjongamdek"=hex:6a,61,70,61,6e,6c,6f,62,70,62,64,6d,6c,64,6e,66,6d,61,
61,69,00,f8
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(856)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
.
Completion time: 2013-01-14 20:03:33
ComboFix-quarantined-files.txt 2013-01-14 20:03
ComboFix2.txt 2013-01-07 20:53
ComboFix3.txt 2013-01-05 12:42
.
Pre-Run: 172,258,463,744 bytes free
Post-Run: 176,002,314,240 bytes free
.
- - End Of File - - 032081EC98AF9CE97CF5B56DABEEACF5

 

[Fiery]

Using the same instructions as before, go back into safemode and run rkill again.

Open up Notepad and paste the following:

Killall::

Regnull::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{81ACBB45-06B6-AC1D-98EF-D6ECE7754907}\InProcServer32*]

ClearJavaCache::

• Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
• At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
• You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
• Now use your mouse to drag CFscript.txt on top of ComboFix.exe
  
  
• Follow the prompts.
• When it finishes, a log will be produced named c:\combofix.txt
• I will ask for this log below

 

[edward1]

All completed. Here is log:-
ComboFix 13-01-14.01 - Administrator 15/01/2013 9:20.4.2 - x86 MINIMAL
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1023.817 [GMT 0:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt.txt
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Antivirus *Disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((( Files Created from 2012-12-15 to 2013-01-15 )))))))))))))))))))))))))))))))
.
.
2013-01-14 17:03 . 2013-01-14 17:03 -------- d-----w- C:\_OTL
2013-01-13 19:35 . 2013-01-13 19:35 -------- d-----w- C:\eeepcfr
2013-01-12 09:21 . 2013-01-12 09:21 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2013-01-06 15:58 . 2012-12-14 16:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-01-06 15:11 . 2013-01-06 15:11 -------- d-----w- c:\program files\ERUNT
2013-01-05 09:59 . 2013-01-05 09:59 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\SUPERAntiSpyware.com
2012-12-31 20:54 . 2012-12-31 20:54 -------- d-----w- c:\documents and settings\Administrator\Application Data\vlc
2012-12-31 20:54 . 2012-12-31 20:54 -------- d-----w- c:\documents and settings\Administrator\Application Data\dvdcss
2012-12-31 10:20 . 2012-12-31 10:20 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2012-12-31 08:52 . 2013-01-05 21:05 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\HitmanPro
2012-12-31 08:50 . 2012-12-31 08:50 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes
2012-12-29 12:13 . 2013-01-06 16:22 -------- d-----w- c:\program files\GridinSoft Trojan Killer
2012-12-18 14:28 . 2012-12-18 14:28 186584 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
2012-12-18 11:44 . 2012-12-18 11:44 -------- d-----w- c:\program files\Common Files\xing shared
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-08 23:09 . 2012-03-31 16:24 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-01-08 23:09 . 2012-01-13 09:02 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-18 11:43 . 2009-05-21 19:21 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-12-18 11:43 . 2009-05-21 17:57 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-12-16 12:23 . 2004-08-04 12:00 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-12-03 15:40 . 2012-12-04 16:46 1874280 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-12-03 15:40 . 2012-10-19 14:19 5955584 ----a-w- c:\windows\system32\nvopencl.dll
2012-12-03 15:40 . 2012-10-19 14:19 889192 ----a-w- c:\windows\system32\nvdispgenco32.dll
2012-12-03 15:40 . 2012-02-09 21:40 7606272 ----a-w- c:\windows\system32\nvcuda.dll
2012-12-03 15:40 . 2012-02-09 21:40 2611560 ----a-w- c:\windows\system32\nvcuvid.dll
2012-12-03 15:40 . 2012-02-09 21:40 2441728 ----a-w- c:\windows\system32\nvapi.dll
2012-12-03 15:40 . 2012-02-09 21:40 19460096 ----a-w- c:\windows\system32\nvoglnt.dll
2012-12-03 15:40 . 2012-02-09 21:40 17551360 ----a-w- c:\windows\system32\nvcompiler.dll
2012-12-03 15:40 . 2012-02-09 21:40 1011048 ----a-w- c:\windows\system32\nvdispco32.dll
2012-12-03 15:40 . 2011-04-11 09:51 11053992 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2012-12-03 15:40 . 2008-04-14 00:12 4153600 ----a-w- c:\windows\system32\nv4_disp.dll
2012-12-01 04:56 . 2012-12-04 16:52 249856 ----a-w- c:\windows\system32\nvrscs.dll
2012-12-01 04:56 . 2012-12-04 16:52 286720 ----a-w- c:\windows\system32\nvrsfr.dll
2012-12-01 04:56 . 2012-12-04 16:52 274432 ----a-w- c:\windows\system32\nvrsnl.dll
2012-12-01 04:56 . 2012-12-04 16:52 258048 ----a-w- c:\windows\system32\nvrstr.dll
2012-12-01 04:56 . 2012-12-04 16:52 258048 ----a-w- c:\windows\system32\nvrssl.dll
2012-12-01 04:56 . 2012-12-04 16:52 278528 ----a-w- c:\windows\system32\nvrsde.dll
2012-12-01 04:56 . 2012-12-04 16:52 253952 ----a-w- c:\windows\system32\nvrsda.dll
2012-12-01 04:56 . 2012-12-04 16:52 282624 ----a-w- c:\windows\system32\nvrsit.dll
2012-12-01 04:56 . 2012-12-04 16:52 253952 ----a-w- c:\windows\system32\nvrsth.dll
2012-12-01 04:56 . 2012-12-04 16:52 253952 ----a-w- c:\windows\system32\nvrssv.dll
2012-12-01 04:56 . 2012-12-04 16:52 249856 ----a-w- c:\windows\system32\nvrsfi.dll
2012-12-01 04:56 . 2012-12-04 16:52 229376 ----a-w- c:\windows\system32\nvrszhc.dll
2012-12-01 04:56 . 2012-12-04 16:52 335872 ----a-w- c:\windows\system32\nvrsar.dll
2012-12-01 04:56 . 2012-12-04 16:52 270336 ----a-w- c:\windows\system32\nvrsru.dll
2012-12-01 04:56 . 2012-12-04 16:52 270336 ----a-w- c:\windows\system32\nvrsptb.dll
2012-12-01 04:56 . 2012-12-04 16:52 258048 ----a-w- c:\windows\system32\nvrssk.dll
2012-12-01 04:56 . 2012-12-04 16:52 258048 ----a-w- c:\windows\system32\nvrspl.dll
2012-12-01 04:56 . 2012-12-04 16:52 282624 ----a-w- c:\windows\system32\nvrsel.dll
2012-12-01 04:56 . 2012-12-04 16:52 335872 ----a-w- c:\windows\system32\nvrshe.dll
2012-12-01 04:56 . 2012-12-04 16:52 274432 ----a-w- c:\windows\system32\nvrspt.dll
2012-12-01 04:56 . 2012-12-04 16:52 266240 ----a-w- c:\windows\system32\nvrsko.dll
2012-12-01 04:56 . 2012-12-04 16:52 262144 ----a-w- c:\windows\system32\nvrshu.dll
2012-12-01 04:56 . 2012-12-04 16:52 253952 ----a-w- c:\windows\system32\nvrsno.dll
2012-12-01 04:56 . 2012-12-04 16:52 282624 ----a-w- c:\windows\system32\nvrses.dll
2012-12-01 04:56 . 2012-12-04 16:52 249856 ----a-w- c:\windows\system32\nvrseng.dll
2012-12-01 04:56 . 2012-12-04 16:52 274432 ----a-w- c:\windows\system32\nvrsja.dll
2012-12-01 04:56 . 2012-12-04 16:52 126976 ----a-w- c:\windows\system32\nvrszht.dll
2012-12-01 04:56 . 2012-12-04 16:52 274432 ----a-w- c:\windows\system32\nvrsesm.dll
2012-12-01 04:53 . 2012-10-19 14:22 15524712 ----a-w- c:\windows\system32\nvcpl.dll
2012-12-01 04:53 . 2012-10-19 14:22 164712 ----a-w- c:\windows\system32\nvsvc32.exe
2012-12-01 04:53 . 2012-10-19 14:22 143720 ----a-w- c:\windows\system32\nvcolor.exe
2012-12-01 04:53 . 2012-10-19 14:22 108392 ----a-w- c:\windows\system32\nvmctray.dll
2012-12-01 04:52 . 2012-10-19 14:22 54272 ----a-w- c:\windows\system32\nvwddi.dll
2012-11-13 01:25 . 2004-08-04 12:00 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-11-06 02:01 . 2008-04-14 00:12 1371648 ----a-w- c:\windows\system32\msxml6.dll
2012-11-02 02:02 . 2004-08-04 12:00 375296 ----a-w- c:\windows\system32\dpnet.dll
2012-11-01 12:17 . 2004-09-29 18:47 916992 ----a-w- c:\windows\system32\wininet.dll
2012-11-01 12:17 . 2004-08-04 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2012-11-01 12:17 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-11-01 00:35 . 2004-08-04 12:00 385024 ------w- c:\windows\system32\html.iec
2012-10-30 22:51 . 2012-07-11 13:47 361032 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-10-30 22:51 . 2012-07-11 13:47 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-10-30 22:51 . 2012-07-11 13:47 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-10-30 22:51 . 2012-07-11 13:47 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-10-30 22:51 . 2012-07-11 13:47 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-10-30 22:51 . 2012-07-11 13:47 89752 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-10-30 22:51 . 2012-07-11 13:47 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-10-30 22:51 . 2012-07-11 13:47 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-10-30 22:51 . 2012-07-11 13:46 41224 ----a-w- c:\windows\avastSS.scr
2012-10-30 22:50 . 2012-07-11 13:46 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-10-25 03:12 . 2012-10-25 03:12 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-10-25 03:12 . 2012-10-25 03:12 69632 ----a-w- c:\windows\system32\QuickTime.qts
2013-01-12 09:52 . 2013-01-12 09:50 262704 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\documents and settings\All Users.WINDOWS\Application Data\FLEXnet\Connect\11\ISUSPM.exe" [2009-05-05 222496]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2012-01-23 247728]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-03-19 2423752]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 61952]
"SpeedTouch USB Diagnostics"="c:\program files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 866816]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-07-26 2569616]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2010-07-04 17408]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2012-12-01 15524712]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2012-12-01 108392]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2012-12-03 1982312]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-02-05 849280]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2012-12-18 295072]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\TalkTalk\\agent\\bin\\bcont.exe"=
"c:\\Program Files\\Common Files\\SupportSoft\\bin\\tgsrvc.exe"=
"c:\\Program Files\\TalkTalk\\agent\\bin\\bcont_nm.exe"=
"c:\\Program Files\\TalkTalk\\bin\\sprtcmd.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Deluge\\deluge.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\AVAST Software\\Avast\\AvastUI.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundRouterRequest"= 1 (0x1)
"AllowOutboundDestinationUnreachable"= 1 (0x1)
.
R1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files\Emsisoft Anti-Malware\a2ddax86.sys [21/11/2012 00:53 17904]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [11/07/2012 13:47 738504]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [11/07/2012 13:47 361032]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17/02/2010 18:25 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10/05/2010 18:41 67656]
R2 a2AntiMalware;Emsisoft Anti-Malware 6.6 - Service;c:\program files\Emsisoft Anti-Malware\a2service.exe [21/11/2012 00:53 3069752]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [11/07/2012 13:47 21256]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [06/01/2013 15:58 398184]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [28/04/2010 20:24 682344]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe [09/08/2012 12:02 38608]
R2 sprtsvc_TalkTalk;SupportSoft Sprocket Service (TalkTalk);c:\program files\TalkTalk\bin\sprtsvc.exe [12/10/2007 08:33 202016]
R2 tgsrvc_TalkTalk;SupportSoft Repair Service (TalkTalk);c:\program files\Common Files\SupportSoft\bin\tgsrvc.exe [02/08/2007 13:42 148768]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [23/01/2012 04:43 92592]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [06/01/2013 15:58 21104]
S1 SABKUTIL;SABKUTIL;\??\c:\program files\SUPERAntiSpyware\SABKUTIL.sys --> c:\program files\SUPERAntiSpyware\SABKUTIL.sys [?]
S3 a2acc;a2acc;c:\program files\Emsisoft Anti-Malware\a2accx86.sys [21/11/2012 00:53 54072]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [17/04/2012 18:48 137600]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [17/04/2012 18:48 8576]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-01-12 20:13 1606760 ----a-w- c:\program files\Google\Chrome\Application\24.0.1312.52\Installer\setup.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 23:09]
.
2012-12-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 16:57]
.
2013-01-15 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-07-11 22:50]
.
2013-01-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-07-11 13:47]
.
2013-01-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-07-11 13:47]
.
2012-12-14 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job
- c:\program files\Microsoft IntelliPoint\ipoint.exe [2007-02-05 15:52]
.
2013-01-08 c:\windows\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1060284298-1202660629-725345543-1005.job
- c:\program files\RealNetworks\RealDownloader\recordingmanager.exe [2012-08-09 12:04]
.
2013-01-15 c:\windows\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1060284298-1202660629-725345543-1005.job
- c:\program files\RealNetworks\RealDownloader\realupgrade.exe [2012-08-09 12:02]
.
2013-01-15 c:\windows\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1060284298-1202660629-725345543-1005.job
- c:\program files\RealNetworks\RealDownloader\realupgrade.exe [2012-08-09 12:02]
.
2013-01-15 c:\windows\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1060284298-1202660629-725345543-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-11-30 15:30]
.
2013-01-12 c:\windows\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1060284298-1202660629-725345543-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-11-30 15:30]
.
2013-01-15 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1060284298-1202660629-725345543-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-11-30 15:30]
.
2012-12-17 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1060284298-1202660629-725345543-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-11-30 15:30]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.mytalktalk.co.uk
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = hxxp://www.mytalktalk.co.uk/
uSearchAssistant =
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Jane\Application Data\Mozilla\Firefox\Profiles\dxwlwziu.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-01-15 09:32
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3692)
c:\windows\system32\WININET.dll
c:\program files\Unlocker\UnlockerHook.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\system32\msiexec.exe
.
**************************************************************************
.
Completion time: 2013-01-15 09:43:07 - machine was rebooted
ComboFix-quarantined-files.txt 2013-01-15 09:43
ComboFix2.txt 2013-01-14 20:03
ComboFix3.txt 2013-01-07 20:53
ComboFix4.txt 2013-01-05 12:42
.
Pre-Run: 176,010,002,432 bytes free
Post-Run: 175,703,793,664 bytes free
.
- - End Of File - - E4E5B0EC3445065BB3102A874352762D

 

[Fiery]

How is your PC running?

Run Eset NOD32 Online AntiVirus

Note: You will need to use Internet Explorer for this scan.
Vista / 7 users: You will need to to right-click on the Internet Explorer icon and select Run as Administrator

• Tick the box next to YES, I accept the Terms of Use.
• Click Start
• When asked, allow the activex control to install
• Disable your current antivirus software. You can usually do this with its Notfication Tray icon near the clock.
• Click Start
• Make sure that the option "Remove found threats" is Un-checked, and the following Advance Settings are Checked
  • Scan unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
• Click Scan
• Wait for the scan to finish
• Re-enable your antivirus software.
• A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.

 

[edward1]

How is your PC running?

Run Eset NOD32 Online AntiVirus

Note: You will need to use Internet Explorer for this scan.
Vista / 7 users: You will need to to right-click on the Internet Explorer icon and select Run as Administrator

• Tick the box next to YES, I accept the Terms of Use.
• Click Start
• When asked, allow the activex control to install
• Disable your current antivirus software. You can usually do this with its Notfication Tray icon near the clock.
• Click Start
• Make sure that the option "Remove found threats" is Un-checked, and the following Advance Settings are Checked
  • Scan unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
• Click Scan
• Wait for the scan to finish
• Re-enable your antivirus software.
• A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.

PC functions are ok but every other time it stalls before it gets to Windows. Here is log:-
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=8
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6889
# api_version=3.0.2
# EOSSerial=926e623c8bcfa5469a8eff3001843023
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-01-15 07:59:26
# local_time=2013-01-15 07:59:26 (+0000, GMT Standard Time)
# country="United Kingdom"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=774 16777213 100 94 5818524 134989838 0 0
# compatibility_mode=1029 16777214 0 1 85145005 85145005 0 0
# compatibility_mode=6401 16777214 0 100 76919068 86545038 0 0
# scanned=89962
# found=39
# cleaned=0
# scan_time=5516
C:\Documents and Settings\All Users.WINDOWS\Application Data\GBox\runtime.dll Win32/GenUpdater application 5F83EC091F2E56C574A626FFEF768EFB632D7EDE I
C:\Documents and Settings\Jane\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\7\126a17c7-12a01e61 Java/Agent.FH trojan 5D83DCF74FABC5A777F39B3BAA61C355FF28F6D8 I
C:\Documents and Settings\Jane\My Documents\Downloads\nuancepdf.exe a variant of Win32/InstallIQ application 0B785A439FB912FC0D461801CE27CD26DCFDF284 I
C:\Documents and Settings\Jane\My Documents\Downloads\Unlocker1.9.1.exe a variant of Win32/Toolbar.Babylon application ECAF2A056C1C346D0E4905C4E5894F222B4231AF I
C:\Documents and Settings\Jane\My Documents\Downloads\vlcmediaplayer-setup.exe Win32/DownloadAdmin.A.Gen application 11EB10FAAC376894F67E00D7463C46F7D39B6329 I
C:\Documents and Settings\Jane\My Documents\Downloads\WinThruster_2013.exe a variant of Win32/SlowPCfighter application D13E0D0BC7F19C295BE3D97947E88C84F9D8B581 I
C:\System Volume Information\_restore{72F41FFD-3EA5-43E1-AF77-54A4B00F4AC8}\RP496\A0269125.dll Win32/GenUpdater application 5F83EC091F2E56C574A626FFEF768EFB632D7EDE I
C:\System Volume Information\_restore{72F41FFD-3EA5-43E1-AF77-54A4B00F4AC8}\RP497\A0274219.dll Win32/GenUpdater application 5F83EC091F2E56C574A626FFEF768EFB632D7EDE I
C:\System Volume Information\_restore{72F41FFD-3EA5-43E1-AF77-54A4B00F4AC8}\RP498\A0274291.dll Win32/GenUpdater application 5F83EC091F2E56C574A626FFEF768EFB632D7EDE I
C:\System Volume Information\_restore{72F41FFD-3EA5-43E1-AF77-54A4B00F4AC8}\RP498\A0275245.dll Win32/GenUpdater application 5F83EC091F2E56C574A626FFEF768EFB632D7EDE I
C:\System Volume Information\_restore{72F41FFD-3EA5-43E1-AF77-54A4B00F4AC8}\RP499\A0276294.dll Win32/GenUpdater application 5F83EC091F2E56C574A626FFEF768EFB632D7EDE I
C:\System Volume Information\_restore{72F41FFD-3EA5-43E1-AF77-54A4B00F4AC8}\RP500\A0277454.dll Win32/GenUpdater application 5F83EC091F2E56C574A626FFEF768EFB632D7EDE I
C:\System Volume Information\_restore{72F41FFD-3EA5-43E1-AF77-54A4B00F4AC8}\RP501\A0277472.dll Win32/GenUpdater application 5F83EC091F2E56C574A626FFEF768EFB632D7EDE I
C:\System Volume Information\_restore{72F41FFD-3EA5-43E1-AF77-54A4B00F4AC8}\RP501\A0277568.dll Win32/GenUpdater application 5F83EC091F2E56C574A626FFEF768EFB632D7EDE I
C:\System Volume Information\_restore{72F41FFD-3EA5-43E1-AF77-54A4B00F4AC8}\RP502\A0278604.dll Win32/GenUpdater application 5F83EC091F2E56C574A626FFEF768EFB632D7EDE I
C:\System Volume Information\_restore{72F41FFD-3EA5-43E1-AF77-54A4B00F4AC8}\RP503\A0278611.dll Win32/GenUpdater application 5F83EC091F2E56C574A626FFEF768EFB632D7EDE I
C:\System Volume Information\_restore{72F41FFD-3EA5-43E1-AF77-54A4B00F4AC8}\RP503\A0280631.dll Win32/GenUpdater application 5F83EC091F2E56C574A626FFEF768EFB632D7EDE I
C:\System Volume Information\_restore{72F41FFD-3EA5-43E1-AF77-54A4B00F4AC8}\RP504\A0281723.dll Win32/GenUpdater application 5F83EC091F2E56C574A626FFEF768EFB632D7EDE I
C:\System Volume Information\_restore{72F41FFD-3EA5-43E1-AF77-54A4B00F4AC8}\RP506\A0283712.dll Win32/GenUpdater application 5F83EC091F2E56C574A626FFEF768EFB632D7EDE I
C:\System Volume Information\_restore{72F41FFD-3EA5-43E1-AF77-54A4B00F4AC8}\RP507\A0283719.dll Win32/GenUpdater application 5F83EC091F2E56C574A626FFEF768EFB632D7EDE I
C:\System Volume Information\_restore{72F41FFD-3EA5-43E1-AF77-54A4B00F4AC8}\RP508\A0284156.exe Win32/GenUpdater application 1E246B8649EB422FE678A107667DC1C6932EC2A9 I
C:\System Volume Information\_restore{72F41FFD-3EA5-43E1-AF77-54A4B00F4AC8}\RP540\A0316295.exe Win32/Toolbar.SearchSuite application 2B3BB8915C721570A11D52F252F65F2A181E4CF9 I
C:\System Volume Information\_restore{72F41FFD-3EA5-43E1-AF77-54A4B00F4AC8}\RP540\A0316296.exe Win32/Toolbar.SearchSuite application C6E5BF3A7899AFF71EF4D56AB77C16AF168F97B9 I
C:\System Volume Information\_restore{72F41FFD-3EA5-43E1-AF77-54A4B00F4AC8}\RP553\A0329622.exe Win32/Toolbar.SearchSuite application B6B874B1FAB523EDA65F2AB405271E4195960AAB I
C:\System Volume Information\_restore{72F41FFD-3EA5-43E1-AF77-54A4B00F4AC8}\RP560\A0356233.lnk Win32/Reveton.M trojan BC0C922C365F7EC82FF10C98E0FC860581E0D176 I
C:\System Volume Information\_restore{72F41FFD-3EA5-43E1-AF77-54A4B00F4AC8}\RP562\A0357388.exe probably a variant of Win32/1AntiVirus application 97D6781145AE83669AE5073E8304EC0D3E343C92 I
C:\System Volume Information\_restore{72F41FFD-3EA5-43E1-AF77-54A4B00F4AC8}\RP564\A0357453.exe probably a variant of Win32/1AntiVirus application 97D6781145AE83669AE5073E8304EC0D3E343C92 I
C:\System Volume Information\_restore{72F41FFD-3EA5-43E1-AF77-54A4B00F4AC8}\RP564\A0364540.exe probably a variant of Win32/1AntiVirus application 97D6781145AE83669AE5073E8304EC0D3E343C92 I
C:\System Volume Information\_restore{72F41FFD-3EA5-43E1-AF77-54A4B00F4AC8}\RP567\A0386588.exe Win32/Bundled.Toolbar.Ask application 613BDCDC4B16EB466124A549D021646EAFB70B7C I
C:\System Volume Information\_restore{72F41FFD-3EA5-43E1-AF77-54A4B00F4AC8}\RP567\A0386641.dll a variant of Win32/Adware.Yontoo.B application 3792F19D1860B40EB871C041019ED62A427CF00C I
C:\System Volume Information\_restore{72F41FFD-3EA5-43E1-AF77-54A4B00F4AC8}\RP567\A0386657.dll a variant of Win32/Toolbar.SearchSuite application 4361BFA2B5A522CF5E6DBE656A45B8114D9A3612 I
C:\System Volume Information\_restore{72F41FFD-3EA5-43E1-AF77-54A4B00F4AC8}\RP567\A0386658.exe a variant of Win32/Toolbar.SearchSuite.A application 4D5963B70D9932CAF8870A40E23739CD2872AF5A I
C:\System Volume Information\_restore{72F41FFD-3EA5-43E1-AF77-54A4B00F4AC8}\RP567\A0386659.dll a variant of Win32/Toolbar.SearchSuite application E7269A37070FFA6A9D47974C72AD319AF1D7BAF5 I
C:\System Volume Information\_restore{72F41FFD-3EA5-43E1-AF77-54A4B00F4AC8}\RP567\A0386660.dll a variant of Win32/Toolbar.SearchSuite application B3A6B2389E4BC933C10DE2367575E2D5594D4155 I
C:\System Volume Information\_restore{72F41FFD-3EA5-43E1-AF77-54A4B00F4AC8}\RP567\A0386688.dll a variant of Win32/Toolbar.SearchSuite application 1CBFF3BADC71DF7CE2A39D6513F977BFC5E88D33 I
C:\System Volume Information\_restore{72F41FFD-3EA5-43E1-AF77-54A4B00F4AC8}\RP567\A0386689.dll a variant of Win32/Toolbar.SearchSuite application 20C36D82F2C169591246AE72F4E5DB017EAF61A7 I
C:\System Volume Information\_restore{72F41FFD-3EA5-43E1-AF77-54A4B00F4AC8}\RP567\A0386703.exe Win32/Toolbar.Babylon application 3CA96836E5258ABAC55BDF186808CCD8773D068F I
C:\System Volume Information\_restore{72F41FFD-3EA5-43E1-AF77-54A4B00F4AC8}\RP567\A0386725.lnk Win32/Reveton.M trojan B4C8D5AABA89BD5F625D10CD6AC2CB0631C4011E I
C:\System Volume Information\_restore{72F41FFD-3EA5-43E1-AF77-54A4B00F4AC8}\RP569\A0387041.exe probably a variant of Win32/1AntiVirus application 97D6781145AE83669AE5073E8304EC0D3E343C92 I

 

[Fiery]

Hi,

The log is incomplete, can you scroll down half way and copy & paste the rest? We got a couple of files we need to delete. Just need the reset of the eset log to make sure we don't miss any other files

 

[edward1]

Hi,

The log is incomplete, can you scroll down half way and copy & paste the rest? We got a couple of files we need to delete. Just need the reset of the eset log to make sure we don't miss any other files

Sorry about that. Here ids latter part:-
C:\System Volume Information\_restore{72F41FFD-3EA5-43E1-AF77-54A4B00F4AC8}\RP503\A0280631.dll Win32/GenUpdater application 5F83EC091F2E56C574A626FFEF768EFB632D7EDE I
C:\System Volume Information\_restore{72F41FFD-3EA5-43E1-AF77-54A4B00F4AC8}\RP504\A0281723.dll Win32/GenUpdater application 5F83EC091F2E56C574A626FFEF768EFB632D7EDE I
C:\System Volume Information\_restore{72F41FFD-3EA5-43E1-AF77-54A4B00F4AC8}\RP506\A0283712.dll Win32/GenUpdater application 5F83EC091F2E56C574A626FFEF768EFB632D7EDE I
C:\System Volume Information\_restore{72F41FFD-3EA5-43E1-AF77-54A4B00F4AC8}\RP507\A0283719.dll Win32/GenUpdater application 5F83EC091F2E56C574A626FFEF768EFB632D7EDE I
C:\System Volume Information\_restore{72F41FFD-3EA5-43E1-AF77-54A4B00F4AC8}\RP508\A0284156.exe Win32/GenUpdater application 1E246B8649EB422FE678A107667DC1C6932EC2A9 I
C:\System Volume Information\_restore{72F41FFD-3EA5-43E1-AF77-54A4B00F4AC8}\RP540\A0316295.exe Win32/Toolbar.SearchSuite application 2B3BB8915C721570A11D52F252F65F2A181E4CF9 I
C:\System Volume Information\_restore{72F41FFD-3EA5-43E1-AF77-54A4B00F4AC8}\RP540\A0316296.exe Win32/Toolbar.SearchSuite application C6E5BF3A7899AFF71EF4D56AB77C16AF168F97B9 I
C:\System Volume Information\_restore{72F41FFD-3EA5-43E1-AF77-54A4B00F4AC8}\RP553\A0329622.exe Win32/Toolbar.SearchSuite application B6B874B1FAB523EDA65F2AB405271E4195960AAB I
C:\System Volume Information\_restore{72F41FFD-3EA5-43E1-AF77-54A4B00F4AC8}\RP560\A0356233.lnk Win32/Reveton.M trojan BC0C922C365F7EC82FF10C98E0FC860581E0D176 I
C:\System Volume Information\_restore{72F41FFD-3EA5-43E1-AF77-54A4B00F4AC8}\RP562\A0357388.exe probably a variant of Win32/1AntiVirus application 97D6781145AE83669AE5073E8304EC0D3E343C92 I
C:\System Volume Information\_restore{72F41FFD-3EA5-43E1-AF77-54A4B00F4AC8}\RP564\A0357453.exe probably a variant of Win32/1AntiVirus application 97D6781145AE83669AE5073E8304EC0D3E343C92 I
C:\System Volume Information\_restore{72F41FFD-3EA5-43E1-AF77-54A4B00F4AC8}\RP564\A0364540.exe probably a variant of Win32/1AntiVirus application 97D6781145AE83669AE5073E8304EC0D3E343C92 I
C:\System Volume Information\_restore{72F41FFD-3EA5-43E1-AF77-54A4B00F4AC8}\RP567\A0386588.exe Win32/Bundled.Toolbar.Ask application 613BDCDC4B16EB466124A549D021646EAFB70B7C I
C:\System Volume Information\_restore{72F41FFD-3EA5-43E1-AF77-54A4B00F4AC8}\RP567\A0386641.dll a variant of Win32/Adware.Yontoo.B application 3792F19D1860B40EB871C041019ED62A427CF00C I
C:\System Volume Information\_restore{72F41FFD-3EA5-43E1-AF77-54A4B00F4AC8}\RP567\A0386657.dll a variant of Win32/Toolbar.SearchSuite application 4361BFA2B5A522CF5E6DBE656A45B8114D9A3612 I
C:\System Volume Information\_restore{72F41FFD-3EA5-43E1-AF77-54A4B00F4AC8}\RP567\A0386658.exe a variant of Win32/Toolbar.SearchSuite.A application 4D5963B70D9932CAF8870A40E23739CD2872AF5A I
C:\System Volume Information\_restore{72F41FFD-3EA5-43E1-AF77-54A4B00F4AC8}\RP567\A0386659.dll a variant of Win32/Toolbar.SearchSuite application E7269A37070FFA6A9D47974C72AD319AF1D7BAF5 I
C:\System Volume Information\_restore{72F41FFD-3EA5-43E1-AF77-54A4B00F4AC8}\RP567\A0386660.dll a variant of Win32/Toolbar.SearchSuite application B3A6B2389E4BC933C10DE2367575E2D5594D4155 I
C:\System Volume Information\_restore{72F41FFD-3EA5-43E1-AF77-54A4B00F4AC8}\RP567\A0386688.dll a variant of Win32/Toolbar.SearchSuite application 1CBFF3BADC71DF7CE2A39D6513F977BFC5E88D33 I
C:\System Volume Information\_restore{72F41FFD-3EA5-43E1-AF77-54A4B00F4AC8}\RP567\A0386689.dll a variant of Win32/Toolbar.SearchSuite application 20C36D82F2C169591246AE72F4E5DB017EAF61A7 I
C:\System Volume Information\_restore{72F41FFD-3EA5-43E1-AF77-54A4B00F4AC8}\RP567\A0386703.exe Win32/Toolbar.Babylon application 3CA96836E5258ABAC55BDF186808CCD8773D068F I
C:\System Volume Information\_restore{72F41FFD-3EA5-43E1-AF77-54A4B00F4AC8}\RP567\A0386725.lnk Win32/Reveton.M trojan B4C8D5AABA89BD5F625D10CD6AC2CB0631C4011E I
C:\System Volume Information\_restore{72F41FFD-3EA5-43E1-AF77-54A4B00F4AC8}\RP569\A0387041.exe probably a variant of Win32/1AntiVirus application 97D6781145AE83669AE5073E8304EC0D3E343C92 I

 

[Fiery]

There is a bit more to the part of the log. Scroll down 3/4th of the way down and try to copy the rest

 

[edward1]

Hi. Sorry I must be trying your patience on this. Hope this concludes the log:-
C:\System Volume Information\_restore{72F41FFD-3EA5-43E1-AF77-54A4B00F4AC8}\RP507\A0283719.dll Win32/GenUpdater application 5F83EC091F2E56C574A626FFEF768EFB632D7EDE I
C:\System Volume Information\_restore{72F41FFD-3EA5-43E1-AF77-54A4B00F4AC8}\RP508\A0284156.exe Win32/GenUpdater application 1E246B8649EB422FE678A107667DC1C6932EC2A9 I
C:\System Volume Information\_restore{72F41FFD-3EA5-43E1-AF77-54A4B00F4AC8}\RP540\A0316295.exe Win32/Toolbar.SearchSuite application 2B3BB8915C721570A11D52F252F65F2A181E4CF9 I
C:\System Volume Information\_restore{72F41FFD-3EA5-43E1-AF77-54A4B00F4AC8}\RP540\A0316296.exe Win32/Toolbar.SearchSuite application C6E5BF3A7899AFF71EF4D56AB77C16AF168F97B9 I
C:\System Volume Information\_restore{72F41FFD-3EA5-43E1-AF77-54A4B00F4AC8}\RP553\A0329622.exe Win32/Toolbar.SearchSuite application B6B874B1FAB523EDA65F2AB405271E4195960AAB I
C:\System Volume Information\_restore{72F41FFD-3EA5-43E1-AF77-54A4B00F4AC8}\RP560\A0356233.lnk Win32/Reveton.M trojan BC0C922C365F7EC82FF10C98E0FC860581E0D176 I
C:\System Volume Information\_restore{72F41FFD-3EA5-43E1-AF77-54A4B00F4AC8}\RP562\A0357388.exe probably a variant of Win32/1AntiVirus application 97D6781145AE83669AE5073E8304EC0D3E343C92 I
C:\System Volume Information\_restore{72F41FFD-3EA5-43E1-AF77-54A4B00F4AC8}\RP564\A0357453.exe probably a variant of Win32/1AntiVirus application 97D6781145AE83669AE5073E8304EC0D3E343C92 I
C:\System Volume Information\_restore{72F41FFD-3EA5-43E1-AF77-54A4B00F4AC8}\RP564\A0364540.exe probably a variant of Win32/1AntiVirus application 97D6781145AE83669AE5073E8304EC0D3E343C92 I
C:\System Volume Information\_restore{72F41FFD-3EA5-43E1-AF77-54A4B00F4AC8}\RP567\A0386588.exe Win32/Bundled.Toolbar.Ask application 613BDCDC4B16EB466124A549D021646EAFB70B7C I
C:\System Volume Information\_restore{72F41FFD-3EA5-43E1-AF77-54A4B00F4AC8}\RP567\A0386641.dll a variant of Win32/Adware.Yontoo.B application 3792F19D1860B40EB871C041019ED62A427CF00C I
C:\System Volume Information\_restore{72F41FFD-3EA5-43E1-AF77-54A4B00F4AC8}\RP567\A0386657.dll a variant of Win32/Toolbar.SearchSuite application 4361BFA2B5A522CF5E6DBE656A45B8114D9A3612 I
C:\System Volume Information\_restore{72F41FFD-3EA5-43E1-AF77-54A4B00F4AC8}\RP567\A0386658.exe a variant of Win32/Toolbar.SearchSuite.A application 4D5963B70D9932CAF8870A40E23739CD2872AF5A I
C:\System Volume Information\_restore{72F41FFD-3EA5-43E1-AF77-54A4B00F4AC8}\RP567\A0386659.dll a variant of Win32/Toolbar.SearchSuite application E7269A37070FFA6A9D47974C72AD319AF1D7BAF5 I
C:\System Volume Information\_restore{72F41FFD-3EA5-43E1-AF77-54A4B00F4AC8}\RP567\A0386660.dll a variant of Win32/Toolbar.SearchSuite application B3A6B2389E4BC933C10DE2367575E2D5594D4155 I
C:\System Volume Information\_restore{72F41FFD-3EA5-43E1-AF77-54A4B00F4AC8}\RP567\A0386688.dll a variant of Win32/Toolbar.SearchSuite application 1CBFF3BADC71DF7CE2A39D6513F977BFC5E88D33 I
C:\System Volume Information\_restore{72F41FFD-3EA5-43E1-AF77-54A4B00F4AC8}\RP567\A0386689.dll a variant of Win32/Toolbar.SearchSuite application 20C36D82F2C169591246AE72F4E5DB017EAF61A7 I
C:\System Volume Information\_restore{72F41FFD-3EA5-43E1-AF77-54A4B00F4AC8}\RP567\A0386703.exe Win32/Toolbar.Babylon application 3CA96836E5258ABAC55BDF186808CCD8773D068F I
C:\System Volume Information\_restore{72F41FFD-3EA5-43E1-AF77-54A4B00F4AC8}\RP567\A0386725.lnk Win32/Reveton.M trojan B4C8D5AABA89BD5F625D10CD6AC2CB0631C4011E I
C:\System Volume Information\_restore{72F41FFD-3EA5-43E1-AF77-54A4B00F4AC8}\RP569\A0387041.exe probably a variant of Win32/1AntiVirus application 97D6781145AE83669AE5073E8304EC0D3E343C92 I

 

[Fiery]

Hi,

No worries, I'm a patient person Your PC looks alot cleaner than when we first started!

Please go into safe mode again, run rkill.

Open up Notepad and paste the following:

KillAll::

File::
C:\Documents and Settings\Jane\My Documents\Downloads\nuancepdf.exe

Dirlook::
c:\documents and settings\Jane\Local Settings\Application Data\PCHealth

• Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
• At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
• You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
• Now use your mouse to drag CFscript.txt on top of ComboFix.exe
  
  
• Follow the prompts.
• When it finishes, a log will be produced named c:\combofix.txt
• I will ask for this log below

---

<h2>Double check for other malicious files with Emsisoft Emergency Kit</h2>
<ol>
<li>You can download the latest official version of Emsisoft Emergency Kit from the below link.
<a href="http://malwaretips.com/download-emsisoft" rel="nofollow" target="_blank"> <>EMSISOFT EMERGENCY KIT DOWNLOAD LINK</></a> <em>(This link will open a download page in a new window from where you can download Emsisoft Emergency Kit)</em></li>
<li>After the download process will finish , you'll need to <span style="font-weight: bold;">unpack EmsisoftEmergencyKit.zip</span>
<img title="Unpack EmsisoftEmergencyKit.zip" src="http://malwaretips.com/images/removalguide/ekk-zip-image.png" alt="Unpack Emsisoft Emergency Kit" width="319" height="109" /></li>
<li>Open the Emsisoft Emergency Kit folder and double click <>EmergencyKitScanner.bat</>.
<img title="Double click on EmergencyKitScanner.bat" src="http://malwaretips.com/images/removalguide/ekk-batfile.png" alt="Click on EmergencyKitScanner.bat" width="396" height="141" /></li>
<li>A pop-up will prompt you to update Emsisoft Emergency Kit,and you'll need to click the <>Yes</> button to allow this request.
<img title="Update Emsisoft Emergency Kit definitions" src="http://malwaretips.com/images/removalguide/eek-update.png" alt="Update Emsisoft Emergency Kit" width="360" height="139" /></li>
<li>After the Update process has completed,click on the <>Menu</> tab and then select <>Scan PC</>.
<img title="Go to the Scan tab to start a system scan" src="http://malwaretips.com/images/removalguide/ekk-scan.png" alt="Scan tab on Emsisoft Emergency Kit" width="479" height="346" /></li>
<li>Select <>Smart scan</> and click on the <>SCAN</> button to search for Vista Defender malicious files.
<img title="Start a Emsisoft Emergency Kit Smart scan" src="http://malwaretips.com/images/removalguide/ekk-smart-scan.png" alt="Emsisoft Emergency Kit smart scan" width="480" height="345" /></li>
<li>Emsisoft will now start scanning your computer for malicious files.When the scan will be completed,you will be presented with a screen showing you the infections that Emsisoft has detected.
Make sure that everything is <>Checked (ticked)</> and then click on <>Quarantine selected objects</>.
<img title="Emsisoft Scan results" src="http://malwaretips.com/images/removalguide/eek-scan-results.png" alt="Emsisoft smart scan results" width="480" height="345" /></li>
<li>Emsisoft Emergency Kit will now start removing the malicious files.If during the removal process Emsisoft will display a message stating that it needs to reboot, please allow this request.</li>
</ol>

 

[edward1]

Hi Fiery. Combofix log herewith plus also Emsisoft:-
ComboFix 13-01-14.01 - Administrator 18/01/2013 10:13:15.5.2 - x86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1023.824 [GMT 0:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Administrator\Desktop\CFscript.txt
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Antivirus *Disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
FILE ::
"c:\documents and settings\Jane\My Documents\Downloads\nuancepdf.exe"
.
.
((((((((((((((((((((((((( Files Created from 2012-12-18 to 2013-01-18 )))))))))))))))))))))))))))))))
.
.
2013-01-17 08:59 . 2013-01-12 03:30 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-01-15 18:24 . 2013-01-15 18:24 -------- d-----w- c:\program files\ESET
2013-01-14 17:03 . 2013-01-14 17:03 -------- d-----w- C:\_OTL
2013-01-13 19:35 . 2013-01-13 19:35 -------- d-----w- C:\eeepcfr
2013-01-12 09:21 . 2013-01-12 09:21 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2013-01-06 15:58 . 2012-12-14 16:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-01-06 15:11 . 2013-01-06 15:11 -------- d-----w- c:\program files\ERUNT
2013-01-05 09:59 . 2013-01-05 09:59 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\SUPERAntiSpyware.com
2012-12-31 20:54 . 2012-12-31 20:54 -------- d-----w- c:\documents and settings\Administrator\Application Data\vlc
2012-12-31 20:54 . 2012-12-31 20:54 -------- d-----w- c:\documents and settings\Administrator\Application Data\dvdcss
2012-12-31 10:20 . 2012-12-31 10:20 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2012-12-31 08:52 . 2013-01-05 21:05 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\HitmanPro
2012-12-31 08:50 . 2012-12-31 08:50 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes
2012-12-29 12:13 . 2013-01-06 16:22 -------- d-----w- c:\program files\GridinSoft Trojan Killer
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-08 23:09 . 2012-03-31 16:24 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-01-08 23:09 . 2012-01-13 09:02 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-18 11:43 . 2009-05-21 19:21 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-12-18 11:43 . 2009-05-21 17:57 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-12-16 12:23 . 2004-08-04 12:00 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-12-03 15:40 . 2012-12-04 16:46 1874280 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-12-03 15:40 . 2012-10-19 14:19 5955584 ----a-w- c:\windows\system32\nvopencl.dll
2012-12-03 15:40 . 2012-10-19 14:19 889192 ----a-w- c:\windows\system32\nvdispgenco32.dll
2012-12-03 15:40 . 2012-02-09 21:40 7606272 ----a-w- c:\windows\system32\nvcuda.dll
2012-12-03 15:40 . 2012-02-09 21:40 2611560 ----a-w- c:\windows\system32\nvcuvid.dll
2012-12-03 15:40 . 2012-02-09 21:40 2441728 ----a-w- c:\windows\system32\nvapi.dll
2012-12-03 15:40 . 2012-02-09 21:40 19460096 ----a-w- c:\windows\system32\nvoglnt.dll
2012-12-03 15:40 . 2012-02-09 21:40 17551360 ----a-w- c:\windows\system32\nvcompiler.dll
2012-12-03 15:40 . 2012-02-09 21:40 1011048 ----a-w- c:\windows\system32\nvdispco32.dll
2012-12-03 15:40 . 2011-04-11 09:51 11053992 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2012-12-03 15:40 . 2008-04-14 00:12 4153600 ----a-w- c:\windows\system32\nv4_disp.dll
2012-12-01 04:56 . 2012-12-04 16:52 249856 ----a-w- c:\windows\system32\nvrscs.dll
2012-12-01 04:56 . 2012-12-04 16:52 286720 ----a-w- c:\windows\system32\nvrsfr.dll
2012-12-01 04:56 . 2012-12-04 16:52 274432 ----a-w- c:\windows\system32\nvrsnl.dll
2012-12-01 04:56 . 2012-12-04 16:52 258048 ----a-w- c:\windows\system32\nvrstr.dll
2012-12-01 04:56 . 2012-12-04 16:52 258048 ----a-w- c:\windows\system32\nvrssl.dll
2012-12-01 04:56 . 2012-12-04 16:52 278528 ----a-w- c:\windows\system32\nvrsde.dll
2012-12-01 04:56 . 2012-12-04 16:52 253952 ----a-w- c:\windows\system32\nvrsda.dll
2012-12-01 04:56 . 2012-12-04 16:52 282624 ----a-w- c:\windows\system32\nvrsit.dll
2012-12-01 04:56 . 2012-12-04 16:52 253952 ----a-w- c:\windows\system32\nvrsth.dll
2012-12-01 04:56 . 2012-12-04 16:52 253952 ----a-w- c:\windows\system32\nvrssv.dll
2012-12-01 04:56 . 2012-12-04 16:52 249856 ----a-w- c:\windows\system32\nvrsfi.dll
2012-12-01 04:56 . 2012-12-04 16:52 229376 ----a-w- c:\windows\system32\nvrszhc.dll
2012-12-01 04:56 . 2012-12-04 16:52 335872 ----a-w- c:\windows\system32\nvrsar.dll
2012-12-01 04:56 . 2012-12-04 16:52 270336 ----a-w- c:\windows\system32\nvrsru.dll
2012-12-01 04:56 . 2012-12-04 16:52 270336 ----a-w- c:\windows\system32\nvrsptb.dll
2012-12-01 04:56 . 2012-12-04 16:52 258048 ----a-w- c:\windows\system32\nvrssk.dll
2012-12-01 04:56 . 2012-12-04 16:52 258048 ----a-w- c:\windows\system32\nvrspl.dll
2012-12-01 04:56 . 2012-12-04 16:52 282624 ----a-w- c:\windows\system32\nvrsel.dll
2012-12-01 04:56 . 2012-12-04 16:52 335872 ----a-w- c:\windows\system32\nvrshe.dll
2012-12-01 04:56 . 2012-12-04 16:52 274432 ----a-w- c:\windows\system32\nvrspt.dll
2012-12-01 04:56 . 2012-12-04 16:52 266240 ----a-w- c:\windows\system32\nvrsko.dll
2012-12-01 04:56 . 2012-12-04 16:52 262144 ----a-w- c:\windows\system32\nvrshu.dll
2012-12-01 04:56 . 2012-12-04 16:52 253952 ----a-w- c:\windows\system32\nvrsno.dll
2012-12-01 04:56 . 2012-12-04 16:52 282624 ----a-w- c:\windows\system32\nvrses.dll
2012-12-01 04:56 . 2012-12-04 16:52 249856 ----a-w- c:\windows\system32\nvrseng.dll
2012-12-01 04:56 . 2012-12-04 16:52 274432 ----a-w- c:\windows\system32\nvrsja.dll
2012-12-01 04:56 . 2012-12-04 16:52 126976 ----a-w- c:\windows\system32\nvrszht.dll
2012-12-01 04:56 . 2012-12-04 16:52 274432 ----a-w- c:\windows\system32\nvrsesm.dll
2012-12-01 04:53 . 2012-10-19 14:22 15524712 ----a-w- c:\windows\system32\nvcpl.dll
2012-12-01 04:53 . 2012-10-19 14:22 164712 ----a-w- c:\windows\system32\nvsvc32.exe
2012-12-01 04:53 . 2012-10-19 14:22 143720 ----a-w- c:\windows\system32\nvcolor.exe
2012-12-01 04:53 . 2012-10-19 14:22 108392 ----a-w- c:\windows\system32\nvmctray.dll
2012-12-01 04:52 . 2012-10-19 14:22 54272 ----a-w- c:\windows\system32\nvwddi.dll
2012-11-13 01:25 . 2004-08-04 12:00 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-11-06 02:01 . 2008-04-14 00:12 1371648 ----a-w- c:\windows\system32\msxml6.dll
2012-11-02 02:02 . 2004-08-04 12:00 375296 ----a-w- c:\windows\system32\dpnet.dll
2012-11-01 12:17 . 2004-09-29 18:47 916992 ----a-w- c:\windows\system32\wininet.dll
2012-11-01 12:17 . 2004-08-04 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2012-11-01 12:17 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-11-01 00:35 . 2004-08-04 12:00 385024 ------w- c:\windows\system32\html.iec
2012-10-30 22:51 . 2012-07-11 13:47 361032 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-10-30 22:51 . 2012-07-11 13:47 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-10-30 22:51 . 2012-07-11 13:47 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-10-30 22:51 . 2012-07-11 13:47 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-10-30 22:51 . 2012-07-11 13:47 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-10-30 22:51 . 2012-07-11 13:47 89752 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-10-30 22:51 . 2012-07-11 13:47 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-10-30 22:51 . 2012-07-11 13:47 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-10-30 22:51 . 2012-07-11 13:46 41224 ----a-w- c:\windows\avastSS.scr
2012-10-30 22:50 . 2012-07-11 13:46 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-10-25 03:12 . 2012-10-25 03:12 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-10-25 03:12 . 2012-10-25 03:12 69632 ----a-w- c:\windows\system32\QuickTime.qts
2013-01-12 09:52 . 2013-01-12 09:50 262704 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\documents and settings\Jane\Local Settings\Application Data\PCHealth ----
.
2013-01-17 21:52 . 2013-01-17 21:52 2182 ----atw- c:\documents and settings\Jane\Local Settings\Application Data\PCHealth\ErrorRep\QSignoff\1998B52.cab
2013-01-17 21:52 . 2013-01-17 21:52 2608 ----a-w- c:\documents and settings\Jane\Local Settings\Application Data\PCHealth\ErrorRep\QSignoff\1998B52.txt
2013-01-17 11:42 . 2013-01-17 11:42 2179 ----atw- c:\documents and settings\Jane\Local Settings\Application Data\PCHealth\ErrorRep\QSignoff\9BDF71.cab
2013-01-17 11:42 . 2013-01-17 11:42 2610 ----a-w- c:\documents and settings\Jane\Local Settings\Application Data\PCHealth\ErrorRep\QSignoff\9BDF71.txt
2013-01-16 23:03 . 2013-01-16 23:03 2179 ----atw- c:\documents and settings\Jane\Local Settings\Application Data\PCHealth\ErrorRep\QSignoff\14461F.cab
2013-01-16 23:03 . 2013-01-16 23:03 2610 ----a-w- c:\documents and settings\Jane\Local Settings\Application Data\PCHealth\ErrorRep\QSignoff\14461F.txt
2013-01-16 13:18 . 2013-01-16 13:18 2180 ----atw- c:\documents and settings\Jane\Local Settings\Application Data\PCHealth\ErrorRep\QSignoff\F6EBF9.cab
2013-01-16 13:18 . 2013-01-16 13:18 2608 ----a-w- c:\documents and settings\Jane\Local Settings\Application Data\PCHealth\ErrorRep\QSignoff\F6EBF9.txt
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\documents and settings\All Users.WINDOWS\Application Data\FLEXnet\Connect\11\ISUSPM.exe" [2009-05-05 222496]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2012-01-23 247728]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-03-19 2423752]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 61952]
"SpeedTouch USB Diagnostics"="c:\program files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 866816]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-07-26 2569616]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2010-07-04 17408]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2012-12-01 15524712]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2012-12-01 108392]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2012-12-03 1982312]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-02-05 849280]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2012-12-18 295072]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\TalkTalk\\agent\\bin\\bcont.exe"=
"c:\\Program Files\\Common Files\\SupportSoft\\bin\\tgsrvc.exe"=
"c:\\Program Files\\TalkTalk\\agent\\bin\\bcont_nm.exe"=
"c:\\Program Files\\TalkTalk\\bin\\sprtcmd.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Deluge\\deluge.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\AVAST Software\\Avast\\AvastUI.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundRouterRequest"= 1 (0x1)
"AllowOutboundDestinationUnreachable"= 1 (0x1)
.
R1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files\Emsisoft Anti-Malware\a2ddax86.sys [21/11/2012 00:53 17904]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [11/07/2012 13:47 738504]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [11/07/2012 13:47 361032]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17/02/2010 18:25 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10/05/2010 18:41 67656]
R2 a2AntiMalware;Emsisoft Anti-Malware 6.6 - Service;c:\program files\Emsisoft Anti-Malware\a2service.exe [21/11/2012 00:53 3069752]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [11/07/2012 13:47 21256]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [06/01/2013 15:58 398184]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [28/04/2010 20:24 682344]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe [09/08/2012 12:02 38608]
R2 sprtsvc_TalkTalk;SupportSoft Sprocket Service (TalkTalk);c:\program files\TalkTalk\bin\sprtsvc.exe [12/10/2007 08:33 202016]
R2 tgsrvc_TalkTalk;SupportSoft Repair Service (TalkTalk);c:\program files\Common Files\SupportSoft\bin\tgsrvc.exe [02/08/2007 13:42 148768]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [23/01/2012 04:43 92592]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [06/01/2013 15:58 21104]
S1 SABKUTIL;SABKUTIL;\??\c:\program files\SUPERAntiSpyware\SABKUTIL.sys --> c:\program files\SUPERAntiSpyware\SABKUTIL.sys [?]
S3 a2acc;a2acc;c:\program files\Emsisoft Anti-Malware\a2accx86.sys [21/11/2012 00:53 54072]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [17/04/2012 18:48 137600]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [17/04/2012 18:48 8576]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-01-12 20:13 1606760 ----a-w- c:\program files\Google\Chrome\Application\24.0.1312.52\Installer\setup.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 23:09]
.
2012-12-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 16:57]
.
2013-01-18 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-07-11 22:50]
.
2013-01-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-07-11 13:47]
.
2013-01-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-07-11 13:47]
.
2012-12-14 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job
- c:\program files\Microsoft IntelliPoint\ipoint.exe [2007-02-05 15:52]
.
2013-01-08 c:\windows\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1060284298-1202660629-725345543-1005.job
- c:\program files\RealNetworks\RealDownloader\recordingmanager.exe [2012-08-09 12:04]
.
2013-01-18 c:\windows\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1060284298-1202660629-725345543-1005.job
- c:\program files\RealNetworks\RealDownloader\realupgrade.exe [2012-08-09 12:02]
.
2013-01-18 c:\windows\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1060284298-1202660629-725345543-1005.job
- c:\program files\RealNetworks\RealDownloader\realupgrade.exe [2012-08-09 12:02]
.
2013-01-18 c:\windows\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1060284298-1202660629-725345543-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-11-30 15:30]
.
2013-01-12 c:\windows\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1060284298-1202660629-725345543-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-11-30 15:30]
.
2013-01-18 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1060284298-1202660629-725345543-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-11-30 15:30]
.
2012-12-17 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1060284298-1202660629-725345543-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-11-30 15:30]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.mytalktalk.co.uk
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = hxxp://www.mytalktalk.co.uk/
uSearchAssistant =
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Jane\Application Data\Mozilla\Firefox\Profiles\dxwlwziu.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-01-18 10:24
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2656)
c:\windows\system32\WININET.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
c:\windows\system32\RUNDLL32.EXE
.
**************************************************************************
.
Completion time: 2013-01-18 10:30:29 - machine was rebooted
ComboFix-quarantined-files.txt 2013-01-18 10:30
ComboFix2.txt 2013-01-15 09:43
ComboFix3.txt 2013-01-14 20:03
ComboFix4.txt 2013-01-07 20:53
ComboFix5.txt 2013-01-18 10:10
.
Pre-Run: 174,585,556,992 bytes free
Post-Run: 174,452,056,064 bytes free
.
- - End Of File - - B7492C12577697DAD6F02884FDB9BE00
Emsisoft Emergency Kit - Version 3.0
Last update: 18/01/2013 10:57:27

Scan settings:

Scan type: Smart Scan
Objects: Rootkits, Memory, Traces, C:\WINDOWS\, C:\Program Files\

Detect Riskware: Off
Scan archives: Off
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off

Scan start: 18/01/2013 10:59:43

C:\Program Files\SProtector\uninstall.exe detected: Trojan.Win32.StartPage (A)

Scanned 358983
Found 1

Scan end: 18/01/2013 11:27:32
Scan time: 0:27:49

C:\Program Files\SProtector\uninstall.exe Quarantined Trojan.Win32.StartPage (A)

Quarantined 1